Académique Documents
Professionnel Documents
Culture Documents
User Guide
P/N D351008 R2
Important Notice
Important Notice
Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise. SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT. Please read the End User License Agreement and Warranty Certificate provided with this product before using the product. Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty Certificate. WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND, REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Copyright
Copyright 1997-2010 Allot Communications. All rights reserved. No part of this document may be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any other language without a written permission and specific authorization from Allot Communications Ltd.
Trademarks
Products and corporate names appearing in this manual may or may not be registered trademarks or copyrights of their respective companies, and are used only for identification or explanation and to the owners' benefit, without intent to infringe. Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd. NOTE: This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. Changes or modifications not expressly approved by Allot Communication Ltd. could void the user's authority to operate the equipment.
iii
Important Notice
Version History
Doc Version
v2b1
Product
NPP
Date
26.04.10
iv
Table of Contents
Important Notice .......................................................................................................................... iii Table of Contents ........................................................................................................................... v Table of Figures .............................................................................................................................vi
Table of Figures
Figure 1-1: Network Diagram ...................................................................................................... 1-2 Figure 1-2: NetXplorer Application Server Registration Dialog ................................................. 1-3 Figure 2-1: NetXplorer Navigation Pane NPP Accounts .......................................................... 2-1 Figure 2-2: Account Properties New Account, General tab ...................................................... 2-2 Figure 2-3: Account Properties New Account Dialog, Pipes Tab............................................. 2-2 Figure 2-4: Account Properties New Account Dialog, Users Tab ............................................ 2-3 Figure 2-5: Add User dialog......................................................................................................... 2-3 Figure 2-6: Account Properties New Account Dialog, Environment Tab ................................ 2-4 Figure 2-7: Account Properties dialog box .................................................................................. 2-5 Figure 3-1: NPP Login Screen ..................................................................................................... 3-1 Figure 3-2: NPP Account Pipes Page ........................................................................................... 3-2 Figure 3-3: NPP Virtual Channels in Pipe Page........................................................................... 3-3 Figure 3-4: NPP Insert Virtual Channels Page ............................................................................. 3-3 Figure 3-5: NPP Add Hosts Page ................................................................................................. 3-5 Figure 3-6: Delete Hosts Page ...................................................................................................... 3-5 Figure 3-7: Delete Virtual Channel Dialog .................................................................................. 3-5 Figure 3-8: NPP Main Screen ...................................................................................................... 3-6 Figure 3-9: NPP VC Statistics Graph ........................................................................................... 3-7
vi
Chapter 1: Introduction
NetPolicy Provisioner
NetPolicy Provisioner (NPP) enables ISPs to quickly and easily define Accounts that enable their customers (the end users) to monitor and provision their traffic and their network's current behavior. Typically, when ISP customers (the end users) acquire bandwidth from ISPs, the bandwidth allocation is represented in the NetEnforcer/NetXplorer of the ISP as a Pipe or Virtual Channel. When customers want to monitor the traffic passing through their Pipe or Virtual Channel, NPP enables them to do this. Using the NPP interface, the service provider defines a view, which allows the monitoring and management of the traffic on Pipe or Virtual Channel. When defining an end users level of access, the NetXplorer administrator selects the view relevant to that customer, and then the end user will be given access to this data only. Using the NPP interface, the user defines a view, which allows monitoring and managing the traffic on his Pipe or Virtual Channel. When defining a view, the NetXplorer administrator selects the Pipe or Virtual Channel per user, and then the end user will be given access to this data. End users can access the view (or views) assigned to them by browsing to a unique URL. This URL is automatically created by NPP and designates an HTML index file from which a customer can access his views. After entering a user name and password, customers can also view the monitoring graphs of their Pipe or Virtual Channel, and obtain relevant and current traffic usage data. Allots NPP provides separate interfaces to manage the following aspects of Network management: ISP Administrator functions in the NetXplorer GUI End user Web interface and features
1-1
Figure 1-1: Network Diagram Wholesale bandwidth providers are interested in providing visibility and control for their own end-user/customers. Wholesale customers are interested to provide the following capabilities for their customers: Monitor and generate reports about their bandwidth usage Add and manage Virtual Channels inside their Pipe
Such services may be used as a differentiator and be provided free of charge to End Users or be charged as extra payment.
Deploying NPP
NPP may be deployed on the same server as NetXplorer or on a dedicated server. NPP is installed by default along with NetXplorer on the same server, but its functionality will not be enabled without the appropriate License key. Once installed and activated (by License key), a URL is automatically created by the NPP (http://<NPP-IP>/npp) and an HTML index file is created from which the end user can access their views. After logging in by entering a user name and password, end-users/customers with accounts properly configured by their ISP can view the monitoring graphs of their Pipe or Virtual Channel, and obtain relevant and current traffic usage data.
NOTE For information concerning installing NPP on a Windows or Linux Server, see the NetXplorer Installation Guide.
1-2
Enabling NPP
In order to be used, the NPP functionality must be enabled by entering the appropriate key in NetXplorer. This key may be entered at installation or at any time following. For more information concerning the NetXplorer Server contact Allot Customer Support at support@allot.com.
NOTE For information concerning installing NPP on a Windows or Linux Server, see the NetXplorer Installation Guide.
To enable NPP:
1.
Select Tools > NetXplorer Application Server Registration from the NetXplorer Menu bar. The NetXplorer Application Server Registration dialog box appears.
1-3
2. Enter the Registration Key and Serial Number which includes NPP
Save.
4. Confirm that NPP is now listed as Enabled. The maximum number
1-4
In the Navigation pane, right-click the Accounts icon in the Navigation tree and select New Account from the popup menu. OR Select the Accounts icon in the Navigation tree and then select New Account from the Actions menu. OR Double-click the Accounts icon in the Navigation tree to open the Accounts Catalog. Right-click in the Accounts Catalog and select New Account from the popup menu. The Account Properties - New Account dialog is displayed.
2-1
In the General tab, make sure that the Enabled check box is selected to activate the account. Enter a name, description and email address for the account.
In the Pipes tab, select those Pipes that the users in this account will be able to have access to, and using the arrow keys move them from the Available Pipes list, to the Selected Pipes list. Only regular Pipes may be assigned to an NPP Account. No Pipes that were created by a Pipe Template or by a Service Plan may be managed via NPP. In addition, the following restrictions apply to VCs in Pipes assigned to an NPP Account:
No Host Catalog entry can be defined in the Internal Host field of the VC. A Host Catalog entry may be defined in the External Host field of the VC, but the end user will not be able to see or edit it. Any VC Templates or VCs with multiple rules in a Pipe will not be able to be edited by the NPP user, therefore it is recommended they not be used in Pipes assigned to NPP Accounts.
2-2
If a VC Template is assigned to the Pipe despite the fact that it cannot be edited by the end user, the number of instances should not be higher than the Maximum Allowed Number of Virtual Channels per Pipe, as defined in the Environment tab. In the Users tab, create users who will have access to the Account. Click Add to open the Add User dialog.
5.
6.
Enter all information into the dialog and click OK. This will assign the new user to the Account. When this user logs into NPP from a web browser, this is the Account he will access.
2-3
7.
In the Environment tab, define the maximum number of Virtual Channels that may be defined in each Pipe in this account.
Click Save. The account is added to the Navigation tree and may be accessed by assigned users via NPP.
The Most Active External Hosts and Most Active Conversations graphs are only available if a Pipe is on a NetEnforcer series AC-400 or AC800.
NOTE
Create a new folder under the following path on the NPP server:
2-4
2. 3. 4. 5.
Place the graphic file(s) you wish to use as the NPP logo that the end user sees in the new folder. Open NetXplorer and go to NPP Accounts in the Navigation Pane. Right click Accounts and select Properties from the drop down menu. The Accounts Properties dialog appears.
Enter the URL you wish the header to open when clicked (optional). Enter the folder and file name for the graphics you wish to you use on the left side, center and right side of the header. Click OK to save the changes.
2-5
defined by the ISP in NetXplorer. The Account assigned to you by the ISP will open automatically.
3. After you successfully log into your Account, the main screen is
presented. The main screen presents the Pipes included in the Account, and allows you to either work with the VCs in the Pipes or generate monitoring graphs.
3-1
Figure 3-2: NPP Account Pipes Page An NPP Account user can configure and select the following items in the Accounts Pipe window: Virtual Channels Report time parameters Graph report types
VCs in NPP
Pipes are added to an Account by the ISP. Once your Account has been configured to access a certain Pipe, you can then create, delete and manage Virtual Channels in that Pipe.
3-2
After logging into NPP, click on the Virtual Channels link alongside the appropriate Account Pipe name. The Virtual Channels in Pipe screen is displayed.
Click Insert, and the Insert Virtual Channel screen will appear.
Type in the Name of the new VC. Add and apply (or Delete) Hosts to (from) the VC account. Hosts are other computers or servers, and may be machines on your network or websites. Select a Service (From the list predefined by the ISP) whose traffic will be directed to this VC. A Service may be an application, such as Facebook, or an internet protocol, such as HTTP. Select a Time (From the list predefined by the ISP) when traffic will be directed to this VC. Choose an Access option (From the list predefined by the ISP). This typically determines if traffic that goes to this VC is accepted, dropped or rejected.
5.
6. 7.
3-3
8.
Select a Quality of Service (which has been named and configured by the ISP in advance) that will be applied to traffic in this VC. QoS typically defines the priority or bandwidth allowed to the VC. You can contact your ISP and have them name and configure a QoS catalog entry so that it appears in the Insert VC page.
NOTE
The list of QoS entries includes all QoS entries that have been configured on the system for all users, not only those you have requested.
9.
After you have chosen all your VC parameters, click Save to update the NPP Account configuration with the new VC.
You may edit or delete a VC in the Account Pipe, or insert and define additional VCs using the appropriate Edit and Delete links in the Virtual Channels in Pipe page.
Although you Add or Delete hosts in the Insert Virtual Channel page accessed from the Virtual Channels in Pipe page before preparing a report, you should add and define the host(s) you wish to choose from the Host drop-down list in the Insert Virtual Channel page To add and configure a new host:
1.
After logging into NPP, click on the Virtual Channel link alongside the appropriate Account Pipe name. The Virtual Channels in Pipe is displayed. subnet), click on the Add Host link in the Insert/Edit Virtual Channels page. The Add Hosts screen is displayed.
3. Choose the required radio button option and type in the appropriate
name or IPs.
4. Click Apply to update the Host to the VC.
3-4
Figure 3-6: Delete Hosts Page VCs may be deleted from a Pipe on the Virtual Channels in Pipe page. To delete a VC:
1.
Select the VC to be deleted in the Virtual Channels in Pipe page and click the Delete link. A confirmation dialog is displayed.
Figure 3-8: NPP Main Screen The following graphs are available: Statistics - displays the bandwidth consumed by the Pipe or Virtual Channel. Virtual Channel Distribution (available on the Pipe level only) indicates how the traffic on the Pipe is split between the Virtual Channels. Most Active Virtual Channels displays those Virtual Channels that are handling the most traffic. Most Active Protocols - displays those services, applications or protocols which you are using the most. Most Active Hosts - displays those hosts which are using the most traffic. Most Active Internal Hosts displays those hosts on your own network which are using the most traffic. Most Active External Hosts - displays those hosts outside of your network which are using the most traffic (Not available to all Accounts. Contact your ISP for more information).
3-6
Most Active Conversations - displays the individual connections that are using the most bandwidth (Not available to all Accounts. Contact your ISP for more information). In Packet Statistics - displays the bandwidth consumed by incoming packets. Out Packet Statistics - displays the bandwidth consumed by outgoing packets.
You may select the time range for the graph by clicking the appropriate link in the Graphs field (Mn, Hr, Dy, Wk, Mo or 6 Mo).
3-7