idirect Broadband Managed Services

Similar documents
CIR (down/up) 256k/64k 320k/96k 384k/128k. Throughput allowance 2 GB 4 GB 6 GB. (down/up) in unexpectedly high fees.

Edgewater Routers User Guide

Edgewater Routers User Guide

Smart Tips. Enabling WAN Load Balancing. Key Features. Network Diagram. Overview. Featured Products. WAN Failover. Enabling WAN Load Balancing Page 1

Internet and Intranet Calling with Polycom PVX 8.0.1

Broadband Bonding Network Appliance TRUFFLE BBNA6401

Truffle Broadband Bonding Network Appliance

PowerLink Bandwidth Aggregation Redundant WAN Link and VPN Fail-Over Solutions

Hosted Voice. Best Practice Recommendations for VoIP Deployments

QoS (Quality of Service)

UIP1868P User Interface Guide

Broadband Bonding Network Appliance TRUFFLE BBNA6401

LAN Planning Guide LAST UPDATED: 1 May LAN Planning Guide

BusinessCom Traffic Engineering Server (TES) Application Package. Ver User Guide. BusinessCom TES Platform User Guide, Page 1

WATCHGUARD FIREBOX SOHO 6TC AND SOHO 6

Gigabit Multi-Homing VPN Security Router

Technical Glossary from Frontier

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

MINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1

About Firewall Protection

DOMINO Broadband Bonding Network

HOSTED VOICE Bring Your Own Bandwidth & Remote Worker. Install and Best Practices Guide

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Cisco Virtual Office Express

BroadCloud PBX Customer Minimum Requirements

White Paper. McAfee Multi-Link. Always-on connectivity with significant savings

Allocating Network Bandwidth to Match Business Priorities

Assuring Your Business Continuity

Using a Sierra Wireless AirLink Raven X or Raven-E with a Cisco Router Application Note

ehealth Ontario EMR Connectivity Guidelines

Barracuda Link Balancer

Chapter 3 Security and Firewall Protection

This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.

GPRS and 3G Services: Connectivity Options

Getting an Interim Basic Broadband Service Guide

Reliable high throughput data connections with low-cost & diverse transport technologies

Chapter 5. Data Communication And Internet Technology

White Paper: Broadband Bonding with Truffle PART I - Single Office Setups

Virtual Leased Line (VLL) for Enterprise to Branch Office Communications

ENTERPRISE CONNECTIVITY

Multi-Link - Firewall Always-on connectivity with significant savings

Chapter 8 Router and Network Management

How To Configure A Kiwi Ip Address On A Gbk (Networking) To Be A Static Ip Address (Network) On A Ip Address From A Ipad (Netware) On An Ipad Or Ipad 2 (

ITC Corporate Connect

Multi-Homing Dual WAN Firewall Router

Firewall VPN Router. Quick Installation Guide M73-APO09-380

ALLNET ALL-VPN10. VPN/Firewall WLAN-N WAN Router

Chapter 4 Customizing Your Network Settings

Broadband Phone Gateway BPG510 Technical Users Guide

VPN over Satellite A comparison of approaches by Richard McKinney and Russell Lambert

White Paper. Complementing or Migrating MPLS Networks

Barracuda Link Balancer Administrator s Guide

How To Choose A Network Firewall

Protecting the Home Network (Firewall)

Frequently Asked Questions

Making the Case for Satellite: Ensuring Business Continuity and Beyond. July 2008

Elfiq Networks Vital for Hospitality

Gigabit SSL VPN Security Router

SILVER PEAK ACCELERATION WITH EMC VSPEX PRIVATE CLOUD WITH RECOVERPOINT FOR VMWARE VSPHERE

Unified Threat Management Systems (UTMS), Open Source Routers and Firewalls. Tim Hooks Scott Rolf

Chapter 15: Advanced Networks

Mikrotik Router OS - Setup and Configuration Guide for Aradial Radius Server

Technical Brief. DualNet with Teaming Advanced Networking. October 2006 TB _v02

Chapter 4 Customizing Your Network Settings

WAN Traffic Management with PowerLink Pro100

Cisco WRVS4400N Wireless-N Gigabit Security Router: Cisco Small Business Routers

Evaluating Bandwidth Optimization Technologies: Bonded Internet

Appendix C Network Planning for Dual WAN Ports

Cisco Small Business ISA500 Series Integrated Security Appliances

LotWan Appliance User Guide USER GUIDE

The FX Series Traffic Shaping Optimizes Satellite Links

VPN Solution Guide Peplink Balance Series. Peplink Balance. VPN Solution Guide Copyright 2015 Peplink

Network Performance Optimisation: The Technical Analytics Understood Mike Gold VP Sales, Europe, Russia and Israel Comtech EF Data May 2013

Unified Services Routers

ABOUT EMC HISTORY EXPERIENCE SERVICES

Unified Services Routers

Bonded Internet. Bonded is Better! AllCore Communications... Bonded Internet Features: Who is AllCore Communications?

HughesNet Broadband VPN End-to-End Security Enabled by the HN7700S-R

StarLeaf Network Guide

GPRS / 3G Services: VPN solutions supported

Total solution for your network security. Provide policy-based firewall on scheduled time. Prevent many known DoS and DDoS attack

Gigabit Multi-Homing VPN Security Router

Using Remote Desktop Software with the LAN-Cell

ZyXEL offer more than just a product, we offer a solution. The Prestige DSL router family benefits providers and resellers enabling them to offer:

KERIO TECHNOLOGIES KERIO WINROUTE FIREWALL 6.4 REVIEWER S GUIDE. (Updated April 14, 2008)

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

The Hybrid Enterprise. Enhance network performance and build your hybrid WAN

Unified Services Routers

Private Cloud Solutions Virtual Onsite Data Center

Key Term Quiz Answers

Source-Connect Network Configuration Last updated May 2009

Introduction. Network Basics. Workstations. Server. Hub

Using a Firewall General Configuration Guide

Gigabit Content Security Router

Transcription:

idirect Broadband Managed Services For most enterprises, what it takes to be an ISP is far removed from the core business. Most small to medium-sized businesses lack infrastructure, tools, and technical expertise and may struggle to deploy and support broadband services. Most solutions require a large amount of time and effort, as well as a significant initial investment and on-going support costs. These costs include and are not limited to recruiting and retaining qualified technical and management staff. Broadband satellite services are often placed in fairly remote areas where there is little or no local IT or networking expertise. This creates a challenge, particularly for enterprise organizations attempting to remotely support and manage remote offices. Business Satellite Solutions is focusing on delivering a new category of broadband satellite services managed services. Instead of simply selling a satellite antenna and modem like typical service offerings, we provide an advanced solution that has everything necessary to launch and manage a new site with satellite connectivity, Captive Portal & Access Control, Firewall, QoS and Bandwidth Traffic Management, Web and DNS caching, Reporting, Monitoring, NAT, and many other advanced networking features, all of which are managed remotely by our experienced NOC engineers and/or the client s experienced IT team. The managed service is an unlimited traffic service. There are NO throughput quotas, throttling or Fair Access Policies (FAP or FUP) involved. You get flat rate service that supports all applications and protocols - similar to broadband DSL or Cable links in United States or Europe. With the idirect Broadband managed service, the monthly costs are known in advance and they remain constant, and there is no requirement to purchase any additional traffic tokens to keep the service running. We have selected this higher end, unlimited traffic approach because we are focused on delivering business class, always-on service, to clients who require a reliable, constant connection they can depend on. The services are based on state of the art technology running on an idirect Evolution platform, and range from low speed links starting at 256 Kbps that can be expanded to 8 Mbps download speeds, with uploads ranging from 128 Kbps to 2 Mbps. Standard and Premium options are available, delivering different amounts of CIR (Committed Information Rate) required to support real-time traffic like VoIP, video, mission-critical applications, etc. The idirect Broadband service has no long term contract commitments and short test periods are available if necessary to test the waters. Both Ku and C-band services cover much of the eastern hemisphere, and Ku services are available in the Americas. The standard hardware package includes the Sentinel appliance, designed for easy installation and integration with the idirect modem/router. This appliance is the platform for supporting managed services. Key features of the managed services include: Built in WiFi Access Point The Sentinel is preconfigured for easy connection to the satellite modem and for providing wired and wireless connectivity for local users. In small business networks, Sentinel usually replaces entry grade WiFi routers that may often be overwhelmed by the inbound LAN traffic. Sentinel supports much higher throughput and has superior PPS (packet per second) forwarding capability, as compared to an average low end access points like D-Link or Linksys, to avoid this bottleneck. Business Satellite Solutions Page 1 January 13, 2015

Captive Portal, Access Control, Vouchers The idirect Broadband solution provides clients with a Captive Portal and a full user management solution and a database - all within the Sentinel server. This allows the network administrator to exercise control over who can access Internet via the network and for how long. Sentinel does all that automatically, as per the policies that are defined by the client. For example, in the case of a Cyber Café or Hot Spot, the network manager can create vouchers, print them out and sell to the local community. These vouchers can be generated for 1 hour, 1 day, 1 month or just about any other time frame desired. People can buy the vouchers, connect to the Sentinel wireless network, enter the voucher code in their Web browsers and they are connected. Once the time limit expires, Sentinel disconnects them from the network automatically and will ask for another voucher code. This voucher system is primarily designed for Wireless Hot Spots, however they will work very well in a cyber cafe, a hotel environment, and guest access for corporate visitors, sales reps, etc. The Captive Portal ensures that only authorized devices connect to the service. Network Monitor and Traffic Management In the broadband satellite business, a rather frequent call to the NOC comes after a site has been running well for some period of time. The site then notices a slowdown in performance. The NOC checks the charts and the performance of the site has not obviously changed, but the perception at the site is that it got slower. What happened? What often happens is that one or more users on the network are eating up all the bandwidth for any number of reasons ranging from virus infected PCs, spam generation, movie downloads, heavy Skype, Peer-to-Peer File Sharing or any other number of reasons. On a typical standard broadband satellite service, the NOC has very little information about how the individuals and devices on the local network use the bandwidth. This makes it all a big guessing game, with clients often thinking the service has deteriorated, but the NOC showing consistent, good total throughput. Accessing Sentinel, and being able to look at how much bandwidth each PC is using, it becomes glaringly obvious where the trouble lies if one PC out of 25 is using half of the overall bandwidth, and the connection is to a site that delivers streaming adult content, for example! First comes identifying the problem then fixing it, in line with company policies, such as prioritizing business traffic, or limiting PCs to some level so they don t hog bandwidth (good for Skype users). Since satellite bandwidth is very expensive and thus limited, it makes sense to exercise strict control over how bandwidth is shared in the local network. Sentinel sits between the satellite modem and the LAN and works as a "looking glass" into the network. It provides a traffic breakdown, such as Top 20 IPs by traffic, Network Intrusion Detection System (NIDS) alarms, packet rates, and various other connection statistics, and enables our NOC or the company s IT folks to determine where precious satellite bandwidth goes and who is using it. Its primary function, is to implement traffic shaping disciplines. This could range from traffic prioritization via QoS, implementing per-host bandwidth limits in the LAN, to throttling certain Web activity such as multimedia file downloads. The Sentinel server allows administrators to assign priorities to different traffic types, allowing low priority traffic to give way to important applications. Sentinel can shape bandwidth for the LAN clients to make sure that everybody in the network gets a fair piece of the pie. It allows administrators to define multiple groups of hosts Business Satellite Solutions Page 2 January 13, 2015

and/or hierarchies, in order to assign bandwidth according to class priorities and schedules, or it can "open the spigot" to everyone equally; whatever makes the most sense for the business. In this Network Monitor screen shot we see that the PC with address 192.168.1.88 is at the top of the list and responsible for 38% of the site throughput. If this should not be, then there are steps that can be taken. If circumstances dictate action, then, for example, limits may be placed on PCs so that no individual PC hogs more than its fair share. In addition to the table format, one can see at a glance who the busiest users are in real time by looking at the dark bands of activity associated with each device. In this way you can see the highest traffic PCs and the periods in which they are busiest. This may help with scheduling - if certain high bandwidth tasks are taking place at the same time the display will illustrate that. A breakdown by protocol or traffic throughput can also be helpful to diagnose problems, for example helping to see Skype or webcam sessions that may be eating up bandwidth: Business Satellite Solutions Page 3 January 13, 2015

PEP Acceleration The idirect Broadband managed service employs a PEP or performance enhancing proxy in order to deliver a higher quality service with better throughput than similar circuits of the same size provided by other providers. There are a few providers who use appliances at the hub to optimize the outbound or download bandwidth to remote sites, but the technically challenging part of two-way broadband satellite service is the inbound or upload part of the circuit. In order to fully maximize optimization and compression across the satellite link, there must be an appliance at the remote site as well as in the hub, so that the two can work together to squeeze more traffic out of a given bandwidth level. PEP is based on a proprietary protocol that allows acceleration and compression of HTTP traffic before passing it over satellite links. The PEP delivers a faster and more consistent browsing experience, if compared to the standard acceleration techniques implemented in satellite modems. The on-the-fly bandwidth compression delivers bandwidth savings for the client, usually around 20 to 30% in a mixed data/voice environment. This is significant because satellite bandwidth is expensive and limited itself. With PEP, the client simply gets a faster satellite service. All this is included in the service costs and all the teleport side gateways are managed by the NOC. The basic PEP service is remotely activated by the NOC engineers during the setup process. There is an additional option on the Hub side PEP server to compress web images in order to further conserve bandwidth. This can be very useful in basic browsing applications, but would not be used for high resolution medical images for example. As part of the managed service, the NOC can configure this and try a couple different settings to meet the client s objectives. Note that if the Sentinel appliance fails, it can be removed from the network and the basic idirectenabled services will continue to operate, albeit with lower throughput and without bandwidth management or other features that may have been enabled. Business Satellite Solutions Page 4 January 13, 2015

VPN Sometimes a client needs a secure pipe between two locations. Using standard VPNs such as IPSec are an option, but there are performance limitations over satellite that seriously impact IPSec VPNs because of the latency. The Sentinel can act as an IPSec client and support tunnels to data centers, but sometimes a simpler approach is to build an SSL-VPN tunnel between sites. IPSec, PPTP and other VPNs that encrypt the headers of TCP packets as well as the data, have performance issues. SSL, that encrypts only the data, and not the headers, has no such performance issues. DNS and HTTP Caching DNS caching allows faster lookups when connecting to sites that were previously contacted. Similarly web content that has recently been downloaded and viewed by other users, need not be transmitted over the satellite link again and again for each user viewing the same content. Firewall, DHCP, NAT, and other services idirect s satellite modems are designed to pass packets over satellite links. Because they provide basic router functionality they can be configured to run tasks such as DHCP and NAT. This, however can have an impact on the packet forwarding capabilities of the modem. If it is using up processing power and memory to run services such as DHCP and NAT, throughput may suffer. The Sentinel has plenty of processing and memory to handle these tasks on the local network and let the idirect modem focus on passing packets as efficiently as possible. The Sentinel also provides a local firewall for the site. It comes preconfigured with known malware sites blocked. Some clients who have installed the Sentinel into already active networks, discovered immediate improvement in throughput simply because malware was blocked. Load Balancer Some remote networks are critical and must have maximum uptime; others may have a need for additional capacity provided by satellite for a particular application or just to add more bandwidth to the site. The Sentinel includes a load balancing option that can be used for failover or simply sharing bandwidth between two sites. For some clients such as WISPs (wireless ISP) two high bandwidth shared services, load shared together, can provide a better throughput and better service thanks to high burst rates, than an unshared service such as SCPC that will not provide nearly as much burst rate as a shared service. Reporting and Monitoring Standard idirect broadband services have limited capabilities, again because they are using CPU and memory to forward packets and not do a lot of management. With the addition of Sentinel, NOC engineers for idirect Broadband managed services have access to the following to troubleshoot problems: 1) Use the (included) idirect isite tool to connect to the satellite router and pull bandwidth statistics in real-time. The isite tool will provide you with basic protocol breakdown, but won t provide history, and running it puts an additional processing load on the idirect modem. Business Satellite Solutions Page 5 January 13, 2015

2) Use Sentinel Traffic Graph tool - via Web GUI, Status menu. This means the NOC or client s IT department can log in via web browser to a Sentinel server at the remote site and it will provide realtime bandwidth usage statistics on the WAN and LAN interfaces. The chart will be updated every few seconds. It makes sense to measure the bandwidth flow at the LAN interface because what is received at the local Ethernet port is what really matters. Some providers provide monitoring tools to measure traffic on their VSAT Hub interfaces, but quite often these measurements are not accurate, as not all the traffic that reaches the VSAT Hub will reach the remote site. Measuring bandwidth flow on the remote LAN interface is the most accurate method to see true throughput. Sentinel Traffic Graph is usually used as a real-time diagnostics and troubleshooting tool. 3) Use Sentinel RRD Graphs - via Web GUI, Status menu. The RRD Graphs will provide long-term bandwidth usage history, as well as min/max/average and 95th percentile readings and statistics on packets that are blocked or passed by the Sentinel firewall. We recommend measuring on the LAN interface. RRD Graphs history spans 4 years. RRD Graphs are generally used as a general, long-term performance metric that provides data for decisions about bandwidth upgrades or downgrades on VSAT links. 4) Use Sentinel Top 20 - via Web GUI, Services menu. The Top 20 tool will provide a short- and long-term bandwidth usage history that is similar to RRD Graph. The Top 20 output comes with a breakdown by protocols (TCP, UDP, HTTP, ICMP, etc) as well as IP addresses in the local network. It can report top 20 hosts in the local network by bytes usage, so it's a very useful tool that can serve not only as a performance metric but as a way to observe how the bandwidth is actually distributed. This helps to quickly identify bandwidth abusers and align QoS. The Top 20 is usually used as a performance metric to back up local bandwidth management and QoS decisions. 5) Use Sentinel States Summary - via Web GUI, Diagnostics menu. The States Summary will provide statistics on open connections (firewall states) per each IP in the local network. This complements other monitoring tools and helps to diagnose malware and bandwidth abuse such as P2P applications that open many concurrent sessions in the background. Managed Support The Sentinel may be purchased separately and used on other VSAT services. For this, the NOC (Network Operations Center) offers a range of managed support services. Note that the PEP optimization may not be available from the hub side in such cases. For idirect Broadband managed services, NOC management of the basic capabilities, are included with the subscription to the VSAT service. If there is a need to set up a complex bandwidth management policy, set up vouchers/billing, create a VPN network, set up load sharing, or build a firewall, the client can do it leveraging the extensive documentation available to all clients, or these tasks can be delegated to the NOC who will do configurations and setups for an additional small fee. This is important because, as mentioned earlier, sometimes it is rather difficult to find a good network engineer able to help unsophisticated remote sites. Our NOC can be that engineer. Business Satellite Solutions Page 6 January 13, 2015

A Note to Resellers Sentinel is key to delivering a superior user experience. It improves the quality of service and this results in long-term, happy and growing subscriber base. Think about Sentinel servers from this perspective: Sentinel enables a reseller to differentiate their VSAT offering by delivering a managed and optimized service, as opposed to raw non-managed services available from everybody else on the market. The Sentinel appliance makes a big difference in how to go up against competitors. A VAR (value added reseller) can change the rules of the game. It s not just about price anymore. It s a competitive advantage for VARs, if they understand and know how to use the features to give clients a service that keeps them loyal. Setting up and providing managed services for a VAR s end user clients also creates additional revenue. The symbiosis of idirect Broadband and Sentinel enable reseller partners, to provide the VSAT connectivity and a wide range of bandwidth management and optimization solutions, as well as advanced networking services to clients. This helps to integrate with clients better and create long-term, trusted relationships with more understanding of the clients' business environment. With access to Sentinel at remote sites, a reseller can now provide monitoring and reporting services, create comprehensive service performance reviews, consult the client on QoS and bandwidth management tactics, deploy corporate WANs, WiFi networks, captive portals, VPNs, build load balanced services, and much, much more. The NOC will help VARs master the Sentinel PF operating system to discover more value-add opportunities to deliver. Instead of simply reselling the satellite service, VARs can now actively engage to support their clients and provide consultation service with our help. This paper was authored by Patrick Gannon, President of Business Satellite Solutions, LLC. Business Satellite Solutions is an advanced technology solutions provider, delivering enterprise-class broadband satellite solutions to business and government clients. Copyright 2015 Business Satellite Solutions, LLC. All rights reserved. Company and product names are trademark or registered trademark of their respective owners. No part of this publication may be reproduced, photocopied, stored on a retrieval system, transmitted or translated into another language without the express written consent of Business Satellite Solutions, LLC. The information contained herein is believed to be reliable, but cannot be guaranteed to be complete or correct. Business Satellite Solutions Page 7 January 13, 2015

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information