As your business expands its Internet presence to offer more services to more users, the increased load on your available network resources affects your ability to provide good service. Your network administrators need a tool to distribute that load efficiently and automatically.
With its IP Magic Technology, Lightspeed Systems' Total Control 2.5 combines in one package almost every conceivable means of monitoring and controlling IP traffic. IP Magic is a collection of configurable objects that you can use to control the flow of IP packets on a network. Total Control contains two major components: IP Magic Server, which is the core service that controls IP traffic, and IP Magic Manager, which is the sophisticated graphical management tool you use to create IP flowcharts and monitor active objects.
Gaining Total Control
I installed IP Magic Server and IP Magic Manager on a Windows 2000 Server machine with a 667MHz Pentium III processor, 128MB of RAM, and two Intel 10/100 network adapters. You can also run IP Magic Server on Win2K Professional or Windows NT Workstation machines. You can run IP Magic Manager on any Win2K, NT, or Windows 9x machine and connect to any IP Magic Server on the network.
Lightspeed Systems offers a free consultation during which technicians determine your network-management goals and help you design your flowchart. To test this service, I called the company and described the benefits that I wanted from Total Control: I wanted to provide basic Internet connectivity to internal users and to load-balance an application service for remote employees who access it over the Internet. I was shooting for a challenge, but Lightspeed Systems deemed my scenario simple. When you consider all of Total Control's capabilities (as evidenced by its numerous objects), my scenario does seem simple.
To provide basic Internet connectivity, I first configured two IP Magic Interface objects (which represented the two NICs in my system) with one IP address apiece. One object was for internal traffic; the other was for external traffic. The Total Control installation process bound an IP Magic network protocol to both of my system's network adapters. Through the Interface objects, Total Control assigned an IP address and gateway to this proprietary IP stack. You can disable Microsoft's TCP/IP stack on the external interface so that the IP Magic protocol handles all Internet traffic. According to Lightspeed Systems, such a configuration adds a level of security because the IP Magic protocol isn't susceptible to any known NT hacks. However, IP Magic requires Microsoft's TCP/IP stack for remote connections; therefore, if you disable the TCP/IP stack on the external interface, you must connect through the internal interface.
Next, I configured the Source NAT object so that internal users could access the Internet. Total Control's graphical environment made this task simple; I needed only to copy the default Source NAT object on the lines between the two Interface objects and add the external interface IP address to the Source NAT object properties. To effect the change, I saved this new configuration as the active configuration, then fired up an internal workstation with a default gateway to the IP Magic server.
Load Balancing
The next phase of my scenario presented more of a challenge. I have two Win2K servers on my network, each running Win2K Server Terminal Services, and I wanted to load-balance external clients between them. The solution was the IP Magic object called Server Load Balancing.
Total Control offers four load-balancing methods: Weighted Round Robin, Fastest Response, Least Connections, and Performance Counter. Weighted Round Robin divides the number of connections on the load-balanced servers by the configured server weight, then forwards packets to the server that has the lowest value. Fastest Response monitors the servers to determine which responds to requests fastest, then forwards the packets to that server. Least Connections forwards requests to the server that has the smallest number of current IP connections. Finally, Performance Counter monitors performance-counter objects on the servers (which must be running Win2K or NT) and passes the requests to the server that has the most available resources.
The Least Connections method was ideal for me because I was using only two Terminal Services servers. After I configured load balancing, I used a laptop to dial up the Internet, then directed my Terminal Services client application to the IP Magic address. I received a logon screen from one of my internal servers. Then I initiated another terminal session. As I expected, the second connection sent me to the other available server.
Traffic Concerns
For security reasons, I wanted to ensure that only specific types of traffic could pass through the IP Magic server. Therefore, I added the Port Branch object to the diagram and configured one of the object's three branches for port 3389, Microsoft's TCP port for Terminal Services. I configured the other two ports for mail and Web traffic. Before I configured the Load Balancing object, I added IP Magic Server as the default gateway for the internal terminal servers.
To best utilize my Internet connection's 1.54MB of bandwidth, I needed to prioritize the different types of traffic. To configure this prioritization, I used the Port Branch object and two Priority objects, one for incoming traffic and one for outgoing traffic.
I set up my diagram so that all traffic would go through the Port Branch object, which decides where to send packets. Traffic would then go to the appropriate Priority object, which enforces a protocol's priority percentage in the event of bandwidth contention.
As Figure 1 shows, I set two priority percentages for the incoming Priority object. I set a lower priority for incoming Terminal Services clients (because they account for a small amount of data) and a higher priority for all other inbound traffic (e.g., HTTP, FTP, SMTP).
I configured a second Priority object for outbound traffic. In this object, I gave a higher priority to outbound Terminal Services clients and a lower priority to outbound LAN Internet users.
For the final phase of my test, I started downloading Microsoft SQL Server Service Pack 2 (SP2) from the Web onto my internal client workstation, then checked my active statistics on IP Magic Server. The average and current bandwidth meters showed that the Terminal Services clients (still active from my previous testing) weren't interfering with the download, which had the higher inbound priority. I opened the Speedometer object and saw that the download was almost in the red zone. The download was attempting to use all the available bandwidth (i.e., about 800Kbps of the T1), as Figure 2 shows. I stopped the download and used another object from the Lightspeed arsenal: the Speed Limiter. I set the maximum bandwidth for inbound connections at 128Kbps, then restarted the download. The download speed throttled down to just around 120Kbps.
Now that I'd gained some control over my network, I wanted to incorporate Total Control's traffic-analysis tools. The product includes dynamic-information-gathering objects (e.g., Traffic Discovery), as well as objects (e.g., Traffic Statistics) that write logs and reports to HTML-formatted documents. You can view statistics for any Total Control object simply by right-clicking its icon in the active configuration.
Because you must route all traffic through IP Magic Server, you need to configure both your client machines and internal servers to route through the IP Magic machine. As a result, you have a single point of failure in your network. To add reliability, Total Control offers a service-monitoring application that can restart the IP Magic service and alert administrators by email in the event of failure. You can also add failover IP Magic servers.
Making a Decision
I highly recommend Total Control for enterprise businesses that might otherwise need to piece together costly hardware and software solutions to gain the functionality that Total Control offers out of the box. At first, Total Control's price tag seems high, but not when you compare the product with high-end multifunction routers that have similar features. Lightspeed Systems lets you purchase bundles of IP Magic objects for half price; this approach might be suitable for small to midsized companies that want to get a handle on their Internet or WAN traffic but don't need capabilities such as load balancing. Total Control's target markets—e-business and the enterprise—will certainly reap the benefits of bandwidth efficiency and reliability for themselves and their customers.
| Total Control 2.5 |
|
Contact: Lightspeed Systems * 661-324-4291 Web: http://www.lightspeedsystems.com Price: $7995 Decision Summary Pros: Precise GUI; free consulting service to assist with configuration; accommodates a wide range of scenarios Cons: Moderate-to-high learning curve; requires network redesign so that all traffic passes through the IP Magic server; online Help is missing crucial documentation |
