View
1.176
Download
2
Category
Preview:
Citation preview
For audio, please dial into +1 (415) 655-0069, conference code is 784-532-544
Migrating from Akamai to Incapsula What you need to know
Tim Matthews – VP Marketing, Incapsula
Andrey Shkanov – Lead Solution Manager, Incapsula
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544 3
Agenda
• Overview of Incapsula
• Comparing the two platforms
• The Migration – Planning for the Move – Transitioning Platforms – Configuring Incapsula
• Lessons Learned from the Field
• Q & A
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
Incapsula Overview
4
Performance Security Availability
Solving Top Operational Problems
Delivered from the Cloud
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
Incapsula Application Delivery Cloud
5
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
How Incapsula Works
6
By routing website traffic through the Incapsula network, malicious traffic is blocked, and legitimate traffic is accelerated.
Incapsula Network Your Website Legitimate Traffic
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544 7
…what should you expect
Comparing Akamai and Incapsula…
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
The Incapsula CDN Model
8
Analyzes website content automatically optimizing performance by determining • What is cacheable (static AND dynamic content) • How long to cache it • What resources are frequently used, prioritizing their delivery
Web Server
Website Visitors
Incapsula Content Delivery Network
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
Comparing Basic Functionality
9
Functionality Imperva Incapsula Akamai CDN Kona Site
Defender (KSD) Akamai Prolexic
Website Security ü ü DDoS Protection ü ü ü CDN ü ü Load Balancing ü ü
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
Website Security Comparison (Incap vs KSD)
10
Proprietary, Gartner Magic Quadrant-leading, PCI-compliant Web Application Firewall (WAF) ü û Access Control (white/black listing) ü ü IP reputation-based monitoring system ü ü API integration ü ü Client classification algorithms to mitigate advanced bots ü û Transparent, progressive challenges for minimal user impact and reduced false positives ü ü Backdoor protection to guard against malware infection ü û Two factor authentication to prevent breach by stolen passwords ü û Self Service Customization of security rules ü û 60-second security rule propagation ü û
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
DDoS Mitigation
11
Features Incapsula Akamai KSD
Akamai Prolexic
Protection of Origin IP Address from DDoS ü ü Always on detection and mitigation ü ü Client Classification for low FP ü Real time Attack Monitoring ü Instant custom security rule propagation ü Protected Assets
Websites (HTTP/S) ü ü ü Customer Managed DNS Servers ü ü Infrastructure Protection for Network protocols (per subnet) ü ü Infrastructure Protection for Network protocols (per IP Address) ü
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544 12
Video Streaming and File Server Use Cases
• Akamai supports a wide variety of CDN use cases including – Video streaming – Large static file serving
• Incapsula does not support Video streaming or large static file use cases
• Incapsula can be deployed for DDoS Proteciton in addition to Akamai’s CDN
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544 13
Custom Application Delivery Rules
Incapsula does not currently support some of the custom application delivery rules present on the Akamai system including:
Supported • Always cache (by URL is | is not | contains) • Never cache (by URL | is not | contains)
Unsupported • Redirection rules based on cookies and headers • URL rewriting • Response manipulation
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544 14
Making the Transition Starts with Proper Planning
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544 15
Scoping out your Incapsula Migration
• Incapsula uses many of the same sizing metrics as Akamai including – Number of sites to be protected – Aggregate bandwidth – Add-on functionality (load balancing, DDoS protection, two factor authentication, etc.)
• Customers can map their Akamai deployment directly to Incapsula but with significant cost savings
• All solutions will be delivered from a single user interface
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544 16
Making the Switch
• Migration happens in minutes via a simple DNS record change to route traffic to the Incapsula network.
z
Your Website Legitimate Traffic
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544 17
Application Preparation – SSL and Origin IP Tracking
SSL • Bring your own or have Incapsula partner generate • Be careful of SSL pinning
Origin IP Tracking • Akamai users wishing to see client IP addresses “through” their CDN
use a header called “True client IP” • Incapsula supports this header, X-forwarded for and a proprietary
header called Incap-client-IP in order to preserve client origin IP address visibility
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544 18
Custom Security Rules Configuration
• Incapsula has a custom rule engine called “IncapRules” which can be used to create very complex security rules
• IncapRules can be used to replicate any custom security rules that need to be migrated
• This process is currently not automated but our managed service team can be used to port the rules over
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
Lessons Learned 1 – Deploying Side by Side with Akamai
19
• Incapsula provides DDoS, WAF, and Dynamic Acceleration
• Akamai provides CDN for Static Content
• Decouple content from Website
• Need to segregate resources
International Stock Exchange
Incapsula
Your Website
Akamai CDN
Content Caching DDoS Mitigation • WAF
Bots
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
Lessons Learned 2 – Akamai Replacement
20
• Incapsula provides DDoS, WAF, CDN (Static + Dynamic)
• Added load balancing for reservation system failover
• Custom security rules created for bot issues – fast propogation was key
• Watch DNS zones versus web properties
U.S. National Hotel Chain
© 2015 Imperva, Inc. All rights reserved. For audio, please dial into +1 (415) 655-0069
conference code is 784-532-544
Lessons Learned 3 – Akamai Replacement
21
• Incapsula provides DDoS, WAF, CDN (Static + Dynamic)
• Load balancing for availability/performance
• 12 global sites – Onboard 4 sites per week, total of three weeks – Traffic cutover in maintenance windows
• Ease of management key for large number of properties globally – Permissions set for regional teams to manage their properties
Global Toy Manufacturer
© 2015 Imperva, Inc. All rights reserved.
Q&A
22
For a free trial of Incapsula, visit us at: www.Incapsula.com
Recommended