Upload
rinky25
View
1.272
Download
0
Tags:
Embed Size (px)
DESCRIPTION
Citation preview
Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service names are the property of their respective owners.
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Application Delivery NetworkingAshok Parmar2nd July 2009
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Agenda
Why we need a new approach
Application Delivery Networking Defined
The ADN pillars:
– Visibility
– Acceleration
– Security
Blue Coat ProxyClient
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Rationale
© Blue Coat Systems, Inc. 2009. All Rights Reserved.4
New Business Drivers Demand New Technology
– Consolidation– Information control to
reduce risk– Eliminate remote
resources
– Tele-working
– Dispersed field teams
– External partnerships
– New territories for more reach
– WW Partnerships
– Regional information needed
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
End Users and Applications are Changing
5
SaaS
Web 2.0 & Mash-Ups
Remote Offices
WAN and Internet
Mobile Users
Enterprise Datacenter Consolidation
Unified Communications
VideoIP TelephonyMessaging
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
The Connectivity Layer is Poor at Delivering Applications
The connection network:– Doesn’t know what
applications are running across it
– Has limited knowledge of users and content
– Can’t tell what is malicious and what isn’t
– Can’t control mission critical applications
6
A New Kind of Layer is Required…
SaaS
Web 2.0 & Mash-Ups
Remote Offices
WAN and Internet
Mobile Users
Enterprise Datacenter
ConsolidationUnified
Communications
VideoIP TelephonyMessaging
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Application Delivery Network
7
Application Delivery Network
Connectivity
Application Servers
End Users
WAN Optimization
Secure Web Gateway
Application PerformanceMonitoring
Sees Users,And information
Sees connections and packets
Sees information
Sees & Controls EVERYTHING
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Application Delivery Network
8
Connectivity
Sees Users,And information
Sees connections and packets
Application Servers
End Users Sees information
Sees & Controls EVERYTHING
Application Delivery Network
End-to-End User Experience Control
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Application Delivery Networking Blue Coat has moved beyond just Security or
Acceleration– Enable fast, secure access to Key Applications
regardless of location
Gartner recognizes this as Application Fluent Networking
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
The Demo Components
Blue Coat ADN demo network
Internet
NAT RouterWireless Router
PS900ProxySG 210 ProxySG 210
VMWareServers
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Visibility
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
See: Application Performance Monitoring
See Accelerate Secure
Discover All Application Traffic600+ apps, good & bad, sub-classify within complex apps / HTTP
Monitor User ExperienceMeasure & alarm, SLA compliance, VoIP metrics, integrate with tools
Troubleshoot Performance IssuesIsolate delays, connections, host/app performance, capture & analyze
Resolve Issues, Pre-empt ProblemsFix performance issues with Acceleration & Control – before users call
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Visibility
PacketShaper shows ALL traffic on network L7+– TCP and UDP based applications can be identified
– Granularity down to individual flows
Application traffic can be controlled– Bandwidth consumption limits
– Quality of Service
– Network resources reserved for Critical Applications
Extensive Reporting Available– Bandwidth
– Reponse Times
– Network Efficiency
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
The Class Tree
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Line graph displays Inbound and Outbound rates at the current time (now) and tracks the rates over the last three minutes.
Displays real-time rates for Inbound and Outbound links
Speedometer-like gauge displays the real-time rate for each link, and the needle on the gauge dynamically updates as the rate fluctuates.
RealTime Graphs - Link View
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Allows the user to view real-time utilization for multiple traffic classes (applications). With this graph, up to 10 classes can be displayed.
RealTime Graphs - Application View
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Control
Power and flexible set of control features– Partitions
– Dynamic Partitions
– Priority policy – P7 (max) thru P0
– Rate Policy
– Class Licenses/Flow Limit
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Which Policies Should You Use?
Depends on the application profile
– Rate Policies - medium to longer lived flows, bursty applications or flows that need a minimum guarantee.
HTTP, Email, Lotus Notes, NetBIOS-IP, FTP, P2P, Citrix, etc.
– Priority Policies – Short lived flows, some UDP and flows where a minimum rate is not needed.
Telnet, tn3270, Games, chat tools, IPSec, some short lived UDP flows, etc.
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Host Analysis Table
Click on IP address for detailed flow information
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Flow Analysis Table with info
Click on IP address for detailed flow information
Click on NetBIOS for other host host with NetBIOS flows.
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Acceleration
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Accelerate: WAN Optimisation for All Applications
Internal Bulk Applications
External Applications
Real Time Applications
Storage ConsolidationFile AccessEmailIntranetBackup & Data ReplicationImage Distribution
Video & Multi-MediaBusiness Web Software as a Service (SaaS)Recreational (Contain)Malicious (Stop)
VoiceVideo ConferenceReal-Time TransactionsThin Client & RT Virtual
See Accelerate Secure
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Acceleration
Proxy SG allows Acceleration by various methods– Caching / Pipelining for Web Content
– WAN Optimisation for all TCP traffic
– Removal of unwanted traffic via security controls
Single device for Forward or Reverse Proxy
Multiple devices allow WAN Optimisation
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Acceleration – Object Caching
Client served from local cache
100% acceleration – no data across WAN
Works on second, and all subsequent requests
DATACENTER
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
ProxySG implements Object Caching for six protocols:
HTTP
FTP
Windows Media Streaming
Real Media Streaming
CIFS (Windows File Sharing)
HTTPS (when SSL-Interception is used)
Object Caching
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Traffic Mix
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Activity and Gains
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Visibility – Object caching single side ProxySG
First Run
Second & Third Run
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
WAN Optimisation
All TCP traffic can be optimised– Volume of Data Transfer reduced
– Latency Effects mitigated
– File locks / permissions always checked
– Bulk protocols show greatest benefit
Real Time Applications controlled by PacketShaper– Citrix / Telnet
– Quality of Service for VoIP
– Also includes UDP traffic
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Why So Slow?! Take the Quiz
A) 0.7 seconds. 45Mbps = 5.625MBps so 4 / 5.625 = 0.7111
Your Network: 45Mbps – yeah, that’s big100ms – yeah, that’s fast
Question: You copy a 4MB PPT File. How long will it take?
Hint: CIFS is a WAN worst-offender.It sends data in 4KB chunks, then waits for an acknowledgement.
B) 200 seconds. 4MB = 1000 x 4KB chunks1000 trips there1000 trips back 2000 trips x 0.1 sec = 200
4K
B S
en
t4
KB
Se
nt
4K
B S
en
t4
KB
Se
nt
AC
K!
AC
K!
AC
K!
AC
K!
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Latency Effects
T1 and no latency
Same file - T1 and 50ms latency
T1 and 50ms latency second and third transfers, same file.
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Protocol Optimisation
10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP
10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP
10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Byte Caching
110111110011100100100101110[REF#1] 00011110001110011000110000010011110000001101111010010[REF#2] 010101010100101000010100
110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100
Byte CachingByte Caching
1101111100111001001001011101111111111111111111111111111111111111111000111100011100110001100000100111100000011011110100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101010101001
01000010100
Proxies “learn” common patterns Create short references and pass those instead Works on all files, all applications over TCP
110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Compression
11011111001110010010010111001100101011101100100001001100111001000001111000111001100011
110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100101010101010010101010101010100101000010100
COMPRESSIONCOMPRESSION
110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010010010101010010101010101101100101100010100
Industry-standard gzip algorithm compresses all traffic Removes predictable “white space” from content and objects
being transmitted
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
WAN Optimisation Benefits
e.g. Mapped Drives - CIFS
File Copy– (Cold) First pass quicker through Protocol Optimisation /
Compression
– (Warm) Second pass even quicker due to Object Caching
– Modified files still copy quickly due to Byte Caching
Actual volume of data transferred reduced
User experience (response times) much improved
Bandwidth appears increased
Further control now possible with PacketShaper integration
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Edge session view
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
SGOS 5.4 Sky UI
Geared towards Acceleration
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
WAN Optimisation plus PacketShaper
Existing SG Statistics tab– Active Sessions
– Traffic Mix etc
Added Visibility into Optimised Traffic on Shaper– SG Traffic Sub-Tree
– Individual Protocols visible
– Non-Optimised (tunnelled) traffic still visible
All traffic can now be controlled
SG Tunnelled traffic can be in separate partition
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Visibility - PacketShaper with ProxySG
Use the prxysg.plg – place into the PLG directory on 9.256/ in the shaper
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Security
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Secure: Data and Productivity Protection
See Accelerate Secure
Guard Employee Productivity• Advanced URL filtering: Blue Coat & 3rd Parties• Block inappropriate content according to policy
Protect Against Malware
• Filter outgoing Web traffic in real time• Reduces exposure to malicious web content
Prevent Information Leaks• Integrated data leakage protection with 3rd parties
• Watch, alert & prevent exit of proprietary info
Validate Trust• Identity based access policy: prevent unauthorized use
• Support for eleven authentication protocols
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Full Protocol Termination = Total Visibility & Context(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)
Policy Control• Fine-grained policy for applications,
protocols, content & users (allow, deny, transform, etc)
• Granular, flexible logging• Authentication integration
Proxy Appliance
+ +
Ultimate Control Point for CommunicationsUltimate Control Point for Communications
Web Security• Prevent spyware,
malware & viruses• Stop DoS attacks• IE vulnerabilities,
IM threats
Accelerated Applications• Multiprotocol
Accelerated Caching Hierarchy
• BW mgmt, compression, protocol optimization
• Byte & object caching
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Security
ProxySG intercepts traffic– Enabled per protocol
– Proxied sessions terminated / reinitiated
– Low-level (method) controls
– SSL can be opened up
Authentication can be enabled– Individual users identified
– Security Policies enforced per user / group
Content Scanning for protection– URL Filtering to control internet access
– Content Scanning guards against Malware downloads
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Layered Defenses
Cloud ServiceWebPulse & WebFilter
Inline Threat DetectionProxyAV
Web Application & Content Controls ProxySG
Integrated Data Loss PreventionProxySG with 6 DLP partners
Remote Users ProxyClient
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
WebPulse Cloud Service
Malware detection
Web content analysis & ratings
Reputation analysis
Real-time rating service
WebPulseCloud Service
Web Content Content Ratings
• Multiple Threat Engines• Machine Analysis• Human Raters
1B web requestsper week
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
New Malware Defense
InternetEnterpriseNetwork
ProxySGwith WebFilter ProxyClient
WebPulseCloud Service
Five MinuteUpdates
ImmediateAccess
WebPulse 5min updates to WebFilter
Immediate updates to ProxyClient and K9
Analyzes over 1B user requests per week
Unites gateways & clients into computing grid defense
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Co-Processor Architecture
Improved utilization with M:N ratio
Higher throughput per gateway
Results in less hardware
Optimized design
EnterpriseNetwork
Internet
ProxySG
ProxyAV ProxyAV DLP
Clean Object Cache
Finger Print Cache
Dual Cache Design
• Trickle First• Trickle Last • Defer Scan (media)
Customer Example:
Large User Base (100K+)
Blue Coat Solution:8 ProxySGs, 20 ProxyAVs
Competitor Solution:96 appliances
Threat detection is the lowestperforming element, embeddedit wastes gateway utilization
ICAP, ICAP+, S-ICAP
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
VPM and Policy
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Creating a VPM Web Access Rule
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
AUP
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Coaching
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Denied
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
ADN for Remote Users
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat ProxyClient: Acceleration and Security for individuals
Software Client– Easy to deploy
– Suitable for roaming users / small offices
– Works with existing VPN clients
Accelerates Business Applications– LAN-like performance when away from office
– Reduces data costs for 3G connections
Allows direct but safe Internet access– Enforces URL filtering policy appropriate to location
– Interacts with Blue Coat’s WebPulse service
Free of charge
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
At least one ProxySG at Data Centre Define ADN for acceleration Install BCWF for filtering Configure ProxyClient features Distribute Client software
ProxyClient Deployment
Policies Configurations
DeploymentsInternet
Web Serversand SaaS
Customers
Remote Users
Internet Gateway with
Blue Coat WebFilter
Proxy Client
Centralized Storage and Applications
Data Center
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
The Benefits of the ProxyClient
© Blue Coat Systems, Inc. 2009. All Rights Reserved.
Blue Coat Application Delivery:Unique Range of Capabilities
Intelligent Control
Discover All Application Traffic
MonitorUser Experience
Troubleshoot Performance Issues
Resolve IssuesPrioritize Traffic
Accelerate Internal Bulk Traffic
Control and OptimizeExternal Applications
Optimize and ProtectReal Time Applications
Protect Against Malware
GuardEmployee Productivity
Prevent Information Leaks
ValidateTrust
See Accelerate Secure
© Blue Coat Systems, Inc. 2008. All Rights Reserved.