Skip to content

SenseOn Deployment Architectures

Cloud Deployment with Endpoint Collectors

SenseOn’s Endpoint Network Sensor (EPNS) is a feature that enables the system to extract network telemetry equivalent to that of an appliance on a mirror or TAP using only endpoint agents. This is particularly useful for organisations with a large number of satellite offices or a significant remote workforce where deploying physical appliances may be too costly or complicated. EPNS enables deployments to be expanded by installing software rather than hardware, avoiding on-site visits, change requests, and constraints on space and power budgets. Additionally, EPNS provides visibility of network traffic from public cloud environments without the need for dedicated virtual servers or alterations to cloud network configurations.

Deployment Architecture using just endpoint collectors

Cloud Deployment with Endpoint Collectors and Network Probe

Probe Appliances

SenseOn probe appliances can be deployed at your sites to capture network traffic and transmit it to the virtual analysis appliance. They can be physical or virtual. A physical probe appliance is configured to receive network traffic from at least one mirror or TAP, typically from the core switch where it is deployed.

The virtual probe appliance can run on VMware ESXi 6.5 and 6.7 and is configured to capture network traffic from either the VMware vSwitch or a physical TAP or mirror. If your network consists of a large number of separate locations with existing virtual infrastructure, deploying virtual probes may be more cost-effective and quicker than deploying physical equivalents. Both physical and virtual probe appliances send their data back to the virtual analysis appliance via an outbound connection over TCP port 1194.

Deployment Architecture SenseOn cloud using a probe

On-Site Deployments

⚠ On-Site is Via Exception: We strongly encourage all customers to utilise our managed cloud deployments. Cloud deployments offer significant advantages over on-premise solutions, including scalability, higher availability, and superior recovery capabilities.

While we do provide on-site deployments, these are typically reserved for exceptional circumstances. Our focus is to deliver the best possible service through the reliability and flexibility provided by cloud infrastructure, which is generally more efficient and effective for most scenarios.

On-premise deployments consist of the following components:

Analysis Appliance

At the core of a single-site physical deployment is the physical analysis appliance, installed on-premise at an office or data centre. This appliance collates and analyses data collected by the platform and hosts the SenseOn User Interface. It is configured to receive network traffic from at least one mirror or TAP, typically from the core switch at the installation location. The appliance arrives at the deployment site pre-built and configured for your organisation’s needs and can usually be installed in less than an hour.

💡 Analysis Appliances Can Monitor Traffic: Note that an on-premise analysis appliance can be configured with separate capture interfaces to monitor traffic.

Probe Appliances

SenseOn probe appliances can also be deployed at additional locations to capture network traffic, available in both physical and virtual forms. Like the main analysis appliance, these are configured to receive network traffic from at least one mirror or TAP.

Endpoint Agents

SenseOn’s endpoint agents are deployed across endpoint devices such as laptops, desktops, and servers and are available for Windows, Mac, and Linux operating systems. These agents send their data back to the SenseOn analysis appliance over the local network on port 443. If the endpoint agents are at a remote site separate from the SenseOn analysis appliance, they must connect back via a site-to-site link, such as a VPN or MPLS.

Endpoint 360

For endpoints without a site-to-site connection or those working remotely, Endpoint 360 allows endpoint agents to communicate with an on-premise appliance across different networks. When enabled, the endpoint will first attempt a local or site-to-site connection; if unsuccessful, it will send its telemetry back to the analysis appliance via a cloud-hosted bastion server.

Callback Connection

As part of standard deployment, the analysis appliance establishes an SSH connection to SenseOn’s infrastructure to monitor the functioning of the hardware and facilitate regular updates to the SenseOn platform. The telemetry data remains on the analysis appliance.

Architecture Diagram

Below is a diagram of a multi-site deployment architecture. Any on-site deployments must be designed by a SenseOn Solutions Engineer.

Deployment on premise deployments