Aggregation Tap is a network tap that can receive both sides of a full duplex data transmission, combine those two independent streams of data and send the “aggregated” copy of the entire transmission to a connected monitoring device over a single network interface. It is by far the easiest setup.
Standard full duplex taps provide a dual output – one for each side of the conversation (upstream & downstream traffic). This requires use of “dual receive” devices, which have two separate network interface cards and combine the data streams after receiving it. The setup is more complicated and requires Network Interface cards to be bonded at the “OS” level if your monitoring software is not capable of aggregating the traffic flow.
Example: You tap a full duplex gigabit link (1Gig Upstream + 1 Gig Downstream = 2 Gig Aggregate Traffic = 1Gig Full Duplex). Now if your aggregate traffic is less than 1Gig but with occasional short bursts that exceed 1Gig then aggregation tap mode is fine. However if you have sustained aggregate traffic over 1Gig then you need regular tap mode to prevent any packet loss on the monitoring side.
SecureTap ST-1000 allows you to select either mode depending on the situation.
In aggregation mode the 2nd monitor port is a regeneration port. Both monitor ports are getting the same aggregate data stream allowing you to connected two monitoring devices e.g. IDS on monitor port 1 and a network sniffer on monitor port 2. The identical dual outputs make this possible and eliminate contention for access to the data. Extra monitor ports also allow redundant devices to be connected to the same link as a failsafe measure to prevent the loss of data in case one of the connected devices has problems or needs to be updated.
SecureTap ST-1000 does allow live network traffic to flow in the event of power loss. However you should follow these steps: When introducing a tap between the live network segments do it without any power to the tap. In majority of the cases only a straight-through Ethernet cable is needed however in some situations you may need to replace one side of the connection with a crossover cable. If the live traffic continues to flow as normal without any power to the tap it will work just fine when the tap is powered on.
In theory this is possible but there are a number of shortcomings to using such an approach. Network switches are designed to perform a variety of functions on the network. SPAN and mirror port activities take the lowest priority – sending copies of busy link traffic out a SPAN port can easily oversubscribe the port, resulting in packet-loss. Additionally, network switches are managed devices requiring maintenance and an IP presence on the network. The SecureTap ST-1000 is "plug and play." This tap requires no configuration and because it is transparent to the network and fault-tolerant, it is more reliable and more secure.
The SecureTap ST-1000 maintains connectivity on the network link even if power is lost to the tap. Because power is required for the monitoring device to receive data from the tap ports, SecureTap ST-1000 is dual power capable to ensure maximum uptime for network analysis and monitoring tools.
The most likely locations on the network to deploy a link aggregation tap will be those in which probes or IDS devices need 24×7 visibility. These include the links between switches and critical servers, full duplex connections between routers and firewalls, and links between firewalls and a demilitarized zone (DMZ) or any link requiring investigation for network connectivity issues.
SecureTap ST-1000 only sends data from Layers 3-7 to the devices connected on the tap ports. Security devices are usually unconcerned with Layer 1 and Layer 2 traffic or unable to process it. As such, most all security devices discard Layer 1 and Layer 2 data anyway. Even protocol analyzers and network probes primarily concentrate on Layers 3-7 and might also be unable to process Layer 1 and Layer 2 data unless equipped with special software and hardware. Any customer who is used to traditional network monitoring or analysis using SPAN ports is already used to working exclusively with Layers 3-7. However, unlike SPAN Ports, the SecureTap is able to forward VLAN tagging information.
The price includes free-shipping within USA and Canada (except to Hawaii, Alaska, Puerto Rico, Yukon, Northwest Territories, Nunavut, PO Boxes or US/CAN Army Bases overseas). For international orders please use the Contact us form for shipping costs. We can also use your FedEx, UPS or DHL accounts for shipping.
All SecureTap ST-1000 are warranted against workmanship and defect for a period of one year. However you need to register the unit upon receiving it to activate your warranty and when you do we give you an additional year warranty for free. The warranty is to the original owner and not transferable. All sales are final. Items will only be replaced or repaired during the warranty period free of charge but the shipping will be at your expense. If your unit is no longer under warranty then additional charges will apply for repairs/replacement.
All prices indicated are in USD to avoid any currency and exchange rate fluctuations. There are no duties or customs charges for customers in US and Canada. All Canadian orders ship from our HQ in Ontario, Canada. US and International orders ship from our warehouse in NY, USA.
International customers are responsible for any local duties and taxes that may be levied and payable directly to the local agency.
Canadian Customers: We are a Canadian Corporation based in Ontario and we charge & collect GST or HST tax component based on the province. The currency of transaction has no bearing on taxes as we collect the taxes in USD and convert to CAD when remitting the taxes to Revenue Canada. If you pay with your CAD $ credit card your credit card company will convert the USD charges to CAD. If you need to be invoiced in CAD please use call or contact us.