Showing posts with label Policy Control. Show all posts
Showing posts with label Policy Control. Show all posts

Tuesday, April 8, 2014

Amdocs Debuts Virtualized Policy Control for VoLTE

Amdocs introduced a virtualized policy control and charging rule function (PCRF) solution specifically designed to support the stringent feature requirements that enable a high definition (HD) quality and differentiated VoLTE experience.

The Amdocs VoLTE Controller can operate in a dedicated hardware environment or as a virtualized appliance.  Amdocs says its solution comes with pre-packaged services for rapid deployment in two months.  It operates as a dedicated PCRF solution for VoLTE and can be deployed alongside legacy PCRF systems, which can continue to support basic policy needs such as fair usage control.

Amdocs noted that its solution is already supporting VoLTE services at a Tier-1 North American operator.  The company has also been selected for policy control support of VoLTE by a European Tier-1 service provider.

"Landline services have set the bar for voice and service providers are challenged to meet and exceed those expectations with VoLTE," said Rebecca Prudhomme, vice president of product and solutions marketing at Amdocs. "This solution extends policy control for VoLTE with its extensive support for emergency call services, voice roaming and other critical voice service attributes; having a specialized PCRF solution, designed with the rigors of VoLTE in mind, is vital for operators seeking to differentiate next-generation voice services over LTE."

Wednesday, April 2, 2014

Gigamon Announces Multi-Purpose Visibility Fabric Node for Big Data

Gigamon is preparing to release the  GigaVUE-HC2 fabric node for the Services Layer of its Visibility Fabric architecture.

The GigaVUE-HC2 is a modular platform that combines multiple external functions such as compute for stateful and intelligent traffic correlation, secure in-band TAPs to prevent unauthorized access to traffic data, and sophisticated filtering, replication and aggregation, all in a single, compact modular form factor thereby eliminating the need for service chaining multiple external nodes. The GigaVUE-HC2 will launch with seven optional modules including 10Gb and 40Gb modules, GigaSMART intelligence as well as copper and fiber TAPs. The optional GigaSMART capabilities include packet slicing, masking, source port labeling, tunneling, header stripping and Layer 7 load balancing.

Visibility Fabric Applications provide stateful packet correlation capabilities that enable de-duplication, provide session awareness for enhanced visibility, insight and control over data traffic flows, as well as the ability to summarize and generate NetFlow statistics from incoming traffic streams.

“The GigaVUE-HC2 provides a versatile multi-purpose platform that addresses the needs of a broad variety of tools. Its  performance and GigaSMART intelligence addresses not only the monitoring needs of today, but scales to meet the needs of the future,” said Shehzad Merchant, Chief Strategy Officer at Gigamon. “ Big Data traffic intelligence requires compute elasticity to meet the dynamic needs of today’s organizations.  Gigamon’s architecture supports distributed intelligence, centralized intelligence, or a hybrid of the two and ensures that multiple H-Series platforms can be managed as a single virtual chassis in a cluster.  GigaVUE-HC2 offers traffic intelligence at the right place in the network for the right price.”

Thursday, May 2, 2013

Procera Lands Multi-Million Dollar Follow-On Order in Europe

Procera Networks confirmed a a multi-million dollar follow-on order from a Tier 1 European network operator for multiple PacketLogic PL20000 systems.  The equipment will be used to expand the existing deployment and provide more capacity and functionality for the operator.

The PL20000 platform supports up to 320Gbps and up to 5 Tbps per cluster of Intelligent Policy Enforcement (IPE) providing scalability for up to ten million subscribers and 120 million active flows in a single chassis. The platform enables network operators to grow their IPE deployments in a modular fashion, simply by adding modules to the existing system, without requiring additional overhead from cluster deployment, which add network complexity and operational challenges.

"Network operators in EMEA continue to adopt the PL20000 as the platform of choice for large broadband deployments," said Paul Gracie, senior vice president Global Sales and Services at Procera. "Network operators are purchasing solutions that can handle their traffic growth for the next three to five years, and we believe Procera delivers the most scalable Intelligence Policy Enforcement solutions available on the market."

Tuesday, February 12, 2013

F5 Adds Policy Enforcement to BIG-IP

F5 Networks is adding policy enforcement capabilities to its BIG-IP traffic steering and load balancing platform, allowing service providers to convert the BIG-IP's deep visibility into network conditions and subscriber behavior into optimized services.

F5's new BIF-IP Policy Enforcement Manager (PEM) software can classify traffic and enforce policy based on applications and subscriber behavior.  BIG-IP PEM also provides granular reports on subscriber and application flows, and it integrates with online charging subsystems, giving operators real-time credit control.  The software is interoperable with third-party Policy and Charging Rules Function (PCRF) vendors and is compliant with the latest 3GPP standards for a Policy and Charging Enforcement Function (PCEF).

BIG-IP PEM is designed to run on VIPRION, F5’s high-performance, chassis-based hardware platform. When run on F5’s latest VIPRION C4800 offering, BIG-IP PEM enables service providers to achieve up to 320 gigabits per second L7 throughput, support up to 72 million concurrent connections, and serve as many as 96 million subscribers on a single device.

F5 said its Policy Enforcement Manager also provides the ability to provision and de-provision value-added servers based on real-time subscriber and network traffic conditions.

The BIG-IP PEM adds to the F5’s intelligent services framework. Other recent enhancements to the platform include BIG-IP Carrier-Grade NAT and BIG-IP Advanced Firewall Manager. All of these capabilities are now available.

Friday, January 25, 2013

Tekelec Supplies Policy Server for KT's LTE and 3G Nets

KT has selected Tekelec's Policy Server (PCRF) for its LTE and 3G networks.

Tekelec's Policy Server will support KT’s new Voice over LTE (VoLTE) offering, LTE data plans and Rich Communication Suite (RCS) service.  It will also be used for daily and monthly quota tracking for a variety of services, including voice, Internet usage, file transfer, instant messaging, and video telephony. The daily tracking will give KT new flexibility to offer per diem packages and service options across 3G, LTE and RCS services.

"KT’s new LTE services enrich the subscriber experience and give customers new advanced options for communications services and mobile data applications,” said Houck Reed, vice president of product management and marketing at Tekelec. "As the brain of LTE and 3G networks, Tekelec’s Policy Server will enable KT to take advantage of new business models that extend policy enforcement to the mobile device and offer policy as a service to over-the-top application providers.”

Thursday, January 10, 2013

Sandvine Confirms $6.5 Million in Follow-on Orders, Adds Dermot O'Carroll to Board

Sandvine confirmed the receipt of more than $6.5 million in follow-on Network Policy Control orders from a Top-5 Asian communications service provider. Sandvine announced initial orders from the customer in May 2012. Since May 2012, Sandvine has announced orders from certain Tier-1 Asian operators that total approximately $20 million and has reported the highest market share in the region.
“This is a multi-phase project and the deployment has proceeded as expected. We are just beginning the second phase,” said Tom Donnelly, COO, Sales and Global Services. “We have been able to demonstrate our ability to measure application usage on a granular basis and provide meaningful streaming video metrics based on device, display characteristics and transport quality. We will now start to expand those capabilities as well as our traffic management solution across additional network locations.”

Sandvine also announced that Dermot O’Carroll has joined its Board of Directors. Mr. O’Carroll has spent almost 40 years in the telecommunications industry, the last twenty of which as a senior executive in various roles, including with Rogers Communications.

Sandvine Posts Q4 Revenue of $27.5 Million

Sandvine reported $27.5 million in revenue for its fourth quarter of 2012, non-IFRS income of $6.9 million and net income of $6.5 million. During the quarter, Sandvine recorded a one-time, $3.8 million reduction in operating expenses for Ontario government funding related to its ongoing project under the Next Generation of Jobs Fund.  Full year results included revenue of $87.9 million and a non-IFRS loss of $2.7 million (net loss of $5.0 million).

Some Q4 2012 highlights:

  • Revenue by access technology market: wireless 48%; DSL 35%; cable 17%
  • Revenue by geography: NA 44%; APAC 26%; EMEA 18%; CALA 12%
  • Revenue by sales channel: reseller 78%; direct 22%
  • Gross margin: 71%
  • Cash, cash equivalents and short-term investments balance: $74.6 million

“We are pleased with fourth quarter results as they demonstrate ongoing progress in revenue growth and profitability,” said Dave Caputo, Sandvine’s President and CEO. “Total revenue and wireless market revenue were at record levels, driven by large initial orders from two new Tier 1 customers and large expansion orders from major existing customers, which has been a key area of focus for us in 2012.”

Tuesday, December 18, 2012

Cisco to Acquire BroadHop for Policy Control

Cisco announced plans to acquire BroadHop, a start-up providing policy control and service management technology for carrier networks. Financial terms were not disclosed.

BroadHop, which is based in Denver, Colorado, specializes in application-centric policy technology.  Its Quantum Network Suite is an open policy-application platform based on PCRF architecture that can be used for network-centric bandwidth management, such as fair use and bandwidth throttling, and application-centric interactive services, such as policy-to-the-handset and real-time mobile congestion management. This enables Service Providers to control, monetize and personalize network and application services.  The company says its solution has been deployed by more than 90 telecom service providers serving more than 500 million subscribers in 40 countries.

BroadHop has been a key service provider Wi-Fi partner for Cisco.

Cisco said BroadHop's policy control solutions for mobile and fixed networks will be integrated into Cisco’s Service Provider Mobility Group to provide service providers the flexibility to control, monetize and personalize the types of service they choose, on any network.

  • In April, BroadHop confirmed that a Tier 1 US operator is leveraging Quantum Network Suite for Wi-Fi offload. Quantum Network Suite is enabling this operator with portal-based authentication and redirection of Wi-Fi enabled smart phones and devices.
  • BroadHop was founded in 2003.
  • In 2010, BroadHop introduced its open policy management and control platform designed for intelligent broadband services and mobile data and application delivery. The company's Quantum Network Suite leverages a virtualized rules engine that enables network-aware mobile data services on an individual basis. Using 3GPP PCRF standards, the policy engine detects and adjusts for mobile core congestion in real time, maximizing session capacity and user quality of experience. Key capabilities include a subscriber balance manager, charging and policy enforcement.
  • BroadHop said its Quantum Network suite enables service providers and solution integrators to use industry standard tools and technologies to create new policy blueprints -- and enable dynamic linking of their proprietary applications to the Quantum Network policy platform.
  • Using the platform, service providers could share real time network status information with individual subscribers, such as smartphone users, informing them of periods when light network loads with lower downloading costs. By seeing their service and network status at a glance, subscribers will be better able to manage their data usage.

Wednesday, December 12, 2012

European Cable Operator Upgrades Policy Control with Procera

Procera Networks announced a follow-on $1.3 million order from a Tier 1 multi-system operator (MSO) in Western Europe. This operator serves broadband subscribers across its countrywide footprint as part of its residential triple play service offerings.

This cable operator first installed Procera PacketLogic 10000 platforms in 2008 and with this order, is upgrading to the PacketLogic 20000 to take advantage of its throughput capacity, massive scalability and high availability features. Procera expects to recognize the majority of revenue from this order in the fourth quarter of 2012, and the first quarter of 2013.

Wednesday, July 18, 2012

AT&T Announces Shared Wireless Data Plans

Next month, AT&T will begin offering shared wireless data plans that let customers share a single bucket of data across smartphones, tablets, and other compatible devices, plus get unlimited talk and text. 

Customers will be able to choose one of the new shared data plans or choose one of AT&T's existing individual or family plans, without a contract extension. There are no changes to AT&T's device upgrade policy, which means customers eligible to upgrade to AT&T's best device price are not required to switch plans. The new plans will also be available for business customers. 

Sunday, July 15, 2012

Network Security in the Mobile Core: Port Scans to Mobile Devices

It’s no secret that the core of modern mobile switching networks is based on the Internet Protocol.  What’s interesting is that simple network attacks that have been largely mitigated at the data center are finding their way into the mobile core networks.  Two examples of this are port scans and TCP SYN floods from the Internet all the way through the mobile core and to the mobile devices themselves.  The scans have the side-effect of waking up thousands of smart phones at once, causing high CPU on the Radio Network Controllers (RNC) and Serving GPRS Support Nodes (SGSN). This in turn may lead to network congestion and even network outages. This article looks at how the mobile core architecture is susceptible to these attacks and suggests strategies for mitigation.

Running without Firewalls

Mobile switching networks are similar to a typical Internet data center with some interesting exceptions.  First, instead of servers at the back end, they have mobile clients (handsets).  While network traffic is typically initiated from those handsets toward the Internet, nearly all operators allow connections initiated from outside the mobile network to come in, for various reasons.  In one example, an enterprising downstream customer had turned a series of smartphone handsets into security cameras which he would rent out to his customers who then viewed them by initiating web connections from outside the network to the handsets themselves.  In that example, the handsets really are operating as little servers.
However, one very significant difference between a typical data center and a mobile network is that instead of there being thousands of servers, the mobile network has millions of handsets.  With 32% of these handsets being smartphones# capable of running multiple applications simultaneously, the number of concurrent connections that the network must support quickly climbs into the tens of millions.  Conventional network firewall technology does not readily scale at this level so many mobile switching networks have been running without them, developing new architectures along the way.

Flow of Network Attacks

A second significant difference is a much larger control plane in a mobile network versus a typical data center.  Control plane signaling is made up of policy control, the auditing of subscriber data and the mobility management of subscribers as they move from one location to another within their home network or roaming to another roaming partner’s network.  While the operator’s policy control and auditing architecture may be fairly modern, the mobility management infrastructure is often a rework of legacy equipment which frequently has scalability issues in today’s usage environment.
Consider the example of a subscriber’s handset in idle mode (PMM-Idle). When a connection initiated from the Internet enters the network addressed to the IP address of the handset, the SGSN will page for address in the last known routing area.  The RNCs servicing the routing area will also page for the handset and the size of the routing area can be as big as a very large city. When the handset is finally located, a signaling connection will be established between the handset and the SGSN. After this signaling procedure, the handset will be in connected mode (PMM-Connected) and at this time data can flow between the handset and the Internet. The overhead of this signaling procedure is what causes congestion in an operator’s network during an attack.
Table 1 - Control Plane response to single port scan packet in the dataplane
RNC Signaling Messages to locate an idle handset Signals Total
Paging messages 2 2
RRC Connection Setup 2 4
Security Function Setup 4 8
RAB assignment 4 12

Table 1 shows that to deliver packet data to an idle mode handset will require approximately 12 signaling messages in the RNC.

Effect of Network Attacks

A multiplier of 12 signaling messages per data connection doesn’t seem like so much overhead, especially when the connection may be long lived and have hundreds or thousands of packets within it.  The above example appeared to be slightly atypical in the sense that:

  • The handset was idle
  • A connection was coming to it from the Internet
As long as this case stays atypical, the signaling event overhead remains inconsequential.  But this is where the network attacks start to cause trouble.  Two common network attacks, port scans and SYN floods, both mimic incoming connections.  Port scans in particular use a range of destination IP addresses as they search for hosts, meaning that they will affect a different handset with each packet.
If a moderately sized port scan of 1,000 packets-per-second gets into the mobile network during busy hour from the Internet, it will trigger a cascade of additional 12,000 signaling messages per second to the RNCs as the network attempts to locate and connect handsets across the network.  SYN floods can have the same effect, but they are typically sent at much higher rates, though with fewer destination addresses.  Both attacks are extremely common and they move the example from the atypical to the pathological. If operators RNCs or SGSNs cannot scale to handle this type of attacks, it may lead to network congestion or outages. And even if these nodes are scalable, it would be unwise to waste precious and expensive radio resources to such attacks.


In IPv4 networks, one method to solve these problems is use network-address-translation (NAT) technology to protect the traffic.  However NAT has its own set of disadvantages.  It is difficult to NAT tens of millions of connections, especially when operators are required to audit address changes.  Also, as networks move to IPv6, NAT is not an option and the handsets again become exposed to the Internet.
The scalability limitations of conventional firewall technology are forcing mobile operators to consider alternate mitigation methods of these attacks.  Some operators have talked about preventing connections coming into the mobile network from the outside, but they are finding that this stance is not acceptable to their subscribers or their internal managed services departments that are relying on incoming traffic to sell services downstream. As operators migrate to a new architecture where voice is data, connections initiated from outside the mobile network may be inevitable.
Other operators are finding new ways to configure a device already in their network to perform firewall services.  High-capacity application delivery controller (ADC) devices, for example, can use the tried and true technique of SYN cookies to defend against SYN flood attacks.  For port scans, the mobile network operators are using dynamic, programmable scripts on the ADC as whitelists against which to compare the incoming connections.


All mobile operators are moving to the new world of LTE, where everything, including voice, is network traffic.   This vision will still rely on radio networks and IP-based control planes that will still be vulnerable to network attacks.  More smartphones will translate to more concurrent connections, keeping conventional firewall technology out of the mobile network.  And, as the networks move towards an all-IPv6 model, network security will become an even greater challenge since 100% of all handset will be visible to the Internet and will be potential attack targets. Expect the current threat situation to project into the LTE environment and for network operators to continue to find more ways to squeeze better network security out of the high-capacity networking devices they already have. 

About the Autho
David Holmes, Technical Marketing Manager, F5 Networks
About the Company
F5 Networks, Inc., the global leader in Application Delivery Networking (ADN), helps the world’s largest enterprises and service providers realize the full value of virtualization, cloud computing, and on-demand IT. F5® solutions help integrate disparate technologies to provide greater control of the infrastructure, improve application delivery and data management, and give users seamless, secure, and accelerated access to applications from their corporate desktops and smart devices. An open architectural framework enables F5 customers to apply business policies at “strategic points of control” across the IT infrastructure and into the public cloud. F5 products give customers the agility they need to align IT with changing business conditions, deploy scalable solutions on demand, and manage mobile access to data and services. Enterprises, service and cloud providers, and leading online companies worldwide rely on F5 to optimize their IT investments and drive business forward. For more information, go to
See our Converge! One Minute Videos


Tuesday, July 3, 2012

Belgacom Looks to Alcatel-Lucent's PCRF for Personalized Services

Alcatel-Lucent has supplied Belgacom with its 5780 Dynamic Services Controller (DSC) that provides the Policy and Charging Rules Function (PCRF) for 3G and 4G wireless networks. This allows Belgacom, Belgium’s leading telecommunications service provider, to offer its mobile subscribers easier-to-understand, personalized service plans and the ability to track billing statements in real-time. Subscribers can now receive real-time usage notifications and access continually updated information about their charges for both national and international data services usage.
Alcatel-Lucent said its solution can dynamically interface with applications such as online video or gaming sites to understand the specific network requirements needed to deliver them to the subscriber with an enhanced quality of experience. It can also be used to optimize network resources, effectively increasing the virtual capacity of an operators’ network.

Luc Defieuw, VP CIS, North, Central and Eastern Europe from Alcatel-Lucent comments: "Many service providers are now investigating how data usage and monitoring solutions can help them manage surging network demand, while reducing costs and providing even more value for their subscribers. With this deployment, Belgacom is putting itself at the forefront of this movement."
The 5780 DSC forms part of Alcatel-Lucent’s Wireless Packet Core solution.

Wednesday, April 18, 2012

Bytemobile Extends its Adaptive Traffic Management System

Bytemobile has extended its Adaptive Traffic Management System for ensuring quality of experience (QoE) in mobile networks with two new products for 3G and 4G networks.

Introduced last year, Bytemobile's T3100 Adaptive Traffic Manager, which was the first product in the series, is an in-line platform designed to automatically adapt and manage all mobile IP traffic based on real-time network conditions. The NEBS Level 3-compliant platform integrates a combination of network elements for caching, load balancing, deep packet inspection (DPI), web and video optimization, policy control, and analytics. It is designed to be deployed in the core of mobile networks, between the RAN and the Internet.

The new T1100 Traffic Director and the T2100 Content Accelerator provide operators with a seamless single-vendor solution for processing video and web traffic to deliver increased network efficiency and the best possible user experience under all network conditions.

The T1100 Traffic Director is designed to deliver the intelligence and performance required to scale next-generation networks and applications. It is a flexible application delivery controller – powered by Citrix NetScaler and custom-built for deployment with Bytemobile’s Smart Capacity platforms. It provides a seamless exchange of information to intelligently distribute traffic load at all times, resulting in higher availability, greater throughput and simplified operational management. The T1100 also features advanced Citrix NetScaler TriScale technology, including new clustering capabilities that enable multiple appliances to work as a single system so overall network capacity can scale from just megabits/sec to terabits/sec.

The T2100 Content Accelerator is an intelligent caching appliance. Because of its seamless integration with Bytemobile’s two Smart Capacity platforms, operators can add the T2100 to existing traffic management deployments and immediately begin accelerating the multimedia experience by bringing streaming video and audio closer to the subscriber.

Bytemobile noted that more than half of all mobile video and audio content can be served from cache. As a result, the T2100 immediately accelerates the video user experience for more than 50% of an operator’s subscriber base, while also enhancing the experience for the other half through resulting improved network capacity.

Monday, January 16, 2012

Procera Launches 100G Intelligent Policy Enforcement

Procera Networks launched its new 100GE-capable Intelligent Policy Enforcement (IPE) platform.

The PacketLogic 20000 boasts a capacity of 320Gbps per system and up to 5 Tbps per cluster, with support for up to 72 ports of 10GE and four ports of 100GE interfaces. The PL20000 is a 14/15RU AC/DC combination system.It supports up to 10 million active subscribers and 120 million active flows, with the ability to enforce services and collect charging information on every active flow in the system.

The new system is designed to work Procera’s PacketLogic Subscriber Management System to rapidly create innovative, sticky service offerings based on business analytics provided by the PacketLogic Report Studio. The PL20000 supports a full suite of policy enforcement capabilities, from content-aware service, congestion management, traffic prioritization, application-layer shaping, volume-based shaping, traffic steering and/or mirroring, and captive portals

Procera said one of its key differentiators is to provice radically simple tools to enable service providers to create personalized services – from the analytics tools of PacketLogic Report Studio to the customer-defined Virtual Services, plus easy-to-create charging and service policies on the PacketLogic Subscriber Manager. The goal is to enable operators to create and define services on-the-fly, without requiring signature updates or new software.

“As consumers continue to be more dependent on their broadband connections, the stress on broadband networks will continue to grow. Even though the PL20000 system performance shatters industry benchmarks, the biggest leap forward for the PL20000 is the ability to utilize the solution for personalized service creation at a scale never before possible for broadband operators of all types,�? says Cam Cullen, VP of Global Marketing for Procera.

The PL20000 will be available in Q2 2012 for customer shipments.

Sunday, November 27, 2011

Amdocs Delivers Pre-Configured "Data Experience Solution" for 3G/LTE

Amdocs introduced a pre-integrated policy and charging solution to help operators rapidly deploy new data services. The Amdocs Data Experience Solution is a unified hardware and software system that pre-integrates a policy control and charging engine with product catalog and subscriber management functions.

Leveraging network and policy control assets of Bridgewater Systems, which Amdocs acquired earlier this year, the Amdocs Data Experience Solution features single, synchronized service definition and creation through the Amdocs Enterprise Product Catalog. This provides rapid configuration and extension of pre-configured market offers. It uses standards-based interfaces and features multi-vendor interoperability for ease of deployment into 3G and LTE network environments. Productized APIs (application programming interfaces) enable a single point of integration into provisioning, notification, billing and self-care environments.

Amdocs notes that the underlying product technology of this solution has been production-proven in leading service provider networks serving more than 100 million mobile subscribers.

Pre-configured market offers in the Amdocs Data Experience Solution include:

Tiered Services: Innovative data plans based on a combination of time, volume and application that provide new monetization capabilities (for example, targeted social networking or business data plans).

Shared Wallet: A common data quota that can be shared across a family or enterprise with unused quota diverted across plan members and devices in real time.

Up-sell Capabilities: Temporary add-on services that can be automatically offered and provisioned, such as data roaming or bandwidth boost, to increase ARPU.

Bill Shock Prevention: A personal usage limit with advance notifications that can be easily set by customers for increased transparency and data experience satisfaction.

Data Pass: Temporary data access that can be offered and provisioned quickly, such as a 24-hour roaming data pass.

Pay - Per-Use: Convenient access to data services that are paid for as they are consumed (as opposed to a monthly plan).

In addition, Amdocs provides network control and subscriber management capabilities pre-integrated and configured, including:

LTE Data: Support for next generation 4G services that feature guaranteed quality of service for a superior data experience.

WiFi Offload: Transparent offloading from 3G to WiFi which allows service providers to better manage network congestion.

  • In August 2011, Amdocs completed its previously announced acquisition of Bridgewater Systems for CAD$8.20 per share in cash, for about CAD$211 million, or CAD$139 million net of Bridgewater's cash, in aggregate.

    Bridgewater Systems developed pre-integrated solutions for mobile and converged operators. Its portfolio includes Service Controller (AAA), Policy Controller (PCRF) and Home Subscriber Server (HSS), anchored by a common identity and device management system. Amdocs offers business and operational support systems, service delivery platforms, and professional services for network operators. The company generated approximately $3.0 billion in revenue in fiscal 2010, Amdocs has over 19,000 employees and serves customers in more than 60 countries worldwide.

Wednesday, November 16, 2011

Aruba Networks to Acquire Avenda Systems for Network Security

Aruba Networks agreed to acquire privately-held Avenda Systems, a developer of network security solutions for connecting personal mobile devices to business networks. Financial terms were not disclosed.

Avenda Systems offers an identity-based policy engine that helps corporate networks maintain security where employees bring their on device. Avenda's eTIPS solution and complementary applications provide a scalable identity-aware network access security platform that offers role-based policy control, differentiated access, endpoint health checks, managed guest/contractor access, extensive per-user reporting, and enforcement options.

“This acquisition is fundamentally about arming our customers with a simple, cost-effective and device-agnostic approach to connecting and securing BYOD users,�? said Hitesh Sheth, chief operating officer at Aruba. “Legacy networking vendors have struggled to deliver a purpose-built solution for today's mobility age. Faced with the BYOD phenomenon, IT departments need to deliver policy and control to a wide range of mobile devices and PCs over their existing networks. Together, Aruba and Avenda are poised to deliver the ideal answer.�?

  • Avenda Systems was founded in 2006 by a group of ex-Cisco engineers (Krishna Prabhakar and Santhosh Cheeniyil). The company is based in Santa Clara, California.

  • Investors in Avenda include OVP Venture Partners, private parties, the United States Department of Defense (DoD), including U.S. Air Force and Missile Defense Agency, and Department of Homeland Security.

Tuesday, November 15, 2011

Bivio Adds 1 Gbps Network Content & Control Platform

Bivio Networks has expanded its line of deep packet inspection appliances with a 1 Gbps, entry-level product.

The new addition to Bivio's family of Network Content and Control Systems (NCCS) expands the portfolio of carrier-grade, subscriber-based parental control services to small and mid-tier ISPs and mobile operators. The Bivio NCCS ensure accurate policy enforcement across multiple devices such as laptops, tablets and smart phones. The company said its distinguishing features include a best-in-class URL categorization database coupled with global or per-subscriber white-lists/black lists for protecting end users from inappropriate content.

"As Internet traffic continues to soar, broadband and mobile providers are finding it increasingly difficult to scale the infrastructure to enforce services such as parental control. Bivio is dedicated to helping service providers meet this demand head-on with a carrier-grade, safe Internet platform that is built for the carrier environment, and is both cost-effective to deploy and cost-effective to scale,�? said Dr. Elan Amir, President and CEO of Bivio Networks.

Sunday, November 13, 2011

Procera Develops Analytics Tool

Procera Networks, which offers its PacketLogic intelligent policy enforcement platform to carriers, introduced a report generating analysis package. The PacketLogic Report Studio provides insight into network traffic for capacity planning, marketing analysis, etc. It generates reports using data gathered by the PacketLogic Intelligence Center as well as from external sources.

Procera's reports add value by providing snapshots of network and subscriber behavior over a specific time period or over specific links, said Cam Cullen, Procera's Vice President of Global Marketing. For example: "How many subscribers in Manhattan are heavy Facebook users and would be candidates for a 'Facebook for Free' plan, and what would my financial exposure be based on their data consumption?"

Wednesday, November 9, 2011

MSF Releases Voice over LTE White Paper

The MultiService Forum (MSF) has published a whitepaper on its recent VoLTE (Voice over Long Term Evolution) Interoperability Event held with Vodafone and China Mobile.

Over 65 network elements from 19 participating vendors were tested by 60 test engineers using 200 pages of test plans during this three-week event. The test scenarios included 89 test cases and 561 scheduled tests based on different vendor combinations.

VoLTE calls and MMTel services were successfully completed within each host site and between host sites to demonstrate network inter-connect. LTE Roaming between host sites was successfully demonstrated with Diameter Routing Agents (DRA), enabling dynamic policy control between home and visited networks. Multi-vendor testing of UE, eNodeB, SeGW, EPC, IMS/MMTEL, DRA and PCC technology was conducted at each site.

The White Paper discusses the results of the VoLTE IOT event and identifies specific interoperability issues. All issues related to standards specifications were communicated to relevant organizations. It is important to identify and understand the factors that limit interoperability with commercially available equipment, from both a vendor and operator perspective. Vendors benefit from improved commercial viability of products and operators increase awareness of any interoperability issues relevant to vendor selection and deployment strategy.

“The MSF's event has demonstrated the growing degree of compliance with VoLTE definitions and the extent to which interoperability of implementations across the vendor community has progressed,�? said Dan Warren, Senior Director of Technology at the GSMA. “Not only was the testing itself a success, but the feedback from the event can be used to improve the specification of VoLTE and make sure that the level of interoperability in future products is even better than that demonstrated at this event.�?

The MSF will be partnering with ETSI and GSMA for a second VoLTE IOT event in 2012. The MSF also intends to focus on Rich Communication Suite and EPC conformance testing during the forthcoming year.

The 60-page whitepaper is available online.

Monday, October 24, 2011

Symantec Delivers Hosted, User-defined Security Controls with Partners

Symantec is partnering with Tekmark Global Solutions and Centri Technology to deliver hosted, user-defined security controls that will enable communication service providers to offer their mobile subscribers the ability to improve their safety online, even when roaming across operator networks or using Wi-Fi access.

Symantec Accelerated Next Generation Network Protection (NGNP) is a hosted service for network operators. By using a software client on each protected mobile device, traffic can be filtered with multiple levels of configurability for content controls, such as identifying certain URLs or groups of URLs to allow or block, creating a walled garden and inspecting web downloads for malicious content. For instance, user defined parental controls can be configured for specific website access, inappropriate links or for time-of-day controls. For enterprises, global or departmental website controls and reporting are enabled.

Centri supplies data acceleration technologies. Tekmark's expertise lies in developing and integrating information systems, operating and improving technology and business processes, and helping clients evolve to the next generation of technologies.

  • In October 2010, Symantec introduced its network-based policy control and enforcement solution that enables communication service providers to dynamically apply user preferences in a consistent fashion to a variety of services. Such a value-added service would protect smartphone users from the growing number or online threats. It could also enforce parental controls, such as time-of-day usage or inappropriate vocabulary, on texting usage by children.

    For example, a parent may choose to disable texting functionality for their child's phone during school hours or at night. Or, a corporation might disable photo sharing from mobile devices for their employee base. Symantec Next Generation Network Protection will also provide data retention capabilities to aid with regulatory requirements and usage analysis. Compliance with local regulations is simple with Symantec assisting in the archiving of mobile messaging and Web access logs, storage of content and traffic information, mobile data traffic management and an audit history.

    Symantec said it will be able to provide flexible, customizable policy features from the network.