Identity Context Driver from 128 Technology (1)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
welcome to the windows icd driver demo let's look at the demo setup in this demo we have a windows client installed with icd driver whose default gateway is a 1280 router and through the 128 router the windows client can access a windows server which is an internal network or the internet for various apps it could be a o365 app teams onedrive and whatnot in this demo there are two users a doctor and a nurse who logs in to the same windows client device and accesses various network resources it's very important to understand it's the same windows client device there's no way to distinguish them except for their username we'll see how 128 router can monitor network activity and apply policies on a per user and per application basis in a very simple and powerful manner in this section of the identity context driver demo we will show how to install the driver the first step is to acquire the identity context driver msi installer and open it up next we agree to the license terms on this page we're presented with a couple of different options that define the behavior of the identity contacts driver the first two fields define the ip address range in which the driver operates for a typical setup we'll activate the driver on all outbound network traffic so we need to change the ip netmask to 0.0.0.0 this will force the driver to attach metadata on all outbound network traffic the next field is a unique identifier for this particular device this id is one of the fields supplied in the outbound packet metadata we'll allow the user to manually set it if needed but we recommend using the auto generated id for a first time install which is what we'll do in this case finally we have an option of specifying whether or not to turn on hmac signing of packet metadata if on we can enter a key that allows the router to verify the authenticity of incoming packet metadata but let's leave it off for now so once we're done with this we can click next next hit install [Music] click finish now restart the system and we're good to go now let's start monitoring the network activity let's log in as a doctor and open up some applications let's say we open up microsoft teams it's up let's open up let's say a weather app for that matter to look at the weather that'll reach out to the network and then maybe outlook so it can talk to the o365 servers now let's see what the 128 routers have to say about this this is the 1280 portal where you can see now the weather app which we just opened up and a bunch of other background apps which are accessing the network which we did not even open up there's a background task host there's a teams there's svc host so this gives you an insight into each and every application that accesses the network now let's take a look at each of the fields the sid is a security identifier which determines the user then you have the device id which is the device talking to the network the domain name which is azure id windows 10 client username doctor nurse you'll see the nurse soon and of course the application name and the priority and the classification we're going to give it to it so in short what is this this is nothing but the windows task manager for all network applications but on the 128 router so the 128 router has insight into the network activity on a per user and per application basis and can make network decisions in a very simple and powerful manner now let's log in as a nurse so we already have teams in the weather app running so let's open up maybe chrome and then let's make sure it has access to the [Music] internet let's ignore the news for now and let's see what the 128 router has to report what do we have here so you have one drive you got the update traffic then you have the search ui so there's a lot of applications accessing the network from the nurses account and we may not be aware of some of those applications too but with icd we will be able to monitor the network activity of each and every application and apply the right policies to it now let's take a quick peek at what the doctor is doing the doctor is happily accessing the weather app the teams is running so a lot of applications are running in the background for the doctor so now you can see that two users from the exact same device with the exact same ip addresses have been distinguished here and various different policies could be applied to it that's what we're going to see in the next section okay let's start applying some network policies now for this demo we have a network share service now this service is going to be used by both the doctor and the nurse to pull down large files and then we'll apply different policies to the doctor to show how on a per user per application different policies can be applied now this network share application is a tcp application and it is going to the windows server address which is a private address for now and we can look at the ports for the tcp which would be essentially four four five one three nine and eighty one that doesn't matter but this network share service is given access to a doctor and a nurse those are two different tenants which are giving access to the system can be ignored for a moment the most important ones are the doctor and the nurse okay now that the service has been defined let's go and see how we can influence the priority on the service so for this we use the identity context configuration we've created something called the doctor network share now what does it do this says match on the domain name and an application name we pick chrome for now let's say we download it from using chrome so here you have the windows 10 client which is the domain name and the doctor which is username which is matching on the chrome application and we've given it the highest priority and highest dhcp marking so the exact same service but two different users where the doctor user is given a higher priority than the nurse user so that's what this identity context configuration does now let's see how this materializes first we have logged into the nurses account to start the file download so the file is downloading and you can see there's a pretty good speed of 700 to 800 kp per second please keep that in your mind because we'll come back to it soon now let's take a look at the 128 router side of things here we can see that the nurse is getting best effort treatment for the service network share because there was no classification applied for the network share and hence it's getting the default treatment if you take a look at the network charts we can see that the nurse is downloading file at around 700 to 800 kb per second which is given the best effort treatment which is the same file download rate which we saw earlier in the nurses account now let's log into the doctor's account and start downloading the file so here we're going to same server which the nurse had gone to and it's now going to download the file so here also we see around 700 to 800 kb per second which is great we want the doctor to have the highest priority but let's see whether it affected the nurse because the capacity of the link is only 1 mb now logging in back as a nurse let's see what the download rate has gone down to oh it's gone down to around 40 to 50 kb per second see that's the difference nurse has only best effort traffic priority while doctor has the highest priority so you can clearly see how the doctor's traffic from the same application to the same destination is given higher priority now let's take a look at the 120 side of things you can see how two different users the same application going to the same service is given different priority this is just not possible in normal networking with windows icd you're able to give this priority and prioritize traffic you can clearly see here that initially the best effort traffic was there around 720 kb per second then once the doctor starts downloading the file his traffic took over because that was higher priority than the nurse's traffic which is running at a mere 50 to 60 kb per second so simply based on the user and the application we were able to prioritize traffic which is very powerful thank you for watching the demo hope you'll adopt windows icd and 120 router to make your network smarter
Info
Channel: 128 Technology
Views: 554
Rating: 5 out of 5
Keywords: 128technology, IDC, Windows, SDWAN
Id: NYl8cNWQW4Q
Channel Id: undefined
Length: 9min 59sec (599 seconds)
Published: Mon Aug 17 2020
Related Videos
128 Technology Networking Platform Overview
Tech Field Day
2.8K
Deploying services with the 128T Conductor
128 Technology
741
128 Technology Why Tunnel Free is Better and How We're Different from Legacy Overlays
Tech Field Day
1.4K
How to avoid death By PowerPoint | David JP Phillips | TEDxStockholmSalon
TEDx Talks
3.5M
128 Technology Solution Overview
Tech Field Day
1.4K
128 Technology Networking Platform and SD WAN
Tech Field Day
2.7K
UDP and TCP: Comparison of Transport Protocols
PieterExplainsTech
1.1M
Introduction to Session Smart Routing
128 Technology
2.4K
Top Windows 11 new features | The best Windows 11 Tips and Tricks for 2021
Mike Tholfsen
90K
iOS 15 Settings You Need To Turn Off Now
Payette Forward
3.3M
Inside a Google data center
Google Workspace
19M
But what is a neural network? | Chapter 1, Deep learning
3Blue1Brown
9.9M
Fusion 360 Tutorial for Absolute Beginners— Part 1
Lars Christensen
2.4M
A old man's advice
Bernard Albertson
9.2M
HOW TO Level your LAWN FLAT. Topdressing
Connor Ward
236K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.