Permanent network TAPs for complex infrastructure

Network test access ports were developed as portable diagnostic tools to gain temporary, out-of-band, nonintrusive access to traffic between two network devices.

Today, TAPs are available for permanent deployment in the data center, helping enterprises manage complex infrastructures. Leveraging a permanent out-of-band network access platform (permanent TAP), users are able to maintain 24/7 network visibility and real-time management benefits without affecting network performance.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Network test access ports were developed as portable diagnostic tools to gain temporary, out-of-band, nonintrusive access to traffic between two network devices.

Today, TAPs are available for permanent deployment in the data center, helping enterprises manage complex infrastructures. Leveraging a permanent out-of-band network access platform (permanent TAP), users are able to maintain 24/7 network visibility and real-time management benefits without affecting network performance.

Click to see: Test access points take out the risk

SPAN (mirrored switch ports) and other network deployment methods once held their own, but the increasing data load placed on these tools is severely affecting enterprise infrastructure management.

Permanent TAP solutions avoid bandwidth pitfalls by establishing an out-of-band platform to deploy any critical network device. With a physical TAP integrated in a desired network segment, the out-of-band device has uninterrupted, hardware-level visibility into the tapped network traffic, without having to compete for access and, most importantly, without affecting network flow.

The detailed visibility that permanent TAPs provide is ideal for enterprise monitoring and management, giving TAP-attached devices the ability to identify errors and events — including link-layer events — within the network.

Conventional deployment methods are complicated by the fact that network tools, such as intrusion-prevention systems, require in-band deployment to actively sort through real-time traffic. If not properly integrated, in-line devices can create points of failure.

To address these concerns, permanent TAPs can be used to move live traffic through out-of-band deployed devices without introducing points of failure; this is commonly referred to as virtual in-line installation. When implemented, a virtual in-line TAP safely feeds live traffic through the out-of-band device and back onto the network segment, providing the benefits of in-band deployment without the risk of point failure.

While vendors use various methods to accomplish this, the key to achieving virtual in-line installation is through a bypassable fail-safe connection capable of keeping the original network path available in the event of power loss or network device failure.

A permanent TAP solution can achieve this, for example, by constantly checking the health/availability of the deployed device by passing “heartbeat”-monitoring packets through its out-of-band network path. Inserted into one end of the path, if the heartbeat isn’t detected on the other end, the out-of-band network connection is immediately bypassed and traffic will flow along its original path, as if the TAP were never there. This fail-safe capability helps ensure that the network device is always functioning properly and removes the threat of in-line point failure.

Using virtual in-line installation, devices can also be manually bypassed for real-time change control. This is especially valuable when security patches are needed for a device that cannot wait for the next scheduled maintenance period. Using the TAP-bypass method, the out-of-band device is brought offline for change and then brought back online once it’s ready to use again.