4 Replies Latest reply on Aug 10, 2020 10:27 AM by Arif Alibay

    Monitoring An Environment That Uses Data Diodes

    Stuart Reid
      Share This:

      Is there a way of monitoring an environment that has data diodes in place to limit the flow of traffic to one way?

       

      Many thanks,

       

      Stuart

        • 1. Re: Monitoring An Environment That Uses Data Diodes
          Arif Alibay

          Hi Stuart,

          I believe since there is only one way of communication and no return PATHS, you can monitor the environment  behind the data diodes  by monitoring the snmp traps.

          A KM such as  Monitoring Studio KM  can intercept traps emitted by devices located in a secure env and you can configure those traps to create Performance/Availability  Monitors for TrueSight.

           

           

          Thanks,

          regards,

          Arif

          1 of 1 people found this helpful
          • 2. Re: Monitoring An Environment That Uses Data Diodes
            Stuart Reid

            Thanks for the reply.

             

            Do you know If there are any limitations to the number of traps that can be received p/s using the sentry Monitoring Studio KM? As I understand it the TS trap adapter can handle up to 14 traps per second on SNMP v2 and 7 traps per second on SNMP v3. This would also be using a fire and forget method so any dropped traps could potentially be a serious issue.

            • 3. Re: Monitoring An Environment That Uses Data Diodes
              Arif Alibay

              I don't think MS can do better, as its main function is the standard request and not trap listening. But will check.

              Monitoring Studio can also  trigger traps, you may  also install MS within your secure network behind the diodes and monitor all your application, Hardware, storage   etc using the standard monitoring requests and let MS trigger snmp traps whenever there is a threshold breach for a specific monitor. By this way you can better control the monitoring inside your secured env.

              Thanks,

              Regards,

              • 4. Re: Monitoring An Environment That Uses Data Diodes
                Arif Alibay

                Hi Stuart ,

                According to dev team, with Monitoring Studio, only SNMP v1 is supported for SNMP Traps as for the trap capture , the MS KM relies  on the PATROL PSL functions.

                SNMP v2c and v3 are supported using SNMP Requests as the MS  relies on the KM own java process (Matsya).

                 

                But using snmp V1, if Patrol Agent is up and running there is no limitation in number of traps /s

                I did a simple test and there was no trap loss by launching 500 traps in 1 go and then 1000 traps ... etc