How Different Traffic Shapers Prioritize Data

By David Mackey

NAC can be simple, unobtrusive, up-to-date and inexpensive to operate

By David Mackey

Impulse Point calls their NAC solution Safe•Connect. It accomplishes the same objectives expressed by the well-known brands: role-based user and device authentication that audits for proper malware protection and software security updates, quarantines non-compliant endpoints and automates remediation. It just does it in different ways—ways a growing number of EDU network managers believe are better.

A pre-configured appliance and software bundle, Safe•Connect installs into an existing multi-vendor network infrastructure in hours (not days) without touching anything—no network upgrades or changes; no continuous manipulation of network switches. Its software-based architecture creates a vendor-agnostic NAC solution that scales easily.

Layer 3 (network path) operation with Layer 2 (physical addressing) quarantine
Operating out-of-band, the Safe•Connect Policy Enforcer sits on premises connected to the organization’s existing Layer3 switch/router. Active only during authentication, it passes traffic as a bridge or router after admission. It doesn’t introduce latency, create bottlenecks or cause maintenance-driven network outages.

Endpoint devices connecting to the network are intercepted, authenticated, presented with the network’s acceptable use policies, and issued a lightweight software Policy Key. The solution provides continuous policy assessment and delivers real‐time Layer2 quarantine isolation while allowing the quarantined device to communicate with the remediation services needed to restore network privileges.

Simple centralized management
A single Policy Enforcer can manage network access policies for more than 10,000 endpoint devices. Additional units can be added as needed. The entire system is managed centrally through the Safe•Connect Policy Management Console. Connecting remote offices and locations to manage LAN access policies from a central point becomes plug-and-play.

Administrators can select from a series of pre-configured policies on authentication, anti-virus or anti-spyware protection, patch maintenance levels, and peer-to-peer file sharing, or create their own using the custom policy builder module.

The Policy Management Console displays real-time status reporting to provide valuable insight into group or individual policy compliance. The help desk can immediately view the security posture and login status of any device on the network by searching IP, MAC address, or user name. It also provides historical data for trend analysis, compliance auditing and archiving.

With Impulse Point, support is a complete managed service
Impulse Point covers Safe•Connect with the industry’s only Managed Support Service. They monitor the health of the system from the Impulse Support Center and the company takes responsibility for delivering all necessary hardware and software maintenance, problem determination and resolution, and feature enhancements for the first year as part of the purchase price.

While competitors offer workarounds, Impulse Point vigilantly maintains up‐to‐date support for the most current device operating systems, anti‐virus applications and other endpoint security software. They guarantee customer updates within 48 hours. Maintenance also comes with lifetime hardware upgrades.

VistaOne now has a knack for NAC
When you look at the whole package, you can see why we think Safe•Connect delivers the best value of the NAC appliances. The next step, in progress at Impulse Point, is integration with your traffic shaper. That marriage will allow you to control beyond what individual users can access to how much in the way of resources they can consume with what applications and devices.

Get started now. You can replace your existing NAC solution with Safe•Connect and get the remaining balance of annual maintenance PLUS an additional year of maintenance at no extra cost through January 31, 2012.

First things first. Ask us for a personalized demo of Safe•Connect and find out how simple NAC can be.

Tired of Service Calls about Network Access (NAC) Problems?

By David Mackey

Your network access controller (NAC) shouldn’t cause more problems than it solves. If fact, once policies have been fully established, you shouldn’t have to think much about it at all.

We’ve heard complaints on quite a few campuses and read the gripes on the forums.

“The college uses the ‘Bradford Campus Manager’ as its new DHCP server, and it doesn’t use the right kind of flag for Vista.”

“Apple based systems are currently getting placed into a ROGUE status on the resnet network. We are working to resolve this issue but in the meanwhile please submit a problem ticket to register your Mac.”

“The requirement the agent lists is ‘Windows Updates XP’ and doesn’t provide any other information. I’ve updated my Office and everything (and) installed every update, optional or high priority and have had no success. My network administrator has been inaccessible for a period of time and hasn’t responded to my queries after they were stumped on the issue.”

“We Cisco customers are growing increasingly tired of buying equipment that is end-of-lifed in a very short space of time. It’s looking like we paid over $20K for a failed beta product from Cisco, AGAIN.”

VistaOne has partnered with a company called Impulse Point because they demonstrated that NAC can be simpler and faster with a lower total cost of operation.

Their Safe•Connect™ network access control (NAC) solution provides endpoint security policy enforcement for large, diverse environments with myriad personally‐owned, non‐managed, mobile computing devices. With real-time problem determination and resolution, Safe•Connect truly automates user authentication, device compliance scanning and out-of-band quarantine and remediation.

Its ease of installation and scaling, independence from other network functions and track record of reducing help desk calls all contribute to lower total cost of ownership and fewer headaches.

Video & software updates devouring your bandwidth?

By David Mackey

You’ve seen a marked rise in video use for both instruction and entertainment. And you see the same software updates come through for every desktop on your WAN. Software updates by Microsoft and others make up a surprisingly significant percentage of all Internet traffic.

Here’s another reason to consider updating your traffic shaper. The new version of the Exinda OS includes acceleration via edge caching.

Exinda’s unified performance management (UPM) solution assembles a suite of advanced DPI visibility, traffic shaping and WAN optimization technologies into a single appliance with a simple GUI. The latest release expands optimization scalability, significantly increasing the number of accelerated connections per appliance. Most models can reach 10Gbps throughput.

Edge Cache
The Exinda Edge Cache improves the speed and performance of Internet applications by locally caching video, images and other regularly requested content from the Internet. Using a single appliance at the branch or data center, IT departments can download once, and pre-populate content such as software updates in the cache. Caching can be turned on per policy, allowing Exinda administrators to choose exactly the types of files they want to cache.

 By eliminating repetitive downloads, the Exinda Edge Cache dramatically improves the speed and performance of Internet applications. Users have seen as much as 80% reduction in http traffic over the WAN, and more than 35% reduction in video and other content.

Network Intelligence
It also offers cache statistics such as how cacheable the network data is, how frequently the cache is being accessed and by how many hosts, helping organizations to understand the nature of their network traffic over time. Combining QoS, caching and the proper visibility to understand the behavior and utilization of the network gives organizations a complete robust solution.

Get a look at all the new features in Exinda’s latest operating system. Request a hands-on demonstration and conversation.

6 New Reasons for Traffic Shaping and Acceleration with Exinda

By David Mackey

With 70% year-over-year growth, Exinda has been making serious inroads into network application delivery enhancement with their Unified Performance Management version of WAN optimization. UPM displays every application that is traversing the network, identifies individual users, pinpoints the origin of traffic and communicates the amount of bandwidth consumed. Then it provides tools for practical prioritization, secure control and acceleration.

The just-introduced operating system version, ExOS 6.1, elevates the platform further introducing the Exinda Edge Cache™ and four other feature enhancements and functions. In addition, the company launched Network Reporting Center, an advanced solution for real-time troubleshooting and historical reporting of all applications on an organization’s WAN and Internet connections.

Together, they provide six new reasons to put Exinda on the short list of any organization looking to initiate WAN optimization or replace an outdated shaping device:

1. Edge Cache
The Exinda Edge Cache enables single-sided caching of Internet-based content, including web objects, videos and software updates with a single Exinda appliance at the branch office or data center, dramatically reducing bandwidth usage and costs. Web objects are cached at the network edge as they are downloaded from the Internet. These objects can then be delivered to the users on the corporate local area network much faster.

2. Scalability Enhancements for Optimization
Under the new OS, administrators can expect to double the number of connections supported for acceleration by any Exinda appliance. Organizations can add more users without hardware upgrades.

3. IPv6 Support
Exinda now supports native IPv6 connectivity, visibility and control. Administrators can netflow export IPv6 traffic information such as layer 7 application ID and application performance metrics—jitter, loss and latency—for both IPv4 and IPv6 traffic.

4. Enhanced Network Health Alerting
Administrators can institute alerts based on individual metrics such as:

• packet retransmissions and losses

• TCP connections started, refused, aborted or ignored by the server

• network server and transaction delays for both IPv4 and IPv6 traffic

5. Updated L7 Application Signatures
With every release Exinda continues to add and improve its L7 inspection engine. With ExOS 6.1, Exinda has added over a dozen new signatures and updated more than 50 existing signatures.

6. Network Reporting Center
The advanced Network Reporting Center delivers comprehensive network diagramming and long-term historical trending and analytics to enable network managers to get a complete view of their entire worldwide network.

NRC goes beyond port and protocol reporting to show the actual applications and users consuming network resources. Network managers have the tools to monitor overall network performance, analyze historical data to anticipate problems, identify key trends in performance and address them before they impact the user experience.

Once installed on the WAN, NRC collects network data from the Exinda appliance in each location, including head office and branches, and consolidates the data into a single, centralized reporting dashboard. NRC provides granular, by-the-minute reporting in real time, as well as up to two years of historical data on the applications traversing the network. The NRC is offered as a cloud solution or as an on-site virtual appliance.

Request a personalized demo of Exinda products.

Higher Education Accelerates Adoption of Procera’s DPI Traffic Shaper

By David Mackey

Procera’s PacketLogic traffic management solution continues to gain sales momentum in the higher education market, with more than 45 new customer wins year-to-date worldwide. The list includes VistaOne customers James Madison University, The University of Maryland Baltimore, The University of Richmond, Thiel College and Georgia State University.

Procera’s commitment to visibility and control in higher education networks has paid off. Universities have chosen Procera for its ability to affordably scale to a 10Mbps connection using software keys and its capacity to exceed the capabilities of traditional packet shaping devices for enhanced insight and control over network traffic.

They like the fact that they can go beyond IP addresses to identify actual individual users on the network in real time. The feature permits dynamic provisioning of bandwidth based on the user’s role or consumption-based quota.

Procera makes a powerful solution for service providers and has been priced and licensed to accommodate the specific requirements of the resident network providers in colleges and universities. Their EDU-tailored Smart Campus suite combines Procera’s inline PacketLogic shaping device with built-in statistics server and a special higher ed version of their PacketLogic Subscriber Manager.

The PacketLogic Smart Campus solution includes features that combine to provide superior visibility and control over campus networks:

• Traffic classification, including the latest in file sharing and streaming applications
• Sophisticated traffic management including prioritization, shaping, marking, filtering, peering control and steering
• Non-disruptive queue-based shaping and prioritization technology that secures quality for sensitive applications
• Network analytics, peering analysis and capacity planning
• Integration with Cisco’s Clean Access and ImpulsePoint’s Safe Connect for user management
• Location, device, and application-based usage management and control
• Security-based DMZ/quarantine services for abusive or infected users
• Peer-to-peer auditing capabilities for HEOA compliance and simplified DMCA response
• Bandwidth quota enforcement over multiple internet-enabled devices
• Departmental chargeback

If you haven’t already, view the Procera decision through the eyes of IT staff of VistaOne customer, Virginia Commonwealth University.

Procera Deep Packet Inspection has VCU Ready for Deep NCAA Run

By David Mackey

The Virginia Commonwealth University Rams are the surprising Cinderella team at this year’s men’s NCAA Basketball Tournament. From “play-in” win over USC, they’ve muscled through 6-seeded Georgetown and 3-seeded Purdue to the Sweet Sixteen round. With all the buzz on campus, you can bet Internet traffic is through the roof. Is the extra streaming video and social media sapping the bandwidth from teaching and university business?

Before this school term, the VCU Technology Services department installed an appliance that has them as confident as the school’s round ball team. They upgraded from a maxed-out traffic shaper to the PacketLogic Smart Campus solution from Procera. They’re operating at 2 Gbps on their way to 10 Gbps.

They can zoom down to know what a single user is doing, where they accessed the network and what device they’re using. They also know in real-time what load is crossing the link and have plenty of tools to make adjustments before congestion causes performance problems. And they’ll have two years of accurate history to recognize trends, report to other departments and strategize infrastructure build-out.

Listen to VCU engineers talk about PacketLogic implementation, Procera and VistaOne in a video case study here. A sample:

Full VCU/Procera Case Study

Request a guided online demo of PacketLogic Smart Campus

Locally Cache YouTube and Facebook to Cut Internet Congestion

By Steve Inman

Since video now consumes close to 50% of most organization’s internet pipes, we’ve seen rising demand from our Customers for a cost-effective and operationally-effective way to cache video locally.

Originally we found a firm called Stratacache with a product called SuperLumin, which promises a purpose built solution specifically for social media; and moreover Facebook and You Tube. Their technology promises a unique ability to re-serve content locally even though the requested address of the Akamai servers hosting the content changes with every request. According to SuperLumin, this is a capability beyond what a traditional web object cache can perform.

A few months ago, we ran this notion by our friends and business partners at Exinda who were working on releasing a “single-sided” cache capability on their line of traffic shaping/WAN optimization appliances (Exinda calls it UPM: Unified Performance Managment). They assured us their product development also addressed the challenges of changing request addresses and could cache and deliver YouTube and Facebook locally as well.

That brings us to today when Exinda has made its single-sided cache generally available. We are very excited to bring this capability to our legacy EDU Customers who have converted recently to the Exinda platform. By all means they are hammered with video traffic. However we’re equally enthused about single-sided cache with our enterprise accounts. Many of them have also migrated from older PacketShapers that were providing visibility and shaping functionality on WAN links in addition to their internet feeds. Now with Exinda, we can provide a single device that provides visbility, shaping, WAN acceleration/optimization and a single-sided cache.

It’a a lot of fun solving real business problems that make folks’ lives better and save money. We are fortunate to have great, forward thinking partners like Exinda to go to market with. Take a look at the vdeo below. Its not a complicated concept, but the postive impact on end user experience, network congestion, and IT budgets is signifcant.