Secure communications is a necessity for many organizations to protect corporate data. Some highly secure organizations mandate the use of third-party encryption devices or external end to end security protocols. The iDirect Network Accelerator is an external appliance that maximizes the speed of encrypted traffic over a satellite network.
The iDirect Series 1000 - Network Accelerators Introduction Secure communications is a necessity for many organizations to protect corporate data. Some highly secure organizations mandate the use of third-party encryption devices or external end-to-end security protocols. Organizations provide secure communications using different architectures including built-in encryption within satellite terminals, end-to-end encryption using COTS IPSec devices or custom encryption solutions such as the ones used by the military. When using encryption over satellite there are inherent performance issues with TCP data traffic. Interactive TCP applications such as HTTP have significantly lower throughput irrespective of how much satellite bandwidth is available. Similarly even large TCP data transfers are limited to approximately 100 kbps, even if more bandwidth is available. Satellite terminals will not be able to classify and prioritize traffic from a site thus --- failing to meet QoS and SLA requirements. iDirect Satellite routers have built in 3DES and AES encryption. The iDirect solution provides both application QoS and encryption to all traffic between a remote and hub location. However, some customers have greater end-to-end encryption needs, or require custom encryption solutions. iDirect Series 1000 The iDirect Series 1000 Network Accelerator is an external appliance that maximizes the speed of encrypted traffic over a satellite network. It provides TCP acceleration, Web acceleration, and application QoS for locations that have IPSec or custom encryption. The iDirect series 1000 compensates for the long latencies in satellite links that would otherwise limit the speed of each TCP session to less than 100 kbps, allowing greater utilization of available bandwidth. Without acceleration software, TCP traffic faces a variety of problems that slow it down when it is sent via satellite. The iDirect series 1000 is designed to intercept TCP traffic, prioritize and accelerate it before it is encrypted. This allows for a significantly higher overall TCP throughput over a satellite network, such as the one depicted in Figure 1.
Figure 1: A Network Using the iDirect series 1000 to Accelerate Encrypted TCP Traffic Page 1 of 5
The iDirect series 1000 also maximizes the user experience for encrypted traffic traveling over a satellite link. Satellite networks typically have greater capacity limitations than terrestrial networks. The available bandwidth can be allocated and managed efficiently to provide optimal end user service regardless of the network congestion. For instance, real-time applications, like voice and video, can be given priority access to more bandwidth than non-real-time applications, like emails and file transfers. This provides quality of service guarantees to real-time traffic. The iDirect series 1000 accomplishes this by working in conjunction with iDirect VSAT terminals to provide end-to-end application QoS capability. The end result is priority applications like voice or video transmissions are uninterrupted while lower priority data utilizes all remaining bandwidth. The iDirect series 1000 is fully integrated into the iDirect VSAT system. It is controlled through iDirect's iSite configuration utility to enable virtually all enterprise-class IP applications to operate seamlessly and securely over iDirect's satellite links, even in the presence of third-party encryption devices and external end-to-end security protocols that would defeat most acceleration software. iDirect Series 1000 Product Line The iDirect Series 1000 product line consists of two models: the iDirect 1100 and the iDirect 1200. The iDirect Model 1100 is capable of accelerating up to 1,000 concurrent TCP sessions. The iDirect Model 1200 is capable of accelerating up to 40,000 concurrent TCP sessions. In a typical application such as the one highlighted in Figure 1, the Model 1100 is shown at the "remote" site and the Model 1200 is shown at the "headquarters" site. However, it should be noted that a network with Model 1100 units at both the "remote" site and the "headquarters" site is acceptable as long as the performance limitations above are respected. For the highest performance system, Model 1200 units can be deployed at all sites. High Level Network Architecture using iDirect 1100 and iDirect 1200 The series 1000 based network architecture is depicted in Figure 2. This graphic illustrates ... [download for more]
