One of our recent updates is integration with MicroSoft Active Directory which is helpful for using DPI in corporate networks. When organizing a corporate network, it is necessary to analyze and control how employees use Internet resources during working hours. The DPI platform is used for:
Let’s look at how to connect MS AD and VAS Experts DPI, create blacklists and restrict access to applications for employees.
DPI is installed in-line and ensures the passage of all incoming and outgoing traffic. The installation location is determined based on the characteristics of the network: it is recommended to install it in front of an edge router or device that implements NAT.
It is important to see the real IP addresses of clients and apply policies directly to those IPs. If you need to implement NAT, this is also possible in the BRAS and Complete versions of VAS Experts DPI platform. Licensing Details
VAS Experts DPI supports authorization mechanisms in the L2 (DHCP, ARP, PPPoE) and L3 (IPoE) modes, which are successfully used on broadband access networks. For example, it is proposed to use IPoE mode as the most simple and quick to configure. DPI in this scheme is very easy to scale and perform bypass using cards or a second server with a backup license.
The scheme involves:
After authorization in MS AD, subscriber information is sent to the Radius server. When the subscriber makes the first request, DPI platform generates an Accept-Request with the IP address of the subscriber. Based on the information that this IP belongs to a specific subscriber and group, the Radius server generates an Access-Accept with the attributes. The attributes may include:
After receiving the data, VAS Experts DPI applies restrictions for a period equal to Session-Timeout (e.g., 600 seconds). After this period, the authorization request for the IP to the Radius server is repeated.
If the Radius server does not have information about the requested IP, an Access-Reject response is generated with the default profiles:
In this case, the subscriber will be redirected to the Captive Portal at the next HTTP request and limited by the available exchange protocols.
For easy configuration there is Graphical User Interface which helps to create and manage profiles, track assigned services and authorization status.
VAS Experts DPI allows you to analyze Clickstream и Full Netflow, which is collected in the Quality of Experience module. The network administrator has the following options: