Today’s networks have become sophisticated defense mechanisms, architected with numerous inline security tools such as firewalls, intrusion prevention systems, web application firewalls, data loss prevention, SSL decryption and more. While the benefits of these active tools as part of your security strategy to protect your network are inherent, the simple fact that they are inline creates some problems if not addressed properly, as they are potential single points of failure (SPOF) in the network. The use of bypass TAPs, deployed with inline appliances provides failsafe and heartbeat technology to monitor the appliance’s health, eliminating the single point of failure, while providing complete network visibility.
Due to the widespread adoption of 100G networks, Garland Technology recognized the need for bypass TAPs that would be compatible with higher network speeds. With the launch of our new EdgeSafe™: 100G Bypass Modular Network TAP, our Inline Edge Security TAP line is now capable of providing bypass capabilities for any network speed (1G to 100G) or media type.
Security appliances deployed inline must operate at peak performance without failure, and without affecting network uptime or application availability. The EdgeSafe Bypass TAP ensures failsafe deployment and zero downtime maintenance with the ability to monitor 2 inline 100G appliances with failover protection in a 1U space.
The EdgeSafe 100G Bypass TAP allows you to take your appliance offline without having to wait for a scheduled maintenance window or interrupting data traffic. From sandboxing a new tool deployment to easily taking tools out-of-band for updates, installing patches, performing maintenance, or troubleshooting to optimize and validate before pushing back inline, a bypass TAP has quickly become the essential compliment to any inline tool, ensuring that your production network will have 100% network uptime.
Bypass TAPs, also sometimes called bypass switches, provide complete network visibility by passing all live wire data to an inline security tool, but also provide failsafe and heartbeat technology to monitor the tool’s health, ensuring that the tool itself is not a single point of failure in your network.
Diagram 1: Inline Bypass Mode |
Diagram 2: Out-of-Band 'Breakout' Mode |
Diagram 3: Failsafe / powerloss |
The Bypass TAP operates in a different manner than other types of TAPs. Instead of generating copies of monitored links, the monitoring ports (Diagram 1, ports C&D) are used to bring a connected appliance inline with the appliance physically connecting to the surrounding network devices. In the event an inline device becomes unavailable, it is bypassed and traffic is automatically forwarded around the failed tool (Diagram 2), keeping the link up. In addition, bypass TAPs are also equipped with failsafe functionality on their network ports (Diagram 3, ports A&B), ensuring the link stays up.