Since the posting of our recent case study, Revera Improves Customer Service with Sinefa's Application Visibility in the Cloud, we've had many inquiries about how Managed Service Providers can use Sinefa's technology to give their customers deep visibility into their traffic and expose these reports via a Customer Portal. The most common questions asked are about high level topology and configuration. e.g. how do we set this up? So I thought I'd summarize my answers to these questions in this blog post.
1. Deployment Options
The most important rule to remember when considering a Sinefa deployment is that there aren't really any rules... there are numerous deployment options, some work better in certain environments than others. At the core of a Sinefa deployment is the Sinefa Instance. This is software that needs to be deployed inside your network to perform the collection, classification and processing of flows, prior to sending the information up to our cloud service or your own Self Hosted Controller. The Sinefa Instance software can be deployed in several ways:
2. Flexible Deployment – Collection Method
The most important thing to consider is that the Sinefa Instance software needs to either see the traffic or receive information about the traffic flows... we call this the "collection method". Here are some examples:
The main advantage of the Sinefa Instance software seeing raw traffic is that it can perform full layer 7 classification of the traffic. This is not always required though as some 3rd party devices are also capable of exporting L7 classification information.
3. Flexible Deployment – Collection Location
The next consideration is where the traffic is observed (which part of the network), this is called the "collection location". Here are some examples:
- Network Core / Aggregation Points
- Points of Presence (POPs)
- Provider Edge
- Customer Premises Equipment (CPE)
Not all collection methods are practical or even possible at all collection locations.
4. Extracting Customer's Data
The next step is to determine how each customer's data can be extracted. If the Sinefa Instance software is collecting data at an aggregation point or at a point in the network where traffic from multiple customers is observed, we need a way to be able to allocate flows to their respective customers. We call this "customer segmentation", and Sinefa is able to segment on almost any property of the flow. For example, IP address, VLAN tag, MPLS label, etc.
Once traffic is segmented into flows belonging to their respective customers, Sinefa treats that data separately from all the other customer's data. It's like each customer having their own private Sinefa Instance.
5. Presenting Reports to Customers
You can choose to use the Sinefa hosted, cloud-based UI, and let us manage this for you or you can choose to host the UI internally with our Self Hosted Controller and mange it yourself. Either way, your customers have access to the full suite of reports and functionality.
You customers will each have their own account, which they can log in to view their reports. Each account can have multiple users so your customers can invite or add any number of users from their organization. Each customer account is totally separate from every other account so your customers only ever see their data.