Network Implementation GuideIntroductionDeployment Architecture › Bivio 7000 Output to Socket Connection: Active and Passive Modes

Previous Topic: Bivio 2000 Output to Socket Connection: Active and Passive Modes

Next Topic: NBA Status and Mode

Bivio 7000 Output to Socket Connection: Active and Passive Modes

The diagram below summarizes the NBA deployment architecture when data is output via a socket connection. Using this output option, the NBA can run in either active or passive modes. In this example, data packets destined for the Internet pass through switch 1. From here, these packets pass through the NBA, are reassembled into files and emails, and passed to policy engines for processing. When processing is complete, any resulting ‘block’ or ‘allow’ actions are returned to the NBA.

When policy processing is complete, any resulting ‘block’ or ‘allow’ actions are returned to the NBA. If permitted, the NBA then forwards data packets from ports s0.e1, s0.e3, s0.e5 or s0.e7 on the back of the device, via the firewall, to their intended Internet destination.

Bivio 7000 architecture, output to socket

Example architecture for Bivio 7000 appliance: Output to socket connection, Active mode

  1. Switch: Data packets passing through the switch from your corporate network to the Internet are directed via the NBA Data Inspection ports.
  2. Network traffic: Replicated data packets containing captured emails, Webmails, files and IM conversations are passed to a receiving data port (s0.e0, s0.e2, s0.e4 or s0.e6) on the back of the appliance.
  3. NBA: This hosts the NBA console (3a) and the nbapolicy.xml policy file (3b). The NBA reassembles the incoming data packets into e‑mails and files and passes them to policy engines (6) for processing.

    You connect to the NBA via the management port (3c) on the front of the box to manage NBA operations and to pass captured data to policy engines for analysis.

  4. PE hub and Socket API: In this example, the NBA uses the Socket API (4a) to pass captured items from the management port (3c) to a policy engine hub (4b). But see the alternative deployment below (5a).
  5. Policy engines: The hub then distributes items to policy engines for processing. The results of any policy processing are returned via the Socket API to the NBA.

    Alternatively, the NBA can pass captured items direct to policy engines, using a Socket API (5a) on each PE host machine.

  6. CMS: The resulting events are replicated up to the CMS and stored for subsequent retrieval and reviewing.

More information:

Passive Mode

Connect to the NBA Management Port through a Router