1.3.3. ON Sensor
Based on IDS technology, it processes the traffic generated in the network. Performs deep analysis of network protocols that are being used by ingesting the traffic through a port mirror (SPAN, RSPAN, or ERSPAN).
When Secure Remote Access module is deployment, it performs the analysis of the VPN traffic received from the VPN Gateway through the VXLAN tunnel through the internal network.
ON Sensor is an optional component that provides Advanced Visibility and Network Behavior Monitoring.
It provides metadata of network traffic that is captured either by: - copying the traffic through the port mirror configured on the network device or - copying the traffic from the VPN Gateway inbound interface when the Secure Remote Access (2SRA) module is deployed. It is capable of decoding multiple standard protocols and applications, providing information from layer 2 to layer 7.
Note
ON Sensor is NOT a critical component of the solution, which is why it does NOT require high availability. If this component is outlined, the main functionality of OpenNAC Enterprise modules would continue to work. However, during the outlined period, we would no longer have advanced visibility, analysis, and monitoring of network behavior.
1.3.3.1. Sizing an ON Sensor Instance
The dimension of Network Access solution infrastructure can be directly inferred from the expected workload in terms of users, IPs, types of authentication, or use cases deployed that the NAC must sustain. The workload may be complicated to estimate, but this is a crucial exercise to build an efficient NAC Architecture. In general, increased capacity is achieved by adding more nodes of some component. The current user’s growth is achieved by adding more nodes in an N + 1 scheme through a load balancer.
When the network requires capturing 10 Gb, it is necessary to implement hardware sensors with cards compatible with accelerated drivers from pFring.
The minimum recommended specs for the ON Sensor are:
Resources |
Minimum |
10Gb |
|---|---|---|
Memory |
16 GB |
32 GB |
CPU |
8 CPU |
16 CPUs |
Disk Size |
100 GB |
300 GB* |
Disk Type |
SSD |
SSD |
Network |
|
|
Note
* It depends on the amount of information that needs to be stored. *** In some cases, it is recommended to have at least 2 NICs for an active-passive port-span.
Supported Network Cards
Capacity |
Medium |
Network Card |
|---|---|---|
1Gb |
Copper |
Intel 8254x/8256x/8257x/8258x |
1Gb |
Fiber |
Intel 82575/82576/82580/I350 |
10Gb |
Fiber |
Intel 82599/X520/X540/X550 |
40Gb |
Fiber |
Intel X710/XL7100 |