workload characterization: priorities

coral/ocXmons (OC3,12,48, gigE)
persistent, realtime, full-frame collection 

security policy 
compliance auditing (passive) 
enforcement (active) 
dynamic packet filtering triggered by attack precursors 

SLA support

obstacles
hardware expensive
privacy issues 
IPsec