Ixia Vision ONE

Ixia Vision ONE

All-in-one tool that provides high-performance, lossless visibility

Ixia Vision ONE™ is a turnkey device that enables organisations to maintain security across physical and virtual infrastructures from a single security platform. Whether fighting against threats hidden in encrypted traffic, or feeding the right data to the right forensic solution, Vision ONE boosts network protection without negatively impacting performance. Build a layered defence with a combination of best-of-breed inline security and out-of-band analysis tools, or create a strong foundation that helps you understand what is happening in an enterprise network. Either way, Vision ONE is a crucial step toward complete network security.

Benefits

  • Comprehensive network visibility: Every feature IT will ever need in a compact 1U form factor
  • Powerful inline & out-of-band solution
  • Reliability: ZERO-loss, line-rate advanced performance with no dropped packets
  • Powerful GUI with industry-best ease-of-use
  • SSL decryption detects hidden threats
  • Easily expand deployments to meet changing needs
  • Advanced features: Filtering, de-duplication, load-balancing, timestamping, and more
  • VM-ready with support for physical and virtual taps across a common infrastructure
  • Optimises security in multi-user environments with extensive role-based access control and a powerful filter compiler that ensures users do not impact one another while using the system concurrently.

Vision ONE delivers increased benefits over time by optimising the use and cost of existing tools. For example, if de-duplication removes 2 duplicates for every packet sent, this reduces traffic volumes to existing tools by roughly 66%, and in turn the rate at which additional tools need to be added. Benefits and ROI improve as traffic loads and the percentage of traffic that can be eliminated via de-duplication, decapsulation, or filtering increases.

Features

  • Provides immediate time to value with an intuitive graphical user interface (GUI), enabling rapid deployment and minimal configuration
  • Delivers zero-loss advanced packet processing with de-duplication and packet trimming
  • Ensures deep packet inspection to optimise investments in infrastructure by classifying traffic in real time
  • Provides sophisticated load balancing to maximise uptime and protect against the loss of critical data by distributing traffic across a number of monitoring tools

Specifications

Port Flexibility

  • 48 ports of 10GbE/1GbE SFP+
  • 4 ports of 40GbE QSFP+; optionally configured as 16 ports of 10GbE
  • All ports are bidirectional and fully non-blocking
  • Full line-rate across all ports
  • Extensive packet filtering capabilities, including:
    • Layer 2: MAC, VLAN, MPLS, or Ethertype
    • Layer 3: IPv4 or IPv6, source / dest / session, DSCP, IP Protocol
    • Layer 4: Port Number, TCP Control
    • New or proprietary protocols via powerful custom filters
  • Suitable for both inline and out-of-band deployments

Full-Rate Intelligent Packet Processing

  • Modify every packet at line-rate using any combination of Ixia’s Advanced Feature Module (AFM) operations:
    • Deduplication, trimming, timestamping, 1G burst protection and data masking
    • Head stripping includes VLAN, FabricPath, VNTag, GTP, MPLS, VxLAN, L2GRE, ERSPAN
    • L2GRE tunnel termination from vTAP
  • Flexibly assign 160Gbps total processing capacity to any port in 10Gbps increments

Inline-Specific Features

Supports failsafe serial service chaining, parallel load balancing with spares, or combined topologies

  • Customizable heartbeat (HB) support to detect and automatically recover from monitoring and security tool failures
    • Multiple HB templates allow each tool to have its own unique HB
    • Bypass switches and Vision ONE can have different HB so multi-tier design is possible to increase overall resilience
  • Two failure recovery modes
    • Rebalance sessions from the failed tool among all active and standby tools
    • Transition all active sessions from a failed tool group to next tool group in a service chain
    • Support tool sharing among multiple network links from different bypass switches connected to different customers

Ixia’s Application and Threat Intelligence (ATI) Processor

  • Performs DPI to identify traffic according to:
    • Application, geography, device information, and service provider
    • Application signatures are regularly updated via ATI subscription
  • SSL decryption supported ciphers:
    • 3DES
    • RC4
    • AES
    • SHA1/521/384/256/224
    • MD5
  • SSL/TLS Decryption Support:
    • SSL/TLS Versions: SSL3.0, TLS1.0, TLS1.1 and TLS1.2
    • Asymmetric Key Exchange: RSA and ECDH
    • Symmetric Keys: AES, 3DES and RC4
    • Hashing algorithms: SHA and MD5
    • Maximum concurrent sessions: Over 1,000,000
    • Private key storage: Encrypted and ‘write only’
  • Regular expression matching
  • Data masking to protect sensitive data such as credit cards and personally identifiable information (PII)
    • Target field identified by user-definable regular expression
    • Default regular expressions provided for commonly request data patterns such as credit card numbers
  • Multiple actions can be taken on matching sessions
    • Forward all related packets to an analysis tool
    • Enhanced NetFlow v9 and v10 and IPFIX can be generated and sent to up to 10 collectors
  • Simple pricing
    • ATI subscription includes all current and new features and application signatures released

Management

  • SNMP v1, v2, v3 support
  • Supports IEEE / Precision Time Protocol (PTP) time synchronisation
  • Local, RADIUS, and TACACS+ support (members and groups)
  • Granular access control features
  • Event monitoring and logging
  • Syslog
  • IT Automation control with RESTful API

Power for Vision ONE

AC Power

DC Power

Dual power supplies Yes Yes
Hot swappable Yes Yes
Operating input voltage

100 to 240VAC

40 to 60VDC

Nominal current

6.6A @ 100VAC, 1.5A @ 240VAC

12.5A @ 53VDC

Max. operating input current

7.7A @ 100VAC

19.25A @ 40VDC

Heat/power dissipation for module at 100% traffic load

660W / 2252 BTU/hour

Compliance

  • RoHS, IEC-60950-1:2005, UL60950-1, and CSA C22.2 No. 60950-1, EN 60950-1, CE, FCC, AS/NZS CISPR 22 & 24, 55022, 55024, IEC-003

Physical Specifications

  • 1RU high 19” rack-mountable chassis
  • Dimensions: 17.5W x 29.5L x 1.75H (inches) / 44.5W x 75.0L x 4.5H (cm)
  • Weight: 36.4lb / 16.5kg

Operational Environment

Temperature

  • Operating: 5°C to 40°C
  • Short-term*: -5°C to 55°C (*not to exceed 96 consecutive hours)
  • Short-term* with fan failure: -5°C to 40°C (*not to exceed 96 consecutive hours)

Humidity

  • Operating: 5% to 85%, (non-condensing)
  • Short-term*: 5% to 90% (non-condensing, *not to exceed 96 hours)

Security Force Multiplier

Enterprise security isn’t a fair fight.

A hacker only needs to exploit a single vulnerability, but the enterprise security team must protect every potential attack vector.

Resources

Book a Demo

See Ixia Vision ONE in Action