Download Print this page

Viavi G3-GS-2P40-1152T User Manual

Viavi G3-GS-2P40-1152T User Manual

Observer gigastor 17.2.0.0

Table Of Contents

Table of Contents

Advertisement

Quick Links

Observer GigaStor 17.2.0.0

User Guide

23 Feb 2018

Table of Contents

Advertisement

Table of Contents

Troubleshooting

Need help?

Need help?

Do you have a question about the G3-GS-2P40-1152T and is the answer not in the manual?

Questions and answers

Summary of Contents for Viavi G3-GS-2P40-1152T

Page 1 Observer GigaStor 17.2.0.0 User Guide 23 Feb 2018...
Page 2: Table Of Contents
Table of Contents Chapter 1: Appliance installation................11 G3-GS-2P40-1152T..........................11 G3-GS-2P40-1152T technical specifications................11 Parts list............................13 G3-GS-2P40-1152T installation....................14 G3-GS-2P40-576T..........................16 G3-GS-2P40-576T technical specifications................16 Parts list............................18 G3-GS-2P40-576T installation....................19 G3-GS-2P40-288T........................... 22 G3-GS-2P40-288T technical specifications................. 22 Parts list............................24 G3-GS-2P40-288T installation....................25 G3-GS-8P-1152T..........................
Page 3 G3-APEX-ENT-32T..........................71 Apex technical specifications....................71 Parts list............................72 G3-APEX-ENT-32T installation....................72 VIAVI Rail Kit (G3-GS Edition).....................73 How to attach the rails......................74 How to install the system into your rack................76 How to remove the server from the rack................77 GS-2P40-576T........................... 77 GS-2P40-576T technical specifications................
Page 4 APEX-ENT-32T..........................165 Apex technical specifications....................165 Parts list............................. 166 APEX-ENT-32T installation.....................167 VIAVI Rail Kit (Gen3 Edition).....................168 How to install the rails......................168 How to remove your appliance from the rails..............170 How to remove the rails from a cabinet................170 Rail kit hardware........................171 Startup and shutdown (GS models)..................
Page 5 How to handle hard drives properly..................174 How to set the IP address (G3-GS models)................174 How to set the IP address (GS models)................. 175 Configuring the LOM or IPMI port..................176 How to configure the JBOD IPMI port (G3-GS models)............ 179 How to install the SFPs......................
Page 6 Chapter 7: Mining GigaStor Data................220 Mining data from your GigaStor.................... 220 Selecting a time frame to analyze..................223 How to reorder packets based on a trailer timestamp..........223 Analyzing data without any filters..................225 Analyzing data with filters from the Observer filter editor........225 Analyzing data with filters from the GigaStor Control Panel........
Page 7 How to reformat the RAID volume..................261 How to delete RAID sets.......................261 How to build new RAID sets....................263 How to stripe the volumes in Windows................264 How to disable the Recycle Bin for RAID................ 265 How to create folders for the RAID drives..............265 GS-8P-576T.............................265 How to delete saved network data..................
Page 8 Running Observer without reserved memory..............310 Running Observer with reserved memory............... 312 How packet capture affects RAM..................313 How to allocate the reserved RAM..................315 Recommendations for the VIAVI capture cards.............. 315 Chapter 15: Gen3 Capture Card................. 317 Hardware configuration......................317 Understanding the capture card..................317 Supported QSFP+/SFP/SFP+ media types................318...
Page 9 How to assign physical ports to probe instances............326 How to change the monitored network adapter............329 Understanding hardware acceleration...................329 How to enable hardware acceleration................330 Hardware-accelerated mode restrictions................. 333 Features that require hardware acceleration..............334 Capture card device properties....................335 General............................335 Current State..........................335 Advanced Settings........................
Page 10 One or more ports not seeing traffic................361 Temperature or voltage out of acceptable range............362 Choppy data stream......................362 CRC or TCP checksum errors, wrong packet types............362 Packet capture does not start on Gen3 capture card........... 363 Chapter 17: Backups and Restoring................. 369 Backups and Restoring......................
Page 11: Chapter 1: Appliance Installation
For the newer G3-GS models, see Observer Platform appliance installation (G3-GS models) G3-GS-2P40-1152T The G3-GS-2P40-1152T is best suited for 40 Gb data centers. G3-GS-2P40-1152T technical specifications (page 11) G3-GS-2P40-1152T technical specifications The technical specifications for the product are shown below.
Page 12 Figure 1: G3-GS-2P40-1152T Front Figure 2: G3-GS-2P40-1152T Rear System Deployment 40 Gb data center Base storage 1.2 PB Max storage 1.2 PB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable...
Page 13: Parts List
● license 1 Quick Start Guide ● 1 Label listing serial numbers of all JBODs for this system. This label ● appears on top of the head unit and was attached to the outside of G3-GS-2P40-1152T Chapter 1: Appliance installation...
Page 14: G3-Gs-2P40-1152T Installation
5. Using the SAS cables, connect the RAID ports from the JBOD unit(s) to the head unit and to other JBOD unit(s). Figure 3: G3-GS-2P40-1152T Rear 6. Using an Ethernet cable, connect the ETH0 port to the network. Connecting the ETH0 port allows you to use Windows Remote Desktop or other tools to control or configure Windows or Windows applications, such as Observer Analyzer.
Page 15 Startup and shutdown (G3-GS models) (page 172). Caution: The RAID does not properly initialize if the JBOD unit(s) are not started first. If this happens, restart the head unit. SFP, SFP+, and QSFP+ transceivers are sold separately. 1. G3-GS-2P40-1152T Chapter 1: Appliance installation...
Page 16: G3-Gs-2P40-576T
13. Turn on the head unit (A1) and wait for the RAID to initialize using the same procedure as the JBOD. 14. In Windows, change the IP address (page 174) for the ETH0 port (shown as ETH0 in Network Connections in Windows) using information supplied to you by your network administrator.
Page 17 Figure 5: G3-GS-2P40-576T Front Figure 6: G3-GS-2P40-576T Rear System Deployment 40 Gb data center Base storage 576 TB Max storage 1.2 PB G3-GS-2P40-576T Chapter 1: Appliance installation...
Page 18: Parts List
Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit Operating system Windows 2012 R2 Physical Height 30U (6 x 5U) Width 19 in Depth 26 in 616 lbs Weight (mounted) Weight (handling)
Page 19: G3-Gs-2P40-576T Installation
1 Head unit with RAID drives preinstalled ● 1 Rail kit ● 2 Power supply cables ● 2 Ethernet cables ● 1 Product Activation Information envelope containing the product ● license 1 Quick Start Guide ● 1 Label listing serial numbers of all JBODs for this system. This label ●...
Page 20 Figure 7: G3-GS-2P40-576T Rear 6. Using an Ethernet cable, connect the ETH0 port to the network. Connecting the ETH0 port allows you to use Windows Remote Desktop or other tools to control or configure Windows or Windows applications, such as Observer.
Page 21 Figure 8: Connecting the TAP to the network device, switch, and analyzer a. Connect the TX port from your server, firewall, router, or switch to the Link A port on the TAP. b. Connect the TX port from your other switch to the Link B port on the TAP. c.
Page 22: G3-Gs-2P40-288T
17. (Optional) Change the JBOD IPMI port in the BIOS using a static IP address provided by your network administrator. 18. Double-click the Observer icon on the Desktop to start Observer. Your hardware appliance is installed and on your network. Next, give the ETH0 IP address and IPMI port address, if using, to the Observer administrator.
Page 23 Figure 10: G3-GS-2P40-288T Rear System Deployment 40 Gb data center Base storage 288 TB Max storage 1.2 PB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version G3-GS-2P40-288T Chapter 1: Appliance installation...
Page 24: Parts List
Rail kit Operating system Windows 2012 R2 Physical Height 15U (3 x 5U) Width 19 in Depth 26 in 316 lbs Weight (mounted) Weight (handling) 331.6 lbs Media Monitoring interfaces Speed 40 Gb QSFP+ Accepted transceivers Performance Aggregate performance 40 Gbps Power Redundant power supply Input frequency...
Page 25: G3-Gs-2P40-288T Installation
1 Quick Start Guide ● 1 Label listing serial numbers of all JBODs for this system. This label ● appears on top of the head unit and was attached to the outside of the head unit’s box. Use this label to sort and connect the proper JBODs to the head unit.
Page 26 Figure 11: G3-GS-2P40-288T Rear 6. Using an Ethernet cable, connect the ETH0 port to the network. Connecting the ETH0 port allows you to use Windows Remote Desktop or other tools to control or configure Windows or Windows applications, such as Observer.
Page 27 8. Install SFP transceivers (page 179) into the open slots on the back of the capture card(s). 9. If you are connecting to SPAN/mirror ports of a network switch: connect a straight-through Ethernet cable from the SPAN/mirror ports on your switch to the SFP transceivers on the capture card.
Page 28: G3-Gs-8P-1152T
14. In Windows, change the IP address (page 174) for the ETH0 port (shown as ETH0 in Network Connections in Windows) using information supplied to you by your network administrator. The default IP address (192.168.1.10) is printed on a sticker attached to the top of the appliance.
Page 29 Figure 14: G3-GS-8P-1152T Rear System Deployment 40 Gb data center Base storage 1.2 PB Max storage 1.2 PB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit Operating system Windows 2012 R2...
Page 30: Parts List
Operational voltage 120V Power dissipation (watts) 4252W Relative humidity (non-condensing) 5%-85% Temperature (operating) 50°F - 95°F / 10°C - 35°C Temperature (storage) -4°F - 149°F / -20°C - 65°C If applicable, mounted weight includes any rail kits. 1. SFP may be any of Copper 10/100/1000, 1Gb SX/LX. SFP+ may be any of 10Gb SR/LR. QSPF+ may 2. ...
Page 31 2. Attach the official rail kits (page 73) to your server rack or cabinet. 3. Install the head unit (A1) into your server rack or cabinet. Use a server lift if necessary. Do not remove the RAID drives from the chassis. 4.
Page 32 Figure 16: Connecting the TAP to the network device, switch, and analyzer a. Connect the TX port from your server, firewall, router, or switch to the Link A port on the TAP. b. Connect the TX port from your other switch to the Link B port on the TAP. c.
Page 33: G3-Gs-8P-768T
17. (Optional) Change the JBOD IPMI port in the BIOS using a static IP address provided by your network administrator. 18. Double-click the Observer icon on the Desktop to start Observer. Your hardware appliance is installed and on your network. Next, give the ETH0 IP address and IPMI port address, if using, to the Observer administrator.
Page 34: Parts List
OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit Operating system Windows 2012 R2 Physical Height 32U (8 x 4U) Width 19 in Depth 26 in 816 lbs Weight (mounted) Weight (handling) 856.6 lbs Media Monitoring interfaces...
Page 35: G3-Gs-8P-768T Installation
2 Power supply cables ● 2 Ethernet cables ● 1 Product Activation Information envelope containing the product ● license 1 Quick Start Guide ● 1 Label listing serial numbers of all JBODs for this system. This label ● appears on top of the head unit and was attached to the outside of the head unit’s box.
Page 36 7. (Optional) Connect an Ethernet cable from your router or switch to the LOM or IPMI port. (Optional) A Lights Out Management or IPMI port provides you a dedicated management channel for device maintenance. It allows you to monitor, start, stop, and manage your appliance remotely regardless of whether the appliance is powered on.
Page 37: G3-Gs-8P-576T
Caution: The RAID does not properly initialize if the JBOD unit(s) are not started first. If this happens, restart the head unit. 13. Turn on the head unit (A1) and wait for the RAID to initialize using the same procedure as the JBOD. 14.
Page 38 Figure 21: G3-GS-8P-576T Front Figure 22: G3-GS-8P-576T Rear System Deployment 40 Gb data center Base storage 576 TB Max storage 1.2 PB G3-GS-8P-576T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 39: Parts List
Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit Operating system Windows 2012 R2 Physical Height 30U (6 x 5U) Width 19 in Depth 26 in 616 lbs Weight (mounted) Weight (handling)
Page 40: G3-Gs-8P-576T Installation
1 Head unit with RAID drives preinstalled ● 1 Rail kit ● 2 Power supply cables ● 2 Ethernet cables ● 1 Product Activation Information envelope containing the product ● license 1 Quick Start Guide ● 1 Label listing serial numbers of all JBODs for this system. This label ●...
Page 41 Figure 23: G3-GS-8P-576T Rear 6. Using an Ethernet cable, connect the ETH0 port to the network. Connecting the ETH0 port allows you to use Windows Remote Desktop or other tools to control or configure Windows or Windows applications, such as Observer.
Page 42 Figure 24: Connecting the TAP to the network device, switch, and analyzer a. Connect the TX port from your server, firewall, router, or switch to the Link A port on the TAP. b. Connect the TX port from your other switch to the Link B port on the TAP. c.
Page 43: G3-Gs-8P-384T
17. (Optional) Change the JBOD IPMI port in the BIOS using a static IP address provided by your network administrator. 18. Double-click the Observer icon on the Desktop to start Observer. Your hardware appliance is installed and on your network. Next, give the ETH0 IP address and IPMI port address, if using, to the Observer administrator.
Page 44 System Deployment Multi-10 Gb data center Base storage 384 TB Max storage 768 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit Operating system Windows 2012 R2 Physical Height...
Page 45: Parts List
Parts list Each appliance comes packed in a number of boxes. The boxes contain the various components necessary for a successful installation. The boxes are not numbered as listed here. The numbers merely represent how many boxes you should expect and what is contained in each one. Box 1 ♦...
Page 46 Figure 27: G3-GS-8P-384T Rear 6. Using an Ethernet cable, connect the ETH0 port to the network. Connecting the ETH0 port allows you to use Windows Remote Desktop or other tools to control or configure Windows or Windows applications, such as Observer.
Page 47: G3-Gs-8P-288T
a. Connect the TX port from your server, firewall, router, or switch to the Link A port on the TAP. b. Connect the TX port from your other switch to the Link B port on the TAP. c. Use two analyzer cables to connect the analyzer port on the TAP to the SFP transceivers in the capture card.
Page 48 Figure 29: G3-GS-8P-288T Front G3-GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 49 Figure 30: G3-GS-8P-288T Rear System Deployment 40 Gb data center Base storage 288 TB Max storage 1.2 PB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version G3-GS-8P-288T Chapter 1: Appliance installation...
Page 50: Parts List
Rail kit Operating system Windows 2012 R2 Physical Height 12U (3 x 4U) Width 19 in Depth 26 in 316 lbs Weight (mounted) Weight (handling) 331.6 lbs Media Monitoring interfaces Speed 1/10 Gb SFP/SFP+ Accepted transceivers Performance Aggregate performance 40 Gbps Power Redundant power supply Input frequency...
Page 51: G3-Gs-8P-288T Installation
1 Quick Start Guide ● 1 Label listing serial numbers of all JBODs for this system. This label ● appears on top of the head unit and was attached to the outside of the head unit’s box. Use this label to sort and connect the proper JBODs to the head unit.
Page 52 Figure 31: G3-GS-8P-288T Rear 6. Using an Ethernet cable, connect the ETH0 port to the network. Connecting the ETH0 port allows you to use Windows Remote Desktop or other tools to control or configure Windows or Windows applications, such as Observer.
Page 53 8. Install SFP transceivers (page 179) into the open slots on the back of the capture card(s). 9. If you are connecting to SPAN/mirror ports of a network switch: connect a straight-through Ethernet cable from the SPAN/mirror ports on your switch to the SFP transceivers on the capture card.
Page 54: G3-Gs-8P-192T
14. In Windows, change the IP address (page 174) for the ETH0 port (shown as ETH0 in Network Connections in Windows) using information supplied to you by your network administrator. The default IP address (192.168.1.10) is printed on a sticker attached to the top of the appliance.
Page 55 Figure 34: G3-GS-8P-192T Rear System Deployment Multi-10 Gb data center Base storage 192 TB Max storage 768 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit Operating system Windows 2012 R2...
Page 56: Parts List
Monitoring interfaces Speed 1/10 Gb SFP/SFP+ Accepted transceivers Performance Aggregate performance 20 Gbps Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 8.9A 3400 BTU/hr Operational voltage 120V Power dissipation (watts) 1081W Relative humidity (non-condensing) 5%-85% Temperature (operating) 50°F - 95°F / 10°C - 35°C...
Page 57: G3-Gs-8P-192T Installation
Mini-SAS cable(s) ● Before installing, ensure you received all of the parts required for your system. G3-GS-8P-192T installation Getting your appliance installed is the first step to greater visibility of your network. This topic covers installing your appliance in the cabinet and connecting it to your network.
Page 58 6. Using an Ethernet cable, connect the ETH0 port to the network. Connecting the ETH0 port allows you to use Windows Remote Desktop or other tools to control or configure Windows or Windows applications, such as Observer. 7. (Optional) Connect an Ethernet cable from your router or switch to the LOM or IPMI port.
Page 59: G3-Gs-8P-96T
b. Wait until the blue Information LED starts to blink. c. Use the tip of your finger to press the power button once. The JBOD control board initiates the power up sequence in three seconds. Startup and shutdown (G3-GS models) (page 172).
Page 60 Figure 38: G3-GS-8P-96T Rear System Deployment 1 Gb & 10 Gb hybrid data center Base storage 96 TB Max storage 96 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit Operating system...
Page 61: Parts List
Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 6.20A 2402 BTU/hr Operational voltage 120V Power dissipation (watts) 765W Relative humidity (non-condensing) 5%-85% Temperature (operating) 50°F - 95°F / 10°C - 35°C Temperature (storage) -4°F - 149°F / -20°C - 65°C If applicable, mounted weight includes any rail kits.
Page 62 4. Using an Ethernet cable, connect the ETH0 port to the network. Connecting the ETH0 port allows you to use Windows Remote Desktop or other tools to control or configure Windows or Windows applications, such as Observer. 5. (Optional) Connect an Ethernet cable from your router or switch to the LOM or IPMI port.
Page 63: G3-Gs-4P-32T
G3-GS-4P-32T The G3-GS-4P-32T is best suited for medium data centers. G3-GS-4P-32T technical specifications (page 63) G3-GS-4P-32T technical specifications The technical specifications for the product are shown below. Figure 39: G3-GS-4P-32T Front Figure 40: G3-GS-4P-32T Rear System Deployment Medium data center Base storage 32 TB Max storage...
Page 64: Parts List
71 lbs Weight (mounted) Weight (handling) 77.4 lbs Media Monitoring interfaces Speed 1/10 Gb SFP/SFP+ Accepted transceivers Performance Aggregate performance 6 Gbps Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 3.00A 1126 BTU/hr Operational voltage 120V Power dissipation (watts)
Page 65: G3-Gs-4P-32T Installation
G3-GS-4P-32T installation Getting your appliance installed is the first step to greater visibility of your network. This topic covers installing your appliance in the cabinet and connecting it to your network. Caution: Do not attempt in-cabinet repairs of your appliance. The appliance is very heavy! Always use a server lift or work with a partner to install or remove the appliance from the cabinet to perform any maintenance.
Page 66 Figure 41: Connecting the TAP to the network device, switch, and analyzer a. Connect the TX port from your server, firewall, router, or switch to the Link A port on the TAP. b. Connect the TX port from your other switch to the Link B port on the TAP. c.
Page 67: G3-Gs-4P-16T
G3-GS-4P-16T The G3-GS-4P-16T is best suited for small data centers or at your network edge. G3-GS-4P-16T technical specifications (page 67) G3-GS-4P-16T technical specifications The technical specifications for the product are shown below. Figure 42: G3-GS-4P-16T Front Figure 43: G3-GS-4P-16T Rear System Deployment Small data center or network edge...
Page 68: Parts List
71 lbs Weight (mounted) Weight (handling) 71.4 lbs Media Monitoring interfaces Speed 1 Gb Accepted transceivers Performance Aggregate performance 4 Gbps Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 2.80A 1048 BTU/hr Operational voltage 120V Power dissipation (watts) 307W...
Page 69: G3-Gs-4P-16T Installation
G3-GS-4P-16T installation Getting your appliance installed is the first step to greater visibility of your network. This topic covers installing your appliance in the cabinet and connecting it to your network. Caution: Do not attempt in-cabinet repairs of your appliance. The appliance is very heavy! Always use a server lift or work with a partner to install or remove the appliance from the cabinet to perform any maintenance.
Page 70 Figure 44: Connecting the TAP to the network device, switch, and analyzer a. Connect the TX port from your server, firewall, router, or switch to the Link A port on the TAP. b. Connect the TX port from your other switch to the Link B port on the TAP. c.
Page 71: G3-Apex-Ent-32T
G3-APEX-ENT-32T The G3-APEX-ENT-32T is best suited for any data center. Apex technical specifications (page 71) Apex technical specifications Figure 45: G3-APEX-ENT-32T Front Figure 46: G3-APEX-ENT-32T Rear System Deployment Base storage 32 TB Max storage 32 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size...
Page 72: Parts List
Weight (handling) 64 lbs Media Monitoring interfaces Speed Accepted transceivers Performance Aggregate performance Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 3.30A 1262 BTU/hr Operational voltage 120V Power dissipation (watts) 370W Relative humidity (non-condensing) 20-80% Temperature (operating) 50°F - 95°F / 10°C - 35°C...
Page 73: Viavi Rail Kit (G3-Gs Edition)
11. Double-click the Observer icon on the Desktop to start Observer. Your hardware appliance is installed and on your network. VIAVI Rail Kit (G3-GS Edition) This rail kit is for 2U and 4U models that begin with “G3.” Decide on a suitable location for the rack unit that will hold your chassis. It should be a clean, dust-free area that is well ventilated.
Page 74: How To Attach The Rails
“L” (Left side) and "R" (Right side). The rail is on the correct side and mounted correctly if the lettering if face-up. Figure 47: Rail kit inner assemblies VIAVI Rail Kit (G3-GS Edition) GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 75 If desired, use screws (and washers) to secure the outer rails to the rack. 10. Pull out the rear of the outer rail, adjusting the length until it just fits within the posts of the rack. VIAVI Rail Kit (G3-GS Edition) Chapter 1: Appliance installation...
Page 76: How To Install The System Into Your Rack
VIAVI (page 73) Rail Kit (G3-GS Edition) (page 73) How to install the system into your rack VIAVI products are very heavy. Always use a server lift and two people to install the systems. This section provides information on installing a chassis into a rack unit with the rails provided.
Page 77: How To Remove The Server From The Rack
2. Press the release latches on each of the inner rails downward simultaneously and move the chassis forward in the rack. Figure 50: Removing the server from the rack VIAVI (page 73) Rail Kit (G3-GS Edition) (page 73) GS-2P40-576T The GS-2P40-576T is best suited for 40 Gb data centers.
Page 78 Figure 51: GS-2P40-576T Front GS-2P40-576T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 79 Figure 52: GS-2P40-576T Rear System Deployment 40 Gb data center Base storage 576 TB Max storage 1.2 PB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system Windows 2012 R2...
Page 80: Parts List
QSFP+ Accepted transceivers Performance Aggregate performance 40 Gbps Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 19.7A 7385 BTU/hr Operational voltage 120V Power dissipation (watts) 2350W Relative humidity (non-condensing) 20-80% Temperature (operating) 50°F - 95°F / 10°C - 35°C Temperature (storage) -4°F - 149°F / -20°C - 65°C If applicable, mounted weight includes any rail kits.
Page 81: Gs-2P40-576T Installation
1 JBOD Unit ● 1 Rail Kit ● 2 Power supply cables ● Mini-SAS cable(s) ● A box that contains the RAID drives for each JBOD : ♦ 24 RAID drives labeled A2-1-A2-24. ● 24 RAID drives labeled B1-1-B1-24. ● 24 RAID drives labeled B2-1-B2-24.
Page 82 Figure 53: GS-2P40-576T Rear 6. Install the RAID drives (page 172) into your appliance. The RAID is pre-built at the factory for you and each drive must be installed in a very specific location. 7. Connect all power cables for each JBOD unit. Do not turn on yet! 8.
Page 83 Figure 54: Connecting the TAP to the network device, switch, and analyzer a. Connect the TX port from your server, firewall, router, or switch to the Link A port on the TAP. b. Connect the TX port from your other switch to the Link B port on the TAP. c.
Page 84: Gs-2P40-288T
GS-2P40-288T The GS-2P40-288T is best suited for 40 Gb data centers. GS-2P40-288T technical specifications (page 84) GS-2P40-288T technical specifications The technical specifications for the product are shown below. GS-2P40-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 85 Figure 55: GS-2P40-288T Front GS-2P40-288T Chapter 1: Appliance installation...
Page 86 Figure 56: GS-2P40-288T Rear System GS-2P40-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 87 Deployment 40 Gb data center Base storage 288 TB Max storage 1.2 PB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system Windows 2012 R2 Physical Height...
Page 88: Parts List
Parts list Each appliance comes packed in a number of boxes. The boxes contain the various components necessary for a successful installation. The boxes are not numbered as listed here. The numbers merely represent how many boxes you should expect and what is contained in each one. Box 1 ♦...
Page 89 to install or remove the appliance from the cabinet to perform any maintenance. 1. Take the appliance and all other components out of the packing materials. 2. Attach the official rail kits (page 168) to your server rack or cabinet. 3.
Page 90 Figure 57: GS-2P40-288T Rear GS-2P40-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 91 6. Install the RAID drives (page 172) into your appliance. The RAID is pre-built at the factory for you and each drive must be installed in a very specific location. 7. Connect all power cables for each JBOD unit. Do not turn on yet! 8.
Page 92: Gs-8P-576T Technical Specifications
13. Connect a monitor, keyboard, and mouse to the hardware appliance. You can use a switch if desired. (The KVM must be compatible with the operating system used on the appliance.) The user input devices or KVM switch are only temporarily needed to set the IP address, so you can disconnect them after the IP address is set.
Page 93 Figure 59: GS-8P-576T Front GS-8P-576T Chapter 1: Appliance installation...
Page 94 Figure 60: GS-8P-576T Rear System Deployment 40 Gb data center Base storage 576 TB Max storage 1.2 PB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system Windows 2012 R2...
Page 95: Parts List
SFP/SFP+ Accepted transceivers Performance Aggregate performance 40 Gbps Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 19.7A 7385 BTU/hr Operational voltage 120V Power dissipation (watts) 2350W Relative humidity (non-condensing) 20-80% Temperature (operating) 50°F - 95°F / 10°C - 35°C Temperature (storage) -4°F - 149°F / -20°C - 65°C If applicable, mounted weight includes any rail kits.
Page 96: Gs-8P-576T Installation
1 JBOD Unit ● 1 Rail Kit ● 2 Power supply cables ● Mini-SAS cable(s) ● A box that contains the RAID drives for each JBOD : ♦ 24 RAID drives labeled A2-1-A2-24. ● 24 RAID drives labeled B1-1-B1-24. ● 24 RAID drives labeled B2-1-B2-24.
Page 97 Figure 61: GS-8P-576T Rear 6. Install the RAID drives (page 172) into your appliance. The RAID is pre-built at the factory for you and each drive must be installed in a very specific location. 7. Connect all power cables for each JBOD unit. Do not turn on yet! 8.
Page 98 Figure 62: Connecting the TAP to the network device, switch, and analyzer a. Connect the TX port from your server, firewall, router, or switch to the Link A port on the TAP. b. Connect the TX port from your other switch to the Link B port on the TAP. c.
Page 99: Gs-8P-288T Technical Specifications
GS-8P-288T The GS-8P-288T is best suited for 40 Gb data centers. GS-8P-288T technical specifications (page 99) Parts list (page 122) GS-8P-288T (page 123) installation (page 123) GS-8P-288T technical specifications The technical specifications for the product are shown below. Figure 63: GS-8P-288T Front GS-8P-288T Chapter 1: Appliance installation...
Page 100 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 101 GS-8P-288T Chapter 1: Appliance installation...
Page 102 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 103 GS-8P-288T Chapter 1: Appliance installation...
Page 104 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 105 GS-8P-288T Chapter 1: Appliance installation...
Page 106 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 107 GS-8P-288T Chapter 1: Appliance installation...
Page 108 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 109 GS-8P-288T Chapter 1: Appliance installation...
Page 110 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 111 Figure 64: GS-8P-288T Rear GS-8P-288T Chapter 1: Appliance installation...
Page 112 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 113 GS-8P-288T Chapter 1: Appliance installation...
Page 114 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 115 GS-8P-288T Chapter 1: Appliance installation...
Page 116 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 117 GS-8P-288T Chapter 1: Appliance installation...
Page 118 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 119 GS-8P-288T Chapter 1: Appliance installation...
Page 120 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 121 System Deployment 40 Gb data center Base storage 288 TB Max storage 1.2 PB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system Windows 2012 R2 Physical...
Page 122: Parts List
Weight (handling) 80 lbs Media Monitoring interfaces Speed 1/10 Gb SFP/SFP+ Accepted transceivers Performance Aggregate performance 40 Gbps Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 11.60A 4395 BTU/hr Operational voltage 120V Power dissipation (watts) 1399W Relative humidity (non-condensing) 20-80%...
Page 123: Gs-8P-288T Installation
Box 2 ♦ 24 RAID drives labeled A1-1-A1-24. ● TAP media kit(s) (if ordered) ● For each JBOD (2) a box that contains: ♦ 1 JBOD Unit ● 1 Rail Kit ● 2 Power supply cables ● Mini-SAS cable(s) ● A box that contains the RAID drives for each JBOD (2) : ♦...
Page 124 Figure 65: GS-8P-288T Rear GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 125 GS-8P-288T Chapter 1: Appliance installation...
Page 126 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 127 GS-8P-288T Chapter 1: Appliance installation...
Page 128 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 129 GS-8P-288T Chapter 1: Appliance installation...
Page 130 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 131 GS-8P-288T Chapter 1: Appliance installation...
Page 132 GS-8P-288T GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 133 GS-8P-288T Chapter 1: Appliance installation...
Page 134 6. Install the RAID drives (page 172) into your appliance. The RAID is pre-built at the factory for you and each drive must be installed in a very specific location. 7. Connect all power cables for each JBOD unit. Do not turn on yet! 8.
Page 135 11. If you are connecting to SPAN/mirror ports of a network switch: connect a straight-through Ethernet cable from the SPAN/mirror ports on your switch to the SFP transceivers on the capture card. 12. If you are connecting to a network TAP (sold separately): Figure 66: Connecting the TAP to the network device, switch, and analyzer a.
Page 136: Gs-8P-192T Technical Specifications
Your hardware appliance is installed and on your network. Next, give the 10/100/1000 IP address and LOM port address, if using, to the Observer administrator. They need the addresses to add this GigaStor probe to Observer to capture network traffic with a probe instance. GS-8P-192T The GS-8P-192T is best suited for multi-10 Gb data centers.
Page 137 Figure 67: GS-8P-192T Front GS-8P-192T Chapter 1: Appliance installation...
Page 138 Figure 68: GS-8P-192T Rear System Deployment Multi-10 Gb data center Base storage 192 TB Max storage 768 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system Windows 2012 R2...
Page 139: Parts List
Physical Height 10U (2 x 5U) Width 19 in Depth 26 in 216 lbs Weight (mounted) Weight (handling) 80 lbs Media Monitoring interfaces Speed 1/10 Gb SFP/SFP+ Accepted transceivers Performance Aggregate performance 20 Gbps Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select...
Page 140: Gs-8P-192T Installation
1 USB drive containing restore image ● 1 Product Activation Information envelope containing the product ● license 1 Quick Start Guide ● SFP transceivers (if ordered) ● Box 2 ♦ 24 RAID drives labeled A1-1-A1-24. ● TAP media kit(s) (if ordered) ●...
Page 141 Figure 69: GS-8P-192T Rear 6. Install the RAID drives (page 172) into your appliance. The RAID is pre-built at the factory for you and each drive must be installed in a very specific location. 7. Connect all power cables for each JBOD unit. Do not turn on yet! 8.
Page 142 10. Install SFP transceivers (page 179) into the open slots on the back of the capture card(s). 11. If you are connecting to SPAN/mirror ports of a network switch: connect a straight-through Ethernet cable from the SPAN/mirror ports on your switch to the SFP transceivers on the capture card.
Page 143: Gs-8P-96T Technical Specifications
18. (Optional) Change the LOM port (page 176) in the BIOS using a static IP address provided by your network administrator. 19. Double-click the Observer icon on the Desktop to start Observer. Your hardware appliance is installed and on your network. Next, give the 10/100/1000 IP address and LOM port address, if using, to the Observer administrator.
Page 144 Figure 72: GS-8P-96T Rear System Deployment 1 Gb & 10 Gb hybrid data center Base storage 96 TB Max storage 96 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system...
Page 145: Parts List
Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 6.20A 2402 BTU/hr Operational voltage 120V Power dissipation (watts) 765W Relative humidity (non-condensing) 20-80% Temperature (operating) 50°F - 95°F / 10°C - 35°C Temperature (storage) -4°F - 149°F / -20°C - 65°C If applicable, mounted weight includes any rail kits.
Page 146 Caution: Do not attempt in-cabinet repairs of your appliance. The appliance is very heavy! Always use a server lift or work with a partner to install or remove the appliance from the cabinet to perform any maintenance. 1. Take the appliance and all other components out of the packing materials. 2.
Page 147: Gs-4P-32T Technical Specifications
b. Connect the TX port from your other switch to the Link B port on the TAP. c. Use two analyzer cables to connect the analyzer port on the TAP to the SFP transceivers in the capture card. d. If you have more than one TAP to connect, repeat the process for each TAP. 10.
Page 148 Figure 75: GS-4P-32T Rear System Deployment Medium data center Base storage 32 TB Max storage 32 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system Windows 2012 R2 Physical...
Page 149: Parts List
Operational voltage 120V Power dissipation (watts) 330W Relative humidity (non-condensing) 20-80% Temperature (operating) 50°F - 95°F / 10°C - 35°C Temperature (storage) -4°F - 149°F / -20°C - 65°C If applicable, mounted weight includes any rail kits. 1. SFP may be any of Copper 10/100/1000, 1Gb SX/LX. SFP+ may be any of 10Gb SR/LR. QSPF+ may 2. ...
Page 150 2. Attach the official rail kits (page 168) to your server rack or cabinet. 3. Install the empty appliance into your server rack or cabinet. 4. Install the RAID drives (page 172) into your appliance. The RAID is pre-built at the factory for you and each drive must be installed in a very specific location.
Page 151: Gs-4P-16T Technical Specifications
10. Connect a monitor, keyboard, and mouse to the hardware appliance. You can use a switch if desired. (The KVM must be compatible with the operating system used on the appliance.) The user input devices or KVM switch are only temporarily needed to set the IP address, so you can disconnect them after the IP address is set.
Page 152 Figure 78: GS-4P-16T Rear System Deployment Small data center or network edge Base storage 16 TB Max storage 16 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system...
Page 153: Parts List
Operational voltage 120V Power dissipation (watts) 307W Relative humidity (non-condensing) 20-80% Temperature (operating) 50°F - 95°F / 10°C - 35°C Temperature (storage) -4°F - 149°F / -20°C - 65°C If applicable, mounted weight includes any rail kits. 1. SFP may be any of Copper 10/100/1000, 1Gb SX/LX. SFP+ may be any of 10Gb SR/LR. QSPF+ may 2. ...
Page 154 2. Attach the official rail kits (page 168) to your server rack or cabinet. 3. Install the empty appliance into your server rack or cabinet. 4. Install the RAID drives (page 172) into your appliance. The RAID is pre-built at the factory for you and each drive must be installed in a very specific location.
Page 155: Gpa-8P
10. Connect a monitor, keyboard, and mouse to the hardware appliance. You can use a switch if desired. (The KVM must be compatible with the operating system used on the appliance.) The user input devices or KVM switch are only temporarily needed to set the IP address, so you can disconnect them after the IP address is set.
Page 156 System Deployment Small data center Base storage 1 TB Max storage 1 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system Windows 2012 R2 Physical Height...
Page 157: Parts List
Parts list Each appliance comes packed in a number of boxes. The boxes contain the various components necessary for a successful installation. The boxes are not numbered as listed here. The numbers merely represent how many boxes you should expect and what is contained in each one. Box 1 ♦...
Page 158: Gsp-8P-9T
Figure 82: Connecting the TAP to the network device, switch, and analyzer a. Connect the TX port from your server, firewall, router, or switch to the Link A port on the TAP. b. Connect the TX port from your other switch to the Link B port on the TAP. c.
Page 159 Figure 83: GSP-8P-9T Front System Deployment Anywhere Base storage 9 TB Max storage 9 TB Lights Out Management (LOM) Redundant OS drive OS drive hot swappable OS drive size 1 TB RAID drive hot swappable RAID version Rail kit (Model 22113260) Operating system Windows 2012 R2 Physical...
Page 160: About Gsp-8P-9T
Input voltage 100V-240V Auto Select Operational current (amps) 2.80A 1048 BTU/hr Operational voltage 120V Power dissipation (watts) 307W Relative humidity (non-condensing) 20-80% Temperature (operating) 50°F - 95°F / 10°C - 35°C Temperature (storage) -4°F - 149°F / -20°C - 65°C If applicable, mounted weight includes any rail kits.
Page 161: Gsp-8P-9T Installation
Figure 84: Portable Analysis System GSP-8P-9T installation Getting your appliance installed is the first step to greater visibility of your network. This topic covers installing your appliance in the cabinet and connecting it to your network. 1. Take the appliance and all other components out of the packing materials. 2.
Page 162: Gsp-8P-6Tssd
through a sequence and then be dark. Each light only blinks when there is activity for that specific RAID drive. 7. Ensure the time zone settings match your environment. 8. Double-click the Observer icon on the Desktop to start Observer. Your hardware appliance is installed and on your network.
Page 163: About Gsp-8P-6Tssd
29 lbs Weight (mounted) Weight (handling) 52 lbs Media Monitoring interfaces Speed 1/10 Gb SFP/SFP+ Accepted transceivers Performance Aggregate performance 20 Gbps Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 3.40A 1290 BTU/hr Operational voltage 120V Power dissipation (watts)
Page 164: Gsp-8P-6Tssd Installation
Figure 86: Portable Analysis System GSP-8P-6TSSD installation Getting your appliance installed is the first step to greater visibility of your network. This topic covers installing your appliance in the cabinet and connecting it to your network. 1. Take the appliance and all other components out of the packing materials. 2.
Page 165: Apex-Ent-32T
through a sequence and then be dark. Each light only blinks when there is activity for that specific RAID drive. 7. Ensure the time zone settings match your environment. 8. Double-click the Observer icon on the Desktop to start Observer. Your hardware appliance is installed and on your network.
Page 166: Parts List
Width 19 in Depth 26 in 71 lbs Weight (mounted) Weight (handling) 64 lbs Media Monitoring interfaces Speed Accepted transceivers Performance Aggregate performance Power Redundant power supply Input frequency 50/60Hz Input voltage 100V-240V Auto Select Operational current (amps) 3.30A 1262 BTU/hr Operational voltage 120V Power dissipation (watts)
Page 167: Apex-Ent-32T Installation
1 Product Activation Information envelope containing the product ● license 1 Quick Start Guide ● Box 2 ♦ 8 RAID drives labeled A1-A8. ● Before installing, ensure you received all of the parts required for your system. APEX-ENT-32T installation Getting your appliance installed is the first step to greater visibility of your network.
Page 168: Viavi Rail Kit (Gen3 Edition)
Your hardware appliance is installed and on your network. VIAVI Rail Kit (Gen3 Edition) The VIAVI rail kit is used with its 2U and 5U 19 inch rack-mounted appliances in four post L-bracket or U-bracket cabinets. How to install the rails...
Page 169 6. (Optional) Tighten the thumb screws. The rails are installed in your cabinet and ready to receive an Observer Platform appliance. VIAVI (page 168) Rail Kit (Gen3 Edition) (page 168) VIAVI Rail Kit (Gen3 Edition) Chapter 1: Appliance installation...
Page 170: How To Remove Your Appliance From The Rails
3. (Optional) Repeat for the second locking tab. The appliance has been removed from the cabinet. VIAVI (page 168) Rail Kit (Gen3 Edition) (page 168) How to remove the rails from a cabinet Each rail has two rail locks that secure it into your cabinet. These locks must be raised to release the rail from the cabinet.
Page 171: Rail Kit Hardware
The rail has been successfully removed from the cabinet. VIAVI (page 168) Rail Kit (Gen3 Edition) (page 168) Rail kit hardware VIAVI manufactures its rails using high-grade, heavy duty materials. These components comprise the rail kit. The purple-faced GigaStor contains these items. The plastic slides were attached at the factory.
Page 172: Startup And Shutdown (G3-Gs Models)
Startup and shutdown (G3-GS models) There are several procedures to turn on or off your system. First use or power cord plug-in (page 172) After normal shutdown by IPMI or power button After a power loss (page 172) Power down (page 172) First use or power cord plug-in 1.
Page 173 Stickers on each drive identify which slot it should be installed in. The drive labeled 1 must be installed in the upper left slot of the appliance. 1. Make sure that the appliance is turned off. 2. Locate the drives that comprise the array. The drives are labeled to show you where they should be installed in the drive cage.
Page 174: How To Handle Hard Drives Properly
How to handle hard drives properly Be especially careful when handling and installing the hard drives. Proper handling is paramount to the longevity of the drive. The internal mechanism of the hard drive can be seriously damaged if the hard drive is subjected to forces outside its environmental specifications.
Page 175: How To Set The Ip Address (Gs Models)
1. Log in to the Windows operating system using the Administrator account and its default password admin. You can change the Administrator account password after logging in. See the Windows documentation if necessary. 2. In Windows, choose Start > Control Panel > Network and Sharing Center > Change adapter settings.
Page 176: Configuring The Lom Or Ipmi Port
1. Log in to the Windows operating system using the Administrator account and its default password admin. You can change the Administrator account password after logging in. See the Windows documentation if necessary. 2. In Windows, choose Start > Control Panel > Network and Sharing Center > Change adapter settings.
Page 177 Keyboard, monitor, and mouse or KVM attached to the GigaStor ♦ The static station IP, subnet, and gateway/router addresses are available ♦ and known to you. If you want to use Lights Out Management features, you must first configure the IP address for the IPMI port from the BIOS. Then, you should change the administrator password to something different than the default.
Page 178 Figure 98: BIOS IPMI: IP Address configured 7. Press F4 to save your changes and to exit the BIOS setup. The system automatically shuts down and restarts. The IPMI port is now accessible from the IP address you chose. Now you can log on to the IPMI web interface and change the default password.
Page 179: How To Configure The Jbod Ipmi Port (G3-Gs Models)
How to configure the JBOD IPMI port (G3-GS models) The JBOD chassis offers intelligent management with IPMI providing hardware health monitoring and remote power control. Prerequisite(s): Your host computer must be on the same network as the JBOD IMPI interface. If necessary, change your host IP to 192.168.1.10/24.
Page 180 Your transceivers (page 318) can be inserted into any open port and in ♦ any order. You can hot-swap the connected transceivers at any time, but it is ♦ recommended you then re-launch Observer so that the new speeds can be identified.
Page 181 Figure 101: 2U capture card port assignments How to install the SFPs Chapter 1: Appliance installation...
Page 182: Chapter 2: Getting Started
Chapter 2: Getting started Getting started using your GigaStor A GigaStor probe is a hardware device with many terabytes of storage space to capture, store, and analyze your network traffic. Prerequisite(s): Follow these steps to get started with your GigaStor. The installation happens in two main parts.
Page 183 An understanding of the protocols that run on your network. ♦ An understanding of probe instances and why you want to use them. In ♦ particular, a GigaStor is heavily reliant on a unique probe instance called an active instance. . To get started with your GigaStor probe: 1.
Page 184: What Is The Gigastor
Tip! All GigaStor probes come with a capture card. Details about this unique capture card, including physical port indexing or virtual adapters, is covered Hardware configuration (page 317). 8. (Optional) If you want to define the different subnets of your network so that GigaStor can track and report on them, see Defining your subnets in GigaStor (page...
Page 185: Differences Between Gigastor Software Edition And Gigastor
GigaStor The GigaStor Software Edition (GSE) is identical in most ways to a hardware GigaStor purchased from VIAVI. However, there are differences that exist due to GSE naturally lacking GigaStor hardware components like the capture card and high-performance RAID card(s).
Page 186 Table 2. Observer or GigaStor Software Edition in a virtual server Minimum Recommended Processor / CPU Four core Six core Intel Minimum 16 GB (8 GB for 64 GB Observer and 8 GB for the operating system) Storage Packet capture - Hardware: Same Determined by your product Packet capture - GigaStor...
Page 187: Using The Gigastor Control Panel
Maximum storage size is a measure of how much network data (in the form of packets) can be retained by the GigaStor Software Edition before the oldest GigaStor data is removed in a first-in first-out (FIFO) storage scheme. The maximum storage size is not an indication of how much disk space the GigaStor Software Edition will consume on your hard disk.
Page 188 Figure 102: GigaStor Detail and Outline Charts The GigaStor Control Panel shows traffic on a time line graph, allowing you to select packets for decoding, analysis, and display by defining the time period you want to view, and the types of packets you want to include. Use the sliders at the top of the time line chart to select the time period you are interested in analyzing, then click Update Chart and Update Reports to update everything to the new time frame.
Page 189: Non-Gigastor-Specific Settings
Press the Settings button. Under General Options, clear Enable Analysis types for whichever analysis types you do not need. This will remove them from the Reports/Statistics ribbon. Use the left/right arrow on the Reports/Statistics ribbon to move it to the right to see the Maximize button if needed.
Page 190 Figure 104: GigaStor General Options Packet capture and GigaStor buffer size—This only applies to the ● active probe instance. Partial packet capture size—This only applies to the active probe ● instance. GigaStor indexing options—You may need to adjust the indexing ●...
Page 191 PC. There are many reasons why this is not a good idea but, in general, you will see varying amounts of your own data with a protocol analyzer on your own PC. This is due to the architecture of the PC and the inability of Windows to multi- task the receiving and analysis of the data going and coming from the Observer PC.
Page 192 Enable Analysis Choose whether to enable the GigaStor Control Panel to process Types: and display these types of data. By clearing these options, the corresponding tab is hidden in the GigaStor Control Panel and you cannot analyze packets for these data types: Forensic Analysis (uses Snort rules) FIX Analysis: used to process FIX financial transactions.
Page 193: Understanding Gigastor Protocol And Port Settings
makes the charts display every interval in which the bits were present from your packet, not just the first interval. This setting works even if it was not enabled when the packet was captured. It can be enabled later and you will see every interval where a bit was present.
Page 194: Hardening Your Gigastor
at the start of the conversation. If this combination is found, reports show this conversation by protocol name (or custom name), IANA name, or port number (based on statistics lists setting). Otherwise the conversation is not listed. If you try to analyze data prior to the time that this option was enabled, you will not see this data.
Page 195: How To Change The Windows Administrator Password
How to change the Windows administrator password The default Windows administrator user has full permissions and cannot be deleted. For these reasons, change this password as soon as possible, and you should use a very strong password. Caution: Do not forget or lose your new Windows administrator password! It cannot be recovered, and you must reformat the operating system drive.
Page 196 2. Select Change adapter settings on the left. A list of network adapters, including capture cards, is shown. 3. Right-click the management network adapter and choose Properties. The management adapter is used to get the GigaStor onto your network by giving the appliance an IP address.
Page 197: How To Disable Windows Features
Your GigaStor will stop sending NetBIOS requests. Your firewall or network monitor should be able to confirm this. How to disable Windows features Many Windows features run in the background but are not generally needed for your GigaStor. You may disable the features you deem unnecessary. Most Windows features are not needed to read or write data to the RAID drives.
Page 198 Figure 107: Windows Features Only the Windows features you want to use are remain. Hardening your GigaStor GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 199: Chapter 3: Hardware Settings
Chapter 3: Hardware Settings Configuring your GigaStor Learn how to configure packet capture and buffer sizes, define subnets, and change the storage directory where packets and other data is stored. Defining your subnets in GigaStor You can specify subnet properties for the GigaStor to allow for statistical aggregation of devices within the Statistics tabs in GigaStor Control Panel.
Page 200: Configuring The Packet Capture And Gigastor Buffer Size
means that information on the Statistics tab at the bottom of the GigaStor Control Panel is dependent on which physical ports are selected. 2. Click the Settings button. 3. Click the General Options tab. Setting the GigaStor general options (page 189) for a description of each field of the GigaStor General Options tab.
Page 201 2. Click the Folders tab. 3. Change the directory used for packet captures. If you are using a GigaStor hardware appliance, this should always Caution: remain set to D:\DATA. Configuring your GigaStor Chapter 3: Hardware Settings...
Page 202: Chapter 4: About Probe Instances
A probe is a hardware device on your network running VIAVI probe instance software. Each hardware probe has at least one probe instance that captures packets from your network to analyze. The probe hardware device could be an appliance purchased from VIAVI or you could install the probe software on your own hardware.
Page 203: What Is A Probe Instance
Probes monitor the following topologies: 10/100 Mb, 1/10/40 Gb Ethernet (half- and full-duplex) ♦ Wireless ( 802.11 a/b/g/n) ♦ Figure 108 (page 203) shows how probes provide visibility into your network. It may be obvious, but it also shows that you cannot see traffic on portions of your network where you do not have a probe.
Page 204 GigaStor Active GigaStor Passive Observer Probe probe instance probe instance Schedule packet capture Change directories where data is stored Able to set permissions Able to redirect to different analyzer, etc. An Observer probe is the Single Probe, Multi Probe, or Expert Probe software running on a non- 1. ...
Page 205: Which Software Probe Is Right For You
SPAN/mirror port on a switch. The Observer software can handle fast network speeds (including 40 Gigabit), but it is the network adapter that is the bottleneck on home-grown systems. VIAVI uses a custom-designed Introducing Probes Chapter 4: About Probe Instances...
Page 206 ♦ they have local expert analysis and decode capabilities in the probe that allows for remote decoding and expert analysis in real time. The Expert probe software comes pre-installed on most hardware probes from VIAVI. Hardware > GigaStor, Dual port...
Page 207: How Probes Work With Switches
Expert Probe. Simultaneous users are supported when each user has his own probe instance. 2. Only available on hardware probes from VIAVI. 3. Decoding and expert analysis are performed by the probe and a summary is sent to Observer 4. ...
Page 208: Chapter 5: Deploying Probes In Your Network
Chapter 5: Deploying Probes in Your Network Decide how you will best place your probe hardware for maximum visibility. Also learn about the network ports that must be opened on your firewall to allow the probes to operate correctly. Deploying probes in your network You need visibility into every corner of the network, from the edge to the core.
Page 209: Monitoring Half-Duplex And Full-Duplex Ethernet Links
display. Distributed analysis is the only practical way to make different parts of a switched or wireless network visible and therefore manageable. From a single analyzer you can monitor and view traffic from anywhere on the network where a probe has been deployed, from any type of media or topology (Ethernet, wireless, and so on).
Page 210: Monitoring Wireless Traffic
aggregators are designed to connect to a standard NIC, which allows them only one side of the full duplex link to transmit data. A TAP, however, is designed to connect to a dual-receive capture card. By sending data on both sides of the link to the capture card, a TAP has double the transmission capability of the other options, allowing it to mirror both sides of a fully saturated link with no dropped packets and no possibility of degrading switch performance.
Page 211: Ports Used By Observer Platform V17 And Later
Open inbound and outbound TCP 80, 443, and 25901 on your firewalls for Observer Platform products version 17 and later. Port Functionality TCP 80 Requests from product to VIAVI to see if a new version or update exists. TCP 443 Secure web server traffic, including trace extraction between Observer Apex and Observer GigaStor.
Page 212: Ports Used By Observer Products V16 And Earlier
Ports used by Observer products v16 and earlier Observer products v16 and earlier use many ports to communicate. If your environment includes these products, open these ports on your firewalls. Table 5. Ports used by Observer products v16 and earlier Port Functionality TCP 25901...
Page 213: Chapter 6: Packet Captures
Chapter 6: Packet Captures Capturing packets with the GigaStor The GigaStor allows packet captures to be scheduled, trimmed (partial packet captures), and all its data can be exported for archiving. Also learn about GigaStor indexing and the difference between statistics and packets. A Observer GigaStor can accumulate terabytes of stored network traffic.
Page 214: Setting A Schedule For When Data Captures Should Occur
Setting a schedule for when data captures should occur One way to ensure you always have timely packet captures is to schedule them. For example, you may want to automatically start a packet capture at the beginning of business hours each day; you can accomplish this by scheduling your packet captures accordingly.
Page 215: Password Protecting The Ability To Change Partial Packet Capture Size
Forensics may be hindered without full payload data ● Data stream reconstruction may not work ● Most resource intensive capturing ♦ Increases CPU utilization ● To configure the GigaStor probe to trim all packet data beyond the first 64-bytes, choose and then Settings > Capture Options. In that tab, enable Capture Partial Packets (Bytes).
Page 216: Understanding Gigastor Indexing
By default the GigaStor uses a dynamic sampling ratio for statistics. This can be changed in the GigaStor Control Panel > Settings > General tab to a fixed sampling ratio of 1, 100, or whatever you wish. Using dynamic sampling allows the GigaStor to make decisions about how sampling for statistics should be accomplished.
Page 217 Previously indexed data has no effect on any other 15 second interval, ♦ except for the need to see the SYN-SYN/ACK-ACK to begin collecting “new” server data. This means that if in one 15 second period the maximum number of entries was reached and a new conversation is started that continues into the next 15 second interval, there is nothing that prevents the subsequent 15 second interval from beginning to index the new conversation that was not indexed in the previous 15 second...
Page 218: Exporting Gigastor Data For Archiving
The indexed, statistical information that comes from the indexed data is not 100% accurate when compared to packet capture. More importantly, it is not intended to be. It is, however, statistically accurate. When the GigaStor attempts to analyze a packet to index, it does not analyze the packet if the packet is being analyzed by a different portion within Observer, such as Network Trending.
Page 219 8. (Optional) Choose if you want to have Observer write a progress status every 30 seconds to the Log window. 9. Click OK. Capturing packets with the GigaStor Chapter 6: Packet Captures...
Page 220: Chapter 7: Mining Gigastor Data
Chapter 7: Mining GigaStor Data Mining data from your GigaStor Retrieving data from GigaStor and analyzing it is a primary function of the GigaStor Control Panel. You can use the information in the packet capture to identify numerous network conditions. By using filters and a specific analysis type, you can hone in on the exact information you want.
Page 221 This option: Allow you to do this: of the screen, but without using any filter. See Analyzing data without any filters (page 225). Select an existing Takes all packets in the selected time frame on the Detail Chart filter and analyzes it using the analysis type chosen at the bottom of the screen and applies the filter you select (after clicking OK).
Page 222 This option: Allow you to do this: Forensic analysis Allows you to choose a profile where you have defined which Snort rules you want to use. The results are displayed on the Forensic Analysis tab in the GigaStor Control Panel. If you chose "Expert analysis and decode"...
Page 223: Selecting A Time Frame To Analyze
This option: Allow you to do this: Third Party Decoder Observer allows you to use other software to view packet decodes if you wish. You might do this because the other tool's interface or workflow. This option is only available if the Third Party Decoder option has already been enabled in and click the Third Party Decoder tab.
Page 224 Figure 111: Trailer Timestamp Settings 4. In Timestamp type, choose your switch aggregator. Timestamp types (page 224) 5. Choose what filters to apply. Trailer filters (page 225) The Decode pane displays packets in the sorted (and filtered) order based on your chosen switch aggregator.
Page 225: Analyzing Data Without Any Filters
Trailer filters Trailer filters allow you to exclude or include packets from your switch aggregator based on where the trailer occurs and other location-specific information. Trailer level Use when multiple timestamps are found in a packet to identify which timestamp to use. The levels are identified starting at the end of the packet.
Page 226: Analyzing Data With Filters From The Gigastor Control Panel
Analyzing data with filters from the GigaStor Control Panel You may want to filter the data that is shown on the Detail Graph. You can do so with the filters section of the GigaStor Control Panel. You can filter data from MAC Stations tab, IP Stations tab, IP Pairs tab, and more.
Page 227: Analyzing Data By Combining Gigastor Control Panel And Observer Filters
Analyzing data by combining GigaStor Control Panel and Observer filters If you chose “Create analysis filter using checked GigaStor entries” Tip! and do not have any data or do not have the data you expected, it may be because you applied too many filters. Try the “Analyze all traffic in the analysis interval”...
Page 228: Understanding Gigastor Accelerated Analysis
17.2.0.0, it remains enabled at all times. No special or extra hardware is required for accelerated analysis to operate. This means both the GigaStor hardware appliances from VIAVI and GigaStor Software Edition on your own hardware can all use accelerated analysis. Likewise, the speed increase from accelerated analysis works on active instances and their passive instances.
Page 229: Filter Elements That Support Accelerated Analysis
Filter elements that support accelerated analysis GigaStor accelerated analysis supports single and multiple-element data extraction filters. If at least one of these listed element configurations is in your analysis filter, then accelerated analysis is possible. Accelerated analysis occurs when your GigaStor extraction filter has at least one of these filter elements.
Page 230: Chapter 8: Stream Reconstruction
Note: Stream reconstruction (including VoIP) is illegal in some jurisdictions and may be disabled by VIAVI to comply with those laws. The process described here is for reconstructing HTTP, but the process is the same for other applications, except instep 6 you would choose the appropriate menu option.
Page 231: Defining What Can Be Recreated In Stream Reconstruction
Note: Stream reconstruction (including VoIP) is illegal in some jurisdictions and may be disabled by VIAVI to comply with those laws. For security or privacy reasons or because of company policy, you may need to limit what the GigaStor probe can recreate through its stream reconstruction feature.
Page 232 Option Description A --> B Extract call(s) with pattern A in the SIP “From” field and pattern B is in a SIP “To” field. Call-ID Extract call(s) with the specified pattern in the SIP “Call-ID” field. 5. (Optional) Enable one or more search pattern modifiers: Use regular expression(s)—Perl 5 regular expressions.
Page 233: Chapter 9: Forensic Analysis
Chapter 9: Forensic Analysis Examining your network traffic with forensic analysis Forensic Analysis is a powerful tool for scanning high-volume packet captures for intrusion signatures and other traffic patterns that can be specified using the familiar Snort rule syntax. Network forensics is the idea of being able to resolve network problems through captured network traffic.
Page 234: Importing Snort Rules
Importing Snort rules After getting the Snort rules from http://www.snort.org, follow these steps to import them into Observer. 2. Click the Forensic Analysis tab. 3. Right-click anywhere on the Forensic Analysis tab and choose Forensic Settings from the menu. The Select Forensic Analysis Profile window opens. 4.
Page 235: Creating A Forensic Settings Profile
be available from the right-click menu. You can also jump to the Decode display of the packet that triggered the alert. Creating a Forensic Settings profile Forensics profiles provide a mechanism to define and load different pairings of settings and rules profiles. Settings profiles define pre-processor settings that let you tune performance;...
Page 236 Table 7. Forensic Settings options Field Description Settings Profile Settings Profiles provide a mechanism to save and load different preprocessor settings, and share them with other Observer. IP Flow Packets belong to the same IP flow if they share the same layer 3 protocol, and also share the same source and destination addresses and ports.
Page 237 Field Description TCP Stream Log preprocessor events—Checking this box causes forensic Reassembly analysis to display all activity generated by the TCP stream (Continued) assembly preprocessor to the log. Maximum active TCP streams tracked—If this value is set too high given the size of the buffer being analyzed, performance can suffer because of memory consumption.
Page 238 Field Description packet sizes for stream reassembly. Running the analysis with a different seed value can catch signature matches that would otherwise escape detection. Port List—Enabling the Port List option limits analysis to (or excludes from analysis) the given port numbers. HTTP URI Many HTTP-based attacks attempt to evade detection by Normalization...
Page 239 Field Description Normalize directory traversal—Directory traversal attacks attempt to access unauthorized directories and commands on a web server or application by using the /./ and /../ syntax. This preprocessor removes directory traversals and self-referential directories. You may want to disable logging for occurrences of this, as many web pages and applications use directory traversals to reference content.
Page 240: Using Network Forensics To Track A Security Breach
Field Description monitored. For example, the VRT rules define HTTP servers as any, which results in much unnecessary processing at runtime. Address variables can reference another variable, or specify an IP address or class, or a series of either. Note that unlike native Snort, Observer can process IPv6 addresses.
Page 241: Using Network Forensics To Track Acceptable Use Or Compliance
Stream reconstruction (including VoIP) is illegal in some jurisdictions Note: and may be disabled by VIAVI to comply with those laws. Your company likely has an “acceptable use” policy for its network. As a network administrator, you may be asked to track a specific person's internet use. The...
Page 242: Chapter 10: Microbursts
Chapter 10: Microbursts Searching for microbursts For a computer network, a microburst is an unusually large amount of data in a short time frame that saturates your network and adds to latency. These bursts are seen as a spike over normal traffic when viewed on a graph. They are usually less than one millisecond long (or even shorter), and they typically occur during high traffic volume, such as after a major news event or announcement when many people are using the network simultaneously.
Page 243 when a microburst occurs, packets may be dropped, which causes them to be retransmitted and that takes several milliseconds—nearly doubling the time to complete the transaction. A 1-millisecond advantage in trading applications can be worth $100 million a year to a major brokerage firm. To prevent data loss because of microbursts, design your network so that its capacity can withstand the highest possible burst of activity in whatever a time frame you deem important (perhaps millisecond).
Page 244: Using The Microburst Analysis Tab In The Gigastor Control Panel
Using the Microburst Analysis tab in the GigaStor Control Panel To search for microbursts across a large time frame (greater than 15 minutes) you must use the Microburst Analysis tab. The Microburst Analysis tab shows you the number of microbursts Observer found in the time frame you selected.
Page 245 changes, the graphs change. Change only one option at a time, then view your changes. Screen resolution (Interval/Total Time): The screen resolution is two numbers that define the length of time shown in the Detail Chart. The first number is the interval length, which when looking at a bar chart, is each bar. The second number is the total time of all of the intervals on the chart, although if an interval does not have any bursts the interval will not have a bar.
Page 246 connections.) For this reason, you will likely see fewer microbursts than when any of the Full Duplex options are selected because the utilization threshold is higher. Note: The Data type option is unavailable when doing Microburst analysis because Microburst analysis shows the number of times or percentage of time when a microburst occurs within a duration and utilization threshold.
Page 247 Interval Interval Interval Duration Duration Duration 1,2,3 Util Util Util 5 ms 1,2,3 1,3, 1,3,4 1,3,4 1,2,4, 1,2,4 1,2,4 µs µs # of packets in 20.319 20.319 20.319 20.319 2.032 0.203 4.064 20.319 36.573 Duration Frame size is 1514, Frame bits are 12,304, Capture adapter speed is 1 Gb, and Network utilization is 1. ...
Page 248: Chapter 11: Charts, Graphs, And Reports
Chapter 11: Charts, Graphs, and Reports Configuring options for the GigaStor charts, graphs, and reports When updating charts and reports, keep in mind that the GigaStor Control Panel uses statistics, not packets. The indexing maximums and sampling ratio for statistics are configured in Setting the GigaStor general options (page 189) and affect what appears on the charts and reports.
Page 249: Chapter 12: Gigastor In Financial Firms
Chapter 12: GigaStor in Financial Firms Using Observer in financial firms In an environment where even nanoseconds matter, a GigaStor allows you to identify when an anomaly in your network occurs and alerts you to it so that you can resolve it quickly. If you are a network administrator in a financial or trading firm, small amounts of time can mean the difference between making or losing money or making money versus making a lot of money.
Page 250: Analyzing Fix Transactions
that no trade or the wrong trade is placed. To partially overcome this weakness with UDP, multicast streams almost always use sequence numbers within their payload to allow detection of these events. As a network administrator in a trading firm, you likely monitor these sequence numbers quite closely looking for gaps in the numbers.
Page 251: Configuring A Fix Profile
Outside of the GigaStor Control Panel, these other areas may be valuable for you when you are analyzing FIX transactions: Decode and Analysis in Observer—Allows you to decode and analyze ♦ the raw FIX information and presents it in an easy to read format. In the Decode and Analysis tab you can use filters and do post-capture analysis on specific FIX transactions that have issues.
Page 252 This option… Allow you to do this… Ignore duplicate If selected, duplicate requests are ignored. This is the default requests setting. If unchecked, duplicate requests may be present in the analysis and reduces the number of unique requests in the tracked requests.
Page 253: Chapter 13: Gigastor Raid Wiping And Rebuilding
Chapter 13: GigaStor RAID Wiping and Rebuilding You can delete and rebuild the RAID using the GigaStor Control Panel, the RAID controller card software, and Windows. You can also set up RAID notifications. GS-2P40-576T Sensitive network traffic is stored on your GigaStor. You can permanently delete this data before sending for maintenance-plan repairs or before decommissioning an old GigaStor hardware unit.
Page 254: How To Delete Saved Network Data
6. Disable the Recycle Bin in Windows for each RAID volume. 7. Create new data folders for network storage on the RAID. 8. Configure the GigaStor Control Panel to use additional volumes. Completing the above operations will ensure that the previously captured data, which was saved in the GigaStor RAID, is deleted in such a way that a future data recovery operation would be nearly impossible.
Page 255 Delete the existing RAID set or sets and rebuild again for future use. 1. In Windows, open the program MRAID > ArcHttpSrvGui. The program starts, but it immediately minimizes to the Windows taskbar. 2. Find the icon in the taskbar, and double-click the icon to view the Areca RAID application in a web browser.
Page 256: How To Build New Raid Sets
a. In the leftmost panel, select Raid Set Functions > Delete RAID Set. b. Select the Confirm box, and click Submit. c. Repeat the process of selecting a RAID set from the list and deleting its RAID set—until all RAID sets are deleted. 8.
Page 257: How To Stripe The Volumes In Windows
6. Select Confirm the Operation, and click Submit Initialization of the RAID should now begin. 7. Repeat steps step 2 through step 5 on the other two RAID controllers (each is named ARC-1883X Web Management). The RAID sets are now initializing, and this can last many hours. Return to the instructions when all initializations are finished.
Page 258 c. Divide the number of megabytes shown in Maximum available size in MB by two. “Maximum available size in MB”/2 = megabytes per partition You are just calculating a value for use in Select the amount of space in d. Type the calculated number of megabytes in the Select the amount of space in MB box.
Page 259: How To Disable The Recycle Bin For Raid
12. Perform a quick format with these settings and values, and click Next. File system — NTFS ● Allocation unit size — Default ● Volume label — Data ● Perform a quick format — Enabled ● 13. Click Finish. After a few seconds, the E: drive should now be available to Windows. You successfully prepared the disk volumes in Windows.
Page 260: Gs-2P40-288T
Prerequisite: Expert Probe The maximum NTFS disk volume is 256 TB, but with a GigaStor you can have more storage than that by using the expanded disk arrays or striping through Windows. 1. On the GigaStor probe, click the GigaStor Instances tab. 2.
Page 261: How To Reformat The Raid Volume
Note: If you use multiple active instances, which is not recommended, you must repeat these steps for each active instance. To delete the GigaStor saved data captured by an active instance: 2. Click Tools > Delete All Instance Capture Data, and select Yes in the resulting dialog box.
Page 262 Figure 117: Viewing the application 3. In the leftmost panel, access the first RAID controller by expanding the SAS Raid Controllers list and clicking the first link named ARC-1883X Web Management. You might be asked for credentials during this step, unless you have an active session already.
Page 263: How To Build New Raid Sets
b. Select the Confirm box, and click Submit. Each RAID set has been fully deleted from the GigaStor unit. How to build new RAID sets Create a new RAID array set in the Areca interface, and then prepare the new volume in Windows so it can be read and written to.
Page 264: How To Stripe The Volumes In Windows
How to stripe the volumes in Windows After you create RAID sets and volumes, you must format the disk partitions as NTFS in Windows. This allows Windows to see the disk drives and you to assign drive letters. 1. Only after initialization is complete for all RAID controllers, proceed to Control Panel >...
Page 265: How To Disable The Recycle Bin For Raid
How to disable the Recycle Bin for RAID The Windows Recycle Bin holds deleted files that can be restored, but this consumes valuable disk space. Disable the Recycle Bin for RAID drives to ensure RAID disk space is never used for this purpose. To delete 1.
Page 266: How To Delete Saved Network Data
3. Within the Areca RAID Controller user interface, delete the existing RAID sets and D: volume. 4. Within the Areca RAID Controller user interface, create new RAID sets for immediate or future use. 5. Stripe the volumes using the Windows Disk Management tool. 6.
Page 267: How To Delete Raid Sets
How to delete RAID sets Use the Areca user interface to delete the existing RAID set from your GigaStor appliance. Delete the existing RAID set or sets and rebuild again for future use. 1. In Windows, open the program MRAID > ArcHttpSrvGui. The program starts, but it immediately minimizes to the Windows taskbar.
Page 268: How To Build New Raid Sets
6. Repeat the process of selecting a RAID set from the list and deleting its RAID set—until all RAID sets are deleted. 7. Return to the original page, and click the second link named ARC-1883X Web Management to access the second RAID controller and delete its RAID sets. a.
Page 269: How To Stripe The Volumes In Windows
Tagged Command Queueing — Enabled ● SCSI Channel — 0:0:0 ● Volumes To Be Created — 1 ● 6. Select Confirm the Operation, and click Submit Initialization of the RAID should now begin. 7. Repeat steps step 2 through step 5 on the other two RAID controllers (each is named ARC-1883X Web Management).
Page 270 a. Move Disk 1, Disk 2, and Disk 3 from the Available section (on the left) to the Selected section (on the right). b. Take note of the number of megabytes shown in Maximum available size in MB. c. Divide the number of megabytes shown in Maximum available size in MB by two.
Page 271: How To Disable The Recycle Bin For Raid
b. Type the calculated number of megabytes in the Select the amount of space in MB box. c. Click Next. 11. Assign drive letter E, and click Next. 12. Perform a quick format with these settings and values, and click Next. File system —...
Page 272: How To Use Additional Storage Volumes On The Gigastor Active Instance
How to use additional storage volumes on the GigaStor active instance When expanding your RAID array beyond 256 TB of usable disk space, you must add the additional volumes to your GigaStor active instance. Prerequisite: Expert Probe The maximum NTFS disk volume is 256 TB, but with a GigaStor you can have more storage than that by using the expanded disk arrays or striping through Windows.
Page 273: How To Delete Saved Network Data
How to delete saved network data Use the GigaStor Control Panel to delete the data collected on the active instance(s) on the GigaStor. Note: If you use multiple active instances, which is not recommended, you must repeat these steps for each active instance. To delete the GigaStor saved data captured by an active instance: 2.
Page 274 Figure 124: Viewing the application 3. In the leftmost panel, access the first RAID controller by expanding the SAS Raid Controllers list and clicking the first link named ARC-1883X Web Management. You might be asked for credentials during this step, unless you have an active session already.
Page 275: How To Build New Raid Sets
b. Select the Confirm box, and click Submit. Each RAID set has been fully deleted from the GigaStor unit. How to build new RAID sets Create a new RAID array set in the Areca interface, and then prepare the new volume in Windows so it can be read and written to.
Page 276: How To Stripe The Volumes In Windows
How to stripe the volumes in Windows After you create RAID sets and volumes, you must format the disk partitions as NTFS in Windows. This allows Windows to see the disk drives and you to assign drive letters. 1. Only after initialization is complete for all RAID controllers, proceed to Control Panel >...
Page 277: How To Disable The Recycle Bin For Raid
How to disable the Recycle Bin for RAID The Windows Recycle Bin holds deleted files that can be restored, but this consumes valuable disk space. Disable the Recycle Bin for RAID drives to ensure RAID disk space is never used for this purpose. To delete 1.
Page 278: How To Delete Saved Network Data
3. Within the Areca RAID Controller user interface, delete the existing RAID sets and D: volume. 4. Within the Areca RAID Controller user interface, create new RAID sets for immediate or future use. 5. Stripe the volumes using the Windows Disk Management tool. 6.
Page 279: How To Delete Raid Sets
How to delete RAID sets Use the Areca user interface to delete the existing RAID set from your GigaStor appliance. Delete the existing RAID set or sets and rebuild again for future use. 1. In Windows, open the program MRAID > ArcHttpSrvGui. The program starts, but it immediately minimizes to the Windows taskbar.
Page 280: How To Build New Raid Sets
5. Select the Confirm box, and click Submit. 6. Return to the original page, and click the SAS Raid Controllers link named ARC-1883IX-24 Web Management or similar link to access the last RAID controller and delete its RAID set. a. In the leftmost panel, select Raid Set Functions > Delete RAID Set. b.
Page 281: How To Stripe The Volumes In Windows
How to stripe the volumes in Windows After you create RAID sets and volumes, you must format the disk partitions as NTFS in Windows. This allows Windows to see the disk drives and you to assign drive letters. 1. Only after initialization is complete for all RAID controllers, proceed to Control Panel >...
Page 282: How To Disable The Recycle Bin For Raid
How to disable the Recycle Bin for RAID The Windows Recycle Bin holds deleted files that can be restored, but this consumes valuable disk space. Disable the Recycle Bin for RAID drives to ensure RAID disk space is never used for this purpose. To delete 1.
Page 283: How To Delete Saved Network Data
3. Within the Areca RAID Controller user interface, delete the existing RAID sets and D: volume. 4. Within the Areca RAID Controller user interface, create new RAID sets for immediate or future use. 5. Stripe the volumes using the Windows Disk Management tool. 6.
Page 284: How To Delete Raid Sets
How to delete RAID sets Use the Areca user interface to delete the existing RAID set from your GigaStor appliance. Delete the existing RAID set or sets and rebuild again for future use. 1. In Windows, open the program MRAID > ArcHttpSrvGui. The program starts, but it immediately minimizes to the Windows taskbar.
Page 285: How To Build New Raid Sets
Each RAID set has been fully deleted from the GigaStor unit. How to build new RAID sets Create a new RAID array set in the Areca interface, and then prepare the new volume in Windows so it can be read and written to. Prerequisite(s): ...
Page 286: How To Disable The Recycle Bin For Raid
3. Right-click Disk 1 again, select New Simple Volume, and click Next. 4. Assign drive letter D, and click Next. 5. Perform a quick format with these settings and values, and click Next. File system — NTFS ● Allocation unit size — Default ●...
Page 287: How To Delete Saved Network Data
Prerequisite(s): These tasks require a hardware appliance GigaStor. These steps cannot be followed for the GigaStor Software Edition. In performing a full deletion of the data available on the GigaStor RAID, the following steps should be completed in the following order across the GigaStor Control Panel, Windows, and Areca RAID Controller.
Page 288: How To Delete Raid Sets
2. Right-click the D: drive and select Format. 3. Choose either a quick format or full format. Do one of the following only: For a quicker disk operation and less data security, ensure the Quick ● Format option is selected and click Start. For a slower disk operation and more data security, clear (disable) the ●...
Page 289: How To Build New Raid Sets
Figure 133: RAID Controller (Example) 4. In the leftmost panel, select Raid Set Functions > Delete RAID Set. 5. Select the Confirm box, and click Submit. Each RAID set has been fully deleted from the GigaStor unit. How to build new RAID sets Create a new RAID array set in the Areca interface, and then prepare the new volume in Windows so it can be read and written to.
Page 290: How To Stripe The Volumes In Windows
Tagged Command Queueing — Enabled ● SCSI Channel — 0:0:0 ● Volumes To Be Created — 1 ● 5. Select Confirm the Operation, and click Submit Initialization of the RAID should now begin. The RAID sets are now initializing, and this can last many hours. Return to the instructions when all initializations are finished.
Page 291: How To Create Folders For The Raid Drives
How to create folders for the RAID drives Create a folder for network data to be stored. By default, the GigaStor Control Panel saves to a specific directory name on the RAID volumes, so make sure the folder is available for each volume. To create folders on your new RAID for the GigaStor appliance to save network data to, do the following: 1.
Page 292: How To Delete Saved Network Data
How to delete saved network data Use the GigaStor Control Panel to delete the data collected on the active instance(s) on the GigaStor. Note: If you use multiple active instances, which is not recommended, you must repeat these steps for each active instance. To delete the GigaStor saved data captured by an active instance: 2.
Page 293: How To Build New Raid Sets
Figure 134: Viewing the application 3. In the leftmost panel, access the RAID controller by expanding the SAS Raid Controllers list and clicking the link named ARC-1883IX-24 Web Management. You might be asked for credentials during this step, unless you have an active session already.
Page 294: How To Stripe The Volumes In Windows
By following these steps, all RAID sets and volumes are made. Part of this process includes foreground initialization that prohibits you from interacting with RAID sets before initialization completes. It can take many hours for initialization to complete, and during that time the RAID is not available. To build new RAID sets: 1.
Page 295: How To Disable The Recycle Bin For Raid
Perform a quick format — Enabled ● 6. Click Finish. After a few seconds, the D: drive should now be available to Windows. You successfully prepared the disk volumes in Windows. Windows can now read and write to these RAID disk drives. How to disable the Recycle Bin for RAID The Windows Recycle Bin holds deleted files that can be restored, but this consumes valuable disk space.
Page 296: How To Delete Saved Network Data
Tip! These instructions are for a specific GigaStor model. See a full listing at GigaStor (page 253) RAID Wiping and Rebuilding (page 253). 1. Within the Observer application, delete the GigaStor saved data on the Active Instance. 2. Within Windows, perform a disk format of the D: volume. 3.
Page 297: How To Delete Raid Sets
For a slower disk operation and more data security, clear (disable) the ● Quick Format option and click Start. The D: disk drive volume is now being reformatted. This either deletes and recreates the file system structure only (quick format), or it overwrites all data on the volume with empty bits (non-quick format).
Page 298: How To Build New Raid Sets
Figure 137: RAID Controller (Example) 4. In the leftmost panel, select Raid Set Functions > Delete RAID Set. 5. Select the Confirm box, and click Submit. Each RAID set has been fully deleted from the GigaStor unit. How to build new RAID sets Create a new RAID array set in the Areca interface, and then prepare the new volume in Windows so it can be read and written to.
Page 299: How To Stripe The Volumes In Windows
Tagged Command Queueing — Enabled ● SCSI Channel — 0:0:0 ● Volumes To Be Created — 1 ● 5. Select Confirm the Operation, and click Submit Initialization of the RAID should now begin. The RAID sets are now initializing, and this can last many hours. Return to the instructions when all initializations are finished.
Page 300: How To Create Folders For The Raid Drives
How to create folders for the RAID drives Create a folder for network data to be stored. By default, the GigaStor Control Panel saves to a specific directory name on the RAID volumes, so make sure the folder is available for each volume. To create folders on your new RAID for the GigaStor appliance to save network data to, do the following: 1.
Page 301: How To Delete Saved Network Data
How to delete saved network data Use the GigaStor Control Panel to delete the data collected on the active instance(s) on the GigaStor. Note: If you use multiple active instances, which is not recommended, you must repeat these steps for each active instance. To delete the GigaStor saved data captured by an active instance: 2.
Page 302: How To Build New Raid Sets
Figure 138: Viewing the application 3. In the leftmost panel, access the RAID controller by expanding the SAS Raid Controllers list and clicking the link named ARC-1883IX-24 Web Management. You might be asked for credentials during this step, unless you have an active session already.
Page 303: How To Stripe The Volumes In Windows
By following these steps, all RAID sets and volumes are made. Part of this process includes foreground initialization that prohibits you from interacting with RAID sets before initialization completes. It can take many hours for initialization to complete, and during that time the RAID is not available. To build new RAID sets: 1.
Page 304: How To Disable The Recycle Bin For Raid
Perform a quick format — Enabled ● 6. Click Finish. After a few seconds, the D: drive should now be available to Windows. You successfully prepared the disk volumes in Windows. Windows can now read and write to these RAID disk drives. How to disable the Recycle Bin for RAID The Windows Recycle Bin holds deleted files that can be restored, but this consumes valuable disk space.
Page 305: How To Monitor The Raid Drives Through Email Notifications
RAID. You could lose data stored on the array or reduce its performance if a mistake is made. VIAVI uses a third party monitoring tool to monitor the RAID array developed by Areca. With it, you can be notified by email if there is an issue with the RAID array.
Page 306 Figure 141: RAID array email notifications 4. Complete the page with the details for your SMTP server, email addresses to send to, and the type of notifications to send. 5. Select Confirm The Operation, and click Submit. 6. Close the web browser and minimize the Areca application to the taskbar. Now that email notifications are set up, your configured recipients are sent an email message any time a new RAID issue occurs.
Page 307: Chapter 14: Understanding How A Probe Uses Ram
Chapter 14: Understanding How a Probe Uses RAM How a probe uses RAM A Windows computer uses Random Access Memory (RAM) as a form of temporary data storage. Windows separates all available memory into three sections: protected memory, user memory, and reserved memory. An Observer probe, depending on how it is configured, uses these types of memory differently.
Page 308 so that the probe runs efficiently and leaves the protected memory for the operating system and other programs to use. Packet captures are always written sequentially from the first open byte of RAM in reserved memory or in Windows protected memory. They are written until all available space is used.
Page 309: Packet Capture Buffer And Statistics Buffer
Figure 143: How to resize various memory options Packet capture buffer and statistics buffer There are two kinds of buffers that a probe uses to store data in real-time: capture buffers and statistical buffers. The capture buffer stores the raw data captured from the network while the statistical buffer stores data entries that are snapshots of a given statistical data point.
Page 310: Running Observer Without Reserved Memory
Observer to be configured for your system. This section does not apply to the GigaStor or other hardware Note: products from VIAVI. They are properly configured at the factory. Tip! If you need more RAM for the statistics queue buffer, you may need to lower the amount of RAM dedicated to packet capture so that it is freed and available to add to the statistics queue.
Page 311 Single Probes, unlike Multi-Probes and Expert Probes, cannot use reserved memory because of their design. By default, 16 megabytes is available for the Packet Capture and Statistics Queue buffer. Single Probes have a maximum of 52 megabytes that can be assigned from the Windows memory pool. Because of the Windows memory pool constraint, Single Probes are limited to a Packet capture buffer maximum of 72 megabytes, assuming you set the Statistics queue buffer to its minimum (12 megabytes).
Page 312: Running Observer With Reserved Memory
Observer to be configured for your system. Caution: Never change the reserved memory settings of VIAVI hardware unless VIAVI instructs you do so. Reserved memory settings should only be modified on non-VIAVI hardware, such as a desktop computer running Observer.
Page 313: How Packet Capture Affects Ram
any memory for Observer. To capture packets on 64-bit Windows install either more than or less than 4 GB of RAM. 32-bit operating systems do not support more than 4 GB of RAM. Observer cannot use any RAM 2. above 4 GB. 1.
Page 314 Figure 145: How packets move through Observer’s memory The capture card receives data off the network. ♦ The capture card passes data into RAM. In the RAM it goes into the packet ♦ capture buffer and the statistics queue buffer. The statistics queue buffer passes the information to the statistics ♦...
Page 315: How To Allocate The Reserved Ram
100 MB allocated to the capture buffer of any probe instance that is bound to the capture card. Allocating less than 100 MB to a probe instance monitoring a VIAVI capture card may cause instability. If you are using any hardware accelerated probe instance, you must have ♦...
Page 316 minimum, but consider substantially raising this amount. The more RAM that you can allocate to packet capture and statistics, the better your GigaStor probe will perform. When using multiple probe instances on a GigaStor, ensure that only one ♦ probe instance is associated with the capture card. (If you are using virtual adapters to monitor disparate networks, then you may have more than one active instance bound to the capture card.) For performance reasons, all other probe instances should be associated with a different network...
Page 317: Chapter 15: Gen3 Capture Card
Observer/GigaStor. Understanding the capture card The Gen3 capture card is designed and manufactured exclusively by VIAVI. This capture card is optimized for the Observer Platform and comes pre-installed in many GigaStor hardware and probe appliances.
Page 318: Supported Qsfp+/Sfp/Sfp+ Media Types
For fiber optic connections that require a splitter: these steps assume you are using the VIAVI optical Y-splitter cable, as it is unable to inject light back into the upstream network link and the provided steps assume the cable is being used. If...
Page 319 To configure the capture card to properly connect to a network device: 1. In your version of Windows, open Device Manager. 2. In the tree on the right, expand Viavi Solutions Inc. Capture Adapters. 3. Right-click the capture card entry and choose Properties.
Page 320 Figure 146: Capture card Advanced Properties Each configured and cabled capture card port to your device(s) should establish a working connection. When to use a SPAN/mirror port The advantage of using a SPAN/mirror port is its cost, as a SPAN/mirror port is included for free with nearly every managed switch.
Page 321: Software Configuration
Reconstructs an integrated data stream from the two channels ♦ Routes the integrated signal to the send channel of the SPAN/mirror port ♦ Each of these activities burdens the switch’s internal processor. These demands on the switch’s CPU have implications for both your monitoring equipment and general network performance.
Page 322 To view the Gen3 capture card properties: 1. In your version of Windows, open Device Manager. 2. In the tree on the right, expand Viavi Solutions Inc. Capture Adapters. 3. Right-click the capture card entry and choose Properties. The Gen3 capture card device properties window is now visible.
Page 323: How To Create Virtual Adapters
Figure 147: Gen3 capture card properties Capture card device properties (page 335) for more explanation of the capture card properties in Windows Device Manager. How to create virtual adapters By default, Observer recognizes a Gen3 capture card as a single network adapter. However, you can make multiple clones of the capture card, called virtual adapters, and use each independently.
Page 324 To create a virtual adapter: 1. In Observer, right-click the Gen3 capture card-equipped probe instance from the probe list, and click Probe or Device Properties. A Gen3 capture card-equipped probe instance shows (Gigabit) or similar after the name. 2. Click the Virtual Adapters tab. Figure 148: Virtual Adapters tab 3.
Page 325: How To Remove Duplicate Packets In Real Time
5. Select physical ports from the Available Ports list, and click Add. You can select more than one physical port by holding CTRL as you click. 6. (Optional) If this virtual adapter should operate during certain days and times only, select Schedule virtual adapter ports and follow the prompts. (Optional) If you choose to set a schedule for your virtual adapter, the remaining steps in this procedure may not be followable as written.
Page 326: How To Assign Physical Ports To Probe Instances
Figure 149: Skip Duplicate Packets Using Hardware Accelerated Capture Adapter 6. (Optional) Select how duplicate packets are recognized by the Gen3 capture card and click OK. Example: (Optional) For example, by selecting Examine IP time to live (TTL), the packet time to live is considered when determining a duplicate packet.
Page 327 SFPs separately from others, then you can use virtual adapters to assign specific physical ports to probe instances. Prerequisite(s): Your hardware appliance must have one of the following: Gen2 capture card ♦ Gen3 capture card ♦ For example, suppose you are deploying an 8-port Gen3 capture card as follows: Ports 1-4 are monitoring a collection of trunked links ♦...
Page 328 Figure 150: Virtual Adapters tab 3. Select a virtual adapter, and click Edit Adapter. 4. Select physical ports from the Available Ports list, and click Add. You can select more than one physical port by holding CTRL as you click. 5.
Page 329: How To Change The Monitored Network Adapter
This section applies to all probes and all versions of them, including Single Probe, Multi Probe, and Expert Probe on VIAVI or third party hardware. Note: If you have a network card in your system, but it is not being seen...
Page 330: How To Enable Hardware Acceleration
Note: When allocating memory for any probe instance with the VIAVI capture card as the chosen adapter, at least 80 MB of memory must be allocated to both the capture buffer and statistics queue buffers. Failure to do so will result in the inability to capture data.
Page 331 Prerequisite(s): To complete these steps, your probe instance list must show the active instance of your GigaStor probe. This can be accomplished by using Windows Remote Desktop to log on to the GigaStor system—so you can see the active instance directly—or by temporarily redirecting the active instance (page 331) of the...
Page 332 A probe may have multiple probe instances, which are useful if you need multiple users using the same probe simultaneously or if you have specific needs for each probe instance (for instance, packet capture, trending, and so on). When you connect to a probe, ensure you select the probe instance you need and not one being used by someone else.
Page 333: Hardware-Accelerated Mode Restrictions
6. Select the remote probe instance from the list, and click Redirect Selected Probe Instance(s). Allow time for the remote probe to redirect. How long this operation can take is limited by a timeout countdown. The probe instances of the remote probe are shown. 7.
Page 334: Features That Require Hardware Acceleration
Use software-based pre-filters. They are mutually exclusive; only one may ♦ be used. Affect statistics-based information, such as Network Trending. ♦ There are two types of filtering that occurs in GigaStor: hardware filtering on the capture card and software filtering in Observer. Hardware filtering only affects which packets are captured on the capture card and saved to the RAID;...
Page 335: Capture Card Device Properties
The General tab lists basic information about the capture card. Figure 154: General Field Description Device type Device type should state Viavi Solutions Inc. Capture Adapters. Manufacturer Manufacturer should state Viavi Solutions. Location Location indicates the PCI bus number that the capture card is using.
Page 336 Figure 155: Current State Field Description SFP state SFP state shows capture card ports that have a supported SFP installed (page 318), if that SFP is operational, and if the SFP is fiber (F) or copper (C). If a capture card port does not have an SFP installed, its icon remains dimmed.
Page 337: Advanced Settings
Field Description risk immediate damage to the capture card. Always maintain proper case airflow and ambient temperature. Power This icon shows a red color if there is a power problem. A power problem could occur if the 12v power supply (PSU) rail, typically for MOLEX and auxiliary connections, is operating out-of-range and could indicate a dying power supply.
Page 338: Driver
Figure 157: Advanced Settings Field Description Enable (Port) Each box represents a physical port on the capture card. These cannot be modified. Auto-Neg Each box represents the auto-negotiation setting for a port on the capture card. If selected, auto-negotiation for this port is turned on.
Page 339: Details
Figure 158: Driver Field Description Driver provider Driver provider should state Viavi Solutions. Driver date Shows the date that your currently installed capture card drivers were made. Driver version Shows the version of your currently installed capture card drivers. These do not always match your application versions for the Observer Platform.
Page 340: Events
Figure 159: Details Field Description Property Lists each device property that can be viewed. Value Displays the value of the selected property as reported by the device driver. Events The Events tab shows driver events like when a capture card driver is installed. Capture card device properties GigaStor (23 Feb 2018) —...
Page 341: Resources
Figure 160: Events Field Description Events Each Windows event regarding the capture card is logged. This can help you understand when the drivers were updated and can be useful when troubleshooting. Information The full event message shows here for the selected Windows event.
Page 342: How To Identify Your Gigastor
1. In your version of Windows, open Device Manager. 2. Find and expand one of these. Viavi Solutions Inc Capture Adapters ● How to identify your GigaStor...
Page 343: Capture Card Details
Table 11. Capture card versions in GigaStor Gen3 Name Internal Driver Manufacturer Supported Name Name VIAVI Solutions 1/10 oneTenGig2015 oneTenGig2015.sys VIAVI Gigabit Ethernet Solutions, Inc. Capture Adapter Gen3 Table 12. Capture Cards versions in GigaStor Gen2 Name...
Page 344: Understanding Time Stamps
Can I upgrade a Network Instruments-manufactured, blue GigaStor to Observer 17.2 or later? Yes, if you have an active maintenance contract. No new features are available on the Gen2 capture card as a result of this name change. Can I put a Gen3 capture card in a Network Instruments-manufactured, blue GigaStor? No, the Gen3 capture card is only available in the GigaStor Gen3 appliance.
Page 345 4. In Timestamp type, choose your switch aggregator. Timestamp types (page 224) 5. Choose what filters to apply. Trailer filters (page 225) The Decode pane displays packets in the sorted (and filtered) order based on your chosen switch aggregator. Timestamp types The Timestamp types provides a list of the supported switch aggregators that can be used to reorder packets before they are shown in the Decode pane.
Page 346: Setting The Probe's Time Clock Synchronization Settings
Probe ID(s) A comma separated list of hexadecimal characters from a PacketPortal IV SFProbe or JMEP. Use PacketPortal System Manager (IV SFProbe) or the SFP Programmer GUI (JMEP) to view a list of probe IDs. A sample probe ID: 5e65eb52f633. Setting the probe’s time clock synchronization settings At times your capture card drivers time clock may drift.
Page 347: Understanding Duplicate Packets
Supported time stamps for reordering Arista cPacket Gigamon GigaSMART Gigamon H-Series IXIA Anue NetScaler Network Instruments PacketPortal PDG VSS Monitoring VSS Monitoring w/ Port Supported time Description synchronization methods Sync capture Each time Observer starts, the capture card drivers are drivers with synchronized with the Windows system clock one time.
Page 348: Understanding Packet Deduplication
Understanding packet deduplication Deduplication is useful when multiple copies of the same packet are received, but only a single copy should be seen. Duplicate traffic is part of any network environment and is unavoidable. However, reducing duplicate packets as much as possible helps ensure your network is more efficient.
Page 349 5. (Optional) Click Skip Duplicate Packets Configuration. The Skip Duplicate Packets Using Hardware Accelerated Capture Adapter dialog appears. Figure 163: Skip Duplicate Packets Using Hardware Accelerated Capture Adapter 6. (Optional) Select how duplicate packets are recognized by the Gen3 capture card and click OK.
Page 350: How To Remove Duplicate Packets From Saved Captures
Deduplication details for the capture card The packet deduplication engine of the capture card is controlled by features in Observer. The features must be in use for packet deduplication to work. For capture card packet deduplication to work: Hardware acceleration must be enabled and in use. ♦...
Page 351 when packet time a time difference less than N-milliseconds. Setting this can difference is less help avoid some false-positive results, but you may need to than experiment with the value. Data link layer If selected, layer 2 of the OSI Model is ignored when determining duplicate packets.
Page 352: Chapter 16: Troubleshooting
Chapter 16: Troubleshooting Learn how to determine if your GigaStor Control Panel is experiencing issues and what you can do to fix common issues. Troubleshooting common issues Use the information in this section to assist you if you have a problem with your probe not connecting to your analyzer, your probe does not have a network adapter available, or if you are using an nTAP and want to capture NetFlow traffic or several other common issues.
Page 353: Troubleshooting A Slow Probe System
Third, do not, under any circumstances, share interrupts, I/O ports, or memory addresses between adapters. No matter what has worked before or what might work in the future, sharing interrupts or memory settings is not a valid configuration. Troubleshooting checklist: Does your network work without any Observer programs or drivers loaded? If not, check your network installation instructions.
Page 354: No Network Adapter Available
7. From the Local Area Connection Properties (step 5), choose Install > Protocol > Add > VIAVI – VMONI Protocol Analyzer and click OK. If the VMONI driver Troubleshooting common issues GigaStor (23 Feb 2018) — Archive/Non-authoritative version...
Page 355: Integrated Adapters Report All Sent Packets With Bad Tcp Checksum
is not listed, click Have Disk, then browse to the VMONI.SYS file located in the Observer directory on your hard drive, select it, and click OK. The VMONI Protocol Analyzer will now be available to install. 8. Restart the computer after you have completed installing the driver. You should now be able to select an adapter when starting Observer.
Page 356: Vlan Statistics Tool Is Not Working
The Gigabit NIC no longer strips VLAN tags, so the symptom in Observer is resolved. VLAN Statistics tool is not working Symptoms: “No VLAN” is the only VLAN ID that shows up in the VLANs column in VLAN Statistics. You are not seeing all VLANs you have on the network. Causes: To display VLAN Statistics, Observer checks each packet for a VLAN tag;...
Page 357: Using Discover Network Names On A Layer 3 Switch That Uses Vlans
For a 6500/6000 Series Switch running Native IOS 12.1 or later you must configure the destination port as a trunk port prior to configuring the SPAN, which have the following syntax: C6500(config)#Interface Type slot/port C6500(config-if)#Switchport C6500(config-if)#Switchport trunk encapsulation { ISL | dot1q } C6500(config-if)#Switchport mode trunk C6500(config-if)#Switchport nonnegotiate To monitor 802.1Q VLAN traffic passing through Fast Ethernet 02 via a SPAN port...
Page 358: Suspected Nat Or Vpn Issues
Size Distribution Statistics, Top Talkers –MAC (by hardware Address) will now show data by Port. Suspected NAT or VPN issues If you use network address translation (NAT) in your environment, you must make some configuration changes in Observer. Using the TCP/IP port information Ports used by Observer products v16 and earlier (page 212), you should be able to set up the NAT properly.
Page 359: Ports Used By Observer Products V16 And Earlier
To use Observer with the Cisco 6xxx switch, you must disable auto negotiation. With auto negotiation enabled, the switch and probe may create a link when first starting the probe, but if the cable is unplugged or if a configuration change to the SPAN/mirror port is applied, you will lose connectivity to the switch.
Page 360: Troubleshooting The Gigastor Control Panel
Troubleshooting the GigaStor Control Panel Use the information in this section to assist you if you have a problem with the GigaStor Control Panel. GigaStor Control Panel option is grayed out If the Capture > GigaStor Control Panel option is grayed out and unavailable, one of two things has likely occurred.
Page 361: Troubleshooting The Capture Card
filters to limit the packets you want to decode, shorten the time frame you are mining, or both. Troubleshooting the capture card Gen3 capture card card issues are uncommon, but this information can help identify and solve a Gen3 capture card-related issue. Most solutions suggested require that the unit be returned to an authorized service center for repair.
Page 362: Temperature Or Voltage Out Of Acceptable Range
Temperature or voltage out of acceptable range Temperature or voltage out of acceptable range Air or fan obstruction ♦ Faulty system fan ♦ Faulty temperature probe ♦ Customer 1. Remove airflow obstructions from case or fan shrouds. Authorized service center 1.
Page 363: Packet Capture Does Not Start On Gen3 Capture Card
Packet capture does not start on Gen3 capture card If Packet Capture does not start and there is no date and time information below the packet capture graph, you may need to reinstall the drivers for the Gen3 capture card. An issue is causing packet capture to not start Several steps may be necessary to isolate the specific issue.
Page 364 2. Click Device Manager. 3. In the list, expand Viavi Solutions Inc. Capture Adapters. 4. Right-click the VIAVI capture card and choose Update Driver Software. 5. Click Browse my computer for driver software. 6. Browse to or type C:\Program Files\Observer\DRIVERS\ and ensure the Include subfolders box is selected.
Page 365 The correct drivers install as soon as they are found. 8. Repeat the same procedure for the other VIAVI capture card shown. Example: You might see a second capture card depending on your hardware appliance. If so, you must repeat...
Page 366 Do not restart the system! Figure 166: Fully uninstall the driver 6. Repeat the same procedure for the other VIAVI capture card shown. Example: You might see a second capture card depending on your hardware appliance. If so, you must repeat step 5 for the other capture card.
Page 367 10. Restart the GigaStor system. This should be the last time a restart is required. Windows can no longer find VIAVI capture card drivers to automatically install. This provides you the opportunity to install known, good drivers for the capture card manually without Windows deciding for you or reintroducing the driver conflicts you are trying to avoid.
Page 368 8. In Windows, using your keyboard, press the Windows logo key + R. 9. Type control panel and press Enter. The Control Panel opens. 10. Proceed to Uninstall a program, select Viavi Solutions Observer Analyzer, and click Uninstall/Change. After Uninstall/Change is clicked, the Observer installer appears. It asks if you want to repair or uninstall Observer.
Page 369: Chapter 17: Backups And Restoring
Chapter 17: Backups and Restoring Multiple portions of the GigaStor appliance can be backed up and restored. If necessary, you can also use the Gigastor System Restore kit to re-image your entire GigaStor to factory settings. Backups and Restoring Multiple portions of the GigaStor appliance can be backed up and restored. If necessary, you can also use the Gigastor System Restore kit to re-image your entire GigaStor to factory settings.
Page 370: Backing Up Your Gigastor Settings
3. Click the Settings button to open GigaStor Settings. 4. Click the Export tab. 5. Choose how you want to export the data and in which format (BFR, PCAP, or CAP). 6. (Optional) Choose to schedule the export so that it can happen automatically. 7.
Page 371: How To Restore A Gigastor Probe To Factory Settings
Restoring a GigaStor to factory settings is usually a last resort when all other methods to correct the issue have failed and should only be done under the direction of VIAVI Technical Support. Prerequisite(s): All captured packets and trending data on the GigaStor RAID are safe. Nothing on the RAID (D:\) is affected by this process.
Page 372 Physical access to the GigaStor ♦ Monitor and keyboard (connected to GigaStor) ♦ Each restore kit is purpose-built for a specific GigaStor that you own. You must match the serial number displayed on the GigaStor Restore USB flash drive to the serial number of the GigaStor.
Page 373: Index
Index Numerics backups 370 bad TCP checksums 355 10/100 network 320 troubleshooting 355 10-32 screws 171 bandwidth saturation 209 25901 194 bandwidth utilization 209, 209 25901 (port) 212, 212, 353, 359, 359 best practices 203 25903 (port) 212, 353, 359 bill of materials ...
Page 374 properties 321, 335 definition 202 recommendations 315 denial of service 235 resources 341 device manager 335, 335, 337, 338, 339, 340, 341 SPAN port, 10 Gb link 318 Device Manager 361, 364, 366 statistics 189 difference from packets 215 time synchronization 346 difference from statistics 215 troubleshooting SPAN port 318 directory 200...
Page 375 Gen2 capture card 343 Gen3 77, 84, 92, 99, 136, 143, 147, 151, 155, 158, 162, 317, 317, 321 See hardware acceleration 375 Gen3 capture card 343 half-duplex 209 getting started 182 hard drive handling 174 Gigabit 205 hard drives defining probe as 323 installing ...
Page 376 preprocess settings 235 changing 329 load, preprocessor 203 missing 329, 354 locking pins 168 missing from Observer 329 LOM 14, 19, 25, 30, 35, 40, 45, 51, 57, 61, 65, 69, 72, 81, See capture card 373 88, 96, 123, 140, 145, 149, 153, 157, 161, 164, 167, 176, 194 with packet analyzers 209 NIDS 233 no capture 363...
Page 377 moving through RAM 313 protecting 195 RAM 313 security 331 partial 223 software, versions 205 partial packets, saving 189 SPAN ports 205 parts list 13, 18, 24, 30, 34, 39, 45, 50, 56, 61, 64, 68, switching to analyzer 205 72, 80, 88, 95, 122, 139, 145, 149, 153, 157, 166 updating 195 passive probe instance 203...
Page 378 reassembling 235 SFP 13, 14, 18, 19, 24, 25, 30, 30, 34, 35, 39, 40, 45, 45, rebuilding 253, 254, 254, 254, 256, 257, 259, 259, 260, 50, 51, 56, 57, 61, 61, 64, 65, 68, 69, 72, 72, 80, 81, 88, 260, 261, 261, 263, 264, 265, 265, 265, 266, 266, 267, 88, 95, 96, 122, 123, 139, 140, 145, 145, 149, 149, 153, 153, 268, 269, 271, 271, 272, 273, 273, 273, 275, 276, 277, 277,...
Page 379 system load 189 Turn Windows features on or off 197 system specification 185 system time 346 UDP 25903 212, 359 unable to capture 363 unable to capture data 363 full-duplex Ethernet 209 unable to capture packets 363 NetFlow 358 Update Chart button 189 where to use 208 updating 195 TAPs...
Page 380 Windows protected memory 307 Windows registry 368 Windows security 194 Windows Update 194 Windows updates 195 Windows Updates 194 wipe 253, 254, 254, 254, 256, 257, 259, 259, 260, 260, 261, 261, 263, 264, 265, 265, 265, 266, 266, 267, 268, 269, 271, 271, 272, 273, 273, 273, 275, 276, 277, 277, 277, 278, 278, 279, 280, 281, 282, 282, 282, 283, 283, 284, 285, 285, 286, 286, 286, 287, 287, 288, 289, 290, 290,...