--- WINET deploying SANGFOR IAM solutions for flow management

 

Malaysia ISP

 

Wi-Net Telecoms Sdn Bhd (Winet) is a licensed Network Service Provider (ISP). Issued by the Ministry of Information Communication & Culture, it has been awarded licenses both as a Network Facility Provider (NFP/I/2000/66) and as a Network Service Provider (NSP/I/2000/72).

With headquarters in Kuala Lumpur, Winet has more than 200 employees who service its global customers with its WiFi, telecommuni­cations, multimedia and wireless broadcasting products. Its customers are mainly from East and West Malaysia, and South Korea.

Winet intends to provide communications and multimedia (ICT) services for prospective customers in Malaysia, and, by the end of 2010, plans to cover the whole of Malaysia. By investing RM1billion over the next five years, the company intends to enhance communications and multimedia services for its existed and potential member. Winet aims to stay at the forefront in ICT knowledge by utilizing its Design & Development Centre.

 

Challenges
As an Internet Service Provider, Winet prioritizes service quality. Like most ISP, Winet provides its customers with concentrated wireless network access, which enabled centralized management for Winet. However, the network structure caused new problems. With the current Internet trends, a great amount of on-line video and P2P traffic is replacing traditional HTTP network flow, which now accounts for over 50% of network traffic, and hijack ISP’ broadband resources.

In most cases, P2P describes the mutual transmission of repetitious flow that generally wastes broadband resources. Actually, the change in the flow pattern necessitates greater broadband resources, which increased the input for network construction. Given the rate of network construction rates and the exponential rise in P2P traffic, network expansion will always lag behind P2P growth.

Traditional network solutions can neither calculate nor control flows if ports are altered and encryption are installed. The inflexible blocking strategy provided by firewall is certainly can not be applied to solve the bandwidth management problem. Therefore, Winet needs an intelligent bandwidth management solution to improve its service quality and global competitiveness.

 

Apart from that，combination with the existing LDAP authentication system is needed. According to the authentication results，assign basic network access rights, such as web access, to unregistered users; Assign full network access rights, such as P2P, online video, etc., to registered users;

 

Solution
Network Analysis

> Winet’s internal network can be controlled through cryptographic servers, such as LADP and Radius, to manage large numbers of users. The solution must integrate with these third party cryptographic servers and adopt different broadband control strategies according to various user levels.

> As P2P is a characteristic of port alteration and encryption, P2P control technology based on protocol and port would not work effectively. The solution should adopt the agreement analysis technology to identify normal P2P agreements and applications, and abnormal, cryptographic P2P flows.

> Any interruptions will affect Winet services and user experience. Thus, the plan must guarantee unbroken 24/7 service provisioning.

 

The SANGFOR Solutions
SANGFOR IAM provides comprehensive solutions to meet the above requirements of Winet.
Deployment:

In phase 1 of the project, Winet deployed two M5900-AC-I devices in their backbone network in route mode to replace MONO for authentication in Kuala Lumpur, and in phase 2 of the project, Winet deployed the other M5900-AC-I in Kurim.

M5900-AC-I is the most high-end products of all the IAM seriers, which can govern networks of more than 50,000 users

 

> The IAM’s built-in application database that comprises over 500 application rules can precisely identify all the Internet behaviors; besides, the unique P2P intelligent identification technology ensures IAM to fully recognize P2P applications, with the identification rate of up to 95% ;

 

 

> The IAM can identify users by IP/MAC, RADIUS, LADP, PROXY, POP3 and other third party authentication servers. User grouping enable the IAM to match administrative organization structures, and therefore achieve differential control.

> Combine with the existing LDAP authentication system. According to the authentication results，assign basic network access rights, such as web access, to unregistered users; Assign full network access rights, such as P2P, online video, etc., to registered users;

 

 

 

> The IAM boasts both a hardware and software BYPASS function, which ensures the network is uninterrupted should power or equipment fail in either route or bridge mode.

 

> Through detailed reports cover statistics, analysis, comparisons and trends, the IAM informs the IT department of network operations by delivering an accurate traffic map of the network.

 

 

Benefits
Optimizing network speeds is the focus of network construction. Conventional network expansion methods are ineffective at accelerating networks. As related optimization tasks have gradually moved towards a full analysis of network flow, it is desirable to properly manage and allocate network bandwidth on this basis, and thus raise network speed and maximize construction efficiency.

 

1、P2P traffic has been effectively controlled so as to reduce bandwidth occupancy. As a result, the overall speed of the network has increased dramatically.

2、The whole network has been analyzed. The analysis covers network flow and behavior; for example, website visits, and applications such as video downloads, P2P downloads, IM software, IPTV, and online games.

 

3、 SANGFOR IAM seamlessly combined with the existing LDAP authentication system of Winet, achieving the access authorization function required by Winet.

 

Based on statistical analysis, Winet’s network managers can fully understand the status of the network, including flow characteristics and security. This provides a statistical reference for future optimizations to speed and security.

The deployment of the SANGFOR IAM equipment has dramatically improved the client’s end experience. The SANGFOR IAM analytical tools for network flow also provide a comprehensive network analysis and optimization platform for Winet network managers to maximize network quality.

 

The cooperation between SANGFOR and WINET represents a great leap in SANGFOR’s global vision. SANGFOR has already maintained good relationships with many ISPs in China, including branches of China Mobile, China Telecom, and China Unicom, at both the city and provincial levels. Cooperation with China Mobile’s head office has also marked a great milestone in terms of SANGFOR’s tier 1 ISPs. SANGFOR will continue to walk the road to internationalization with high-quality products and services.