1

Allot CommunicationsAllot Communications

www.allot.com

Solutions for Citrix in the Enterprise

Network

Empowering Networks for Business

2

Market TrendsIncreased reliance on Internet and IP (private, public, VPN) for business critical trafficDiversity of applications with different networking requirements and business criticality

CitrixOracleVoIP, Video conferencingEntertainment traffic – music (P2P), shopping, stocks, multi-mediaEmail, VPN and large file transfers

Increased malicious traffic attacks on networks & serversBudget shrinks

Improve rather than buildSave on bandwidth costs

3

QoS in the Enterprise – The Need

Guarantee performance of business critical applications – Video, VoIP, ERP (SAP), Citrix Applications, Oracle – and protect from DoS attacksLimit bandwidth-hungry, non-business applications

P2P, musicWeb surfing

Monitor performanceRecord IP sessions stats

4

Citrix Solution – The Need for QoS

Citrix based network needs QoS because:IP network works on “best effort” basis – first comes first served – no guaranteesWithout QoS, bandwidth-hungry applications (like FTP or Peer-to-Peer) steals the Citrix resources (bandwidth)Without minimum bandwidth, Citrix users suffer from unpredictable response timeWithout QoS Citrix applications suffer from “un-assured” performance

There is no differentiation between applications and users

5

Policy Based Networking - a Complete Solution

EnforcementShaping and conditioningQoS tagging (gateway)Server balancingCache enforcementContent filteringPreventing DoS attacks

Monitoring and AccountingPolicy monitoringUser accounting and billingEvent managementCapacity planningService management

Policy and SLA ManagementDefine policiesTranslate policies to network actions User directory/CCB management

6

Product - The NetEnforcerBandwidth management (e.g., manage WAN link to remote offices)Traffic management/shapingPerformance guarantee (e.g., for Citrix)Traffic monitoring – real-time, long-termAuto discover and auto create policy (e.g., prioritize Citrix) High availability models (with dual power supplies)Redundancy and bypassHigh performance

Up to 155 Mbps (Gigabit I/F)256,000 connections28,000 policies

7

NetEnforcer Enterprise Product Line

ModelBandwidth

Pipes VCs Connections

AC101/128 128 Kbps 64 1,024 1,000

AC101/512 512 Kbps 128 1,024 1,000

AC201/2M 2 Mbps 256 2,048 12,000

AC201/10M 10 Mbps 256 2,048 12,000

AC301 100 Mbps 1024 4,096 64,000

8

NetEnforcerService Provider Product

Line

ModelBandwidth

Pipes VCs Connections

AC201/10M 10 Mbps 256 2,048 12,000

AC301 100 Mbps 1024 4,096 64,000

AC401 100 Mbps 2,04812,000

128,000

AC601 100 Mbps 4,09628,000

256,000

AC701 155 Mbps 4,09628,000

256,000

9

The Allot Effect

0

20

40

60

80

100

120

140

160

180

10:00 10:10 10:20 10:30 10:40 10:50 11:00

BrowsingCitrixMusic (P2P)

Music download (Peer to Peer) takes more than 100Mbps

Not enough bandwidth for Browsing and Citrix

The Allot effect: Add NetEnforcer to the network

Browsing and Citrix get full capacity Browsing and Citrix get full capacity while Music is limited to 10Mbpswhile Music is limited to 10Mbps

10

Using the NetEnforcer to Control Bandwidth

Example: Set Max Bandwidth to 85Kbps

Without QoS:

• BW abuse on short period of time

• Bursty pattern

• Retransmission ?

• One Customer takes all bandwidth!

With QoS enforcement:

• BW usage control

• Predictable pattern

• Efficient transfer

• Fair Access

11

Medium priority

LowLow priority

Business-CriticalCitrix

HTTP/P2P

Email

Switch Router

Application PrioritizationExample

NetEnforcer

Network with Email, HTTP/P2P and Citrix

IP offers only “best effort” service

Low-priority P2P traffic monopolizes connection

Citrix application bandwidth is now wider

Apply QoS andguarantee performance toCitrix applications

12

Classifying Citrix with the NetEnforcer

Classify Citrix traffic by Application Name and User NameClassify Citrix traffic by Application Name and User Name

Select Citrix from a library of protocols/ applicationsSelect Citrix from a library of protocols/ applications

13

Policy Example – Citrix Performance Assurance

Citrix performance is assured with “Business Critical” QoS level (very high priority and BW guarantee

Citrix performance is assured with “Business Critical” QoS level (very high priority and BW guarantee

Other applications are getting different priorities and bandwidth allocations while Usenet is blocked

Other applications are getting different priorities and bandwidth allocations while Usenet is blocked

14

Monitoring Applications in Real Time

View min/max bandwidth View WAN bandwidth View Protocol BW UsageTop UsersTop serversUtilization

WAN LinkNetEnforcer

15

Diagnose Network Performance

Nearly 28% of all traffic is from the Web.

Who are the top users?

16

Get Historical Traffic Analysis

From Policy usage distribution To Advanced

Graphical options

… and localization … and longer and

filtered history (e.g. working hours only)

17

NetAccountant – Optional Accounting

PackageCollect information about usage – including client, server, application inbound and outbound traffic countersIncludes a reportgenerator – ideal tool for network capacity planning and internal budgetingAllows access by external application using ODBC

18

Set QoS to Max. 128 Kbps ?

No: Wastes capacity of Branch 2

Set QoS to Max. 256 Kbps ?

No: Exceeds capacity of Branch 1

Managing Bandwidth inEnterprise Environment

256 Kbps

128 Kbps

Branch 1

Email, FTP Servers

Web

SAP

Corporate Headquarters

NetEnforcer RouterSwitch

Branch 2

Manage Multiple Links Manage Multiple Links

Policy Table (v4.1)Pipe 1 – 192.11.12.x to Any Max (128kbps)

SAP – Min 64 kbps

FTP – Max 56 kbps

Pipe 2 – 192.11.13.x to Any Max (256 kbps)

SAP – Min 128 kbps(Set Eternal Bandwidth to 384kbps)

Policy Table (v4.1)Pipe 1 – 192.11.12.x to Any Max (128kbps)

SAP – Min 64 kbps

FTP – Max 56 kbps

Pipe 2 – 192.11.13.x to Any Max (256 kbps)

SAP – Min 128 kbps(Set Eternal Bandwidth to 384kbps)

192.11.13.x

192.11.12.x

256 Kbps

128 Kbps

19

Allot’s Citrix-QoS Solution – Benefits to the customer

High ROI (return on investment)Citrix can be used on the Internet (public network)Citrix and other IP traffic share same WANCitrix bandwidth requirement is pre-defined and therefore less bandwidth overall is requiredCitrix performance is guaranteed and enhancedCitrix applications get “the right attention” in the network

Better management of trafficAllow capacity planning and troubleshooting

Protect against DoS (denial of service) attacks

20

Allot’s Citrix-QoS Solution – NetEnforcer’s Advantages

NetEnforcer Per Flow Queuing permits assignment of QoS per Citrix application or per userNetEnforcer enables prioritizing Citrix over other traffic (such as Email and file transfer)

Batch traffic (like FTP) can still run but won’t “freeze” Citrix

Mark Applications with Differentiated Service (DiffServ) Levels for end-to-end QoS Limit and control Print jobs and file transfers so they don’t affect other Citrix usersNetEnforcer/NetAccountant allows for detailed monitoring and application and IP accountingNetEnforcer enables protection for DoS attacks and other malicious traffic flows

21

Enhancing Security:Preventing a DoS Attack

with the NetEnforcer1. Attacker sends

Broadcast ICMP with Victim’s spoofed address

2. Unwitting accomplices send ICMP Echo Reply (with Victim’s address)

3. NetEnforcer detects high number of new ICMP connections and blocks them.

Unwitting Accomplices

Attacker

Victim’s InternalNetwork

NetEnforcer

321

22

EducationEducation

Selected Enterprise Customers

Banking / Finance CorporationsCorporations

GovernmentGovernment

Aeroporto de PortugalNorway National RR

(Italy)

23

Why Allot ? Ease of use – easiest way to have your QoS up and running – simple, intuitive and graphically pleasingApplication recognition – including CitrixApplication performance enhancement Real-time and historical traffic monitoring and all-session IP accountingComplete policy-based IP traffic management including traffic redirection to cache and server load balancingHigh performance and high availability

155 mbps, supports highest number of policies in the industryIdeal for enterprise and data centersFail safe operation

24

Contact Details

Americas

250 Prairie Center Drive #355

Eden Prairie, MN 55344

Tel (952) 944-3100

Fax (952) 944-3355

International HQ

Hod-Hasharon, 45800

Israel

Tel 972-(0)9-761-9200

Fax 972-(0)9-744-3626

Japan

Nishi Ginza Bldg 2F

5-5-9 Ginza Chuo-ku,

Tokyo 104-0061, Japan

Tel: 81 3 5537-7114

Fax: 81 3 5537-5281

Europe, Middle East and Africa

World Trade Center

1300, Route Des Cretes

BP 255 Sophia Antipolis Cedex

France 06905

Tel 33-(0)4-92-38-80-27

Fax 33-(0)4-92-38-80-33

Asia Pacific

9 Raffles Place,

Republic Plaza #27-01

Singapore 048619

Tel: 65-832-5663

Fax: 65-832-5662

www.allot.com

sales@allot.com