58
Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service names are the property of their respective owners. © Blue Coat Systems, Inc. 2009. All Rights Reserved. Application Delivery Networking Ashok Parmar 2 nd July 2009

Blue Coat and the Blue Coat logo are trademarks of Blue Coat

  • Upload
    rinky25

  • View
    1.272

  • Download
    0

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions.  All other product or service names are the property of their respective owners.

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Application Delivery NetworkingAshok Parmar2nd July 2009

Page 2: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Agenda

Why we need a new approach

Application Delivery Networking Defined

The ADN pillars:

– Visibility

– Acceleration

– Security

Blue Coat ProxyClient

Page 3: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Rationale

Page 4: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.4

New Business Drivers Demand New Technology

– Consolidation– Information control to

reduce risk– Eliminate remote

resources

– Tele-working

– Dispersed field teams

– External partnerships

– New territories for more reach

– WW Partnerships

– Regional information needed

Page 5: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

End Users and Applications are Changing

5

SaaS

Web 2.0 & Mash-Ups

Remote Offices

WAN and Internet

Mobile Users

Enterprise Datacenter Consolidation

Unified Communications

VideoIP TelephonyMessaging

Page 6: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

The Connectivity Layer is Poor at Delivering Applications

The connection network:– Doesn’t know what

applications are running across it

– Has limited knowledge of users and content

– Can’t tell what is malicious and what isn’t

– Can’t control mission critical applications

6

A New Kind of Layer is Required…

SaaS

Web 2.0 & Mash-Ups

Remote Offices

WAN and Internet

Mobile Users

Enterprise Datacenter

ConsolidationUnified

Communications

VideoIP TelephonyMessaging

Page 7: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Application Delivery Network

7

Application Delivery Network

Connectivity

Application Servers

End Users

WAN Optimization

Secure Web Gateway

Application PerformanceMonitoring

Sees Users,And information

Sees connections and packets

Sees information

Sees & Controls EVERYTHING

Page 8: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Application Delivery Network

8

Connectivity

Sees Users,And information

Sees connections and packets

Application Servers

End Users Sees information

Sees & Controls EVERYTHING

Application Delivery Network

End-to-End User Experience Control

Page 9: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Application Delivery Networking Blue Coat has moved beyond just Security or

Acceleration– Enable fast, secure access to Key Applications

regardless of location

Gartner recognizes this as Application Fluent Networking

Page 10: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

The Demo Components

Blue Coat ADN demo network

Internet

NAT RouterWireless Router

PS900ProxySG 210 ProxySG 210

VMWareServers

Page 11: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Visibility

Page 12: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

See: Application Performance Monitoring

See Accelerate Secure

Discover All Application Traffic600+ apps, good & bad, sub-classify within complex apps / HTTP

Monitor User ExperienceMeasure & alarm, SLA compliance, VoIP metrics, integrate with tools

Troubleshoot Performance IssuesIsolate delays, connections, host/app performance, capture & analyze

Resolve Issues, Pre-empt ProblemsFix performance issues with Acceleration & Control – before users call

Page 13: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Visibility

PacketShaper shows ALL traffic on network L7+– TCP and UDP based applications can be identified

– Granularity down to individual flows

Application traffic can be controlled– Bandwidth consumption limits

– Quality of Service

– Network resources reserved for Critical Applications

Extensive Reporting Available– Bandwidth

– Reponse Times

– Network Efficiency

Page 14: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

The Class Tree

Page 15: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Line graph displays Inbound and Outbound rates at the current time (now) and tracks the rates over the last three minutes.

Displays real-time rates for Inbound and Outbound links

Speedometer-like gauge displays the real-time rate for each link, and the needle on the gauge dynamically updates as the rate fluctuates.

RealTime Graphs - Link View

Page 16: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Allows the user to view real-time utilization for multiple traffic classes (applications). With this graph, up to 10 classes can be displayed.

RealTime Graphs - Application View

Page 17: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Control

Power and flexible set of control features– Partitions

– Dynamic Partitions

– Priority policy – P7 (max) thru P0

– Rate Policy

– Class Licenses/Flow Limit

Page 18: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Which Policies Should You Use?

Depends on the application profile

– Rate Policies - medium to longer lived flows, bursty applications or flows that need a minimum guarantee.

HTTP, Email, Lotus Notes, NetBIOS-IP, FTP, P2P, Citrix, etc.

– Priority Policies – Short lived flows, some UDP and flows where a minimum rate is not needed.

Telnet, tn3270, Games, chat tools, IPSec, some short lived UDP flows, etc.

Page 19: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Host Analysis Table

Click on IP address for detailed flow information

Page 20: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Flow Analysis Table with info

Click on IP address for detailed flow information

Click on NetBIOS for other host host with NetBIOS flows.

Page 21: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Acceleration

Page 22: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Accelerate: WAN Optimisation for All Applications

Internal Bulk Applications

External Applications

Real Time Applications

Storage ConsolidationFile AccessEmailIntranetBackup & Data ReplicationImage Distribution

Video & Multi-MediaBusiness Web Software as a Service (SaaS)Recreational (Contain)Malicious (Stop)

VoiceVideo ConferenceReal-Time TransactionsThin Client & RT Virtual

See Accelerate Secure

Page 23: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Acceleration

Proxy SG allows Acceleration by various methods– Caching / Pipelining for Web Content

– WAN Optimisation for all TCP traffic

– Removal of unwanted traffic via security controls

Single device for Forward or Reverse Proxy

Multiple devices allow WAN Optimisation

Page 24: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Acceleration – Object Caching

Client served from local cache

100% acceleration – no data across WAN

Works on second, and all subsequent requests

DATACENTER

Page 25: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

ProxySG implements Object Caching for six protocols:

HTTP

FTP

Windows Media Streaming

Real Media Streaming

CIFS (Windows File Sharing)

HTTPS (when SSL-Interception is used)

Object Caching

Page 26: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Traffic Mix

Page 27: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Activity and Gains

Page 28: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Visibility – Object caching single side ProxySG

First Run

Second & Third Run

Page 29: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

WAN Optimisation

All TCP traffic can be optimised– Volume of Data Transfer reduced

– Latency Effects mitigated

– File locks / permissions always checked

– Bulk protocols show greatest benefit

Real Time Applications controlled by PacketShaper– Citrix / Telnet

– Quality of Service for VoIP

– Also includes UDP traffic

Page 30: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Why So Slow?! Take the Quiz

A) 0.7 seconds. 45Mbps = 5.625MBps so 4 / 5.625 = 0.7111

Your Network: 45Mbps – yeah, that’s big100ms – yeah, that’s fast

Question: You copy a 4MB PPT File. How long will it take?

Hint: CIFS is a WAN worst-offender.It sends data in 4KB chunks, then waits for an acknowledgement.

B) 200 seconds. 4MB = 1000 x 4KB chunks1000 trips there1000 trips back 2000 trips x 0.1 sec = 200

4K

B S

en

t4

KB

Se

nt

4K

B S

en

t4

KB

Se

nt

AC

K!

AC

K!

AC

K!

AC

K!

Page 31: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Latency Effects

T1 and no latency

Same file - T1 and 50ms latency

T1 and 50ms latency second and third transfers, same file.

Page 32: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Protocol Optimisation

10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP

10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP

10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP

Page 33: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Byte Caching

110111110011100100100101110[REF#1] 00011110001110011000110000010011110000001101111010010[REF#2] 010101010100101000010100

110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100

Byte CachingByte Caching

1101111100111001001001011101111111111111111111111111111111111111111000111100011100110001100000100111100000011011110100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101010101001

01000010100

Proxies “learn” common patterns Create short references and pass those instead Works on all files, all applications over TCP

110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100

Page 34: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Compression

11011111001110010010010111001100101011101100100001001100111001000001111000111001100011

110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100101010101010010101010101010100101000010100

COMPRESSIONCOMPRESSION

110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010010010101010010101010101101100101100010100

Industry-standard gzip algorithm compresses all traffic Removes predictable “white space” from content and objects

being transmitted

Page 35: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

WAN Optimisation Benefits

e.g. Mapped Drives - CIFS

File Copy– (Cold) First pass quicker through Protocol Optimisation /

Compression

– (Warm) Second pass even quicker due to Object Caching

– Modified files still copy quickly due to Byte Caching

Actual volume of data transferred reduced

User experience (response times) much improved

Bandwidth appears increased

Further control now possible with PacketShaper integration

Page 36: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Edge session view

Page 37: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

SGOS 5.4 Sky UI

Geared towards Acceleration

Page 38: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

WAN Optimisation plus PacketShaper

Existing SG Statistics tab– Active Sessions

– Traffic Mix etc

Added Visibility into Optimised Traffic on Shaper– SG Traffic Sub-Tree

– Individual Protocols visible

– Non-Optimised (tunnelled) traffic still visible

All traffic can now be controlled

SG Tunnelled traffic can be in separate partition

Page 39: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Visibility - PacketShaper with ProxySG

Use the prxysg.plg – place into the PLG directory on 9.256/ in the shaper

Page 40: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Security

Page 41: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Secure: Data and Productivity Protection

See Accelerate Secure

Guard Employee Productivity• Advanced URL filtering: Blue Coat & 3rd Parties• Block inappropriate content according to policy

Protect Against Malware

• Filter outgoing Web traffic in real time• Reduces exposure to malicious web content

Prevent Information Leaks• Integrated data leakage protection with 3rd parties

• Watch, alert & prevent exit of proprietary info

Validate Trust• Identity based access policy: prevent unauthorized use

• Support for eleven authentication protocols

Page 42: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Full Protocol Termination = Total Visibility & Context(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)

Policy Control• Fine-grained policy for applications,

protocols, content & users (allow, deny, transform, etc)

• Granular, flexible logging• Authentication integration

Proxy Appliance

+ +

Ultimate Control Point for CommunicationsUltimate Control Point for Communications

Web Security• Prevent spyware,

malware & viruses• Stop DoS attacks• IE vulnerabilities,

IM threats

Accelerated Applications• Multiprotocol

Accelerated Caching Hierarchy

• BW mgmt, compression, protocol optimization

• Byte & object caching

Page 43: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Security

ProxySG intercepts traffic– Enabled per protocol

– Proxied sessions terminated / reinitiated

– Low-level (method) controls

– SSL can be opened up

Authentication can be enabled– Individual users identified

– Security Policies enforced per user / group

Content Scanning for protection– URL Filtering to control internet access

– Content Scanning guards against Malware downloads

Page 44: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Blue Coat Layered Defenses

Cloud ServiceWebPulse & WebFilter

Inline Threat DetectionProxyAV

Web Application & Content Controls ProxySG

Integrated Data Loss PreventionProxySG with 6 DLP partners

Remote Users ProxyClient

Page 45: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

WebPulse Cloud Service

Malware detection

Web content analysis & ratings

Reputation analysis

Real-time rating service

WebPulseCloud Service

Web Content Content Ratings

• Multiple Threat Engines• Machine Analysis• Human Raters

1B web requestsper week

Page 46: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

New Malware Defense

InternetEnterpriseNetwork

ProxySGwith WebFilter ProxyClient

WebPulseCloud Service

Five MinuteUpdates

ImmediateAccess

WebPulse 5min updates to WebFilter

Immediate updates to ProxyClient and K9

Analyzes over 1B user requests per week

Unites gateways & clients into computing grid defense

Page 47: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Co-Processor Architecture

Improved utilization with M:N ratio

Higher throughput per gateway

Results in less hardware

Optimized design

EnterpriseNetwork

Internet

ProxySG

ProxyAV ProxyAV DLP

Clean Object Cache

Finger Print Cache

Dual Cache Design

• Trickle First• Trickle Last • Defer Scan (media)

Customer Example:

Large User Base (100K+)

Blue Coat Solution:8 ProxySGs, 20 ProxyAVs

Competitor Solution:96 appliances

Threat detection is the lowestperforming element, embeddedit wastes gateway utilization

ICAP, ICAP+, S-ICAP

Page 48: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

VPM and Policy

Page 49: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Creating a VPM Web Access Rule

Page 50: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

AUP

Page 51: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Coaching

Page 52: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Denied

Page 53: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

ADN for Remote Users

Page 54: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Blue Coat ProxyClient: Acceleration and Security for individuals

Software Client– Easy to deploy

– Suitable for roaming users / small offices

– Works with existing VPN clients

Accelerates Business Applications– LAN-like performance when away from office

– Reduces data costs for 3G connections

Allows direct but safe Internet access– Enforces URL filtering policy appropriate to location

– Interacts with Blue Coat’s WebPulse service

Free of charge

Page 55: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

At least one ProxySG at Data Centre Define ADN for acceleration Install BCWF for filtering Configure ProxyClient features Distribute Client software

ProxyClient Deployment

Policies Configurations

DeploymentsInternet

Web Serversand SaaS

Customers

Remote Users

Internet Gateway with

Blue Coat WebFilter

Proxy Client

Centralized Storage and Applications

Data Center

Page 56: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

The Benefits of the ProxyClient

Page 57: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2009. All Rights Reserved.

Blue Coat Application Delivery:Unique Range of Capabilities

Intelligent Control

Discover All Application Traffic

MonitorUser Experience

Troubleshoot Performance Issues

Resolve IssuesPrioritize Traffic

Accelerate Internal Bulk Traffic

Control and OptimizeExternal Applications

Optimize and ProtectReal Time Applications

Protect Against Malware

GuardEmployee Productivity

Prevent Information Leaks

ValidateTrust

See Accelerate Secure

Page 58: Blue Coat and the Blue Coat logo are trademarks of Blue Coat

© Blue Coat Systems, Inc. 2008. All Rights Reserved.