Module 1: Introduction

Introduction
ACTE Training (Enterprise Track)

ACTE (Enterprise Track) 1

Module 1: Introduction

NX Clients CS Clients

• About Allot
NetXplorer ClearSee
• Core Technology Server

• Placement in Network Data

Mediator

• Allot Architecture
AOS

In this introductory module, we will begin with an overview of Allot and how we
address the needs of our Enterprise Customers. We will then review our core
technology – DART, which lies at the heart of Allot’s Smart solutions. We end this
introductory module by examining Allot’s typical solution architecture.

ACTE (Enterprise Track) 2

Module 1: Introduction

Allot is a provider of leading innovative

network intelligence and security solutions
for service providers and enterprises worldwide,
enhancing value to their customers.

IT’S YOUR NETWORK. KNOW IT. CONTROL IT. SECURE IT.

By deploying Allot’s solution, enterprises are able to run efficient networks that
satisfy users and increase productivity while ensuring business continuity.
With Allot, both enterprise customers and cloud providers can:
See – Analyze the network in order to be able to plan capacities in an accurate way,
identify degradation on time and comply with regulation requirements. The solution
can also provide analysis and business analytics on different aspects of the data, such
as user behavior, QoE scoring, Trend analysis and troubleshooting tools.
Control – Improve user quality of experience using multi-dimension QoS and multi-
tenant SLA. Allot’s solutions ensure network resource allocation matches business
priorities, control applications running in the network by bandwidth or by
connections. We can also control and mitigate network latency using the add-on TCP
optimization feature.
Secure – Secure the network from attacks and allow users to browse safely. Remove
risky applications and protect you network infrastructure from Ransomware, DDoS
attacks, Bot infection and other kinds of web threats. Security is achieved by adding
an Anomaly Detection engine for host and network anomaly traffic.

ACTE (Enterprise Track) 3

Module 1: Introduction

Allot at a Glance
Since 1996

600+
employees worldwide

Sales & Support Offices Regional Headquarters R&D Centers

• 20Y deployment experience • 100+ countries • 13 Tier 1 operators

• 24x7 follow-the-sun support • 1000+ CSP customers • 1B Users worldwide
• Public Company (NASDAQ, TASE: ALLT) • 1000+ Enterprises • #1 Security VAS

Established in 1996, Allot is a leading global provider of innovative network

intelligence and security solutions for enterprises worldwide. Allot’s multi-service
platforms are deployed by over 1000 mobile, fixed and cloud service providers and
over 1000 enterprises around the world. Our sales, support and R&D centers are also
spread around the world to help us get as close as possible to our global customer
base.

ACTE (CSP Track) 4

Module 1: Introduction

Enterprises, Trends and Challenges

New applications Significant rise Enterprises’ IT

Network Digital
and devices in remote Infrastructure
Availability Experience
Growth users' traffic Upgrade

Challenge for IT: Challenge: Challenge: Challenge: Challenge:

Reduce Network Protect organization Assure business Prioritize applications Plan IT infrastructure
downtime caused by from revenue loss and application delivery and provide high QoE upgrades and
users and applications assure its business to all types of users & to remote employees expansions wisely to
behavior reputation devices (VPN, Mobile Phones, justify costs
etc.)

Enterprises have many IT challenges. Let’s look at 5 significant trends that are creating
challenges for Enterprises worldwide.
• Network Downtime is one of the main concerns of IT and Network Admins – Most of
the network downtimes and service interruptions are caused by either user or
application behavior. With the Allot solution, the IT manager can monitor and control
what is running in the network and overcome this challenge.
• As companies provide more and more online digital services to customers, their
digital experience (QoE) becomes critical to avoid revenue loss. Whether it is a bank
which provides access to customer data, a University which gets service to its
students or any other Enterprise business – they all need to provide a good QoE to
the network users to prevent revenue loss and maintain the business reputation.
• Networks becomes more complex as every year there are new applications, new
devices and new services to be deployed, maintained and administrated. It quickly
becomes very difficult to manage. Using the Allot solution the IT Manager can assure
the right QoS and QoE to the business-critical applications and services.
• Higher demand for strong connectivity and QoE of remote users at companies (VPNs,
Mobile, Cloud Apps) is becoming more popular than ever.
• Infrastructure changes such as transformation to SD-WAN, bandwidth upgrades,
adding new devices etc are common. Such projects are expensive and overwhelming,
but many times are not enough to solve the traffic issues in the enterprise network.

ACTE (CSP Track) 5

 Traffic Intelligence and Assurance for Enterprises

• Ensure network and application availability

• Provide real-time troubleshooting of

network & application issues

• Assure delivery of applications with one

centralized appliance

• Guarantee optimal QoE for remote users

• Protect business continuity through

Behavior Anomaly Detection

Allot’s Traffic Intelligence and Assurance solution for Enterprises helps to ensure
network and application availability.
The Allot platform can be deployed at the center of the network, so it sees the traffic
going from the LAN to the Internet and the public cloud, as well as traffic which is
coming from the outside going towards the private cloud. So with one centralized
solution we can control all traffic coming in and going out of the network and ensure
the availability of both the network and the applications that run over it.
Alternatively, the Allot platform can be deployed at the edge of each branch for
greater visibility of the network users.
The Allot solution can also provide real-time troubleshooting capabilities that can
help IT managers to understand in real-time how to optimize the network according
to patterns of usage.
Allot assures delivery of high-quality applications and digital experience of on-line
services with one centralized appliance and also guarantees optimal QoE for remote
users, which is very relevant when employees are working from home.
And finally Allot platform protects business continuity through Behavior Anomaly
Detection. It can identify both incoming DDoS attacks and outgoing anomalous traffic.

6
Module 1: Introduction

NX Clients CS Clients

• About Allot
NetXplorer ClearSee
• Core Technology Server

• Placement in Network Data

Mediator

• Allot Architecture
AOS

In this section we will introduce the core “DART” technology, that lies at the heart of
Allot’s solutions.

ACTE (Enterprise Track) 7

Module 1: Introduction

Core Technology

SPI - Shallow Packet Inspection

DPI - Deep Packet Inspection

DART - Dynamic Actionable Recognition Technology

“DART” stands for Dynamic Actionable Recognition Technology. It is Allot’s enhanced

version of Deep Packet Inspection, which itself evolved from the shortcomings of the
“shallow packet inspection” carried out by standard network equipment. We will
review these terms in more detail now.

ACTE (Enterprise Track) 8

Module 1: Introduction

The 7 Layer model (OSI)

(TCP/UDP Port)

(IP Address)

(MAC Address)

Let’s briefly go back to the basics. The OSI model provides a conceptual
understanding of networking. It is a reference model that characterizes and
standardizes the communication functions of a telecommunication or computing
system. The model partitions a communication system into several abstract layers.
The original version of the model defined seven layers which are presented here.

Each layer adds its own header information. As the data travels down through the
layers, it is encapsulated with a new header. At the network access layer, a trailer is
also added.

ACTE (Enterprise Track) 9

Module 1: Introduction

Shallow Packet Inspection (SPI)

(TCP/UDP Port)

(IP Address)

(MAC Address)

Header info reveals 10

communication intent

Standard shallow packet inspection is performed by many different types of devices

in today’s networks.

This technique looks into the packet header to reveal communication intent.
Some applications can be detected simply by identifying the port over which
communication takes place (e.g: port 80 for HTTP).
Many others though, hide their identity in the payload itself. They may use a range of
different ports and may “hijack” ports which are commonly associated with other
applications such as port 80.

ACTE (Enterprise Track) 10

Module 1: Introduction

Deep Packet Inspection (DPI)

(TCP/UDP Port)

(IP Address)

(MAC Address)

Header info reveals Payload info reveals 11

communication intent application signature

Deep packet inspection looks deep into the payload to search for application
signatures.
They may be spread over several packets or encrypted.

ACTE (Enterprise Track) 11

Module 1: Introduction

DPI Patterns Over Time

Signature found
in several packets

Information regarding connection state

12

Deep packet inspection uses sophisticated techniques of behavioral and temporal

analysis to look for recurring patterns over time.

ACTE (Enterprise Track) 12

Module 1: Introduction

Next Generation DPI Engine

Advanced Data Classification

Inline Encrypted traffic
Analysis
• Powered by Allot’s core
technology – 20+ years
technology development &
enhancements
• >1100 applications
• Dedicated data science
researchers - constant updates
Dynamic • Detection logic based on
heuristics, rules per multiple
Application data-set
• Customized application
Recognition recognition

Technology
Always up-to-date (DART) ML & AI Technology
• Periodic definition files update • Next generation DPI
• Assure up-to-date powered by ML
apps/protocol classifications algorithm
• Supervised and
Unsupervised Learning
models

13

Allot’s Dynamic Application Recognition Technology (DART) is a mature in-line

technology, which uses the Deep Packet Inspection techniques described earlier to
analyze and detect traffic as it runs through the network in real-time. As this traffic is
often encrypted, Allot’s DART engine uses detection logic based on heuristics, and
rules based on multiple data-sets. It also employs next-generation machine learning
algorithms to ensure both supervised and unsupervised learning models.
The DART engine recognizes over 1100 applications today, with definition files
constantly being updated to ensure that the classification of apps and protocols is
constantly up to date.

ACTE (Enterprise Track) 13

Module 1: Introduction

DART - Dynamic Actionable Recognition Technology

See, Control, Secure

See Control
Constantly see, record and understand
Not just inspect. Act!
your network Apply QoS policies via NetXplorer Management Module
Viewed via ClearSee Management Module

User Application QoE Shape Steer Expedite Block

Allot’s DART Engine Embedded in Allot Platform

14

See refers to the ability to see, record, understand and share information about the
traffic on your network, as well as your users and their needs and habits. Allot’s DPI
Engine gathers and processes information on your users, the applications and devices
they use and the Quality of Experience they are enjoying. This information is then
used by ClearSee to create meaningful, clear and insightful graphs and reports to
explain and impart that data in a useful way.

Control refers to the different types of action one can choose to apply to a traffic flow
once it has been seen, using Allot NetXplorer.
You choose the action that most fits your network’s needs. You can shape traffic by
assigning it a designated Quality of Service (QoS), you can steer traffic to a network or
subscriber service, optimize video traffic to offer a better quality of experience,
expedite important and sensitive traffic or you can choose to drop a particular type of
traffic altogether. The control over your network is in your hands.

ACTE (Enterprise Track) 14

Module 1: Introduction

DART - Dynamic Actionable Recognition Technology

See, Control, Secure

Secure
Protect your users and customers as well as your valuable data.
Add security options and protection of your network by using NetworkSecure and DDoS Secure products

Content Anti Anti DDoS Botnet

Filter Phishing Virus Mitigation Containment

Enabled by Allot Secure Enabled by DDoS Secure

* Covered in in AWSE course * Covered in in CDSA course

15

Secure refers to the ability to protect your users and customers as well as your
valuable data.
You can filter traffic to block or restrict harmful content as well as stopping phishing
attempts and viruses by including Allot Secure in your solution. You can also add
protection from DDoS attacks and Botnet infections to your network. This capability is
enabled by the DDoS Secure product.

ACTE (CSP Track) 15

Module 1: Introduction

NX Clients CS Clients

• About Allot
NetXplorer ClearSee
• Core Technology Server

• Placement in Network Data

Mediator

• Allot Architecture
AOS

16

In this section we will see where you should place the Allot System in the network.

ACTE (Enterprise Track) 16

Module 2: Allot Enterprise Platforms

Enterprise Network Diagram Example

Internet Apps
Private Cloud / DC
Campus / Branch

SAP,
Paris
Video VDI
Oracle

WAN/MPLS Users/Clients
Web, Email VoIP GW
Citrix Servers Allot Network

Madrid

Fax Phone PBX

Users/Clients
HQ LAN

Centralized
Management
Users/Clients

At the LAN
LAN, WAN & Internet Junction 17

The location of the Allot Enterprise Platform will depend upon the traffic you want to
be able to analyze and manage. Here we see a typical network diagram of an
enterprise. The powerful and versatile SSG/SG can be placed at junction between the
LAN, Wan and Internet networks.
In this way you will achieve the following:
• Connecting to the LAN side will allow the IT manager the ability to see and manage
data centers and private clouds and all access to essential applications. By policy
configuration, the IT manager gains the same ability see and manage HQ campus
as well as each branch, as well as traffic between the different branches..
• Connecting the Allot platform before the primary Internet router gives the IT
manager the ability to see and manage the entire internet access to public cloud
applications (including business crucial applications) and other internet
application, based on the organization needs.

ACTE (Enterprise Track) 17

Module 1: Introduction

NX Clients CS Clients

• About Allot
• Core Technology
NetXplorer ClearSee
Server
• Placement in Network
• Allot Architecture Data
Mediator
• In-Line and Management Modules
• Modules within Allot Platforms
AOS

18

We will end this introductory module by introducing Allot’s typical solution

architecture for Enterprise customers. The Allot Enterprise Platforms are made up of
different modules. Let’s first examine the different in-line and management modules.

ACTE (Enterprise Track) 18

Module 1: Introduction

In-Line and Management Modules

In-Line Module Management Modules

AOS NX DM CS SMP DSC

19

Several components make up the different Allot System platforms. In addition to the
In-Line module which performs the DART functionality detailed earlier, there is also a
series of Management Modules. We will introduce each module here briefly.

Each one of these modules sits on top of the ACP - Allot Common Platform.
The ACP is a CentOS based operating system for all Allot platforms. It is combined
with additional packages and specifically fine-tuned to meet the needs of the Allot
platforms”.

ACTE (Enterprise Track) 19

Module 2: Allot Enterprise Platforms

AOS

• Real-Time DART Engine

AOS
• The software which runs on every
Allot In-line platform
• Inspects and classifies traffic in Real-
Time
• Enforces different actions according to
predefined rules
• Collects Real-Time statistics for
Analytics purposes.

20

AOS (Allot Operating System) is the software which runs on all of Allot’s In-Line
platforms. This is the software which includes the Allot DART engine - it inspects the
traffic in Real-Time and processes each packet and packet that flows through it.
Allot’s DART engine classifies the traffic and enforces different actions according to
the rules that were predefined.
AOS also collects Real-Time statistics for Analytics purposes.

ACTE (Enterprise Track) 20

Module 2: Allot Enterprise Platforms

NetXplorer
(NX)

• Policy Creation
• Hierarchical Rule-Based policy
• Classification by service, host, time,
encapsulation, interface etc.
• Actions such as Access Control, QoS,
Steering, ToS marking etc.

• Configuration & Management

• Configuration & control of multiple
solution elements
• Operational parameters
• Alarms

21

Allot NetXplorer provides control over all the aspects of the In-Line platform,
providing centralized visibility that is accessible to multiple clients and designed to
manage a globally dispersed network infrastructure. One GUI provides centralized
control of key Allot solution elements, including the AOS platforms, the User
Management Platform (SMP), the Data Mediator and ClearSee.

ACTE (Enterprise Track) 21

Module 2: Allot Enterprise Platforms

Data Mediator and ClearSee

(DM and CS)

• Data Mediator & ClearSee

• Real-time Network Monitoring –
Granular views, in 5-15 sec resolution.

• Network Analytics - Out of the box

dashboards, featuring aggregated and
near real-time analytical insights on
network performance, utilization, and
subscribers’ perceived QoE.

• Self-Service Reporting - Customizable

reporting that turns any business query
into actionable insights.

22

Data Mediator is a mediation element that collects data records from the AOS and
prepares them for upload to the ClearSee, which is the reporting and analytics heart
of the AOS.

ClearSee collects raw data from the AOS platforms as well as control plane elements
from the SMP (Subscriber/User Management Platform) and employs a cutting-edge
data warehouse designed for fast look-up, processing, and export. The data
warehouse features a columnar structure and uses massive parallel processing (MPP)
to handle big data with extreme efficiency.

ClearSee Network Metrics provides real-time network monitoring as well as long

term dashboards that allows drill down and filtering for in depth analysis. ClearSee
Network Analytics (additional license required) provides a full complement of web-
based tools for manipulating and analyzing large varieties and volumes of data with
extreme ease and efficiency, as well as the ability to create self-service reports.

ACTE (Enterprise Track) 22

Module 2: Allot Enterprise Platforms

Subscriber Management
Platform (SMP)

SMP CS
User Login Top Users report • SMP
Usage per User report
IP address
• Ensures full visibility and control per user
AD Server
• Identifies the enterprise user associated
DM
with each traffic flow

• Seamless interface to Active Directory

Internet
systems

• Transparent IP mapping
AOS

23

Allot’s Enterprise solution utilizes user awareness and user-based policy management
provided by Allot SMP.
SMP works with an Active Directory Adaptor to integrate with the Enterprise Active
Directory system. This gives the AOS user-level awareness by enabling it to map each
user to their allocated IP in the enterprise network. In addition, SMP gives the system
visibility of the user group or groups defined for each employee in the enterprise
active directory. You can then configure different control policies based on different
enterprise user groups.

ACTE (Enterprise Track) 23

Module 2: Allot Enterprise Platforms

DDoS Secure
(DSC)

• Anti-DDoS
• Identifies and mitigates network anomalies
• Ensures Network stability
• Protects against computing resources
misuse

• Anti-Abuse (Botnet)
• Identifies and isolates abusive user behavior
• Dynamic internal blacklist
• Protects IP reputation / avoids DNS
More details in
CDSA Course blacklisting

24

Allot’s DDoS Secure integrates protection against bots infiltrating client devices and
DDoS attacks into one package. The DSC works round-the-clock to protect the
network and notify the administrator of any malicious activities.

ACTE (Enterprise Track) 24

Module 1: Introduction

NX Clients CS Clients

• About Allot
• Core Technology
NetXplorer ClearSee
Server
• Placement in Network
• Allot Architecture Data
Mediator
• In-Line and Management Modules
• Modules within Allot Platforms
AOS

25

We will end this introductory module by introducing Allot’s typical solution

architecture for Enterprise customers.

ACTE (Enterprise Track) 25

Module 1: Introduction

Allot Enterprise Platforms

• The Allot Platforms may include one or several modules in one appliance.

Enterprise Enterprise
Only Only
ACG AGM

SG/SSG

DM DM

Other modules are installed

as independent platforms 26

Here we see how the different modules we’ve discussed are included in the main
Enterprise platforms. For large deployments with high throughput requirements, each
module is installed on a separate server. However, more small installations, several
modules are installed on one appliance for reducing cost and space.
• ACG (Application Control Gateway) platforms are designed for small businesses
and enterprises and include both AOS and Management Modules in a single
server.
For large and Medium businesses the AOS platforms and Management platforms are
separated into two separate physical platforms:
• AGM (Allot Gateway Manager) platform include all Management Platforms on a
single server. It can manage up to 4 AOS devices.
• SG and SSG appliances are in-line platforms and include the AOS module only.
SG/SSG platforms support various throughput options and physical links.

ACTE (Enterprise Track) 26

Module 1: Introduction

Review Question

Allot’s core technology is known as “DART”.

What does “DART” stand for?

Data Access Run Time

Disaster Assistance Response

Team
DART
Daily Average Revenue Trades

Dynamic Actionable
Recognition Technology

27

Allot’s core technology is known as “DART”. What does “DART” stand for?

ACTE (CSP Track) 27

Module 1: Architecture Overview

Review NX
Clients
CS
Clients
DDoS Secure
Clients
Question
√ √ X

NX
SMP Server CS DSC

X √ √ X
Data
Mediator
What are the compulsory
components for a solution √
combining
Traffic Management with
Network Analytics solution? SG

√
28

ACPP Training 28
Module 1: Architecture Overview

Review NX
Clients
CS
Clients
DDoS Secure
Clients
Question
√ X √

NX
SMP Server CS DSC

√ √ X √
Data
Mediator
What are the compulsory
components for a X
Botnet Containment HBAD
solution?
SG
*HBAD = Host Behavioral Anomaly Detection √
29

ACPP Training 29
Module 1: Architecture Overview

Review NX
Clients
CS
Clients
DDoS Secure
Clients
Question
√ √ X

NX
SMP Server CS DSC

√ √ √ X
Data
Mediator
What are the compulsory
components for √
Analytics solution with users
visibility?
SG

√
30

What are the compulsory components for Analytics solution with users visibility?
Answer:
• NX and SG components are basic and compulsory for any solution.
• SMP module is necessary to gain the users visibility.
• DM and CS components are compulsory for Analytics solution.
• DDoS and NS Secure are for security and not analytics, so those are not
compulsory modules

ACPP Training 30
Module 1: Introduction

Thank You

31

ACTE (Enterprise Track) 31