Challenges:
Network service providers charge fees for Internet access, and are themselves charged for their connectivity, but P2P applications increasingly consume a very large proportion of bandwidth, hampering the service providers’ ability to deliver premium network offerings. Users may even complain of slow speeds and stop being customers, further reducing revenue. Service providers are also sometimes held accountable for the actions of their users, and need to prevent non-compliant content from being carried on their networks. Traditional network devices cannot provide detailed network analysis, so service providers were unable to gain visibility into network activity or bandwidth utilization by individual applications. This also means service providers cannot offer differentiated services for customer segments — such as business versus residential — to attract more customers and improve profitability. A further concern is managing and optimizing the provider’s own infrastructure to support an enormous intranet user base, ensuring proper authentication with a constantly changing set of new user devices and technologies.

Our Solutions:
  Accurate P2P recognition and management: SANGFOR IAM’s intelligent P2P recognition technology can perform comprehensive recognition and management of common, variant and Unknown P2P applications to improve the quality of service offerings ;

  Internet content governance: SANGFOR IAM leverages its extensive URL database to deliver accurate URL filtering;

  Comprehensive traffic management: SANGFOR IAM has Multiplexing, Intelligent routing, virtual lines, virtual sub-channels and other features to allocate bandwidth resources based on application type, Website type, file type, user, time, target IP and other criteria, with bi-directional traffic control and bandwidth allocation;

  Robust user authentication: SANGFOR IAM can authenticate users via combinations of IP, MAC, IP/MAC binding, username/password and other information. It can interoperate with LDAP/Active Directory/RADIUS/POP3/PROXY and other 3rd-party authentication methods. Also supported are USB-KEY hardware authentication, LDAP/POP3/Proxy SSO, coercive SSO for designated segments/accounts, public/private control for accounts, and control of accounts’ effective dates. User account information (including organizational structures) can also be imported from text, IP/MAC scanning, and AD servers.