The Saisei FlowCommand™ Family of Network Performance Enforcement

Saisei FlowCommand™ is a modern, real-time flow-policy control, analytics and security solution that doubles the usable bandwidth in deployed networks; guarantees no link or user session will ever crash again; and provides sub-second analytics, policy enforcement and security across 40 metrics. Users, apps and geographies are all covered.

FlowCommand™

FlowCommand was designed to solve all of the problems associated with enterprise and service provider edge network congestion, performance and policy enforcement. Only FlowCommand can deliver on these revolutionary capabilities.

To solve your network edge problems, Saisei had to fix TCP/IP

FlowCommand uses patented flow-engine technology that literally changes the way that TCP/IP network traffic under its control behaves. All other networking, security and analytics solutions are forced to operate at the mercy of random, best-effort routed IP data packet transmission. Saisei changed those rules. In doing so, they were able to completely re-engineer how flow control, security, and visibility can be realized when using “domesticated” TCP/IP flows.

FlowCommand runs on x86 processors atop commodity hardware, either as a bump-in-the-wire on a server in the data-forwarding path or as a VM under hypervisor control. The software can monitor up to 5 million concurrent data flows on a 10G link 20 times per second. While examining the flows it can apply any combination of up to 40 bandwidth, business and security policies to each flow and execute those policies in under one second.

FlowCommand — Control, Visibility, Security and Net Neutrality Enforcement

FlowCommand offers the highest level of functionality. It has added security and control features designed specifically for service providers and for the largest of distributed enterprise customers. Specifically, FlowCommand offers our full set of flow-based security capabilities, including comprehensive data exfiltration controls, real-time DDoS controls, and spotting and throttling Botnet activity in real time as attacks begin.

FlowCommand is a Linux software suite that can run on x86 processor cores on bare metal commodity servers, or as a VM under hypervisor control (VMware or KVM), or both. It can monitor and control data flows between two virtual servers, between two physical networks or between a virtual network and a physical network. These networks can be legacy TCP/IP networks or SDN/NFV-based networks. FlowCommand also includes an intuitive RESTful API plus GUI and CLI interfaces, making it easy to integrate into third-party systems, such as orchestration tools for SDN and NFV.

The world’s first “Net Neutrality” enforcer

Among the service provider features specific to FlowCommand is a unique capability called Net Neutrality. Technically a form of host equalization, Net Neutrality instantly solves the problem of a small group of users attempting to take a disproportionate amount of available bandwidth. When faced with rogue users or peer-to-peer applications, such as BitTorrent and Encrypted BitTorrent, FlowCommand can classify all host flows as a “single” flow and give it exactly the same percentage of available bandwidth that every other flow in the network receives. Or, it can completely block specific traffic if that is the policy.

Net Neutrality can also be applied differently to different classes of applications – what we call ‘Net Neutrality with benefits’. In this case, critical business applications can be grouped together and assigned a high percentage of the available bandwidth with the remaining bandwidth being equally divided among the remaining flows.

There are no limits

When FlowCommand is in control of mission-critical network links, every single flow is associated in real-time with the:

• Application it is serving (for example, a specific website or business application, or a protocol such as VoIP)
• Geographic location it is serving (generally a country or city)
• Hosts (internal and external) it is connecting
• Users it is serving (via an address-to-user database such as Microsoft Active Directory or OpenLDAP)
• Custom groups – applications, geographic locations, hosts and users can be combined into groups (for example, a group could consist of all countries where a company has business partners, or all applications whose network usage is to be tightly controlled)