SANGFOR IAM Traffic Technology
SANGFOR IAM’s traffic function uses deep packet inspection and deep flow-state detection technologies. It has a rich network application recognition database combined with statistics-based intelligent application recognition technology that accurately recognizes all network applications on the Intranet. Its powerful user management systems guarantee effective execution of Intranet traffic management strategies in a dynamic IP environment, and its unique, extensive built-in URL database, file type-based recognition rules, and inconspicuous feature recognition technology provide users with the necessary resources for differentiated management. Additionally, diversified traffic classification and management strategies break through traditional IP- and network application-based traffic management models to meet advanced user management requirements.

 

To provide the benefits described above, SANGFOR IAM professional traffic management devices employ the following process:

 

 

User Recognition
Network traffic mostly originates from users. Therefore, the prerequisites for effective traffic management are effective user recognition and appropriate user management. SANGFOR IAM products offer powerful user management systems that provide for diversified user identity management and user-based traffic management. They also successfully implement individualized and customizable Intranet traffic management while guaranteeing an effective combination of user identification and management strategies in a dynamic IP environment.

Functional Advantages:
  Wide variety of accurate user recognition methods
  Fast and effective allocation of network access permissions to users
  Perfect interoperability with 3rd-party user management servers
  Rapid classification of unknown user network-access permissions
  Implements username-based traffic management

 

Traffic Recognition
Accurate recognition of traffic content is an important prerequisite to effective management. Therefore, the ability to accurately recognize network traffic is the major acid test for deciding if a product’s traffic control feature is sufficiently professional. SANGFOR-IAM products adopt DPI (deep packet inspection) and DFD (deep flow-state detection) technologies to conduct detailed analysis and detection for all network applications and traffic, providing the most comprehensive elements for follow-up management.

 

Effective IT management requires precise identification of traffic content, and any professional product’s traffic control function is judged by its ability to perform this important function. That’s why SANGFOR IAM products leverage the power of DPI (deep packet inspection) and DFD (deep flow-state detection) technologies to conduct deep analysis and detection for all network applications and traffic, providing the most comprehensive meta-data for follow-up management.

Functional Advantages:
  Rich network application recognition database + statistics-based intelligent application recognition (P2P/Skype encryption traffic recognition)
  User identity recognition (local device recognition + 3rd-party servers, for recognition of user identity)
  Extensive built-in URL recognition database + webpage-based intelligent content recognition
  Recognition of uploaded and downloaded file features
  Inconspicuous tracking recognition

 

Traffic Classification
While accurate recognition of network applications is critical, how well they are subsequently classified will directly affect the flexibility and effectiveness of follow-up traffic management. SANGFOR IAM products adopt multilayered Intelligent routing, and refine traffic management by supporting virtualization of one physical link into eight virtual lines for management— each virtual line can be further divided into 256 virtual traffic management sub-channels.

Functional Advantages:
  Multilayered traffic division
  Physical lines -> virtual lines -> virtual channels
  Individualized IT management policies applicable to different departments and applications, as needed

 

Traffic Management
SANGFOR’s IAM products adopt policy-based bandwidth allocation and traffic redirection technology to effectively manage all types of traffic. They specify the maximum and minimum bandwidth necessary to ensure operation of critical application software, prevent unauthorized traffic, and control the impact and speed of low priority “bursty” application software. They can also dynamically allocate bandwidth based on application software, user, and customer needs.

Functional Advantages:
  Management strategies based on user / user group and IP / IP group
  Management strategies based on application type and time
  Management strategies based on website type
  Management strategies based on uploaded and downloaded file type
  Management strategies based on Extranet IP traffic
  Single user-based Internet access permission allocation
  Single user-based online duration allocation and traffic quota

 

Statistics Reports
SANGFOR’s IAM devices provide powerful real-time traffic monitoring and statistics reporting, including on current network traffic states, devices’ CPU and disk utilization, real-time user traffic, traffic ranking, connection ranking, gateway logs, and other pertinent information. At the same time, IAM products can use different traffic flows to analyze real-time, daily, and weekly traffic trends on different physical lines.

 

SANGFOR IAM’s long-term monitoring aggregates records of real-time monitored network traffic for administrators to review anytime. Now IT managers can have an in-depth, intuitive view of network traffic, network monitoring, security logs, and other detailed information. Powerful reporting tools allow management staff to request information based on groups, users, rules, and protocols. They can analyze results with pie charts, histograms, and curve charts, and directly print and export reports. Superior gateway logging systems and rich reporting functions analyze organizations’ network usage in detail and provide the most effective data support for network administrators.

 

Traffic Monitoring and Reporting Functions

Data center Supports independent data center, and store logs in database Real-time session monitoring Ranks users’ real-time sessions; supports viewing of detailed information about specific users’ current sessions Real-time traffic monitoring Monitor users’ real-time upstream and downstream traffic; displays specific users’ detailed real-time applications traffic; supports users’ real-time traffic ranking Real-time connection monitoring Monitors users’ real-time connections, and can disconnect users’ specific connections Abnormal user freezing Supports temporary “freezing” of users behaving abnormally, preventing them from accessing network. Unfreezes them automatically after a specific time period has ended Traffic statistics Collects data about a user’s total traffic during specific times; analyzes statistics about a user’s traffic with specific application protocols Time statistics Uses specific application protocols to collect data about a user’s total online time during a specific time period Compartmentalized management After a specific user group’s administrators login to the data center, only they can request statistics for the user group’s behavior log Traffic statistics Supports collection of traffic and rankings for users, user groups, and applications, and supports graph-drawing and exporting Traffic trends Support graph-drawing and exporting of users’, user groups’, and applications’ traffic trends Comparison reports Supports detailed traffic comparison reports for specific users’ and user groups’ application access behaviors during different periods of time; Self-defined reports Supports self-defined reports for traffic statistics, trends, and summarization based on users, user groups, IP, application types, and more Report subscriptions Automatically sends reports and statistics for different user groups to specific mailboxes

 

 

Network Traffic Analysis and Management and Enhanced Network Visibility
SANGFOR’s IAM products use overlapping statistics, control, optimization, and bandwidth functions to help managers fully analyze and optimize WAN bandwidth resources.

 

SANGFOR’s IAM data center (Network Data Center, NDC) can record all LAN behaviors and analyze trend reports. Users can use visual data and reports to gain an intuitive understanding about services that are using up valuable WAN bandwidth resources (for unnecessary webpage browsing, unauthorized emails, or excessive P2P downloading). Using this deep understanding of network usage, managers can refine Internet access strategies to better suit their enterprises.

 

Bandwidth Guarantee for Critical Business Applications
Traditional bandwidth management devices are normally used to limit certain resource-consuming software that uses up bandwidth, but this approach does not guarantee that important bandwidth is available to deliver satisfactory performance for latency-sensitive activities such as VoIP or video meetings. One possible solution to this problem is to dedicate a full line’s bandwidth to specific business applications, but this is not cost effective.

 

Unlike traditional traffic management technology that adopts fixed bandwidth, SANGFOR’s IAM series provides channel-wise bandwidth management. When traffic is high, specific prioritized applications can be provided with sufficient bandwidth. When those key applications are terminated or begin to use less bandwidth, the idle bandwidth will be automatically provided to other applications, guaranteeing optimal network utilization.

 

SANGFOR IAM offers highly versatile bandwidth management. For example, when using a fixed bandwidth reservation method, if an enterprise has maximum outbound bandwidth of 100Mbps; it can retain 5Mbps bandwidth to be allocated to the head offices. This means that even when the remaining 95Mbps bandwidth becomes extremely congested, the main office (such as the CEO’s office) is guaranteed to have at least 5Mbps of available bandwidth. IAM can also utilize the dynamic reservation method. For example, it can be configured to normally provide 5Mbps bandwidth for the finance department, but when there is no traffic in that department, the bandwidth can be temporarily allocated to other teams and applications. When the finance department needs to use the network, it will regain priority for using the bandwidth. IAM even allows bandwidth to be allocated for pre-determined time periods so that dedicated bandwidth will be allocated for video or voice meetings during certain hours, so they can be maintained at high quality. The staff can be advised that these are the best hours to hold such meetings. This increases bandwidth utilization and ensures that businesses have bandwidth when and where they need it most.

 

Bandwidth Optimization and Multi-line Strategies
QoS (network Quality of Service) technology includes dedicated bandwidth, jitter control, packet loss and latency improvements, and traffic guarantees for specific high-priority network services. IAM adopts QoS to prioritize the data flowing through devices, guaranteeing bandwidth quality for important services. Meanwhile, in order to meet the needs of its special physical environment, it supports 4-way bridge mode deployment, and can manually allocate bandwidth separately for each physical line and execute differentiated traffic control strategies.

 

Customer Value
  Enhances bandwidth utilization and network traffic visualization
  Guarantees effective and orderly operation of critical business applications
  Improves efficiency of bandwidth utilization and reduces IT investment costs
  Reduces overhead costs of network operation/maintenance/management, and decreases user complaints regarding daily network usage
  Improves staff productivity, guarantees critical staff’s engagement, and reduces employee overhead
  Provides perfect traffic reports and a strong foundation for analysis, optimization and inspection
  Improves the reliability, controllability, security, and predictability of network operation