Product: BNTC Software - Bandwidth Splitter
Have you ever wished that ISA Server/TMG gave you even more control over Internet traffic? Would you like to be able to set bandwidth speed limits for individual users, groups of users, or computers? Would you like to be able to set restrictions on the amount of bandwidth a user or computer can use per day, week or month? Now you can do all of that and more with Bandwidth Splitter from BNTC Software.
Whether you have a small organization with only a few users or you need to manage usage for thousands, this product can give you the type of control you need to reduce the cost of Internet services and keep users from eating up excess bandwidth. I recently installed it on both a testbed network and our small productivity network, and I was impressed with the ease of installation, simplicity of use and powerful features. You can take it for a test drive (limited to 10 users) free; just download the zip file for the appropriate version here.
Why do you need it?
TMG allows you to create rules governing Internet access, but the focus of TMG’s rules is security. You can monitor bandwidth use of individual users with TMG’s logs but you can’t do anything to control it, short of completely denying access for the offenders. Bandwidth Splitter enables you to create rules that can save you money on Internet services charges, and/or make users’ Internet experiences better by “spreading the wealth” more equally so that a few users aren’t able to hog all the bandwidth. If you’re purchasing bandwidth by the megabyte or gigabyte, control over user bandwidth allocations means tighter control over spending. Even if your ISP provides “unlimited” bandwidth (which is becoming more rare all the time), you can use these controls to restrict users from wasting excess time on the Internet, resulting in greater productivity and once again having a positive impact on the company’s bottom line.
Bandwidth Splitter can be installed on any Microsoft’s ISA Server version. It can also be installed on Forefront Threat Management Gateway (TMG) 2010. When you install it on TMG, you must first have SQL Server Compact 3.5 SP1 installed on the TMG server. If you don’t, you’ll get a message requiring you to quit the installation process and install it before you can proceed. You can download SQL Server Compact 3.5 SP1 here.
A small quirk (of SQL Server Compact, not of Bandwidth Splitter) is that you’ll need to download both the 32 bit (x86) and 64 bit (x64) .msi files and install them in that order. Since TMG is 64 bit only, it needs the x64 version, but you have to install the x86 version before you’re allowed to install the 64 bit. SQL Server Compact is used to store the Bandwidth Splitter databases. One database, which contains the quota counters, is mandatory. You can also have a second database to store bandwidth usage statistics for reports.
You’ll find more detailed system requirements on the download page. If you’re running antivirus/antimalware software on the ISA or TMG server, be sure to check out the considerations here.
I installed Bandwidth Splitter v. 1.34 on Microsoft Forefront TMG 2010 v.7.0.8108.200 Enterprise Edition. The installation was wizard-based and straightforward, except for the issues mentioned above regarding the requirement to install 32 bit SQL Server Compact and then the 64 bit version. Bandwidth Splitter integrates itself nicely into TMG. Once it’s installed, a Bandwidth Splitter node appears in the left pane of the TMG management console, as shown in Figure 1. However, if you had the TMG console open during installation, you’ll need to close it and reopen it to see the Bandwidth Splitter node.
Figure 1: A Bandwidth Splitter node is added to the TMG management console’s left pane
If you’re installing Bandwidth Splitter on an ISA or TMG array, you have to install it separately on each array member.
Creating rules with Bandwidth Splitter
You can create two types of rules with Bandwidth Splitter:
- Shaping rules, which control which users can access which resources at what speeds, at what times.
- Quota rules, which control the overall usage allowed per day, week or month, or without time limits.
You really have a lot of flexibility, as you can set schedules so that a particular user (or group or computer) is limited to a specified speed during one timeframe, but a different speed at a different time. You can even configure different speed limits and quotas for incoming and outgoing traffic. Another nice option is to let users’ or hosts’ bandwidth allocations “roll over” to the next time if they don’t use their entire allocations. I also like that you can exclude the traffic to some specific destinations or during specific times from the usage counters while limiting the traffic to other destinations or during other times.
Creating a rule is simple. Just right click the appropriate node in the left pane of the TMG management console (Shaping Rules or Quota Rules) and click New, and then Rule. This invokes the wizard, with which you can choose to apply the rule to IP address sets or user sets, as shown in Figure 2, where we are creating a new shaping rule that applies to the computer named SEVEN-RC.
Figure 2: You can apply rules to IP address sets or user sets
Next, you select the destinations to which the rule applies. Thus you can control that computer’s or user’s traffic to a particular network, network set or computer. At first I was unsure if you are able to specify times granularly, but with some help, I found that you can select any schedule defined in the array. To do this, you need to create them in the Firewall Policy>Toolbox>Schedules folder. You will then be able to choose them in the shaping rules. The same applies to all rule elements you want to use in shaping or quota rules (user sets, computer sets, etc.).
The next dialog box is where you determine how this rule will function. First you select whether to do no shaping, shape total traffic (incoming + outgoing), shape incoming and outgoing traffic separately; shape incoming traffic only or shape outgoing traffic only. Then you can set the bandwidth limits in kilobits per second (kbits/s), as shown in Figure 3.
Figure 3: Setting bandwidth limits on incoming and/or outgoing traffic is called shaping
HTTP boost lets you set the bandwidth speed higher than normal for downloads from certain types of web pages, so that users who have been inactive for a specified minimum amount of time can work at higher speed, and you can also control the duration of the boost as well as the inactivity period. You set the types of content for which HTTP boost will be used in the Advanced tab of Bandwidth Splitter’s General options.
The next page lets you limit the number of concurrent connections from this user or computer. If you’ve applied the rule to a set of users or IP addresses, you can select whether to assign bandwidth individually to each applicable user/address, or distribute the allocated bandwidth between all of the users/addresses. Finally, you can choose to apply the shaping rule only when the client’s quota has been exceeded. That makes it possible for you to drop the client’s bandwidth speeds, instead of denying Internet access altogether when the quota is reached.
And that’s all there is to it; just click Finish to close the wizard, as shown in Figure 4.
Figure 4: After you complete the wizard, you can review a summary of the rule
Figure 5: Configuring quota rules is just as easy as creating shaping rules
Once you’ve created your rules, they show up in the right pane, as shown in Figure 6.
Figure 6: Your rules are displayed in the right pane of the TMG management console
Quota Counters, Monitoring and Advanced Options
The quota counters node in the TMG management console gives you information about the objects (users, groups, computers) that are subject to traffic quota rules. It shows you the quota rule(s) applied to the object, how much of the allocated bandwidth is remaining and the quota reset period. A nice touch is that the administrator can manually change the counter of remaining traffic in the object’s properties.
The monitoring node is nice, too (Figure 7). It allows you to see, in real time, the activity of all clients that are accessing the Internet through TMG, along with the shaping and quota rules that are applied to each. You see the IP address, user name, quota allocation remaining and bandwidth speeds. Unfortunately, you can’t disconnect users through this interface.
Figure 7: Monitoring allows you to see all active users and their connections in real-time
If you want to collect bandwidth usage statistics, you enable that by right clicking the top Bandwidth Splitter node in the TMG console’s left pane, selecting Properties and then the Database tab. Check the box to enable collecting of bandwidth usage statistics, as shown in Figure 8. Note that before you can configure the connection settings for collecting statistics, you need to have the second database and tables set up. Check the documentation for info on how to do that.
Figure 8: You can enable collection of bandwidth usage statistics but you’ll need a second database set up first
When you enable logging of usage statistics, you can create nice reports that can show usage by individual users or IP addresses, filtered by day, week, month, hour, day of the week and so forth. You can generate a report manually or schedule them to be run at specified times, and you can have them automatically sent to you via email.
Figure 9: Sample bandwidth usage report
On the Advanced tab of that same dialog box, you’ll find a number of miscellaneous options that you can configure. For example, you can get a more exact appraisal of header packet size for UDP connections by checking the box to count packet headers. Unfortunately, this isn’t available for TCP connections. This tab is also where HTTP Boost is enabled or disabled (it’s enabled by default) and you can choose whether to treat connections from the External network as accepted/inbound. You can also choose here to deny connections when no quota or shaping rules exist (this is turned off by default and probably should stay that way in most situations, but it’s nice to have the option).
An important factor with any essential software is the ability to get back up and running if something happens to your system, and Bandwidth Splitter lets you save its configuration to a file so you can easily restore it. Quota counter values aren’t exported, but the general settings, shaping and quota rules and rule details such as user sets, network objects and schedules are.
Bandwidth Splitter is all about options. It seems the makers of Bandwidth Splitter have thought of every contingency, so that you can make exceptions when necessary without jumping through a lot of hoops. I like the simplicity with which you can set up sophisticated rules that give you fine tuned control over bandwidth usage, and a graphical interface that is integrated into TMG and does exactly what a GUI should do: makes most tasks so intuitive that you don’t even need to consult the documentation.
It’s not often you find a program that combines such simplicity of use with such complexity of function. If you’ve been wishing ISA/TMG allowed you to go beyond security and provide more control over Internet usage, Bandwidth Splitter fits the bill. I had no trouble at all giving this product the Gold award.
ISAserver.org Rating: 5/5
Get more information about BNTC Software - Bandwidth Splitter