>>> CONTACT US
 
Features
Technology
5-Step Mgmt.
3-Tier Arch.
SoftASIC®
No-IP®
SSL-Scan®
PostACK® Shaper
Compliance
Specifications
Screenshot
Downloads
Successful Case
HOME > PRODUCTS > InstantScan Technology
InstantScan Technology

5-Step Content Management:
      Maximize Productivity/Security, Minimize Theats/TCO

      Nowadays, many Internet users have installed IM and P2P applications which apply port-hopping and HTTP-tunnelling to avoid being checked or blocked. To help MIS to overcome the issues, 5-step Content Management is proposed to maximize the productivity / security and minimize the threats / TCO (Total Cost of Ownership).
Step 1. Plug & Play Real-time Discovery/Learning: To help the network administrators solve the above problems, InstantScan provides the Plug & Play Discovery as the step-1 procedure. Just plug in the wire and the InstantScan will replay the network traffic in real time. You can see how many MSN tunnelled in the HTTP, and see how many IM peers are chatting. The chatting process will automatically be learned by InstantScan and can be further imported to your configuration.
Step 2. Layer-7 to Layer-4 Normalization: After discovering for a while, if you decide to manage the traffic, you can start to block something using the Application Firewall. In the figure, the InstantScan has normalize the traffic. The MIS can easily control the InstantScan just like what layer-4 firewalls can do. Furthermore, the InstantScan can help you stop non-standard IM connection. For example, the MSN will automatically detect the firewall settings. If the MSN cannot find a way out through standard port 1863, it will try to connect to an HTTP proxy. However, anyone can manually configure his/her MSN settings to use any HTTP/SOCKS4/SOCKS5 proxies in the world, including those in your company. What is worse, users can connect to many WebIM pages to chat with their browsers. The InstantScan can help you handle those situations.
Step 3. Interactive Behavior Management: Nevertheless, the MIS would like to do individual policy settings. Since the InstantScan can recognized the detailed behaviors of each application, the MIS can setup individual policies. The user's information can be easily integrated with enterprises' user database, such as LDAP, Active Directory, POP3(S), IMAP(S), and RADIUS.
Step 4. Deep Content Inspection: The MIS may also want to do advanced filtering of the contents. In the figure, the InstantScan can detect/block viruses in compressed files and worms spread in IM windows. For extreme security, the conversations can be recorded. And if the users violate the policy to say forbidden keywords, the InstantScan will instantly inform the users the company's IM policy.
Step 5. Offline Report/Analysis: Finally, reporting and analysis can help the MIS to find out the problem. Tens of graphical reports are presented, including daily/weekly/monthly bandwidth usage, IM behavior, conversation recording, and policy violation. Reports can be customized, searched, and emailed with PDF/HTML attachment by user-defined schedule.





3-Tier Architecture:
      Maximize the Performance, Availability, and Functionality

      Layer-7 network eqipments often do computing-extensive tasks and require better architecture to maximize the performance, availability, and functionality. InstantScan empolys 3-tier architecture to boost the performance for every purpose.
Tier-1: Device: The device should aim at rapidly and accurately doing content inspection. In such a way, the device which is installed inline at the network will not influence the network performance.
Tier-2: Management Server: The management server takes the responsibility to centralize the management to multiple devices, while accepting event logs into database for further reporting & analysis.
Tier-3: Management Client: The management client can be any PC with a java-enabled browser. As long as he/she can connect to the management server, he/she can control all the devices under the server.





SoftASIC® Layer-7 Classification:
      Classify Once Switch Many (COSM) Acceleration

      Due to the fact that many modern networking applications use port-hopping to bounce from well-known ports to random ports, or even emulate themselves as HTTP/HTTPS/... protocols, layer-4 classification is not accurate anymore. The patented SoftASIC(TM) equipped with InstantScan can:

1st-Stage: Deterministic Signature Matching for Sessions: Since layer-4 header is useless, efforts must be made in application protocols and contents. The SoftASIC(TM) can classify the sessions in a deterministic way (up to 12 consecutive packets). Mostly a session can match the signature database within the first two packets. The worst case, for example, the InstantScan does not contain the signature for the new application, the SoftASIC(TM) can determine the session as unknown within 12 packets. The matching is done with transitions in a Global DFA (Deterministic Finite Automata), which is pre-compiled among all the signatures.
2nd-Stage: Classify Once Switch Many: After classifying by the 1st stage, all the rest of the packets in the session are forwarded without any signature matching. They are all switched to the right interface, with the appropriate services done in the following stages. For example, after the session has been recognized as the KaZaA application over port 80 (HTTP), all the rest of the packets of the session will be directly recognized as KaZaA and be put into the right queue for advanced bandwidth shaping. No any further signature matching are needed for the rest of the packets.





No-IP® Interactive Content Inspection:
      True Transparency for Real Plug & Play

      To achieve true transparency that can really plug and play into the network, the patented No-IP(TM) technology can satisfy the following constraints:
No IP binded to the interfaces, which can achieve true transparency just like layer-2 switches.
Instantly react to users to inform the reason of the policy violation. Interactive with users just inside the application window is a must to simplify configuration problems. The InstantScan, equipped with the No-IP(TM) technology, can interact with users inside the application windows of MSN / Yahoo! / ICQ / AOL / Google Talk / Internet Explorer / Outlook Express / Outlook / ..., even without any IP binded to the INT/EXT interfaces.
Transparent inspection of SSL-enabled environments such as HTTPS and SMTPS. InstantScan, even without any IP binded to the INT/EXT interfaces, can transparently filter the contents in the HTTPS/SMTPS/... tunnels.





SSL-Scan® SSL Content Inspection:
      Transparently Analyzing SSL-Encrypted Contents

      SSL-enabled environments, such as HTTTPS, SMTPS, POP3S, and IMAPS, are end-to-end security tunnels that may contains viruses or information leakage. They have been encrypted themselves so no middleman in the network can analyze the contents. However, viruses in HTTPS encrypted WebMail systems are easily downloaded and infected by employees. Skillful users may use SMTPS/HTTPS to upload the confidential information outside the company without being checked. To achieve SSL content filtering with true transparency, the patented SSL-Scan® technology with No-IP® solution can screen the SSL contents in full transparency:
Transparent inspection of SSL-enabled environments such as HTTPS and SMTPS. InstantScan, even without any IP binded to the INT/EXT interfaces, can transparently filter the contents in the HTTPS/SMTPS/... tunnels.
No IP binded to the interfaces, which can achieve true transparency just like layer-2 switches.
Instantly react to users to inform the reason of the policy violation. Interactive with users just inside the application window is a must to simplify configuration problems. The InstantScan, equipped with the No-IP(TM) technology, can interact with users inside the application windows of MSN / Yahoo! / ICQ / AOL / Google Talk / Internet Explorer / Outlook Express / Outlook / ..., even without any IP binded to the INT/EXT interfaces.
Transparent inspection of SSL-enabled environments such as HTTPS and SMTPS. InstantScan, even without any IP binded to the INT/EXT interfaces, can transparently filter the contents in the HTTPS/SMTPS/... tunnels.





PostACK® TCP Bandwidth Optimizer
      Accurate Layer-7 Bandwidth Shaping

      When managing the TCP traffic, pass-through TCP flows can introduce large buffer requirements, large latency, frequent buffer overflows, and unfairness among flows competing for the same queue. So, how to allocate the bandwidth for a TCP flow without the above drawbacks becomes an important issue. The patented PostACK® is an innovative approach that can improve TCP rate shaping to solve the above problems. The widely deployed TCP Rate control (TCR®) patented by Packeteer Inc. approach is found to be:
more vulnerable to Internet packet losses in throughput
less compatible to some TCP sending operating systems
 
 
In contrast, the PostACK approach can preserve TCR's advantages while avoiding TCR's drawbacks. PostACK emulates per-flow queuing, but relocates the queuing of data to the queuing of ACKs in the reverse direction, hence minimizing the buffer requirement up to 96 percent. PostACK also has 10 percent goodput improvement against TCR under lossy WAN environments. A further scalable design of PostACK can scale up to 750Mbps while seamlessly cooperating with the link-sharing architecture. Experimental results can be reproduced through a testbed for conducting switched LAN-to-WAN or WAN-to-LAN experiments with RTT/loss/jitter emulations.
 
 
 
L7 Networks Inc. has published a series of PostACK®-related research papers to contribute to the IEEE society of computer science:
IEEE Transactions on Computers, Vol.53, No.3, March 2004: Assessing and Improving TCP Rate Shaping over Enterprise Edges
IEEE Communications Surveys and Tutorials, Vol.5, No.2, 2003: A Measurement-Based Survey and Evaluation of Bandwidth Management Systems
IEEE Global Telecommunications Conference 2004 (IEEE Globecom 2004), Dallas, Texas USA, Nov. 2004: On Shaping TCP Traffic at Edge Gateways
IEEE Symposium on Computers and Communications (IEEE ISCC 2003), Kemer - Antalya, Turkey, Jun. 2003: Co-DRR: An Integrated Uplink and Downlink Scheduler for Bandwidth Management over Wireless LANs