<< Introduction >>
Saisei FlowCommand is a modern, real-time flow-policy control, analytics and security solution that doubles the usable bandwidth in deployed networks; guarantees no link or user session will ever crash again; and provides sub-second analytics, policy enforcement and security across 40 metrics. Users, apps and geographies are all covered.
FlowCommand was designed to solve all of the problems associated with enterprise and service provider edge network congestion, performance and policy enforcement. Only FlowCommand can deliver on these revolutionary capabilities.
FlowCommand uses patented flow-engine technology that literally changes the way that TCP/IP network traffic under its control behaves. All other networking, security and analytics solutions are forced to operate at the mercy of random, best-effort routed IP data packet transmission. We changed those rules. In doing so, we were able to completely re-engineer how flow control, security and visibility can be realized when using “domesticated” TCP/IP flows.
FlowCommand runs on x86 processors atop commodity hardware, either as a bump-in-the-wire on a server in the data-forwarding path or as a VM under hypervisor control. The software can monitor up to 5 million concurrent data flows on a 10G link 20 times per second. While examining the flows it can apply any combination of up to 40 bandwidth, business and security policies to each flow and execute those policies in under one second.
Saisei FlowCommand, FlowEnforcer and FlowVision subsume or replace some of the functionality of older, stand-alone appliances, such as WAN optimizers, packet shapers, application delivery controllers, APMs, NPMs, IDSs, next-gen firewalls and more. These legacy systems were largely designed as workarounds to various business-impacting limitations of TCP/IP and were optimized for the scale of private networks. In contrast, the FlowCommand family has been architected for the scale of mobile, cloud and Internet of Things data flows and supports up to 1 billion external hosts in its initial release.
<< FlowCommand >>
FlowCommand offers the highest level of functionality. It has added security and control features designed specifically for service providers and for the largest of distributed enterprise customers. Specifically, FlowCommand offers our full set of flow-based security capabilities, including comprehensive data exfiltration controls, real-time DDoS controls, and spotting and throttling Botnet activity in real time as attacks begin.
FlowCommand is a Linux software suite that can run on x86 processor cores on bare metal commodity servers, or as a VM under hypervisor control (VMware or KVM), or both. It can monitor and control data flows between two virtual servers, between two physical networks or between a virtual network and a physical network. These networks can be legacy TCP/IP networks or SDN/NFV-based networks. FlowCommand also includes an intuitive RESTful API plus GUI and CLI interfaces, making it easy to integrate into third-party systems, such as orchestration tools for SDN and NFV.
Among the service provider features specific to FlowCommand is a unique capability called Net Neutrality. Technically a form of host equalization, Net Neutrality instantly solves the problem of a small group of users attempting to take a disproportionate amount of available bandwidth. When faced with rogue users or peer-to-peer applications, such as BitTorrent and Encrypted BitTorrent, FlowCommand can classify all host flows as a “single” flow and give it exactly the same percentage of available bandwidth that every other flow in the network receives. Or, it can completely block specific traffic if that is the policy.
Net Neutrality can also be applied differently to different classes of applications – what we call ‘Net Neutrality with benefits’. In this case, critical business applications can be grouped together and assigned a high percentage of the available bandwidth with the remaining bandwidth being equally divided among the remaining flows.
When FlowCommand is in control of mission-critical network links, every single flow is associated in real-time with the:
1. Application it is serving (for example, a specific website or business application, or a protocol such as VoIP)
2. Geographic location it is serving (generally a country or city)
3. Hosts (internal and external) it is connecting
4. Users it is serving (via an address-to-user database such as Microsoft Active Directory or OpenLDAP)
5. Custom groups — applications, geographic locations, hosts and users can be combined into groups (for example, a group could consist of all countries where a company has business partners, or all applications whose network usage is to be tightly controlled)
<< FlowEnforcer >>
FlowEnforcer is designed for small- to medium-sized enterprise users. It has the innovative capabilities and features of FlowCommand without the service provider and large enterprise elements, such as Net Neutrality. The control, visibility, security, ease of use and third-party integration you need, without the stuff you don’t.
<< FlowVision >>
FlowVision is designed for network operators who want an unprecedented level of real-time visibility of all the activity on their network but who do not currently wish to exercise control. All the scalability and performance of FlowCommand are included in FlowVision, which can either sit in-line like FlowCommand or can run off of a network tap or SPAN/mirror port.
FlowVision is ideal for real-time investigation of network issues and comes with comprehensive reporting capabilities, including historical reporting. FlowVision can be easily upgraded to FlowEnforcer or FlowCommand to realize all the potential of next-generation Network Performance Enforcement.