back caretBlog

L7 Visibility into Your "Middle Boxes"

In any enterprise architecture, there are a lot of "middle boxes". I'm talking about your load balancers, application delivery controllers, firewalls, NAT devices, proxy servers, and increasingly common these days, WANOp devices. These devices sit between the network and an end host and operate more or less transparently. While prevalent, middle boxes are really getting the short shrift when it comes to application-level metrics.

The truth is, layer 4 visibility has been around for two decades, and layer 7, i.e. application level awareness is really essential to pinpointing the tougher problems these days. For the individual end devices, web servers, application servers, database servers, you can use intrusive methods or rely on the vendor to get deeper insights. You're still looking at multiple tools, and raw brain power is required to piece them together, but you at least have the level of information you need.

When it comes to the middle boxes however, all is lost. No existing system or network management tool treats them like application level devices, and therefore delivers no L7 visibility. It all stops at L4. This does everyone a grave dis-service because the middle boxes are actually very active L7 devices. Think about it, both ADCs and WANOp devices serve as full proxy servers, they perform application level transformations constantly, fully blurring the line between the network and application layers. Without application level visibility into these middle boxes, how do you figure out if your users were right to blame the ADC, yet again, for sluggish application behavior?

One of the sleeper features that come with the ExtraHop Delivery Assurance system is that we provide full L7 visibility for the entire application environment, that includes the middle boxes. We don't talk about it enough, but when we do, the customer's eyes generally light up, "you can show that kind of visibility about my BIG-IP"? Yes we can, and we're the only solution today that does.

ExtraHop Reveal(x) Live Activity Map

Stop Breaches 87% Faster

Investigate a live attack in the full product demo of ExtraHop Reveal(x), network detection and response, to see how it accelerates workflows.

Start Demo

Sign Up to Stay Informed