Module 1: Introduction

Introduction
ACTE Training (Enterprise Track)

ACTE (Enterprise Track) 1

Module 1: Introduction

• About Allot

• Core Technology

• Placement in Network

• Allot Architecture

In this introductory module, we will begin with an overview of Allot and how we
address the needs of our Enterprise Customers. We will then review our core
technology – DART, which lies at the heart of Allot’s Smart solutions. We end this
introductory module by examining Allot’s typical solution architecture.

ACTE (Enterprise Track) 2

Module 1: Introduction

Allot is a provider of leading innovative

network intelligence and security solutions
for service providers and enterprises worldwide,
enhancing value to their customers.

IT’S YOUR NETWORK. KNOW IT. CONTROL IT. SECURE IT.

By deploying Allot’s solution, enterprises are able to run efficient networks that
satisfy users and increase productivity while ensuring business continuity.
With Allot, both enterprise customers and cloud providers can:
See – Analyze the network in order to be able to plan capacities in an accurate way,
identify degradation on time and comply with regulation requirements. The solution
can also provide analysis and business analytics on different aspects of the data, such
as user behavior, QoE scoring, Trend analysis and troubleshooting tools.
Control – Improve user quality of experience using multi-dimension QoS and multi-
tenant SLA. Allot’s solutions ensure network resource allocation matches business
priorities, control applications running in the network by bandwidth or by
connections. We can also control and mitigate network latency using the add-on TCP
optimization feature.
Secure – Secure the network from attacks and allow users to browse safely. Remove
risky applications and protect you network infrastructure from Ransomware, DDoS
attacks, Bot infection and other kinds of web threats. Security is achieved by adding
an Anomaly Detection engine for host and network anomaly traffic.

ACTE (Enterprise Track) 3

Module 1: Introduction

Allot at a Glance
Since 1996

600+
employees worldwide

Sales & Support Offices Regional Headquarters R&D Centers

• • •
• • •
• • •

Established in 1996, Allot is a leading global provider of innovative network

intelligence and security solutions for enterprises worldwide. Allot’s multi-service
platforms are deployed by over 1000 mobile, fixed and cloud service providers and
over 1000 enterprises around the world. Our sales, support and R&D centers are also
spread around the world to help us get as close as possible to our global customer
base.

ACTE (CSP Track) 4

Module 1: Introduction

Enterprises, Trends and Challenges

Enterprises have many IT challenges. Let’s look at 5 significant trends that are
creating challenges for Enterprises worldwide.
• Network Downtime is one of the main concerns of IT and Network Admins – Most
of the network downtimes and service interruptions are caused by either user or
application behavior. With the Allot solution, the IT manager can monitor and
control what is running in the network and overcome this challenge.
• As companies provide more and more online digital services to customers, their
digital experience (QoE) becomes critical to avoid revenue loss. Whether it is a
bank which provides access to customer data, a University which gets service to its
students or any other Enterprise business – they all need to provide a good QoE to
the network users to prevent revenue loss and maintain the business reputation.
• Networks becomes more complex as every year there are new applications, new
devices and new services to be deployed, maintained and administrated. It quickly
becomes very difficult to manage. Using the Allot solution the IT Manager can
assure the right QoS and QoE to the business-critical applications and services.
• Higher demand for strong connectivity and QoE of remote users at companies
(VPNs, Mobile, Cloud Apps) is becoming more popular than ever.
• Infrastructure changes such as transformation to SD-WAN, bandwidth upgrades,
adding new devices etc are common. Such projects are expensive and

ACTE (CSP Track) 5

Module 1: Introduction

overwhelming, but many times are not enough to solve the traffic issues in the
enterprise network.

ACTE (Enterprise Track) 5

 Traffic Intelligence and Assurance for Enterprises

• Ensure network and application availability

• Provide real-time troubleshooting of

network & application issues

• Assure delivery of applications with one

centralized appliance

• Guarantee optimal QoE for remote users

• Protect business continuity through

Behavior Anomaly Detection

Allot’s Traffic Intelligence and Assurance solution for Enterprises helps to ensure
network and application availability.
The Allot platform can be deployed at the center of the network, so it sees the traffic
going from the LAN to the Internet and the public cloud, as well as traffic which is
coming from the outside going towards the private cloud. So with one centralized
solution we can control all traffic coming in and going out of the network and ensure
the availability of both the network and the applications that run over it.
Alternatively, the Allot platform can be deployed at the edge of each branch for
greater visibility of the network users.
The Allot solution can also provide real-time troubleshooting capabilities that can
help IT managers to understand in real-time how to optimize the network according
to patterns of usage.
Allot assures delivery of high-quality applications and digital experience of on-line
services with one centralized appliance and also guarantees optimal QoE for remote
users, which is very relevant when employees are working from home.
And finally Allot platform protects business continuity through Behavior Anomaly
Detection. It can identify both incoming DDoS attacks and outgoing anomalous traffic.

6
Module 1: Introduction

• About Allot

• Core Technology

• Placement in Network

• Allot Architecture

In this section we will introduce the core “DART” technology, that lies at the heart of
Allot’s solutions.

ACTE (Enterprise Track) 7

Module 1: Introduction

Core Technology

SPI - Shallow Packet Inspection

DPI - Deep Packet Inspection

DART - Dynamic Actionable Recognition Technology

“DART” stands for Dynamic Actionable Recognition Technology. It is Allot’s enhanced

version of Deep Packet Inspection, which itself evolved from the shortcomings of the
“shallow packet inspection” carried out by standard network equipment. We will
review these terms in more detail now.

ACTE (Enterprise Track) 8

Module 1: Introduction

The 7 Layer model (OSI)

(TCP/UDP Port)

(IP Address)

(MAC Address)

Lets go back to the basics. The OSI model provides a conceptual understanding of
networking. It is a reference model that characterizes and standardizes the
communication functions of a telecommunication or computing system. The model
partitions a communication system into several abstract layers. The original version of
the model defined seven layers.

Each layer adds its own header information. As the data travels down through the
layers, it is encapsulated with a new header. At the network access layer, a trailer is
also added.

ACTE (Enterprise Track) 9

Module 1: Introduction

Shallow Packet Inspection (SPI)

(TCP/UDP Port)

(IP Address)

(MAC Address)

Header info reveals 10

communication intent

Standard shallow packet inspection is performed by many different types of devices

in today’s networks.

This technique looks into the packet header to reveal communication intent.
Some applications can be detected simply by identifying the port over which
communication takes place (e.g: port 80 for HTTP).
Many others though, hide their identity in the payload itself. They may use a range of
different ports, and may “hijack” ports which are commonly associated with other
applications such as port 80.

ACTE (Enterprise Track) 10

Module 1: Introduction

Deep Packet Inspection (DPI)

(TCP/UDP Port)

(IP Address)

(MAC Address)

Header info reveals Payload info reveals 11

communication intent application signature

Deep packet inspection looks deep into the payload to search for application
signatures.
They may be spread over several packets or encrypted.

ACTE (Enterprise Track) 11

Module 1: Introduction

DPI Patterns Over Time

Signature found
in several packets

Information regarding connection state

12

Deep packet inspection uses sophisticated techniques of behavioral and temporal

analysis to look for recurring patterns over time.

ACTE (Enterprise Track) 12

Module 1: Introduction

Next Generation DPI Engine

Advanced Data Classification

Inline Encrypted traffic
• >1100 applications
Analysis • Dedicated data science
• Powered by Allot’s core researchers - constant updates
technology – 20+ years Dynamic • Detection logic based on
technology development & heuristics, rules per multiple
enhancements Application data-set
• Customized application
Recognition recognition

Technology
Always up-to-date (DART) ML & AI Technology
• Periodic definition files update • Next generation DPI
• Assure up-to-date powered by ML
apps/protocol classifications algorithm
• Supervised and
Unsupervised Learning
models

13

Allot’s Dynamic Application Recognition Technology (DART) is a mature in-line

technology, which uses the Deep Packet Inspection techniques described earlier to
analyze and detect traffic as it runs through the network in real-time. As this traffic is
often encrypted, Allot’s DART engine uses detection logic based on heuristics, and
rules based on multiple data-sets. It also employs next-generation machine learning
algorithms to ensure both supervised and unsupervised learning models.
The DART engine recognizes over 1100 applications today, with definition files
constantly being updated to ensure that the classification of apps and protocols is
constantly up to date.

ACTE (Enterprise Track) 13

Module 1: Introduction

DART - Dynamic Actionable Recognition Technology

See, Control, Secure

See Control
Constantly see, record and understand
Not just inspect. Act!
your network Apply QoS policies via NetXplorer Management Module
Viewed via ClearSee Management Module

User Application QoE Shape Steer Expedite Block

Allot’s DART Engine Embedded in Allot Platform

14

See refers to the ability to see, record, understand and share information about the
traffic on your network, as well as your users and their needs and habits. Allot’s DPI
Engine gathers and processes information on your users, the applications and devices
they use and the Quality of Experience they are enjoying. This information is then
used by ClearSee to create meaningful, clear and insightful graphs and reports to
explain and impart that data in a useful way.

Control refers to the different types of action one can choose to apply to a traffic flow
once it has been seen, using Allot NetXplorer.
You choose the action that most fits your network’s needs. You can shape traffic by
assigning it a designated Quality of Service (QoS), you can steer traffic to a network or
subscriber service, optimize video traffic to offer a better quality of experience,
expedite important and sensitive traffic or you can choose to drop a particular type of
traffic altogether. The control over your network is in your hands.

ACTE (Enterprise Track) 14

Module 1: Introduction

DART - Dynamic Actionable Recognition Technology

See, Control, Secure

Secure
Protect your users and customers as well as your valuable data.
Add security options and protection of your network by using NetworkSecure and DDoS Secure products

Content Anti Anti DDoS Botnet

Filter Phishing Virus Mitigation Containment

Enabled by Allot Secure Enabled by DDoS Secure

* Covered in in AWSE course * Covered in in CDSA course

15

Secure refers to the ability to protect your users and customers as well as your
valuable data.
You can filter traffic to block or restrict harmful content as well as stopping phishing
attempts and viruses by including Allot Secure in your solution. You can also add
protection from DDoS attacks and Botnet infections to your network. This capability is
enabled by the DDoS Secure product.

ACTE (CSP Track) 15

Module 1: Introduction

• About Allot

• Core Technology

• Placement in Network

• Allot Architecture

16

In this section we will see where you should place the Allot System in the network.

ACTE (Enterprise Track) 16

Module 2: Allot Enterprise Platforms

Enterprise Network Diagram Example

Internet Apps
Private Cloud / DC
Campus / Branch

SAP,
Paris
Video VDI
Oracle

WAN/MPLS Users/Clients
Web, Email VoIP GW
Citrix Servers Network

Madrid

Fax Phone PBX

Users/Clients
HQ LAN

Users/Clients

At the LAN
LAN, WAN & Internet Junction 17

The location of the Allot Enterprise Platform will depend upon the traffic you want to
be able to analyze and manage. Here we see a typical network diagram of an
enterprise. The powerful and versatile SSG/SG can be placed at three different points
depending on your unique requirements:
• Placing the Allot at the edge of the private cloud and data center gives the IT
manager the ability to see and manage the campus (HQ employees) and all access
to essential applications.
• Placing the Allot before the primary Internet router gives the IT manager the ability
to see and manage the entire internet access to public cloud applications
(including business crucial applications) and other internet application, based on
the organization needs.
• Placing an Allot at each branch office gives the IT manager the ability to see and
manage the access to the internet for each branch, as well as traffic between the
different branches.

ACTE (Enterprise Track) 17

Module 1: Introduction

• About Allot

• Core Technology

• Placement in Network

• Allot Architecture

18

We will end this introductory module by introducing Allot’s typical solution

architecture for Enterprise customers.

ACTE (Enterprise Track) 18

 Allot Enterprise Product Series

SSG Series
• The Allot Enterprise product series • For Medium and large
consists of: Enterprises
• 1Gbps – 40Gbps Throughput
• Centralized Mgm & HA
• ACG series • Virtual Edition
• SSG series
• SG series

ACG Series SG Series

• For SMB and SME
• For Large Enterprises
• 50Mbps – 2Gbps Throughput
• 50Gbps – 250Gbps
• Management Layer & Control
Throughput
Layer in one appliance
• Centralized
Mgm & HA

19

The Allot Enterprise product series consists of:

- ACG series is intended for Small/Medium Businesses (SMB) or Small/Medium
Enterprises (SME). The ACG covers throughput starting from 50Mbps up to 2Gbps.
The management components are embedded together with the inline platform in
a single 1U server.
- SSG series which starts from 1Gbps with SSG-200 and can go up to 40Gbps with
the SSG-600. This line of products are intended for medium and large enterprises.
The SSG is an inline platform and requires additional installation of the Centralized
Management which either can be installed on a virtual environment or on another
dedicated server.
- SG series completes the Allots offering for large enterprises with big data centers.
Covering throughput of 50Gbps with SG-9100 and up to 250Gbps with SG-9700.
This series is also deployed as an in-line appliance which, like the SSG, requires
additional installation of the centralized management on a virtual installation or on
another dedicated server.

19
Module 1: Architecture Overview

Allot Architecture for Enterprise

Medium and Large Enterprises SMB, SME

User Interface
Layer

Management
Server Layer

DART Layer

20

The Allot architecture for Enterprise market consists of three layers:

The DART layer. This is where you will find the platforms that have DPI capabilities
embedded. There may be several inline platforms (such as SG and SSG) in a single
deployment. These platforms implement the network management policies and
collect network usage data, directly from the physical lines.
The Management Server Layer. This incorporates the various Management Modules,
which can be housed in a single Allot Centralized Manager server or can be installed
separately on physical or virtualized hardware. The Allot Gateway Manager includes
compulsory management modules (NetXplorer, ClearSee, Data Mediator) and
optional management modules (SMP, NetworkSecure CM and DDoS Secure
Controller) depending on the use case required.
The Application Control Gateway (ACG) solutions combine all DART and Management
modules into a single appliance.
User Interface Layer. The user interface layer consists of the various clients used to
access the different management servers. The ClearSee and NetXplorer clients are
both compulsory. Depending on the use case, you may also have a NetworkSecure
and a DDoS Secure client.

ACPP Training 20
Module 1: Introduction

Review Question

Allot’s core technology is known as “DART”.

What does “DART” stand for?

Data Access Run Time

Disaster Assistance Response

Team
DART
Daily Average Revenue Trades

Dynamic Actionable
Recognition Technology

21

Allot’s core technology is known as “DART”. What does “DART” stand for?

ACTE (CSP Track) 21

Module 1: Introduction

Review Question
Match the Allot Enterprise Platform
with its Throughput

SSG 1Gbps – 40Gbps

ACG 40Gbps – 250Gbps

SG 50Mbps – 2Gbps

22

Match the Allot Enterprise Platform with its throughput.

ACTE (Enterprise Track) 22

Module 1: Introduction

Thank You

23

ACTE (Enterprise Track) 23