Network Implementation GuideIntroductionDeployment Architecture › Bivio 2000 Output to Socket Connection: Active and Passive Modes

Previous Topic: Bivio 7000 Output to Disk: Passive Mode Only

Next Topic: Bivio 7000 Output to Socket Connection: Active and Passive Modes

Bivio 2000 Output to Socket Connection: Active and Passive Modes

The diagram below summarizes the NBA deployment architecture for Bivio 2000 appliances when data is output via a socket connection.

Using this output option, the NBA can run in either active or passive modes. In this example, data packets destined for the Internet pass through switch 1. From here, these packets pass through the NBA, are reassembled into files and emails, and passed to policy engines for processing. When policy processing is complete, any resulting ‘block’ or ‘allow’ actions are returned to the NBA. If permitted, the NBA then forwards data packets from port s0.e1 on the back of the appliance, via the firewall, to their intended Internet destination.

Visio NBA 2000 socket output

Example architecture for Bivio 2000 appliance: Output to socket connection, Active mode

  1. Switch: Data packets passing through the switch from your corporate network to the Internet are directed via the NBA Data Inspection ports.
  2. Network traffic: Replicated data packets containing captured emails, Webmails, files and IM conversations are passed to receiving data port s0.e0 on the back of the appliance.
  3. NBA: This hosts the NBA console (3a) and the nbapolicy.xml policy file (3b).

    The NBA reassembles the incoming data packets into e‑mails and files and passes them via port s0.e2 (3c) on the back of the box to policy engines for processing.

  4. Router: You connect to the NBA via the management port (3d) on the front of the box to manage NBA operations. You must use a router to isolate the management port from your corporate network.
  5. PE hub and Socket API: In this example, the NBA uses the Socket API (5a) to pass captured items from port s0.e2 to a policy engine hub (5b). But see the alternative deployment below (6a).
  6. Policy engines: The hub then distributes items to policy engines for processing. The results of any policy processing are returned via the Socket API to the NBA.

    Alternatively, the NBA can pass captured items direct to policy engines, using a Socket API (6a) on each PE host machine.

  7. CMS: The resulting events are replicated up to the CMS and stored for subsequent retrieval and reviewing.

More information:

Passive Mode

Connect to the NBA Management Port through a Router