Wi-Fi equipment provider Xirrus has announced what it describes as a wireless industry first in the shape of a comprehensive Layer 7 application visibility and control directly at the wireless network edge, rather than the core.
The Xirrus Application Control builds on the power of next-generation Deep Packet Inspection (DPI) technology to provide rich information about applications accessing the network. This allows Xirrus Wireless Arrays to prioritise critical applications, restrict usage of bandwidth-heavy applications, block restricted applications, and detect new threats to the network.
Application Control enables operators to manage wireless traffic where they need it most – at the network edge before it enters the core network. This provides network administrators with full control to manage the exploding usage and unpredictable nature of Bring Your Own Device (BYOD).
Xirrus says the new product establishes a new paradigm for wireless network administration, improving on traditional approaches that utilise centralised gateways to provide visibility and enforce policies.
The new Xirrus offering utilises a distributed approach to controlling applications, placing the classification and policy enforcement engines directly at the edge of the network where bandwidth, security threats, and policies can be controlled before the traffic enters and impacts the core network.
This functionality is enabled by the Xirrus Array architecture which employs from 2 to 6 core processors per Array to deliver the compute performance required to execute full DPI, unlike the 1 core processor designs of most traditional Access Points (APs) that rely on centralised controller models.
‘When we first enabled Application Control, it was a revelatory experience for us to see what was actually running on our wireless network,’ said Scot Hollingsworth, Technical Supervisor of the Rankin County, Mississippi School District.
‘We have been a Xirrus customer for several years, and this capability allows us to optimise the network to an even greater extent. With Application Control at the edge of the network, we have been able to improve student attention to coursework by limiting access to social media games and applications during school hours.
‘Further, we have been able to preserve network bandwidth for blackboard-type e-learning streaming video applications by blocking non-relevant internet-sourced streaming videos, such as sports broadcasts. The granular ability to do this at the edge of the network – not at the gateway or the firewall – has proven to be invaluable to our wireless deployment,’ said Hollingsworth.
How Application Control works
Xirrus says that the new Application Control offering takes DPI beyond rudimentary port-based, protocol-based, or regex classification schemes to provide best-in-class deep detection of packet data.
Where other DPI implementations stop, Xirrus takes application classification to the next level using multiple inspection techniques, including surgical pattern matching, conversation semantics, heuristic behavioral analysis, and future flow awareness. These multi-layered techniques provide superior accuracy and coverage of more types of applications. For example, Application Control will not just identify Facebook traffic, but the Farmville game operating inside Facebook.
Application Control answers the critical need for increased control of application activity on corporate and campus networks, for example:
• Higher Education: Network managers can control application usage by location, such as allowing P2P file sharing applications in dorms but not in lecture halls.
• Large Public Venues: Event IT personnel running high user density wireless networks can shape traffic to manage Internet uplink usage and monitor users for potential malicious activities.
• Healthcare: IT directors can prioritise life-critical applications and systems such as voice traffic or wireless clinical equipment over patient/visitor Internet traffic.
Application Control uses a simple graphical interface to enable network personnel to manage the Xirrus wireless network, delivering real-time graphical views of application traffic across network segments and users. Historical reports run over any time period deliver network analytics to monitor usage trends and enable future capacity planning. Application Control integrates with the Xirrus Array policy engine to add application context to the firewall/filter manager.
The Xirrus Application Control will be available in December 2012 on the XR range of Wireless Arrays.