ALLOT COMMUNICATIONS

ALLOT COMMUNICATIONS

If you would like to enqure about our Proof of Concept Evaluation Trial

then please click

NetEnforcer® Data Sheet

Enterprise Network and Application Performance Management

	562KB
	Policy Powered Networking
	Three Steps to Policy Powered Networking
	Features and Benefits
	Product Specifications

• Maximize business-critical application performance
  
• Maximize ROI on network infrastructure
  
• Monitor network activity
  
• Implement application- and IP-based accounting

The exponential growth in the use of the Internet, combined with increased reliance on IP-based networks (private, public or VPN), for mission-critical and time-sensitive traffic, has resulted in unprecedented demands on existing communication systems. In order to achieve an acceptable quality of service (QoS) and maximize the performance of business-critical applications, network managers need to allocate network resources based on business priorities.

Policy-Powered Networking

The NetEnforcer is placed at the network edge, between the switch and the router

Three Steps to Policy-Powered Networking

Policy-Powered Networking lets you efficiently manage traffic crossing the LAN/WAN boundary of an enterprise network. The process of implementing a Policy-Powered Networking solution includes three steps:

1. Monitor network and bandwidth usage

   Use the NetEnforcer's NetWizard setup utility to auto-discover applications in your network. Using this information, you can determine which protocols affect your network performance and should be managed.

2. Define policies that link business priorities to computing needs

   Use the QoS Policy Form to quickly define QoS attributes for the desired policies. Assign minimum and maximum percentages of bandwidth, and prioritize traffic from 1 to 10. For additional policy definition, use the Policy Editor to define policies based on addresses, protocols, VLAN tags, Type of Service, or time of day. For example, limit music downloads to 10% of your WAN link capacity.

3. Enforce the rules

   Let NetEnforcer examine all traffic crossing the WAN link. Upon matching a traffic session with a rule, NetEnforcer forwards the packets per the specified policy actions. Continually monitor network resources using NetEnforcer's Traffic Monitor and refine policies to maintain maximum network control and application performance.

NetWizard auto-discovers applications on your network

Features and Benefits

• Maximize ROI on Network Infrastructure

  The NetEnforcer allows you to maximize the ROI from your corporate network by effectively managing bandwidth contention. On many networks as little as 5% of the users use up to 80% of the bandwidth-and often for non-business purposes. Use NetEnforcer to discover-and throttle-these bandwidth abusers who download KaZaA and other peer-to-peer (P2P) files that negatively impact your network's performance. Define policies that limit excessive consumption and assure fairness for all users of the same class of service.

• Maximize Business-Critical Application Performance

  The NetEnforcer allows you to maximize the performance of your business-critical applications by grouping and defining policies (called "Pipes" and "Virtual Channels"). After classifying traffic into categories such as "Oracle-based Application" or "Time-Sensitive Videoconference", the NetEnforcer maintains application performance during peak traffic periods by guaranteeing bandwidth for higher priority applications and limiting bandwidth for others.

• Monitor Network Activity

  The Java-based NetEnforcer Traffic Monitor presents real-time macro and micro views of traffic and performance from a single, easy-to-read GUI. For example, you can view top consumers of bandwidth or discover the presence of a DDoS attack and its source.
  
  
  The Traffic Monitor

• Implement Application and IP-Based Accounting

  The NetAccountant software add-on for the NetEnforcer collects traffic data per session, gathering information on source address, destination address, application type and policy. The NetAccountant Reporter uses the collected data to create tabular and graphical reports for capacity planning and resource management.

The NetAccountant Reporter

• Intuitive Java-based GUIs

  The NetEnforcer has intuitive Java-based GUIs for policy editing and creation, device configuration, and traffic monitoring. Special emphasis has been placed on ease-of-use and customization so you can easily work with the data most important for maximizing the performance of your business-critical applications.
  

• Multi-layer Policy Support

  The NetEnforcer's multi-layer policy support was especially designed for the quality of service (QoS) needs of corporate networks. Define a Pipe for each of your WAN links and then create Virtual Channels for applications that affect your network's performance, including mission-critical applications such as Oracle, Citrix and VoIP or bandwidth-draining applications such as P2P.

The Policy Editor

• DDoS Protection

  The NetEnforcer detects known types of DDoS attacks and offers a first line of defense that enhances the performance of firewalls and internal network devices. By deploying NetEnforcer you can monitor, record, and block malicious traffic flows and alert users of imminent attacks.

• Enforce Service Level Agreements

  The NetEnforcer enables you to enforce service level agreements (SLAs) by assigning fixed minimum and maximum amounts of bandwidth to branch offices, business units, or workgroups.

• Secure Device Management

  The NetEnforcer offers a dedicated management port that is physically separated from the ports that carry your network traffic. This prohibits unauthorized access to the device and enables out-of-band management even when the device is in bypass mode.

• LCD/Soft Key Configuration

  An LCD and set of soft keys located on the front panel of the NetEnforcer speed the initial configuration of the device. Instructions on the LCD guide you through the process and all data is entered using the four-key keypad. The LCD also shows a variety of system status messages including the current inbound/outbound traffic.

• LDAP Directory and Backend Support

  The NetEnforcer interfaces to standard LDAP-based directories or text files. This enables corporations to integrate their network policies with their existing corporate user directory so that policies may be defined per department, group or application.

• Complete Fault Tolerance

  The NetEnforcer offers 100% uptime, with a two-tier approach to fault-tolerant operation:
1. If any software or hardware component fails, the NetEnforcer will switch over to a hardware bypass mode and transparently pass all traffic through the box.
   
2. Two NetEnforcers can be placed in parallel, with the primary unit acting as the active system and the other as a hot-backup system.
   

• End-to-End QoS Delivery and MPLS Support

  To achieve end-to-end QoS, NetEnforcer uses industry-standard Type of Service (ToS) and Differentiated Services (DiffServ) protocols. Based on its classification results, the NetEnforcer can mark the outgoing packets with DiffServ values such as "Assured" or "Best Effort" to signal the entire network (i.e. backbone routers) of the desired QoS. You can also use the NetEnforcer as an edge device in MPLS networks for enhanced traffic classification and advanced monitoring and accounting.

• Traffic Redirection Control (Optional)

  The CacheEnforcer® and the NetBalancer® software add-ons enhance your network's performance by controlling traffic flows. The CacheEnforcer reduces WAN bandwidth consumption and simplifies caching administration in a single layout to manage multiple cache servers. The NetBalancer® goes beyond traditional load balancing equipment by allowing you to define single policies that control both the prioritization of applications on the network and the distribution of those applications to servers.

Product Specifications

Interface Connections

• AC-202/402/601

  : Three 10/100BASE-T Half/Full duplex autosense Ethernet interfaces, including one management interface, all with RJ-45 connectors

• AC-802/C

  : Two 10/100/1000BASE-T half/full duplex Ethernet interfaces and one 10/100BASE-T management interface, all with RJ-45 connectors

• AC-802/F

  : Two 1000BASE-SX fiber interfaces with SC-type connectors and one 10/100BASE-T management interface with one RJ-45 connector

Traffic Classification (per Flow)

• IP/MAC address (with IP range, list or subnet option, host name); retrieval via LDAP or text file
• Network protocols, IP protocols and applications
  
• Dynamic port applications (e.g. Citrix, P2P, H.323, Oracle and more)
  
• Application content for HTTP (URL, content type, method, host), Citrix (published application, user name), Oracle (database name, user name), and H.323 (audio/video, CODEC)
• Protocol Authentication
  
• VLAN (ID, priority)
• ToS byte - DiffServ or IP precedence bits
  
• Time of day/week/month/year

Qos Enforcement

• Hierarchy of policy rules with outbound and inbound traffic management
• Minimum/maximum bandwidth enforcement per flow/VC/Pipe
• Ten levels of priorities for VCs/Pipes
• Per flow guaranteed bandwidth, burst rate, CBR (per flow)
• Maximum number of connections per VC/Pipe
• Fairness between equal-level priority raffic flows
  
• Management for full/half duplex links
• Admission control
• ToS byte re-mark (in-profile byte/out profile bytes)
  
• "Reserve-on-Demand" bandwidth for very high priority traffic

Network Security

• Access control - pass/reject/drop
• Protection from denial-of-service (DoS) attacks
• Control number/rate of connections

Cache Redirection and Load Balancing

• Policy-based connection control including cache redirection and server load balancing (optional software packages)

Configuration

• IP configuration and setup via integrated LCD and keypad
  
• Remote policy configuration via CLI or Web browser

QoS Policy Management

• Easy-to-manage, single-table view based on catalogs
• Easy expansion of VCs/Pipes (policies) to multiple hosts
  
• Policy distribution from primary NetEnforcer to other units

Monitoring and Accounting

• Monitoring

  - Protocol distribution, top hosts, top VCs, top Pipes, VC/Pipe distribution, number and rate of connections, utilization, bandwidth usage (inbound/outbound) with 30-second granularity and storage of historical data

• Accounting

  (via optional NetAccountant) - In-box accounting of traffic per session for all sessions; accounting using RADIUS server; powerful reporter; ODBC interface

• SNMP

  - Support statistics collection per VC/Pipe

Fail-Safe Performance (No Single Point of Failure)

• Hardware bypass
• Full redundancy support (dual configuration with hot-standby)
  

• AC802

  Dual 200W hot-swappable power supplies and power feeds

Network Standards Support

• LDAP, DiffServ/ToS (RFCs 2474, 2475, 2597, 2598), IP Precedence (RFC 791), SNMP, RADIUS and ODBC

Browser Support

• MS Internet Explorer 5.5, 6.0

Dimensions & Weight

• AC-202/402:

  Standard 1U by 19-inch, rack mountable

• AC-601/802:

  Standard 2U by 19-inch, rack mountable

• AC-202/402:

  12.1 lbs. (5.50 Kg)

• AC-601:

  21.83 lbs. (9.92 Kg)
  
  

• AC-802:

  25.48 lbs. (11.5812 Kg)

Environmental Standards Compliance & Certification

• EMC Directive 89/336/EEC; EN60950; ETS 300 019-2-2; ETS 300 019-2-3; IEC-68
• FCC-Part 15 Class B; UL 1950
• VCCI: 2002 Class B emission requirements

Products

Solutions

For a technical consultant to call you click here and they will do so at the time you specify. If you are looking for a quotation or need help designing your solution then click here. If you require access to our SECURE online catalogue then click here.