Security and Acceleration - A contradiction in terms? - PowerPoint PPT Presentation
1 / 33
Title:
Security and Acceleration - A contradiction in terms?
Description:
93 of Fortune Global 100 are Blue Coat customers. 6,000 ... AOL IM. IE 5.0. Any. Any. Any. Any. Any. Any. Stream .XLS. Stream. P2P. Job-sites. Web-mail. Sports ... – PowerPoint PPT presentation
Number of Views:43
Avg rating:3.0/5.0
Title: Security and Acceleration - A contradiction in terms?
1
Security and Acceleration - A contradiction in
terms?
- Nigel Hawthorn
- VP EMEA Marketing
2
Blue Coat WAN Application Delivery
- Profitable, public company (NASDAQ BCSI),
founded in 1996 - 93 of Fortune Global 100 are Blue Coat customers
- 6,000 customers across 150 countries
- Global Support Services team
- Proven pedigree of web performance and security
innovation
3
Faster, Global, Mobile, Secure
- Accelerate the Business
- Business Boundaries Blur
- Virtual, Flat Corporation
- Adoption of Web 2.0 SOA (Service Orientated
Architcture) - Worker Mobility and Devices
- Services Not Software
- Climate of Governance
- Protect Privacy
- Manage Risk
4
Challenges for IT Executives
- Long distances, more traffic and chatty protocols
hurt performance - Uncontrolled/unwanted traffic causes congestion
- Security attacks hide in the application layer,
more applications are encrypted - Cant deliver applications quickly to remote and
mobile users
5
Security and Acceleration A Never ending battle
STOP EVERYTHING! Assume its all bad and check
SECURITY Technologies
ACCELERATE EVERYTHING! Assume its all good and
accelerate
Packet and Storage Accelerators
6
The Answer Stop the Bad. Accelerate Good
STOP BAD.
ACCELERATE GOOD
Faster, Secure Delivery of Business-Critical
Information .. To Help the Business Run Better
7
Acceleration Its all about traffic latency
8
Why So Slow?! Take the Quiz
Your Network 45Mbps bandwidth 100ms latency
(round trip)
Question You open a 4MB PPT file from a remote
server. How long will it take?
ACK!
ACK!
45Mbps 5.625MBps so 4 / 5.625 0.7111 A) 0.7
seconds.
Hint CIFS is a WAN protocol worst-offender. It
sends data in 4KB chunks, then waits for an
acknowledgement.
4KB Sent
4KB Sent
4MB 1000 x 4KB chunks 1000 trips there 1000
trips back 2000 trips x 0.1 sec 200 B) 200
seconds.
9
Why So Slow?!
- Bandwidth is the width of the road
- Latency is the speed
- We make our data travelmillions of miles andthe
speed of light is too slow! - Add Layer 7 protocols Designed for LANs
- Add rogue traffic
- Add congestion (firewall, server, OS overhead,
routers)
Price
Expectation
Performance ?
Reality
Bandwidth ?
RESULT Non-Linear Performance Gains as
Bandwidth is Added!
10
WAN Optimisation Technology
11
Legacy WAN Optimization
- Fix Basic Protocols
- Compress with Byte Caching
- Some Add Wide Area File Services
What about the rest of your traffic?
12
Accelerate SSL Applications
- SSL use is growing
- If its important, its encrypted!
- Internal apps are hard to accelerate
- External apps are even harder
- Handle with care
Open, Inspect, Accelerate SSL Applications
13
Are You Video Ready?
- Whats already on the WAN
- Earnings announcement
- Compliance mandated E-learning
- YouTube.com
- Is it at least controlled?
- Split streams for live broadcast
- Distributed video on demand
Remove unwanted video. Accelerate the rest
14
Stop Accelerating the Junk!
- Why accelerate?
- Frivolous surfing
- Bulk downloads
- Peer-to-peer
- Get rid of it!
- Or it will grow
- Crowd out good apps
Flexible, User Based Bandwidth Control
15
Start Accelerating the Rest
- Web traffic is huge
- Fastest growing traffic
- HTTP, and then some
- Web services
- Web widgets
- Java clients
- Get the Internet off your WAN connect remote
offices direct to the net
Deliver Web-Based Applications Without Extra
Bandwidth
16
WAN Optimisation Acceleration Results
17
Ultimate in WAN Optimization
Multiprotocol Accelerated Caching Hierarchy
Bandwidth Management
Protocol Optimization
Object Caching
Byte Caching
Compression
File Services (CIFS), Web (HTTP), Exchange
(MAPI), Video/Streaming (RTSP, MMS), Secure Web
(SSL)
18
Bandwidth Management Business Process
Salesperson, placing order with Sales Automation
App Priority 1 Min 400Kb, Max 800Kb
Salesperson query with Sales Automation App
Priority 2 Min 100Kb, Max 400Kb
Non-Sales Management Pulls Client List Block
Marketing person, Surfing Sales Automation App
(reporting) Priority 3 Min 0Kb, Max 200Kb
- Divide traffic into classes, by
- User, application, content, transaction,
application protocol, etc. - Guarantee priority and min and/or max bandwidth
for a class - Align traffic classes to business priorities
- Even for SSL encrypted applications
- Operates alone, or integrates with your existing
packet-layer QoS
19
Protocol Optimization
10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS,
TCP
20
Object Caching
DATACENTER
- Client served from local proxy
- 100 acceleration no data across WAN
- Works on second, and all subsequent requests
BRANCH
21
Byte Caching
11011111001110010010010111011111111111111111111111
11111111111111111000111100011100110001100000100111
10000001101111010010000000000000000000000000000000
00000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000101010101
00101000010100
11011111001110010010010111011111111111111111111111
11111111111111111000111100011100110001100000100111
10000001101111010010000000000000000000000000000000
00000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000101010101
00101000010100
11011111001110010010010111011111111111111111111111
11111111111111111000111100011100110001100000100111
10000001101111010010000000000000000000000000000000
00000000000000000000000000000000000000000000000000
00000000000000000000000000000000000000000101010101
00101000010100
Byte Caching
110111110011100100100101110REF1
00011110001110011000110000010011110000001101111010
010REF2 010101010100101000010100
- Proxies learn common patterns
- Create short references and pass those instead
- Works on all files, all applications over TCP
22
Compression
11011111001110010010010111001100101011101100100001
10100110011100100000111100011100110001100000100111
10000001101111010010000110110100101111100110100111
01101001101001111001000000000000111001011100101101
10110100101011001011001010101010100101010101010101
00101000010100
11011111001110010010010111001100101011101100100001
10100110011100100000111100011100110001100000100111
10000001101111010010000110110100101111100110100111
01101001101001111001000000000000111001011100101101
10110100100100101010100101010101011011001011000101
00
COMPRESSION
11011111001110010010010111001100101011101100100001
001100111001000001111000111001100011
- Industry-standard gzip algorithm compresses all
traffic - Removes predictable white space from content
and objects being transmitted
23
MACH5 Techniques Work Together
- Object Caching
- Caches repeated, static app-level data reduces
BW and latency
- Byte Caching
- Caches any TCP application using similar/changed
data reduces BW
- Compression
- Reduces amount of data transmitted saves BW
- Bandwidth Management
- Prioritize, limit, allocate, assign DiffServ by
user or application
- Protocol Optimization
- Remove inefficiencies, reduce latency
24
What About The Office of One?
- Poor performance
- Inconsistent performance
- No control over user experience
Desktop Client for Acceleration and Control
25
Acceleration Performance
Test bed Office 2003, Win XP, 1.544 mbps full
duplex, 200 ms
26
Security Its all about context
- Who, what, when, why, how,
27
Todays Network Requirements
TODAYS NEEDS
SEE SECURE ACCELERATE CONTROL
Complete view and understanding of all
applications
Defend against external and user-based threats
Faster delivery of business-critical
applications unique to each office, department,
user
Granular control over all users, devices and any
application
28
Users and Applications
WAN Application Delivery (WAD) WAN optimization,
User security, Policy control
Packet Delivery Packets, Ports and Flow Control
WAN/Internet
Internal orExternal
Internal or External
Applications
Users
29
Only a Proxy can deliver
30
Define appropriate policies
Any
Training
Customer
Supplier
Intranet
Any
Weekends
500 1200
800 500
1200 800
Any
Tokyo
Paris
London
New York
Any
Pupils
Executives
IT Staff
Tom
Any
Job-sites
Web-mail
Sports
News
Any
Stream
.XLS
Stream
P2P
Any
IE 6.x
RealPlayer
AOL IM
IE 5.0
Any
MMS
HTTPS
FTP
HTTP
Allow Disallow Virus Scan Accelerate Replace Allow
, but limit
Coach Splash Page Log by user Email
mgmnt Patience page
Log traffic Block on keyword Block non-text
31
Why Performance and Security Together?
- Single policy
- Increasingly, we cant install security without
acceleration impeding business is unacceptable - Removing unwanted traffic results in a
performance increase - Branch offices must minimize hardware and
management - Need to maximize WAN investment
32
Going Beyond Legacy Optimization
Legacy WAN Optimization
33
What makes Blue Coat unique
- 10 years experience of improving content delivery
- First caching appliances worldwide
- Deep understanding of users and content
- Layer 7 knowledge, not just packet networking
- Most powerful security functionality
- All types of data, unlimited policy flexibility
- Flexible deployment options
- From country to end device
- High performance appliances
- Thin OS, no public-domain, no general-purpose OS
- No compromise performance and control together
34
(No Transcript)
Recommended
CrystalGraphics Presentations
