La descarga está en progreso. Por favor, espere

La descarga está en progreso. Por favor, espere

The Traffic Management Company ™

Presentaciones similares


Presentación del tema: "The Traffic Management Company ™"— Transcripción de la presentación:

1 The Traffic Management Company ™
Allot Communications The Traffic Management Company Tomás Gómez de Acuña To summarise what the Allot technology benefits: A simple turn-key appliance, dedicated to “layer 8” Traffic management, Like a Graphic equalizer, it can automatically discover and classify the flows into small traffic “band”, show instantly the activity of each band, and give the ability to adjust the contribution of each flow to the total traffic (tuning). This is why, sometimes, we refer it to the name “traffic equalizer”. Such a device is the only workable and affordable tool which can substitute – or I would say, which is a superset of the various packet-based queuing engine of routers. Unlike a router, it is scalable, use natural language interface and offer very advanced monitoring, accounting and content-filtering features. Unlike routers which are understanding packets only, the traffic equalizer is processing at the session level to offer end-to-end management (between source and destination IP) and full accounting capabilities. Unlike routers, it is totally transparent to install (bridge mode – mac level), is protocol independent, and doesn’t require memory and software upgrade to perform. It is the ideal QoS complement to the router, which is usually under the ownership of the provider, and only, such a device can be flexible enough to understand the complexity of traffic patterns and can be configured to match exactly a specific corporate need.

2 Introducción Empresa Israelí. Líderes en Seguridad informática y control de tráfico Fundada en 1997 Crecimiento respecto al año pasado del 50% Oficinas por todo el mundo En España: Oficina en Madrid. 3 Personas Centro de soporte 24x7 Más de 200 empleados. Gran crecimiento debido al sector de operadores

3 Diagrama de una red de Empresa
Acceso a Internet Web, , Citrix Servers Video Citrix Clients SAP/Citrix Oracle VoIP GW PBX DataCenter Tokyo Office London Office VoIP Paris Office VPN/ Leased Line/ MPLS Red WAN RED LAN / CORE A typical Intranet environment consists of a hub site. All branches are connected to the hub. Once the NetEnforcer is placed at HQ, enterprises have corporate-wide control of the network: data traffic is controlled via TCP. You don’t need to add an extra box for each box. The NetEnforcer gives VoIP traffic top priority, protecting it from other data traffic. As an analogy: when an ambulance activates it siren, all cars move aside. <<Note to speaker: here are some potential questions that may be asked, with the answers:>> How can you differentiate VoIP from other applications that use UDP, like DNS or legacy applications? Answer: legacy applications do not necessarily require traffic monitoring; and certainly DNS doesn’t require it. 2. What about P2P? P2P doesn’t run on an intranet; it requires Internet access.

4 Acceso a Internet Acceso a Internet
¿Conocemos realmente el tráfico que va hacia Internet en nuestra empresa? ¿Podemos bloquear contenidos no deseados? ¿Sabemos a que contenidos acceden nuestros usuarios? Tenemos capacidad para bloquear aplicaciones no deseadas: P2P, Radio, descargas, Música, Mensajeria Instantánea, Streaming, etc… Sabemos cuantas conexiones abrimos con el mundo exterior. Podemos controlar el número de conexiones por APLICACIÓN O USUARIO Tenemos capacidad de generar informes para escalar problemas a los responsables de las empresa SABEMOS REALMENTE COMO Y EN QUE GASTAMOS EL ANCHO DE BANDA QUE UTILIZAMOS A typical Intranet environment consists of a hub site. All branches are connected to the hub. Once the NetEnforcer is placed at HQ, enterprises have corporate-wide control of the network: data traffic is controlled via TCP. You don’t need to add an extra box for each box. The NetEnforcer gives VoIP traffic top priority, protecting it from other data traffic. As an analogy: when an ambulance activates it siren, all cars move aside. <<Note to speaker: here are some potential questions that may be asked, with the answers:>> How can you differentiate VoIP from other applications that use UDP, like DNS or legacy applications? Answer: legacy applications do not necessarily require traffic monitoring; and certainly DNS doesn’t require it. 2. What about P2P? P2P doesn’t run on an intranet; it requires Internet access.

5 Acceso al CPD o DATA CENTER
¿Podemos cotrolar cuántos usuarios acceden al data Center? ¿Podemos garantizar el acceso en condiciones extremas de carga? ¿Podemos priorizar a los usuarios críticos o VIP? Podemos evitar ataques de DoS o Gusanos en el Data Center ¿Sabemos cuál es el volumen de tráfico real que consume cada aplicación hospedada en el Data Center?. ¿Sabemos el número de conexiones que hay por aplicación? ¿PODEMOS GARANTIZAR EN TODO MOMENTO LA SEGURIDAD Y DISPONIBILIDAD DEL DATA CENTER? Web, , Citrix Servers Video Citrix Clients SAP/Citrix Oracle VoIP GW PBX DataCenter A typical Intranet environment consists of a hub site. All branches are connected to the hub. Once the NetEnforcer is placed at HQ, enterprises have corporate-wide control of the network: data traffic is controlled via TCP. You don’t need to add an extra box for each box. The NetEnforcer gives VoIP traffic top priority, protecting it from other data traffic. As an analogy: when an ambulance activates it siren, all cars move aside. <<Note to speaker: here are some potential questions that may be asked, with the answers:>> How can you differentiate VoIP from other applications that use UDP, like DNS or legacy applications? Answer: legacy applications do not necessarily require traffic monitoring; and certainly DNS doesn’t require it. 2. What about P2P? P2P doesn’t run on an intranet; it requires Internet access.

6 RED de Acceso y/o RED WAN
¿Sabemos que aplicaciones consumen los usuarios? ¿Sabemos si por la WAN “viajan” aplicaciones no corporativas? ¿Sabemos porqué va lenta la WAN? ¿Sabemos cuántas conexiones tenemos activas en un instante dado? ¿Podemos garantizar la disponibilidad de las aplicaciones críticas de negocio?. ¿Estamos preparados para implementar nuevos servicios en nuestra red, pe: VoIP, Citrix, CRM, etc…? ¿CONTROLAMOS REALMENTE LAS APLICACIONES Y LO QUE HACEN NUESTROS USUARIOS EN LA WAN? Tokyo Office London Office VoIP Paris Office VPN/ Leased Line/ MPLS Red WAN A typical Intranet environment consists of a hub site. All branches are connected to the hub. Once the NetEnforcer is placed at HQ, enterprises have corporate-wide control of the network: data traffic is controlled via TCP. You don’t need to add an extra box for each box. The NetEnforcer gives VoIP traffic top priority, protecting it from other data traffic. As an analogy: when an ambulance activates it siren, all cars move aside. <<Note to speaker: here are some potential questions that may be asked, with the answers:>> How can you differentiate VoIP from other applications that use UDP, like DNS or legacy applications? Answer: legacy applications do not necessarily require traffic monitoring; and certainly DNS doesn’t require it. 2. What about P2P? P2P doesn’t run on an intranet; it requires Internet access.

7 Conclusión Tenemos redes que cuestan miles de Euros
Invertimos mucho dinero en soporte y mantenimiento de dichas redes Gastamos mucho dinero en ampliar la capacidad de los servidores y de las aplicaciones corporativas PERO…. SOMOS CAPACES REALMENTE DE TENER UN CONOCIMIENTO EXHAUSTIVO Y A PRIORI DEL LAS APLICACIONES, LAS CONEXIONES, LOS USUARIOS QUE “CIRCULAN” POR LA RED

8 La Solución: NetWork Intelligence
Acceso a Internet Web, , Citrix Servers Video Citrix Clients SAP/Citrix Oracle VoIP GW PBX DataCenter Tokyo Office London Office VoIP Paris Office VPN/ Leased Line/ MPLS Red WAN RED LAN / CORE A typical Intranet environment consists of a hub site. All branches are connected to the hub. Once the NetEnforcer is placed at HQ, enterprises have corporate-wide control of the network: data traffic is controlled via TCP. You don’t need to add an extra box for each box. The NetEnforcer gives VoIP traffic top priority, protecting it from other data traffic. As an analogy: when an ambulance activates it siren, all cars move aside. <<Note to speaker: here are some potential questions that may be asked, with the answers:>> How can you differentiate VoIP from other applications that use UDP, like DNS or legacy applications? Answer: legacy applications do not necessarily require traffic monitoring; and certainly DNS doesn’t require it. 2. What about P2P? P2P doesn’t run on an intranet; it requires Internet access. NetXplorer Server GUI Client

9 Allot en Operadores Data Center Core Red de Acceso / POP
NetEnforcer CMTS / DSLAM Billing Server Provisioning SOHO Smart Building Home Users Cable Modem or ADSL Router Red de Acceso / POP TV, , FTP Servers Web CRM Farm NetEnforcer Data Center Core Peering Internet Internet Control del tráfico hacia y desde el Data Center Prioriza el tráfico de los clientes críticos Evita ataques de DoS y DDoS al Data Center Evita que se caigan los servidores Evita que se propaguen gusanos (WORMS) Proyecto de varios equipos Referencia: Comunitel (100 K Euros) Control del tráfico P2P Ahorro de ancho de banda (ahorro de coste en el operador) Quality of Experince (los usuarios perciben que la red va mejor) Equidad entre los usuarios y las conexiones por usuario Evita que pocos usuarios no deseados consuman todo el ancho de banda Proyectos de entre 1 y 10 equipos Referencia: FastWeb (2 Millones de Euros) Definición de servicios de pago para el operador (el operador genera más dinero) Video Club online Turbo button Triple play Etc… Uno o varios equipos de Allot por POP Proyecto de decenas o cientos de equipos Referencia: NTL (8 Millones de Euros)

10 Para qué Allot? Monitorización de Aplicaciones a nivel 7
Basado en firmas DPI (Deep Packet Inspection) Control y Bloqueo de Aplicaciones Filtrado de contenidos HTTP Control de conexiones Limitación del número de conexiones por usuario/servicio/aplicación Prevención de ataques de DoS Protección de Data Centers Limitación de ancho de banda por conexión Control del tráfico P2P Definición de Políticas de QoS / Priorización Garantía Limitación Definición de Servicios IP, Accounting y Billing

11 Equipamiento de Allot 2,5G AC-2510, 2520, 2540 1G
AC-1010, AC-1020, AC-1040 AC-802 AC-804 AC-808 This slide shows both our history and future road map. In 1998/1999 we started our activity with a very basic shaping device, which was not even named – running on top of a standard Linux OS, using a standard industrial PC platform. In 2000 and 2001, we came up with a real and robust hardware platform, fully designed and dedicated to the software version 3. This release was really the first QoS platform, including already famous tools for application discovery/classification, real time monitoring, usage accounting, traffic redirection and of course end to end, per flow bandwidth allocation. We gave it a name: the NetEnforcer. 2002 was a very busy year because of the release 4, because of the new 302/402 hardware (management port, front panel LCD and keyboard), the new 601/701 carrier class hardware ( double CPU, double power supply ). At this stage, we really claimed we had an “appliance”, totally turnkey and robust. But, it was not enough for 2002 ! The company released a totally unique URL filtering appliance on the market: the NetPure. And we completed the year activity with the acquisition of NetReality, another QoE dedicated company which was complementing very competitively our existing NetEnforcer range. 2003 is already engaged and the road map shows the release of the Gigabit platform, based on IBM Network Processor technology – the software version 5 of the NetEnforcer with Application Signature recognition, central Reporting and Policy Management– the release of the new 102 and 202 hardware, including flash disks… 310M 100M AC-402 AC-404 2M

12 NetEnforcer™ Enterprise Platform
Model Bandwidth Pipes VCs Managed Links AC40X Monitoring Only 100 Mbps 1024 4,096 1 - 2 AC40X/2M 2 Mbps AC40X/10M 10 Mbps AC40X/45M 45 Mbps AC40X/100M AC80X Monitoring Only 310 Mbps 28,672 AC80X-C&F 155 Mbps

13 NetEnforcer™ Data center & Carrier Platform
Model Bandwidth Pipes VCs Managed Links AC-10X0-Monitoring Only 1000 Mbps 10,000 80,000 1-2 AC-10X0-155M 155 Mbps AC-10X0-310M 310 Mbps AC-10X0-620M 620 Mbps AC-10X0-1000M AC-25X0- Monitoring Only 2500 Mbps 40,000 150,000 1-2-4 AC-25X0-310M AC-25X0-620M AC-25X0-1000M AC-25X0-2500M

14 Gestión de cuatro enlace
Equipamiento de Allot NetEnforcer This slide shows both our history and future road map. In 1998/1999 we started our activity with a very basic shaping device, which was not even named – running on top of a standard Linux OS, using a standard industrial PC platform. In 2000 and 2001, we came up with a real and robust hardware platform, fully designed and dedicated to the software version 3. This release was really the first QoS platform, including already famous tools for application discovery/classification, real time monitoring, usage accounting, traffic redirection and of course end to end, per flow bandwidth allocation. We gave it a name: the NetEnforcer. 2002 was a very busy year because of the release 4, because of the new 302/402 hardware (management port, front panel LCD and keyboard), the new 601/701 carrier class hardware ( double CPU, double power supply ). At this stage, we really claimed we had an “appliance”, totally turnkey and robust. But, it was not enough for 2002 ! The company released a totally unique URL filtering appliance on the market: the NetPure. And we completed the year activity with the acquisition of NetReality, another QoE dedicated company which was complementing very competitively our existing NetEnforcer range. 2003 is already engaged and the road map shows the release of the Gigabit platform, based on IBM Network Processor technology – the software version 5 of the NetEnforcer with Application Signature recognition, central Reporting and Policy Management– the release of the new 102 and 202 hardware, including flash disks… Gestión de un enlace Gestión de dos enlace Gestión de cuatro enlace NE 402/802/1010 NE 404/804/1020 NE 808/1040

15 Topologías de Redundancia y HA
Redundancy Support Link Active Redundancy Link Router Internet Secondary Normal Scenario Primary Active Primary Primary Bypass Active Mode Secondary Bypass Bypass Mode

16 NetWizard™ Auditorías de Aplicaciones

17 Monitorización de Aplicaciones
This flow is consuming all the BW!!! Who are the top users? What are the protocols?

18 Históricos

19 Gestión Centralizada *Optional. GUI Client GUI Client
Application Server-based Distributed architecture Openness (Web Services) NetXplorer Server Allot Data Collector* *Optional.

20 Distribución de Políticas y Correlación de Logs NetWork Intelligence

21 Control, Bloqueo de Aplicaciones y definición de políticas de QoS
Policy Name Conditions Actions Allot policy management Java Web-browser interface Catalog-based editing Templates for subscriber-based policies Everything is available through the Command Line Interface

22 Clasificación de aplicaciones Tipificación del tráfico
Classify Citrix traffic by : Content inspection in MetaFrame XP environment Citrix ICA Virtual Channel Priority Tagging (used to distinguish printer traffic) Citrix Published application Citrix Client Name Citrix UDP Server Browser Citrix Network Print Citrix IMA (server synchronization) Classify HTTP traffic by : Application Signature URLs File Extension name Virtual Host name Methods Content types

23 Establecimiento de reglas QoS

24 Herramienta de Monitorización. Correlación de Logs

25 Herramienta de Monitorización
Herramienta de Monitorización. Control de tráfico no deseado y detección de worms

26 Alertas. Control de SLAs

27 Add On: NetAccountant IP Detail Record para medir los consumos de tráfico Por tiempo Usuarios Aplicaciones Servicios Delegaciones Radius Server RADIUS ODBC HTML SQL Database

28 Add On: NetAccountant

29 Referencias Banca y Seguros Industria y Empresa Administración Pública
BBVA Banco Sabadell Santa Lucia Caixanova Rural Servicios Informáticos Agroseguro Industria y Empresa Iron Montain ENCE Barceló Viajes Garden Hotel Praxair RTVE Turespaña Agroseguro DHL Tectotrans Marmedsa Mundo Social Viajes Marsans Dorna Telemadrid Unión Española de Explosivos Arias Cementos Rohe Aseval Prosegur Algeposa Global Interlink Azertia Garden Group Puleva Albatros Almiraill Torraspapel Iberdrola OHL Telefónica Soluciones Blando Diagomoda AENA Operadores Unión Fenosa Telecomunicaciones Comunitel Neo Sky Auna PTVTelecom Mondragon Connect CableMutua Riosat Everbit Gemytel 10 operadores de Cable regionales Administración Pública Turespaña Catastro Servicio Andaluz de Salud Ayuntamiento de Gijón Oficina de Patentes Forum de Barcelona Principado de Asturias Gobierno de La Rioja Gobierno de Navarra Gobierno de Cantabria Ayuntamiento de Rivas Parlamento de Cataluña Informática Comunidad de Madrid Ministero de Sanidad Ministerio de Defensa Ministerio de Agricultura Marina Mercante Generalitat Valenciana Ayuntamiento Laguna de Duero Ayuntamiento de Lloret Universidades Universidad de Oviedo Universidad de Las Palmas Universidad de Málaga Universidad de Burgos Universidad de Cantabria Universidad de León Universidad Alfonso X el Sabio Universidad Miguel Hernández Universidad de Murcia Universidad de Barcelona Oxford University Press

30


Descargar ppt "The Traffic Management Company ™"

Presentaciones similares


Anuncios Google