Solution Brief
Cloud Access Optimization
Solutions for Enterprise
Oct 2014
© 2014 Allot Communications Ltd. All rights reserved. Specifications are subject to change without
notice. Allot Communications, Sigma and NetEnforcer and the Allot logo are trademarks of Allot
Communications. All other brand or product names are the trademarks of their respective holders.
Cloud Access Optimization Solutions for Enterprises
Contents
Executive Summary ............................................................................................................................. 3
Who needs Cloud Access Optimization? .......................................................................................... 4
Why? ...................................................................................................................................................... 4
Data Center Migration to the Cloud....................................................................................................................... 4
Virtualization and SDDC.............................................................................................................................................. 4
User Mobility and Unified Communications ....................................................................................................... 4
What’s the problem? ........................................................................................................................... 5
Weak links in the cloud application delivery path ........................................................................................... 5
Unpredictable availability & performance of applications ........................................................................... 5
Need to allocate Access resources to users and applications ..................................................................... 5
Need to scale Access resources to new demand levels quickly and easily ............................................ 6
Need to measure and control how Access capacity is utilized by applications and users .............. 6
Point solutions from multiple vendors are complicated to provision and do not always work
together ............................................................................................................................................................................. 6
Cloud Access Optimization is the solution ..................................................................................... 6
Visibility ............................................................................................................................................................................. 6
Control ............................................................................................................................................................................... 8
Security .............................................................................................................................................................................. 9
Solution Technologies ...................................................................................................................... 10
Solution Benefits ............................................................................................................................... 12
Solution Deployment ........................................................................................................................ 13
Why Allot ............................................................................................................................................ 13
2
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
Executive Summary
A number of evolving market trends are having a big impact on the ability of
enterprises to run efficient networks that satisfy users, increase productivity, and
ensure business continuity.
Cloud Migration is on the rise with enterprises transitioning their IT infrastructure to
private, public and hybrid clouds. Together with this comes Application Mobility in
which applications are increasingly hosted in the cloud and accessed via the Internet
instead of the enterprise LANs. In addition, the rise in User Mobility and BYOD makes it
more challenging than ever to ensure application performance and secure access to
Unified Communications applications in the cloud.
While cloud data centers and applications are powered by virtualized and softwaredefined architectures, enterprises are still using the same Internet and WAN resources
to access those cloud hosted applications. Cloud access has not kept pace with the
advances in data center capacity, elasticity, central control, and virtualization.
With users vying for the same shared cloud access capacity, application performance
(and hence user productivity) is highly subject to degradation by heavy transaction
loads from real-time video and voice, file transfer, endpoint upgrades and Denial of
Service attacks. Hence, the cloud access points are the weakest links in the delivery
path from the user to the application.
Allot’s Cloud Access Optimization
solution overcomes the main
performance and security challenges of
user access to cloud-hosted applications
and in doing so, transforms the WAN
Optimization Controller (WOC) market
into a new domain.
Cloud Access Optimization
ensures user QoE and
productivity by controlling
application availability,
performance, and security
Going beyond traditional WOC
functionality, Allot employs access
virtualization to allocate dedicated
resources to multiple tenants, users and
applications in the cloud. In other words,
the shared cloud access is divided into multiple virtual instances – each with its own
SLA that is individually monitored, controlled and secured. Allot’s ability to virtualize
physical access resources and flexibly manage them means that enterprises can
dynamically match cloud application performance to user and business requirements.
3
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
Who needs Cloud Access Optimization?
Allot Cloud Access Optimization solutions are ideal for enterprises who have:

migrated their data center to private, public or hybrid cloud

adopted virtualization, Software Defined Data Centers, and SaaS applications

branch offices connecting to cloud resources via a WAN

mobile employees working at home or on the road

encourage BYOD and collaboration applications over the Internet
Why?
Cloud and mobility trends are having a big impact on the ability of enterprises to run
efficient networks that satisfy users, increase productivity, and ensure business
continuity.
Data Center Migration to the Cloud
As enterprises transition their data center and applications to private, public or hybrid
cloud business models, they introduce new challenges in controlling the entire
application delivery path and assuring application performance.

Private cloud data centers may be owned by the enterprise or hosted by a
managed services company in a virtual private cloud.

Public cloud data centers provide Data Center as a Service (DCaaS) to
enterprise tenants who share the data center resources.

Enterprises who use Hybrid cloud data centers, host some data center functions
in a private cloud while others are hosted in a public cloud.
As a result, applications are increasingly hosted in the cloud and accessed via the
Internet instead of the enterprise LAN. Application mobility makes the Internet access
an ever more critical business resource for the enterprise.
Virtualization and SDDC
Virtualization and Software Defined Networks (SDN) are two of the most important IT
trends in the enterprise arena. As enterprise data centers migrate to the cloud, HW and
SW applications are decoupled, enabling machines and their functions to be deployed,
duplicated and scaled dynamically. This has given rise to the Software Defined Data
Center (SDDC) where software components and open APIs are used to facilitate
application and resource flexibility, agility and customization.
User Mobility and Unified Communications
Enterprise users who primarily accessed applications from their Campus and Branch
offices are increasingly accessing applications while at home and on the road.
Moreover, many enterprises allow both employees and other users to connect their
4
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
own endpoint devices (smartphones, tablets, laptops) to the network. As a result, it is
more challenging than ever to ensure the performance of applications in the cloud –
especially collaboration applications.
What’s the problem?
Weak links in the cloud application delivery path
Enterprises are migrating their applications to data centers powered by virtualized and
software-defined architectures. But, employees are still using the same Internet and
WAN connections to access those cloud hosted applications. Cloud access resources
have not kept pace with the advances in cloud data center capacity, elasticity, central
control, and virtualization. Hence, the cloud access points are the weakest links in the
path from the user to the application.
Unpredictable availability & performance of applications
With users and applications vying for the same shared Internet and WAN access
capacity, application performance (and hence user productivity) is highly subject to
degradation by heavy transaction loads from real-time video and voice, file transfer,
endpoint upgrades, and ad hoc events. Denial of Service attacks on data center
resources and internal bot infections also take their toll by flooding the network with
unwanted and unplanned traffic. Employee productivity depends on reliable
performance of the applications that facilitate their ability to work, collaborate and
support customers effectively.
Need to allocate Access resources to users and applications
Enterprise cloud data centers serve numerous users – each needing access to different
business applications at different times, in different locations, on different devices and
with different access priorities. For example, sales personnel demand round-the-clock
5
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
availability and fast response time from Salesforce.com in order to book and close
sales, while marketing staff on the enterprise campus use Salesforce.com only during
business hours to set up campaigns and view reports. Basic traffic prioritization goes
only so far in managing today’s complex application and network environment.
Enterprises need the ability to tailor application performance to the disparate and
dynamic needs of each user.
Need to scale Access resources to new demand levels quickly
and easily
Although connectivity prices have come down over the years and capacity is abundant,
Internet and WAN access is still a bottleneck because additional capacities are quickly
utilized by growing application demand. Enterprises need to be able to assign access
resources to different users and to scale their assignments up or down on demand,
without repeated investment in new access infrastructure.
Need to measure and control how Access capacity is utilized by
applications and users
If you can’t see it, you can’t control it. While enterprises intuitively understand that
Internet and WAN access is still a bottleneck, they can’t pinpoint the culprits who are
causing the congestion. Clear visibility of every application and network transaction is
critical to understanding and managing how well enterprise business applications are
supporting employees and helping (or hindering) their productivity.
Point solutions from multiple vendors are complicated to
provision and do not always work together
Enterprises can choose from a range of solutions to increase application performance
and optimize the user experience across large, complex and hybrid environments. The
trick is getting them to work together and to be able to orchestrate their functions.
The challenges associated with network integration projects, such as concerns about
cost and the potential of business downtime, as well as technology implementation
issues, can lead businesses to put off network changes and improvements. Solutions
that provide pre-integrated functions in a future-ready platform can be used to create
a solid foundation for network improvement and service level assurance.
Cloud Access Optimization is the solution
Cloud Access Optimization goes beyond the traditional WAN Optimization Controller
(WOC), enabling enterprises to overcome the main performance and security
challenges of user access to cloud hosted applications, and to ensure high user QoE
and productivity. This solution provides three essential capabilities, Visibility, Control,
and Security.
Visibility
Awareness
Highly granular visibility and reporting of every transaction is required in real-time in
order to optimize access routes to cloud application resources. That’s why Allot Cloud
6
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
Access Optimization solutions provide awareness per application, user, endpoint, URL
and SLA with continuous real-time reporting.
Application awareness is based on Dynamic Actionable Recognition Technology
(DART) –Allot’s superior brand of DPI.
Allot employs multiple inspection and
analytical methods to identify specific
Granular visibility per
applications and protocols, including
application, user, endpoint,
encrypted traffic flows that are
designed to evade detection. These
URL, SLA with continuous
methods, together with Allot’s
real-time reporting
extensive signature library, ensure
recognition accuracy and reduce
unidentified traffic, even at maximum
speeds and peak loads. Moreover,
hitless signature updates ensure that traffic flows are continuously and accurately
detected, and classified.
DART interoperates with Active Directory resources, allowing enterprises to monitor
individual employee or guest usage. This visibility is the key to service level assurance
whether applications are hosted on campus, in the cloud, or both.
Analytics
Allot’s Cloud Access Optimization solution enables enterprises to obtain greater
insight into the performance of their network and applications. It allows IT staff and
engineers to understand how their access resources are utilized by applications and
users on the network, and to determine Quality of Service (QoS) policies that link
application performance to business goals and to user expectations.
Long-term reports and analytics tools collect data from across the network and
prepare it for presentation in order to understand usage trends and to assist with
capacity and service planning. Reports can show network usage by application, user,
site, time of day, to help you understand your current state of affairs and determine
the best way forward. For example:





Track access utilization, Top Talkers, Top Endpoints, and other popular metrics.
Track the performance of specific applications, for specific users
Measure SLA performance over time
Customize reports for specific audiences or user groups
Automatically generate and email reports to relevant audiences
Troubleshooting
Allot’s Cloud Access Optimization solution facilitates Root Cause Analysis (RCA) of
service degradation, enabling enterprises to pinpoint the specific application, user,
network and location (site) causing the service problem. Fast and accurate
troubleshooting increases service up-time and user productivity and significantly
decrease service degradation by resolving the problem at its source.
7
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
Control
Allot’s expertise in granular and multi-dimensional awareness is matched by our ability
to control QoS and security with the same level of granularity.
Internet & WAN Access Virtualization
Allot uses access virtualization to allocate dedicated Internet and WAN resources to
multiple tenants, users and applications in the enterprise cloud. In other words, the
shared cloud access is divided into multiple virtual instances – each with its own SLA
policy that is individually monitored, controlled and secured.
Virtualized cloud access allows enterprises to align application performance to business needs.
Allot uses software and APIs to create virtual instances of Internet and WAN access
links that operate completely independently of one another. Then dedicated network
resources (such as bandwidth, QoS, URL filtering, etc.) are allocated to the application
and user traffic on each virtual link. Unlike the shared access resource, the traffic in one
“virtual access link” is not affected by the traffic in any other “virtual access link.” Allot’s
ability to virtualize Internet and WAN access resources in this manner means that
enterprises can dynamically match cloud application performance to different user and
business requirements.
Service Level Assurance
Service Level Assurance allows enterprises to guarantee fast, predictable and
consistent cloud application performance for a variety of users. Once the Internet and
WAN access connections are virtualized, users and applications no longer compete
with one another for resources. IT staff are now able to assign appropriate SLA policy
to the different applications and users accessing the cloud data center, taking into
8
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
account both the inherent requirements of all applications together with their
importance to the business.
SLA policy may control a number
of factors such as bandwidth
allocation, QoS, forwarding priority
and others. Service Levels may
include automatic enforcement
triggers such as temporary ratelimiting when utilization reaches a
congestion threshold.
Guarantee fast, predictable
and consistent cloud
application performance
Allot Cloud Access Optimization solutions also enable users or “customers” to track
their own SLA and to verify that key performance indicators (KPI) match their
expectations. This is particularly important when enterprises outsource their data
centers to an IaaS provider.
Service Integration
Allot’s future ready platform for Cloud Access Optimization expertly steers and
balances traffic loads across multiple access ports and/or servers in a way that is
completely transparent to applications or the users. Moreover, Allot has integrated
Visibility, Control and Security capabilities within a future-ready and highly scalable
platform, using standard interfaces to interoperate with other elements in your
network as needed. In this way, enterprises reduce the risk and enhance the success of
cloud data center implementations.
Allot’s experience in service integration has been acquired over years of successful
implementations with very large carriers and enterprises. We pour this experience back
into our product features and into the support we provide to our channels and
customers.
Security
DDoS Protection
Enterprise network users expect their online experience to be always available and
secure. As data centers and applications move to the cloud, enterprises are challenged
to implement sufficient security measures without compromising application
performance. Allot Cloud Access Optimization solutions protect your cloud data center
and its availability by creating a transparent security perimeter in the access network,
to mitigate Denial of Service (DoS/DDoS) and Zero Day attacks before they can do
damage. It’s your first line of defense.
Allot ServiceProtector is a fully integrated anti-DDoS module within Allot Cloud Access
Optimization solutions. Its advanced Network Behavior Anomaly Detection (NBAD)
technology identifies DDoS and other network flooding events by the traffic anomalies
they cause. Filtering rules are obtained dynamically by searching deep into the
captured DDoS packets for unique repeating patterns in each event.
9
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
Surgical DoS/DDoS protection neutralizes flooding attacks within seconds of
emergence by rapidly detecting, identifying and filtering DDoS packets while allowing
legitimate traffic to flow unimpeded.
Endpoint Protection
Allot ServiceProtector also protects users from malicious bots by neutralizing malwareinfected hosts and spam activity before it adversely affects the performance and
integrity of your network.
Enterprises can prevent unintended spam and IP scanning traffic from eating up
valuable bandwidth and quickly identify infected hosts that require cleanup. Allot
ServiceProtector uses Host Behavior Anomaly Detection (HBAD) technology to monitor
connection establishment rates and other symptoms of anomalous user behavior,
allowing enterprises to surgically treat the root cause (i.e., the malware-infected host)
without having to resort to broader measures such as blocking entire subnets, links or
ports. Behavior-based anomaly detection enhances existing security layers with
frontline mitigation of spambots and other malware.
Regulatory compliance (URL filtering)
Some enterprises, such as financial and health organizations, are subject to regulation
and oversight to protect consumer transactions and data privacy. Regulation often
affects the kind of online service that these enterprises can provide, as well as the
online activity of their employees. Allot WebSafe is a fully integrated URL filtering
module within Allot Cloud Access Optimization solutions that allows enterprises to
block access to blacklisted or illegal content at the network level. The URL filtering
capability is fully integrated with Internet Watch Foundation (IWF), including
automated online updates from the IWF. The service may be easily integrated with any
local regulatory or watchdog body.
Likewise, enterprises who seek to enhance employee productivity by limiting access to
recreational, social, or e-commerce applications can use the Allot WebSafe module to
block access per URL, user or user group.
Solution Technologies
DART (DPI)
Dynamic Actionable Recognition Technology (DART) combines Allot’s vast expertise in
deep packet inspection (DPI) and real-time policy enforcement into a highly effective
toolkit for managing network utilization and service level assurance. DART employs
multiple inspection and analytical methods to identify specific applications and
protocols – from simple packet header identification to session-level analysis of
encrypted protocols. DART represents our long-standing core competence and unique
differentiation in Layer-7 DPI visibility and control technologies, which are now being
applied to solve cloud business challenges.
10
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
NFV
Network Functions Virtualization refers to the transition from a legacy data center
where there is a dependent relationship between HW and SW applications, to a virtual
data center where HW and SW applications are decoupled, enabling them to be
duplicated, scaled, deployed, from a central software control center.

Allot is one of the key contributors to the Virtual Network Functions
Architecture standard that is currently being defined by the ETSI NFV Industry
Specification Group.

Allot provides advanced technologies such as Distributed DPI and Distributed
QoS in which meta data synchronization is used to ensure that user-application
traffic is correctly identified and information is propagated to relevant software
instances.

Allot has implemented hundreds of successful use cases that bridge data and
control planes to enable service delivery.

Allot solutions are compliant with VMware and KVM.
SDN
Software Define Networking (SDN) is a true revolution in networking and a real
disruption to the way we have traditionally built, configured and managed networks.
SDN was created to make the network agile and programmable, whether it is a virtual
network environment or a physical one. SDN will control and automate sophisticated
routing decisions in a very complex IT world where various applications with various
characteristics are consumed from multiple locations. SDN will enable application
workloads to easily migrate from one server to another or from a private cloud datacenter to a public cloud or to a managed hosting service. As currently defined, the
SDN Controller is the main decision maker in the network.
To make the right decisions in a timely manner, the SDN controller needs accurate
information in real-time. The highly granular application, user and endpoint awareness
provided by Allot solutions is precisely what the SDN controller needs to program the
network to meet evolving business needs. Allot recently implemented a service
provider use case for enterprises, that based on certain conditions, SaaS users at
branch offices will be routed on-the-fly, directly to the Internet where the SaaS is
hosted, rather than routing them through a central IT location and then to the Internet,
which is the normal procedure.

Allot solutions are compliant with OpenFlow.
SDDC
Software-Defined Data Centers are related to the broader SDN trends that use
software components and APIs to facilitate application and resource flexibility, agility
and customization. As data centers evolved to software-defined data centers, the
highly granular application, user and location awareness provided by Allot solutions
will be used to program the data center to meet evolving business needs
11
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
Anomaly Detection (NBAD, HBAD)
Allot’s anti-DDoS and anti-bot capabilities are based on advanced anomaly detection
technologies whose effectiveness has been proven in demanding service provider
environments, and is now being applied in cloud data centers.
Network Behavior Anomaly Detection (NBAD) identifies DDoS and other network
flooding events by the anomalies they cause in the normally time-invariant behavior of
“network ratios” (combinations of Layer 3 and 4 packet rate statistics). Filtering rules
are obtained dynamically by searching deep into the captured DDoS packets for
unique repeating patterns in each event. Optimum filtering accuracy may be achieved
by using patterns found in the Layer 2 to 4 headers and payload.
Host Behavior Anomaly Detection (HBAD) identifies hosts exhibiting symptoms of
malware infection or abusive behavior through their abnormal levels of outbound
connection activity and further categorized by their match to profiles of malicious
connection patterns.
Solution Benefits
12

Improve cloud application performance and user productivity

Gain accurate visibility of cloud application usage

Align application performance with user and business needs

Assure service availability, scalability, performance

Keep malicious and unauthorized application traffic off the network

Simplicity: intuitive visibility and easy deployment of resource usage policy
© 2014 Allot Communications, Ltd. All Rights Reserved.
Cloud Access Optimization Solutions for Enterprises
Solution Deployment
Cloud Access optimization assures user experience and productivity whether you own your
cloud data center, rent it, or use a hybrid model.
Why Allot
We could sum it up in three words: Visibility, Control and Security. But there is much
more:

Customers: proven results with more than 4500 enterprise customers
worldwide.

Product Scalability: from the smallest to the biggest networks

Superior Technology: hands-down expert in application awareness

Reliability: bringing carrier-class network know-how to Enterprise and Cloud
solutions

Support: 24/7 worldwide support to channels and end-users.

In everything we do, we believe in being innovative, customer-centric and
results-oriented
Contact [email protected] or your Allot representative to find out more.
13
© 2014 Allot Communications, Ltd. All Rights Reserved.
www.allot.com
[email protected]
Americas: 300 TradeCenter, Suite 4680, Woburn, MA 01801 USA - Tel: +1 781-939-9300; Fax: +1 781-939-9393; Toll free: +1 877-255-6826
Europe: NCI–Les Centres d'Affaires Village d'Entreprises, 'Green Side' 400 Avenue Roumanille, BP309 06906 Sophia Antipolis, Cedex France
- Tel: +33 (0) 4-93-001160; Fax: +33 (0) 4-93-001165
Asia Pacific: 25 Tai Seng Avenue, #03-03, Scorpio East Building, Singapore 534104, Tel: +65 6749-0213; Fax: +65 6848-1015
Japan: 4-2-3-301 Kanda Surugadai, Chiyoda-ku, Tokyo 101-0062 - Tel: +81 (3) 5297 7668; Fax: +81 (3) 5297 7669
Middle East & Africa: 22 Hanagar Street, Industrial Zone B, Hod Hasharon, 4501317 Israel - Tel: 972 (9) 761-9200; Fax: 972 (9) 744-3626