Date post: | 18-Dec-2015 |
Category: |
Documents |
View: | 214 times |
Download: | 0 times |
Blue Coat Systems
Securing and accelerating the Remote office
Matt Bennett
The Business of IT
Applications
Delivered over the Network
Experienced by Users
Challenge: How to Reliably Deploy Applications Across Distributed Enterprise, While Reducing Costs?
Challenge: How to Reliably Deploy Applications Across Distributed Enterprise, While Reducing Costs?
And Keep it Fast and Safe too!
Common Themes
• Application Deployment Velocity– Everything Web (Evolving)– End to end encryption– Ubiquitous Access (application utility infrastructure)– Strategic application platform for all services
• Distributed Enterprise– Use of the public infrastructure (Emerging)– Business centric Internet based services– Employee / Partner / Customer Access– Lower cost of bandwidth
• Reducing Cost– Data Center / File Server Consolidation (Maturing)– Operational / License / Infrastructure cost savings
The Power of the Proxy™
PROTECT• Prevent spyware,
malware & viruses• Stop DoS attacks• IE vulnerabilities, IM
threats
Ultimate Control for Application SessionsUltimate Control for Application Sessions
ACCELERATE• Caching • BW Shaping, Compression,
Protocol Optimization• Sequence, Object &
Predictive Caching
&
CONTROL• Fine-grained policy for applications,
protocols, content & users (allow, deny, transform, etc)
• Granular, flexible logging• Authentication integration
&
Full Protocol Termination = Total Visibility & Context(HTTP, HTTPS, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)
Expanding the Proxy Solution
InternetDatacenter
WANBranch
Branch
Enterprise ApplicationServers Public Web
Servers
Internet Users SessionsVisibility, Control & Acceleration
GatewayProxy
Deposits
LoansChecking
Tellers
Loan Agents
Investment Advisors
Expanded Focus to:
All Users & Apps SessionsVisibility, Control & Acceleration
Application-Front-EndProxy
Branch OfficeProxy
Branch OfficeProxy
Head-EndProxy
Customers
Remote Users
Proxy Solutions for the Distributed Enterprise
1. Get “bad” sessions off the network first
Built on Blue Coat Proxy Architecture
#1 Get “Bad” Sessions Off the Network
• Why?– No business wants viruses,
worms, spyware, porn, P2P, MP3s …
• How?– Policy control and
authentication– URL filtering– AV Scanning– Spyware prevention– IM, P2P blocking and control– Next! More session-level
knowledge for specific web-apps
InternetDatacenter
Internal WAN
Branch
Branch
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
Built on Blue Coat Proxy Architecture
#2 Keep Good Content Local
• Why?– LAN access will always be
better than over the WAN
• How?– Web (HTTP/FTP) Caching
– Secure Web (HTTPS) Caching
– Streaming Caching and Splitting
– Next! File Services (CIFS) Caching
– Next! MAPI Proxy
– Next! Byte Caching
– Next! More customized application-level caching for specific web-apps
InternetDatacenter
Internal WAN
Branch
Branch
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
3. Maintain control of encrypted sessions
Built on Blue Coat Proxy Architecture
#3 Maintain control of encrypted sessions
• Why?– End-to-end encryption assures
information access to authorized personnel only
– But end-to-end encryption should not thwart prototection, control and acceleration
• How?– SSL reverse proxy
• Internal apps• Externally facing apps
– 4.2! SSL forward proxy• Internet apps
– Next! SSL forward proxy at branch
• Internal and Internet apps
InternetDatacenter
Internal WAN
Branch
Branch
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
3. Maintain control of encrypted sessions
4. Prioritize mission-critical sessions
Built on Blue Coat Proxy Architecture
#4 Prioritize Mission-Critical Sessions
• Why?– Can’t allow background
sessions to affect sessions that are time-critical
• How?– 4.1! Traffic prioritization
– 4.1! B/W management
– 4.1! Prioritization with user and protocol-level knowledge
– Next! Integration with network QoS (ToS/DiffServ) systems
InternetDatacenter
Internal WAN
Branch
Branch
High PriorityTeller TransactionsLow Priority
Background POSTs
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
3. Maintain control of encrypted sessions
4. Prioritize mission-critical sessions
5. Optimize the traffic on WAN
Built on Blue Coat Proxy Architecture
#5 Optimize the Traffic on WAN
• Why?– Reduce effect of WAN latency
and improve end-user response times
• How?– SSL offload & TCP offload to the
branch– Protocol optimizations like HTTP
Object Pipelining– 4.1! Compression for Enterprise
Web Applications and Internet traffic
– 4.1! Compression for Enterprise Client-Server Applications
– Next! Byte Caching– Next! New TCP stack and
performance optimizations
Internet
Datacenter
Internal WAN
Branch
Branch
Optimize the traffic that is left on the
WAN
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
3. Maintain control of encrypted sessions
4. Prioritize mission-critical sessions
5. Optimize the traffic on WAN
6. Provide user & application visibility
Built on Blue Coat Proxy Architecture
#6 Provide user & application Visibility
• Why?– Visibility enables action
towards issue resolution
• How?– Director: Centralized
management and policy control
– Reporter: Detailed logging and reporting w/Reporter
– Next! Health monitoring of delivery network w/Director
– Next! Session-Level visibility of key metrics
Reporter
HealthMonitoring
Session Monitoring
CentralizedMgmt
Director
VisibilityVisibility
Director & VPM
Management – The Big Picture
Application Active Sessions
Idle Sessions
Response Time
Protection Level
Google 1 0 0.6 sec
Support 18 5 6.1 sec
WebPower 45 4 6 sec
Finance 12 20 12 sec
Salesforce.com
22 3 1.3 sec
Oracle 19 12 5.2 sec
Perforce 15 40 29 sec
10.0
6.0
10.0
10.0
8.0
7.0
3.0
Protection DrilldownEncryption Anti-Virus DOS MITM Auth
Certificate Validation
Anti-Spyware
Access Logging
Strict Parsing
Web Filter
10.0
Summary
• The Power of the Proxy– Firewall to protect, Proxy to control
• Management Consolidation
• Reporting is key
K9 - Free
• Free Web Filtering for consumers
• Download to Windows PCs
• Supports all 58 Blue Coat WebFilter categories– Dynamic Rating