NetPriva® [ Network Performance On Demand™ ]
| Contact | Search |
End Point Direct - FAQ

Why End Point Direct?

What is End Point Direct?

EPDirect working with other devices and appliances

Configuring and installing EPDirect

EPDirect in use

___________________________________________________________________________________________
Why End Point Direct?

Need for small / medium office solutions
Q: Why was EPDirect developed?
A: Bandwidth management, compression, and application acceleration appliance vendor products are limited to large offices and high speed links due to their cost and complexity.

EPDirect is software designed as a transparent and low cost solution that runs on existing branch office and other remote site infrastructure. It solves the problem of consistent network performance for the growing number of users of important business applications who work in remote offices, branch offices, and from home offices.

Need for VPN user solutions
Q: Does EPDirect extend to VPN users?
A: It works with VPN SSL, PPTP and L2TP client software on the user PC including Cisco, Microsoft, and Juniper VPN clients. It provides network monitoring and visibility of network traffic within the VPN as well as application traffic prioritization and control.

Need for mobile worker solutions
Q: Does EPDirect extend to mobile workers "on the road"?
A: Right now it provides network monitoring and visibility of network traffic for mobile users. A future release will offer application traffic prioritization / control.

Simplicity
Q: What is meant by "simplicity"?
A: Install in minutes, master in hours.

Low total cost of ownership (TCO)
Q: Why is the total cost of ownership of EPDirect low?
A: Costs are fixed per PC seat irrespective of WAN bandwidth providing network deployment flexibility without the need for upgrades, proprietary appliance hardware costs (often at each end of a link) are avoided, and simplicity means lower staff costs.

What is End Point Direct?

The meaning of "software only"
Q: What is meant by NetPriva EPDirect being "software only?
A: There is no proprietary appliance hardware as with a conventional network appliance device. It's all done in software using existing infrastructure without impact on users except the good kind - their WAN application response becomes consistent.

Advantage of being at the end point in the network
Q: What is the advantage of being at the so called "end point" in the network?
A: Data packets originate from and terminate at the end point i.e. the user's PC. This enables a deterministic approach to associating data packets with application executables and user logins with 100% accuracy, even with VPN encrypted network traffic.

Components of EPDirect
Q: What are the key components of EPDirect?
A: There are three...
a) Console to manage the system, policies and for instant visibility and total replay of network scenarios
b) Collector / Policy Server to collect network statistics data and serve network application monitoring and control (traffic shaping) policies to Agents on branch office and other remote user PCs. The Collector / Policy Server may be located locally on a branch office subnet or be hosted centrally.
c) Agent - one on each user PC to apply the monitoring and control policies and, optionally, to mark data packets and to capture network statistics data.
A peer to peer signaling protocol over the branch office subnet enables the Agents on that subnet to arbitrate application and user access to the wide area network according to the set policies for that branch.

Network traffic scope
Q: What type of network traffic can EPDirect handle?
A: EPDirect handles all types of Ethernet, IP, TCP, and UDP traffic. It also handles (monitors and controls) VPN encrypted traffic.

Bandwidth monitoring
Q: What are the network monitoring capabilities of EPDirect?
A: EPDirect provides granular (per second) end point (user PC level) monitoring with instant (real time) network visibility by application (IP address, URL, TCP / UDP ports, protocol), user (IP address), Citrix ICA tag, and DSCP code point. In addition, EPDirect offers finer and more certain classification by application executable and by user login. It has the ability to capture network statistics indefinitely at per second granularity and to replay network scenarios from those statistics. The statistics may be collected at the branch or centrally. Statistics collection may be switched on or off (in the case central collection via slow links) per link on demand.

Bandwidth control (shaping and prioritization)
Q: What are the bandwidth control (shaping) capabilities of EPDirect?
A: In addition to monitoring (see above), EPDirect provides bandwidth control (shaping) by application (IP address, URL, TCP / UDP ports, protocol), user (IP address), Citrix ICA tag, and DSCP code point. In addition, EPDirect offers finer and more certain classification by application executable and by user login. A flexible, preset EPDirect control policy for a branch office dynamically manages the available bandwidth whenever there is congestion at the link between the branch office local area network (LAN) and the wide area network (WAN).

Defined traffic classes can be assigned a guaranteed minimum bandwidth allocation and a maximum bandwidth allocation.

Control (shaping and prioritization) is from the end points of the network i.e. the branch office user PCs. There is an option to mark data packets at the end points (DiffServ).

Being at the end point, EPDirect can control network traffic even when the traffic is encrypted. It can "see" the application executable, user login, and URL identities in a VPN environment.

Functionality of Layer 7++
Q: What is meant by "Layer 7++"?
A: "Layer 7++" signifies the additional degree of network traffic classification provided by EPDirect as compared with Layer 7 classification provided by network appliances.

EPDirect has application executable classification and user login classification as well as URL detection. This capability also extends the control potential of EPDirect to encrypted VPN traffic.

EPDirect provides greater classification accuracy through determining the application and user from the application and Windows internal data, as compared with data pattern matching techniques used by network appliances, and which can not function in any case when the data is encrypted, and which fail to detect uncommon or custom applications.

Functionality of an EPDirect control (shaping and prioritization) policy
Q: What is the functionality of a control policy?
A: "An EPDirect control policy manages traffic shaping and prioritization whenever there is congestion at the link between the branch office local area network (LAN) and the wide area network (WAN).

Network traffic can be filtered into channels by application executable, user name, or URL. The data in a channel can be controlled by setting % bandwidth, absolute bandwidth, discard, or monitor actions on the channel.

Classification can be set at the network layer 3 and 4 levels (IP address, port number) and /or at the layer7++ network layer (application executable and / or user login).

There is an option to mark data packets using DiffServ codes for routing and prioritization control by network routers and appliances.

Guaranteed bandwidth
Q: How does EPDirect guarantee bandwidth?
A: EPDirect controls wide area network (WAN) traffic based on a control policy. This is set up to align the use of available network capacity to an organization's business priorities (with focus on the applications and users that are important to the business).

Based on knowledge gained from a prior network monitoring phase, the important business applications can be allocated a defined amount of bandwidth (% of the network link capacity or absolute bandwidth). This is the "guaranteed bandwidth" available so applications can operate with sufficient bandwidth whenever there is congestion. Bandwidth is allocated dynamically "on demand".

In addition to prioritization, EPDirect provides guaranteed bandwidth to the important applications.

Functionality of the Peer to Peer Signaling Method
Q: What is the Peer to Peer signaling method used by EPDirect?
A: EPDirect uses a proprietary and patented Peer to Peer signaling protocol on a branch office local area network (LAN) to enable the Agents to arbitrate application and user access to the wide area network according to the set policies for that branch. In order to minimize impact on the LAN it uses a broadcast method of communication.

Bandwidth capacity
Q: What is the maximum bandwidth that EPDirect can handle?
A: Each individual user PC can operate at up to 55Mbps, there is no limit on the wide area network link speed.

EPDirect traffic impact on branch local area network (LAN)
Q: What is the impact of EPDirect on the LAN?
A: The design of the Peer to Peer signaling method used as part of EPDirect is such as to minimize the amount of traffic. In practice no user noticeable impact is expected for a LAN servicing 50 concurrent users.

EPDirect traffic impact on branch wide area network (WAN) for central Collector
Q: What is the impact of EPDirect on the WAN?
A: The EPDirect statistics records that travel over the WAN from the branch to a central Collector are small in size. The typical impact per branch office user is estimated at 3Kbps.

Where this constitutes a problem due to a small WAN link size, it is recommended that statistics be switched off for that link. Statistics may be activated "on demand" for troubleshooting any link.

Hardware / Operating System requirements
Q: What are the hardware and operating system requirements for EPDirect?
A: The Agent is transparent to the user and requires about 5Mb disc space on Windows XP, 2000, 2003, Vista or 2008. Collector runs on Windows 2000, 2003 or XP.

EPDirect working with other devices and appliances

Working with non Windows devices on the LAN
Q: How can EPDirect work with non Windows devices on the LAN?
A: EPDirect can be configured to work with other non Windows devices such as network printers, Linux boxes, Apple computers, hardware VoIP phones, etc.

The non Windows devices can be routed to the WAN via a Windows PC running Windows Internet Connection Sharing (ICS) or Windows Routing and Remote Access Services (RRAS), or Microsoft, Cisco, or Juniper VPN clients, and this will control the bandwidth allocated to the non Windows devices. The individual bandwidth allocations for the non Windows devices can be set at the application (IP address, URL, Port, TCP / UDP protocol), user (IP address), Citrix ICA tag, RDP, and DSCP code point level, but not at the Layer 7++ level as these devices can not have a NetPriva agent installed on them.

Complementing bandwidth management / application acceleration appliances
Q: How can EPDirect work with other network appliances?
A: Network congestion points increase as more applications and more users create more traffic at bottleneck points. These are typically where the local are network (LAN) goes out to the wide area network (WAN). EPDirect is a cost effective and easy to use solution for all congestion points where it is not economical or practical (or possible such as in the case of a mobile users) to implement an appliance.

EPDirect prioritizes and guarantees bandwidth by application and user. It does this at the point of congestion. Other appliances that compress or accelerate WAN traffic may be transparent to EPDirect. However, EPDirect ensures that such appliances focus firstly on the applications and users that are important to the business. EPDirect can also assist such appliances to be more effective through EPDirect marking data packets at an application executable and user login classification level at the end point (PC).

Complementing routers
Q: How can EPDirect work with routers?
A: EPDirect can make routers more effective through EPDirect marking data packets at an application executable and user login classification level at the end point (PC). The marked packets may be expedited or dropped by the router depending on the router's interpretation of the markings.

Complementing MPLS
Q: How can EPDirect work with MPLS?
A: EPDirect can make MPLS more effective through EPDirect marking data packets at the end point (PC) for a greater range of applications per MPLS Class of Service (CoS). The marked packets may be grouped into specific MPLS CoS channels.

Complementing specific applications
Q: How can EPDirect work with specific applications?
A: EPDirect can provide more effective application delivery through a control policy that ensures the specified application (of importance to the business) has priority and guaranteed bandwidth in cases of congestion on the WAN link(s) protected by EPDirect.

Configuring and installing EPDirect

Deploying the Console
Q: Where can the management Console be deployed?
A: One or more management Consoles may be deployed anywhere on the network, or access the network on a "dial up" basis.

Installing the Console
Q: What is involved in installing the management Console?
A: A management Console executable file may be downloaded from NetPriva's website and installed on an appropriate Windows host (Win XP, 2000, 2003, Vista). The download is approximately 15 Mb.

Deploying the Collector / Policy Server
Q: Where can the Collector / Policy Server be deployed?
A: The EPDirect Collector / Policy Server may be deployed on the branch local area network (LAN) on a PC or server that is "always on", or remotely in a central location.

A LAN installation requires the Collector / Policy Server to be installed in each relevant branch location as well as EPDirect Agents on each user PC. Network monitoring and control policies may be managed remotely and network statistics on each Collector may be accessed remotely via the management Console. For a locally installed Collector, a new policy is broadcast to all Agents immediately.

A central Collector / Policy Server installation simplifies the branch installation to just the EPDirect Agent on each branch user PC. Network monitoring and control policies are automatically deployed to Agents that check for relevant policies continually (every 60 seconds) and automatically apply the latest policy for that branch location (as specified per branch or for a group of branches). The Agents capture and transmit network statistics to the central Collector by default or "on demand" per branch.

Installing Collector / Policy Server
Q: What is involved in installing the Collector / Policy Server?
A: A management Collector executable file may be downloaded from NetPriva's website and installed on an appropriate Windows host (Win XP, 2000, 2003, Vista, 2008). The download is approximately 9 Mb.

Installing Agent(s)
Q: What is involved in installing the Agent?
A: An Agent executable file may be downloaded from NetPriva's website and installed on an appropriate Windows host (Win XP, 2000). The download is approximately 6 Mb.

Setting up EPDirect policies
Q: How is an EPDirect traffic control policy set up?
A: Policies are set up using the management Console's template screens. They are found automatically by the Agents associated with a particular Collector according to preset rules.

Network statistics capture and collection
Q: How are network statistics captured and collected?
A: The Agent captures the network statistics on a second by second basis for all WAN data flows to and from the user's PC on which the Agent is installed. It sends them to the Collector where they are retained in an SQL database.

Retrieving and viewing or reporting network statistics
Q: How can network statistics be retrieved and viewed or reported on?
A: The management Console may be used to access network statistics using flexible parameters to display data on graphical format for different “top ten” and “drill down” views on the data (applications, users, URLs, time intervals, etc).

Alternatively a SQL query or report writing tool may be used for customized analysis, reporting, and data export.

EPDirect in use

Roving users with EPDirect Agent installed connecting at other branch offices
Q: If a user with shaping policies for the applications he/she uses moves from one branch office to another (may be temporarily), with each office having probably different bandwidth and different applications active, which policies apply in each case?
A: A user's Agent will always pick up the local branch policy from that branch's EPDirect Collector. The local policy is based on the link speed etc at that branch. 

Roving users with EPDirect Agent installed connecting at EdgeAS equipped branch offices
Q: What if a user moves to a branch where there is an EdgeAS (shaping) installed - do his EPDirect policies apply or do the EdgeAS policies apply?
A: The user's Agent does not have its own policies. The user's Agent picks up the local branch policy from the Collector at the branch site.

If there is no Collector installed at the site then the user's Agent will not discover a Collector and the user's traffic will be shaped according to the EdgeAS policy.

EPDirect Agents and policy attachment
Q: How does particular user's Agent know which policies to download from Collector and when to apply them? For example taking a "sales office" example, how do the policies attach to a particular user so that some users get priority and guaranteed bandwidth on salesforce.com and others do not?
A: There is one (active) policy for each branch site, and the user's Agent picks up the policy for the branch currently visited. The user's Agent is on the subnet for that branch and will discover the local EPDirect Collector on that subnet and will pick up the branch policy accordingly.

For example, "VIP user" requires guaranteed bandwidth for salesforce.com while moving between branch offices. The central network administrator creates a policy that includes a salesforce.com channel for each branch. The filter for that channel will have a list of user logins which includes "VIP user" to guarantee the bandwidth for *salesforce.com* at all branch locations visited. It should be noted that when "VIP user" visits a branch with low bandwidth then the guarantee may be reduced as compared with a branch that has high bandwidth available.

Impact of non EPDirect Agent users visiting a EPDirect equipped branch office 
Q: What happens to the EPDirect users in a branch office if another non EPDirect user (for example, an external consultant) logs on to the network at that branch and downloads a large file that grabs substantial bandwidth? Are the EPDirect users still protected according to their shaping policies?  
A: It is recommended that the organization adopt a "Standard Operating Environment" (SOE) policy and practice. This promotes efficiency, consistency, and security.
Under an SOE approach, Agents are installed on all PCs and branch servers on the organization's network to shape the traffic on its WAN links.

Other options include:

a) Casual network users (no Agent installed) are directed to the network via a connection sharing server that has an Agent installed.

b) PCs that have Agent installed are allocated a DHCP IP address with the default route as the WAN router while PCs that do not have Agent installed are allocated a DHCP IP address with a default route that is configured via a connection sharing server with an Agent installed.

c) PCs that have Agent installed will send marked data packets to the branch office router which may be prioritized by the router over non marked packets from PCs without Agents installed.