Getting data visibility from a highly complex, virtualized network is not a trivial task. To help solve the challenge, Extrahop is debuting the fifth generation of its platform, expanding beyond network visibility into the realm of Big Data analytics.
“We have always been able to take raw packet data off the wire and transform it into what we call structured wire data,” Erik Giesa, SVP of products at ExtraHop, told Enterprise Networking Planet.
With the ExtraHop 5.0 release, the complete platform now provides additional analytics capabilities and a new visual query language. Giesa explained that the ExtraHop 5.0 platform is made up of two core elements: the Discover appliance and the Explore appliance. The Discover appliance performs all of the initial stream processing and captures and transforms packets, while the new Explore appliance enables all transaction details to be streamed.
“The Discover appliance is the only one you absolutely need, and if you want to extend it to be able to see every single transaction, indexed and searchable for multi-dimensionable analysis, you want the Explore appliance,” Giesa said.
ExtraHop also has a command appliance that enables management of multiple ExtraHop nodes.
From a technology perspective, ExtraHop is making use of of the open-source Elasticsearch technology. Giesa said that ExtraHop does not have a commercial relationship with Elastic, the lead commercial sponsor behind Elasticsearch. He added, however, that ExtraHop has done some customization, including security hardening.
The open-source Elasticsearch technology is often deployed in a stack alongside the open-source Logstash and Kibana applications. Brent Blood, a Senior Manager in Technical Marketing Engineering, explained that ExtraHop is not using Kibana for data visualization, but rather is using its own technology that is integrated in the Discover appliance. Logstash, which is used for message ingestion is also not used by ExtraHop, since the company’s own technology enables higher degrees of scale.
The hardware of the Explore appliance is all based on commercial off-the-shelf hardware, though Giesa said that ExtraHop has written its own drivers.
“The only real difference between the Discover and the Explore appliance for hardware is we have a whole bunch of disks in the Explore appliance,” Blood said.
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.