ExtraHop Capacity

Be wary of device counts! ExtraHop devices are sold using “device count” as a capacity rating. However, the platform has become extremely customizable and the shape and complexity of enterprise data varies significantly from company to company.

I think it is important to understand the real measure of capacity on an ExtraHop system so you can tune a deployment and get the maximum value from your wire data. In my experience, capacity is really governed by multiple factors including:

For the EDA:

  • Number of things talking on the wire (device count)
  • Packet rate of the data feed
  • Throughput of the data feed
  • Complexity of data feed (number of different protocols analyzed)
  • Complexity of the data sources
    • Number if data ports in use
    • Netflow configuration
    • RPCAP deployment
    • ERSPAN deployment
  • Complexity of the customization
    • Number and complexity of the triggers
    • Number and complexity of ODS targets
    • De-duplication configured
  • Number of concurrent users on the systems

For the EXA

  • Number of nodes in the cluster
  • Rate of records sent from the EDA
  • Number of queries executed
  • Result set size of the executed query

Please contribute to this thread if you have additional insight on the capacity of the overall ExtraHop platform.

1 Like