Xirrus Application Control
Delivers predictable application performance even under heavy network load
Xirrus Application Control delivers predictable application performance even under heavy network load by enabling prioritization of critical applications and devices, restricting usage of bandwidth-heavy applications, and blocking restricted applications from the network. Administrators fully control and manage the network despite exploding device and unpredictable application usage.
Application Control makes it easy to:
- Control data traffic at the network edge
- Identify and enforce policy against 1,300+ applications
- Obtain granular control with Deep Packet Inspection (DPI)
- Complement application firewalls for comprehensive control
- Improved user experience with application prioritization
- Reduced security risk by blocking risky applications
- Granular policy control to fine tune the wireless network
- High availability with distributed policy enforcement and DPI
BYOD and cloud-based services are driving monumental changes in IT everywhere – they are no longer in control of what is running on their networks. The ability to provide a level of visibility and control over what is happening in the Wild Wild West of BYOD is mandatory for IT managers to do their jobs. The goal must be to ensure business-critical applications operate properly on the network and that in the least, there is an acceptable user experience for everything else. Wireless networks are quickly replacing wired networks – most BYOD devices have no wired Ethernet port. So there is no longer a choice in providing an acceptable wireless solution.
To help address the challenges presented by today’s unpredictable networks, Xirrus provides the wireless industry’s only comprehensive application intelligent solution operating at the wireless edge – Xirrus Application Control. It uses nextgeneration Deep Packet Inspection (DPI) technology to deliver Layer 7 application visibility and policy control. Unlike other technologies dubbed to be DPI, Xirrus Application Control goes far beyond simple classification schemes to deliver deep detection of applications and applications within applications, e.g. not just detecting Facebook, but the Farmville game operating within Facebook.
Layer 7 Application Visibility
The Rise of the Application
Millions of Wi-Fi enabled smartphones, tablets, and laptops are activated daily, many of which make their way onto corporate networks. This has led to a significant growth in user-driven, non-managed applications on these networks. Smartphone users on average have over 40 apps on their phones ranging from Facebook to Email.1 These applications are increasingly reaching into the cloud for software updates, data backups, and SaaS usage models.
Wireless is quickly becoming the primary access to the network. Unlike wired users, mobile users expect to connect anytime, anywhere – at home, in the office, in classrooms, and at conferences with dependency on mobile applications and cloud-access now business-critical. Application downloads, online backups, and cloud application usage will continue to grow, increasing the traffic demands on networks for years to come.
Altogether, these dynamics are resulting in congested networks with unpredictable usage patterns, headaches monitoring ever-growing Internet uplink usage, and security concerns from all the unknown data traversing the network. This growth leads to uncertain future network capacity requirements driving administrators to optimize the use of the limited network resources they have available to them and ensure legitimate application usage across the enterprise.
With such significant growth and uncertainty, network administrators must look differently at how they architect their networks to ensure business can continue to be conducted unabated. New solutions must be considered that provide scalability and growth to handle the ever changing requirements of the future.
Xirrus Application Control
Moving the network intelligence out to the edge of the network, Xirrus Application Control represents the new paradigm for wireless infrastructure design. More akin to wired switch architectures than traditional wireless solutions, the distributed architecture of the Xirrus Array enables high performance network services such as Application Control to operate directly at the network edge, resulting in a scalable and resilient network that ultimately produces a better user experience.
The first key component of Xirrus Application Control is providing a level of visibility into what is happening on the network. While most wireless infrastructure systems provide user, device, network, and location context, the actual applications that users are running on the network is typically invisible to IT. Yet this information can be the most critical to profiling and managing network usage.
Application Control enables Xirrus Arrays to recognize over 900 of the most popular business and recreational applications. These applications are organized into 15 categories: Collaboration, Games, Remote Access, VPN, Database, Mail, Networking, Monitoring, Social, Web, File Transfer, Messaging, Proxy, Streaming, and Xirrus. Applications are identified and tracked per client, per VLAN, and per Array in real-time dashboard views and historical reporting to determine what applications are running and how much traffic they are generating.
Application Control Dashboard
Xirrus Application Control provides application context to the policy management engine operating in each Array. This integration enables IT administrators to control applications running over the wireless network by applying applicationspecific policies for managing performance and security. Administrators can create granular policies based on application or application category, in addition to user, device and OS attributes, to block, restrict and/or prioritize specific applications. Specific application data flows can be routed to specific VLANs and/or physical ports designated for that type of traffic. Prioritization to applications can be provided in the form of QoS policies for both wireless (WMM) and wired (DSCP) as well as rate limiting policies for throttling traffic by Kbps.
The unique Xirrus Array architecture affords a number of key differences compared to traditional Wi-Fi solutions.
Based on a distributed architecture, all traffic processing and network services are executed at the network edge on the built-in controller operating within each Array. With Application Control, the distribution of DPI functionality across all Arrays in the network is not compromised by any single point of failure in the network. It offers greater scalability as DPI performance grows linearly as Arrays are added to the network. This in contrast to centralized application gateways that present a stair step upgrade path at significant cost when scaling upwards.
Application Control at the Edge
Xirrus is the first and only Wi-Fi infrastructure vendor to deliver a comprehensive DPI at the wireless edge. While many vendors claim DPI functionality, it is often based on simple port identification (port 80), protocol ID (HTTP), and/or regex classification schemes. Xirrus DPI employs use a host of sophisticated behavior and conversational context methods to ensure highly accurate identification. These techniques include:
- Surgical pattern matching
- Conversation semantics
- Deep protocol dissection
- Heuristic behavioral analysis
- Future flow awareness
- Flow association
- Statistical packet inspection
Application Visibility Engine
With an average wireless equipment refresh cycle of 4-5 years, it is vital for customers looking to purchase a new system today to consider their needs several years down the road towards accommodating the expected continued explosion of devices and applications on their networks. Xirrus Application Control, delivered through the high performance wireless Array, offers a number of key unique benefits.
- Improved user experience
Prioritize critical over best effort applications at the network edge for optimal performance throughout the network
- Improved visibility
Identify bandwidth-hogging apps and analyze usage trends over time
- Superior scalability
Distributed intelligence for limitless growth – DPI compute power added by Array, not in a stair step fashion with centralized appliance
- Reduced network costs
Control Internet WAN uplink network traffic by dropping or throttling at the network edge
- Reduced application risk
Block risky or out-of-policy applications from accessing the network
- Superior resiliency
Distributed functionality in each Array means no single point of failure for applying application control policies
Requirements for deploying and managing today’s access networks have changed dramatically in just the past few years. Administrators can no longer restrict user-owned devices and non-managed applications from entering the work place. It has become critical to understand how the wireless network is being used. Ensuring the wireless network is being used for productive means and provides a solid user experience is paramount given the fundamental reliance now being placed on these networks. Xirrus Application Control provides the level of visibility and control needed to do this, bundled together in a distributed, scalable, and high performance solution designed to meet the challenges of BYOD today and equipped to adapt to the inevitable changing requirements of tomorrow.
Download the Xirrus Application Control (PDF).