With Solutions Detail - Westcon-Comstormedia.gswi.westcon.com/media/Westcon_Security_France/NEWS...Object Caching (HTTP/HTTPS/FTP/CIFS/VoD) Caches repeated, static app-level data;

Blue Coat Acceleration OverviewWith Solutions Detail

Blue Coat and the Blue Coat logo are trademarks of Blue Coat Systems, Inc., and may be registered in certain jurisdictions. All other product or service names are the property of their respective owners.

© Blue Coat Systems, Inc. 2010. All Rights Reserved.

With Solutions Detail

Lyes BerkaniSystem [email protected]

Blue Coat Systems

© Blue Coat Systems, Inc. 2008. All Rights Reserved. Confidential.2

• Profitable, public company (NASDAQ: BCSI)• Revenue FY’10 $506 million

• 15,000+ customers across 150+ countries • Over 60,000 appliances installed

The Application Delivery Network

Visibility

Acceleration


Acceleration

Security

ADNADN

Optimize and Secure

Classify and prioritize applications

Accelerate business applicationsAcceleration

Visibility


Accelerate business applications

Protect users and information

Acceleration

Security

Blue Coat Acceleration Vision



Blue Coat Acceleration VisionWAN Optimization for Today & Tomorrow

MACH5 Techniques Work Together

Object Caching (HTTP/HTTPS/FTP/CIFS/VoD)Caches repeated, static app-level data; reduces BW and latency

Byte CachingCaches any TCP application using similar/changed data; reduces BW

CompressionReduces amount of data transmitted; saves BW

Bandwidth Management

© Blue Coat Systems, Inc. 2008. All Rights Reserved.6

Bandwidth ManagementPrioritize, limit, allocate, assign DiffServ – by user or

application

Protocol Optimization (TCP/HTTP(S)/FTP/CIFS/MAPI/STREAMING)

Remove inefficiencies, reduce latency

Evolution of WAN Optimization

Tomorrow

Extend innovation to optimize the future of applications & networks:

Today

WAN Opt critical infrastructure to enable key initiatives:

• Server consolidation


• Web

• Video

• Cloud

• Internet

• Server consolidation

• File & storage centralization

• Backup centralization

• E-mail consolidation

Today–Centralization/Consolidation Pain

Problem

Latency/Delay of Network

RemoteOffice

Data Center


� Pain and Negative Consequences

• File shares, backup & DR processes are slow and unpredictable

• Network capacity problems & high bandwidth costs

• Delayed consolidation & centralization initiatives

Latency/Delay of Network

Chatty Protocols

Big Files & Jobs Consume Large Amounts of Bandwidth

What’s the Problem?

� Applications and Data Transfer are slow between the Data Center and Branch Offices

� Common solution – Increase Bandwidth (“make the pipes bigger”)

� But this doesn’t address LATENCY


address LATENCY

Your Network:45Mbps – yeah, that’s big100ms – yeah, that’s fast

Question: You copy a 4MB PPT File. How long will it take?A

CK

!A

CK

!

AC

K!

AC

K!

Why So Slow?! Take the Quiz


A) 0.7 seconds. 45Mbps = 5.625MBps so 4 / 5.625 = 0.7111

Hint: CIFS is a WAN worst-offender.It sends data in 4KB chunks, then waits for an acknowledgement.

B) 200 seconds. 4MB = 1000 x 4KB chunks1000 trips there1000 trips back 2000 trips x 0.1 sec = 200

4KB

Sen

t4K

B S

ent

4KB

Sen

t4K

B S

ent

RemoteOffice

Data Center

Blue Coat Delivers ConsolidationAccelerate Files, Storage, Backup & Email

Optimized

Metrics & Outcomes

50-99% less bandwidth


� How we do it

• Protocol acceleration (latency reduction) – CIFS, MAPI, TCP, etc

• Byte caching & adaptive compression (data reduction)

• QOS (assurance)

• Object caching (latency & data reduction)


3-300x faster files/email/backup

Enable consolidation, centralization & disaster recovery initiatives

Object Caching

HQ Branch Office

Local Cache

Offload Servers

Tech details - HTTP/HTTPS/FTP, CIFS


� Content Served Locally

� 100% acceleration

� NO data across WAN

� Works on Second Request

Tech details

Byte Caching


Files and Backup – Proof Points

� Un-optimized: 3.5 minutes for user to access a file

� Blue Coat: 5-300x faster, 50-99% less bandwidth

EMC – 8x fasterMicrosoft Files over CIFS – 107x faster


Dell EqualLogic – 90% reduction

Blue Coat WAN Optimization

Tomorrow

Extend innovation to optimize the future of applications & networks:

Today

WAN Opt critical infrastructure to enable key initiatives:

�Server consolidation


• Web

• Video

• Cloud

• Internet

�Server consolidation

�File & storage centralization

�Backup centralization

�E-mail consolidation

Delivery

Web Technologies Replace LAN Protocols

Legacy LAN Protocols• File shares – CIFS• Email – MAPI• Enterprise Apps

HTTPHTTP

SSLSSL

Web Delivered Applications • Intranet & SharePoint Docs• Outlook Web Access• Browser based SAP & Oracle

Today

Today Tomorrow


Problem

Specialized protocols – different than CIFS/MAPI

Encrypted SSL

Multiple applications use (including)

Blue Coat Web Business Applications

Metrics & Outcomes

5-95x faster enterprise application performance


Deliver mission critical applicationsIntranets, SharesWikis & BlogsIntranets, SharesWikis & Blogs

Enterprise ApplicationsEnterprise Applications


How we do it:

� Foundation WAN optimization (byte caching, compression, protocol acceleration)

� 14 years of Web application innovation – specialized HTTP/SSL• Object caching • Connection pipelining• SSL decrypt/optimize/re-encrypt• Web application classification

Wikis & BlogsWikis & Blogs

Enterprise Applications – Performance

222,219

2,373

WAN Only

Blue Coat

SAP Business Objects – Large Report300 users at 2.5Mbps with 250ms latency

Blue Coat 93.6 times faster

Un-optimized: User requires 3+ minutes to generate a report


� Response times improved 10x to over 90x

� Bandwidth reduction of up to 97%

� LAN-like performance even across the globe

0 50 100 150 200 250

� HTTP/S delivered documents

� Parity with “base engines”

� Enable cache headers

SharePoint with Object Caching

0 50 100 150 200 250 300 350

Check-Out File from Library

Save Previously Opened File to Library

Upload File to Document Library

View File by Open

Download to Local Desktop

Download Uncompressible File Type (13 …

Upload Uncompressible File Type (13 MB)

Time in Seconds

Sh

are

Po

int

Pro

cess

End-User Response Times

Native

1st hit

Avg Hot


� Enable cache headers

� 2-4x faster than competition

19

Video is a Major Force

Widespread Internet video• 50+% of all Internet traffic (Wired)

More, richer Internet video• 3D, HD, mobile

TodayToday Tomorrow


Enterprise video initiatives struggle• 340-1128/streams consume WAN

Mainstream in Enterprise • On demand training• Corp communications• Corp news & collaboration

Problem

Internet video causes performance problems for business apps

WAN budget/bandwidth 30-60% recreation

Failure of enterprise video initiatives for training/comms

Or need to boost bandwidth 3x-500x for video initiatives

The Problem - Live

Video Server

Live Video Stream One Stream Per User


RemoteOfficeData Center

Bottleneck # 2:Bandwidth limits number of simultaneous viewers

Bottleneck # 1:Media servers deliverone stream to each viewer

Optimized Video Delivery – Live

Video Server

Live Video Stream SplittingScale video by 2-10000x

Reduce impact of Internet video


RemoteOfficeData Center • Single live stream from server

•Split into multiple streams by Blue Coat•Works for internal video or external/Internet video streams

• Support for Microsoft Windows Media Server and Adobe Flash!

Video Server

The Problem – On-Demand VOD

Video On-Demand, Each Users Downloads Each Video


RemoteOfficeData Center

Bottleneck # 2:Impact on BandwidthEach user downloads Full video

Bottleneck # 1:Media servers deliverone stream or video to each viewer

Optimized Video Delivery – On-Demand

Video Server

Video On-Demand Caching


24

RemoteOfficeData Center • Recorded video sent to first user

• Video on Demand Caching serves it up to the next users

• Adaptive Refresh technologies keep the cached content up to date!

• Enterprise CDN in Director pre-distributes content

Supported Formats and Protocols

� Progressive Web downloadProtocols: HTTP, HTTPS, FTP

Formats: Any File Type

� Streaming VODProtocols: RTMP, RTSP, RTP, RDT, MMS, HTTP


Protocols: RTMP, RTSP, RTP, RDT, MMS, HTTP

Formats: Windows Media, Real Media

� Streaming LiveProtocols: RTMP, RTSP, RTP, RDT, MMS, HTTP

Formats: Windows Media, Real Media

Cloud – Emerges for Enterprise App Delivery

Small base, fast growth in Cloud Cloud Mainstream in Enterprise • Applications & documents

Today Tomorrow


• Purpose built & legacy ported apps • Applications & documents • Platforms & utilities• Security

Problem

Latency – double hop through the data center

Bandwidth – especially for documents & large data sets

Lack of control over cloud infrastructure – where do you put WAN Opt

Cloud – Required Capabilities

Metrics & Outcomes

2-50x faster cloud application access


RemoteOffice

� How we do it• Asymmetric Optimization Technology

• HTTP/SSL Object caching to reduce bandwidth and latency• Pipelining to parallelize web requests

• External SSL Decryption – decrypts EXTERNAL SSL• Advanced Web Classification & Policy to differentiate sites

2-50x faster cloud application access

25-80% bandwidth reduction

40% lower TCO with single box deployment (asymmetric)

Internet as default• Branches move to Direct to Net

Internet

Internet Dominant Access, IPV6 Coming

Mix MPLS WAN & Internet• Internet: default for remote & mobile

TodayMPLS WAN Internet

Today Tomorrow


• Branches move to Direct to Net• Security is integrated

IPV6 becomes mainstream• Long transition to replace IPV4

28

• Internet: default for remote & mobile • Internet is backup/2nd at branch• Recreation backhauled over WAN

Early IPV6 adoption

Problem

30-60% of WAN is recreation due to backhaul

Cloud/SaaS has double hop latency (through DC to Internet)

Fear of malware slows adoption

Blue Coat Direct to Net

Metrics & Outcomes

Remove 100% of recreation fro WAN


RemoteOffice

� How we do it• Asymmetric optimization for HTTP, SSL, Video• Integrated Web Security

• Web categorization, authentication & policy

• Malware protection & WebPulse cloud link

• IPV6 to IPV4 Gateway for DNS, HTTP, HTTPS, FTP, RTSP

Remove 100% of recreation fro WAN

Accelerate Cloud & Reduce Bandwidth 2-50x

Object Caching – Secret SauceInternal App/Private Cloud Example


Data Center

30

RemoteOffice

How we do it:

� Objects transit WAN/Internet oncePictures, videos, whole files, .mp3s

� Served multiple times at edge

� Background check assures freshness

� No core required – only edge

Why it’s good

� Eliminates latency – served locally, instantly

� Saves massive bandwidth – whole files, videos, pics

� Offloads servers – they don’t serve connections

� Asymmetric – no core required

� Accelerates private and public cloud apps & content

6MB 6MB6MB6MB6MB

Object Caching – Secret SaucePublic Cloud/SaaS Acceleration with One Box

100MB


Data Center

31

RemoteOffice

� Asymmetric – No Requirements for Cloud provider

� Additional Special Protocol Optimizations

HTTP/SSL Pipelining, Live Video Stream Splitting

External SSL Decryption

� One appliance for both Internal and External Apps

100MB100MB100MB100MB

Blue Coat Acceleration Product Line

MACH5 300

MACH5 900

MACH5 9000

MACH5 600

MACH5 300


� A delivery option for WAN Optimization in branch offices

� Addresses customers who need WAN Optimization plus IT services

32

ProxyClient

Home & Mobile Remote & Branch Office Regional & Data Center

MACH5 VA

MACH5 300

Remote & Branch Office Regional & Data Center

Integrated Platform: ProxySG Options

ProxySG

ProxyEdition

Secure Web Gateway & Acceleration• Full Web & SSL Visibility• URL & Content filtering (BC and Third Parties)• Malware protection & real time cloud services• ICAP Redirection, policy redirection• Authentication; proxy services for IM, P2P, Telnet

SOCKS• All Acceleration Services


• All Acceleration Services

Acceleration• Protocol Acceleration: CIFS, NFS, MAPI, HTTP,

HTTPS, MMS, RTSP & More• Byte Caching, object caching• QOS and Compression• Accelerate files, email, web, SSL, streaming, rich media,

external Web & SSL

ProxySG

Mach5Edition

Microsoft IT Services & LOB Apps

• Print, DNS, DHCP, AD, Branch Cache

Market Leading Blue Coat WAN Optimization

• Reduce bandwidth, improve app response times

ProxySG Virtual Appliance


Industry standard server from strategic vendor

• Cost efficient, flexible, open, powerful multi-core systems

VMware Virtualization

• High availability, flexibility

ProxyClient: Roaming & SOHO

� Client Acceleration

Byte caching reduces data

Acceleration speeds performance


� Client Filtering

Prevents malware

Enforces acceptable use policy

Provides reporting visibility

Ensures business productivity anywhere

ProxyClient Dramatic Acceleration

Without ProxyClient

With ProxyClient

With ProxyClient (cached)

Time to open a 10 MB Microsoft PowerPoint file

104 seconds

3 seconds

16 seconds


� Reduces bandwidth consumption

� LAN-like Performance

� Up to 35 X improvement in response times

ADN Concepts & Sizing



Sizing

ADN objectives

� ADN means : Application Delivery Network

� ADN Goal : to accelerate access to remote datas

� Two types of architecture :– ProxySg to ProxySG optimization

– ProxyClient to ProxySG optimization


– ProxyClient to ProxySG optimization

Users

Wan

Blue Coat ProxyClientLaptop

ProxySG ProxySG

Server

ADN design

� 2 types of design :– Transparent ADN : optimized data over the WAN keeps

TCP and IP information visible

– Explicit ADN : traffic between client-side ProxySG/ProxyCLient to Datacenter ProxySG is encapsulated in a kind of ADN tunnel to the DC ProxySG.


encapsulated in a kind of ADN tunnel to the DC ProxySG.

SG Deployment Models

� In Line

� Virtually In Line

� Out of Path


Wan

Transparent ADN

� ProxySG are in Bridge mode or we use WCCP/PBR to redirect traffic to the box

ProxySG ProxySG

ServerClient sends ProxySG Optimized ProxySG UN-Optimized


� Advantages : – Source/destination IP and destination TCP ports are kept

unchanged

– you can still use netflow over the WAN

– You can still apply firewalling policies at the DC

ServerClient sends traffic to remote server

ProxySG transparently intercept the connection

Optimized traffic is sent over the WAN to remote server

ProxySG transparently intercept the optimized connection

UN-Optimized traffic is sent to remote server

How does it work?Using the TCP Option Field


How ADN Works Using the TCP Option Field


SG In Line Deployments

Proxy SG Router

Server Farm

Router Proxy SG

Client PC

Switch Switch

Internet /MPLS


� SG is directly in line with traffic

� Fail open / closed

� Simple

� Scaling is difficult – best for branch office deployments

44

Server Farm

SG Virtually In Line Deployments

Proxy SG

Internet /MPLSRouter

Server Farm

RouterClient PC

Switch

WCCP

WAN


� Typical Core deployment – WCCP at core and inline at Remote site

� WCCP or Layer 4 switch or PBR

� Better Scaling – can easily add more SG’s to WCCP service groups

� Less Intrusive / no network down time to install SG45

Proxy SG

Explicit ADN

� Traffic sent by remote ProxySG is sent to Datacenter concentrator ProxySG to his IP address.

Wan

ProxySG

ProxySG

UN-Optimized


� Advantages : – no need to redirect any traffic

– Don’t have to put inline a ProxySG at DC

– Adding the ADN feature to an already Secure Proxy deployement is easy

Server

Client sends traffic to remote server

ProxySG transparently intercept the connection

Optimized traffic is sent over the WAN to remote ProxySG

UN-Optimized traffic is sent to remote server

Example

� Two remote ProxySG

� Two Datacenter

� Two concentrator

� Explicit ADN scenario

RemoteSG1

DC1SG

DataCenter 1 :IP Subnet X


Wan

RemoteSG2

Users Site1

Users 2

DC2SG

DataCenter 2:IP Subnet X

RemoteSG1

DC1SG

DataCenter 1 :IP Subnet X

� First let’s pick up a ADN Manager

I’m the ADN

Manager

� Concentrators advertise subnet they know about

I know subnet X

� ADN manager gaphers this information and forward it to every body in the ADN netWork

ADN routing table-To join subnet X go to DC1SG- To join subnet Y go to DC2SG



Wan

RemoteSG2

Users Site1

Users Site 2

DC2SG

DataCenter 2:IP Subnet Y

ADN mgr

I know subnet Y

RemoteSG1

DC1SG DataCenter 1 :IP Subnet X

� What if a user on site 1 wants to access an application on Datacenter 1 ?

� He sends his request normally… RemoteSG1 transparently intercepts it.

� RemoteSG1 consults is ADN routing table and sends optimize traffic to DC1SG


� DC1SG locally forwards traffic to Server1


Wan

RemoteSG2

Users Site1

Users Site 2

DC2SG

DataCenter 2:IP Subnet Y

ADN mgr

Server1

User Request

- To join subnet Y go to DC2SG

Blue Coat ADN - Differentiators

� Web Applications – HTTP & HTTPS

� Video Optimization – Live & On Demand

� Public Cloud Acceleration – Asymmetric Cloud Caching

� SAP & Sharepoint


� SAP & Sharepoint

� Free Client

50


Traffic Summary Reporting – not final version

• Traffic Summary - LAN & WAN

•Traffic Mix (Distribution)• By Service or Proxy

Top Services by Bandwidth

Bandwidth Savings (%)


• Across LAN • Across WAN

• Traffic Graph is context sensitive so user can go to any point in time & get Bandwidth savings (mbps & %)

•Traffic report range:•5 minutes•1 hour•24 hours•7 days•1 month

Totals by Services LAN / WAN / Savings

Traffic Summary Reporting


• Traffic Summary by unlabeled ports

• Port#

• Port Traffic

• Top Ports or all available ports

Active Sessions Reporting

•Summary of

• IP• Server• Connection Type• Savings• Service Name• Proxy Type• ADN• ADN Peer


• ADN Peer

•Filtered by

• Client IP• Client Port• Server IP• Server Port• Individual Service• individual Proxy

• Connection Type• Intercepted Sessions• Bypassed Connections• Both

Bandwidth Savings Reporting

• View by Service or Proxy

• View Bandwidth Savings by Service or Proxy


Service or Proxy

• Bandwidth Savings report range

• 5 minutes; • 1 hour• 24 hours•, 7 days• 1 month

• Bandwidth Savings Graph is context sensitive so user can go to any point in time & get Bandwidth savings (mbps & %)

Object Caching Reporting

• Savings over time

• Savings by Proxy Type

• View by


• View by • Cache data bytes• Cache Requests

•Report range• 5 minutes•1 hour • 24 hours • 7 days• 1 month

• Context Sensitive – use mouse to quickly see specific details:

Formations dispensées:

� Formation Blue Coat Certified Proxy Administrator

� Formation Blue Coat Certified Proxy Professional

� Formation Blue Coat TroubleShooting

� Formation Blue Coat Certified PacketShaper Administrator

FORMATIONS BLUE COAT

Westcon Academy propose une gamme complète de cours et de certification sécurité conçue

pour assurer la montée en compétences de vos équipes sur les solutions Blue Coat.


� Formation Blue Coat Certified PacketShaper Administrator

� Formation Blue Coat Certified PacketShaper Professional

� Formation Blue Coat WAN Acceleration Administrator

� Formation Blue Coat WAN Acceleration Professional

Sites de formations:

� Courbevoie

� Nantes

� Toulouse

� Lyon

� Strasbourg

� Marseille

Documents

With Solutions Detail - Westcon-Comstormedia.gswi.westcon.com/media/Westcon_Security_France/NEWS...Object Caching (HTTP/HTTPS/FTP/CIFS/VoD) Caches repeated, static app-level data;