Not Your Dad's IT

Updated Solutions to Classic Challenges

A personal website dedicated to helping IT professionals review where we've been, where we are, and maybe where we are headed.

  • Blog
  • About
  • Disclaimer
ExtraHop_Logo.png

Cloud Field Day 6 - ExtraHop The Modern Solution For Cloud Traffic Inspection

November 06, 2019 by Nathaniel Avery in Enterprise

ExtraHop showed off some cool tech at Cloud Field Day 6 (CFD6). During the presentation, the company discussed their Reveal(x) product which solves the problem of packet inspection in clouds such as AWS. For those used to doing traffic inspection in a traditional datacenter, this might not sound like a big deal. A myriad of port mirroring technologies exist in the physical world where customers can manage their own hardware. In the cloud, it’s not so simple. Because of the multitennent nature of cloud, reading packets going across the cloud provider’s network is, let’s just say “problematic.”

The ExtraHop SaaS architecture is designed in such a way that info from a customer’s virtual private cloud (VPC) is mirrored to ExtraHop’s environment where they can analyze the data. Ryan Davis of ExtraHop breaks down the architecture in his CFD6 presentation.

The ExtraHop platform was built to deliver visibility, detection, and investigation at massive scale. We consume a copy of unstructured network traffic from across your entire environment - from the data center, to the cloud, to the remote site - using a tap or port mirror.

The best part about the ExtraHop product is that it does what it needs to do without agents. “Agent Fatigue” is a very real phenomenon among the user base represented by the Field Day Delegates. Routing that traffic without the need to deploy, update, support, and troubleshoot yet another piece of software on systems is huge. In addition, there’s always the worry that apps running on a system consume resources such as RAM, and CPU. Add the time of testing agents on new releases of OSes, and it’s a situation every system administrator wishes to avoid.

ExtraHop_architecture_01.png

ExtraHop provides both SaaS and "local” solutions. When exiting the customer’s VPC, there are charges on the egress traffic. If charges or security are a big concern, then installing a customer managed AMI is the way to go. According to ExtraHop, there’s no difference in capability.

Reveal_x_AMI_diagram.png

How do I get it?

The ExtraHop Discover Appliance AMI is in the Amazon Marketplace. It is accessible when setting up any normal EC2 instance. I found it by searching for ExtraHop. I was presented with a number of choices for AMI instances sized for different workloads.

The three options listed are as follows:

  • ExtraHop EDA 1100v (BYOL)

  • ExtraHop EDA 2000v (BYOL)

  • ExtraHop EDA 6100v (BYOL)

How Much Does it Cost?

Pricing is based on the AMI and cost negotiated with ExtraHop for the license. Costs range from an estimate of $0.17 per hour in the US East region up to $0.76 per hour in the same US East Region.

ExtraHop_EC2_est_cost_per_hr.png

The rough breakdown of the costs and EC2 machine types are below.

AMI Size Est. Cost per hr (US East Region)
ExtraHop EDA 1100v (BYOL) c5.xlarge $0.17
ExtraHop EDA 2000v (BYOL) c5.2xlarge $0.34
ExtraHop EDA 6100v (BYOL) m5.4xlarge $0.768

Documentation

Refer to the documentation (https://docs.extrahop.com/current/eh-admin-ui-guide/) for setup once the AMIs are deployed.

Demos

Of course, if you’d rather try a few demos without installing anything, there’s a method for that too. You can access the demo site and walk through multiple scenarios.

November 06, 2019 /Nathaniel Avery
ExtraHop, #CFD6, network, cloud, security
Enterprise
  • Newer
  • Older

Powered by Squarespace