Bluecoat Services

3,823 views
3,572 views

Published on

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,823
On SlideShare
0
From Embeds
0
Number of Embeds
79
Actions
Shares
0
Downloads
267
Comments
0
Likes
4
Embeds 0
No embeds

No notes for slide

Bluecoat Services

  1. 1. Blue Coat: Web Security & Acceleration<br />
  2. 2. 2<br />About PacketShaper<br />
  3. 3. 3<br />PacketShaper<br />Key Functionality<br />Application Visibility<br />Application QoS<br />Application QoS benefits time-sensitive applications<br />Transactions (ERP, CRM, Citrix)<br />IP Telephony and convergence<br />Contain P2P, recreational & malicious<br />Additional Products<br />Requires ProxySG for acceleration, caching & WAFS<br />IntelligenceCenter / PolicyCenter management system<br />
  4. 4. 4<br />What Can PacketShaper Do?<br />Discover All Application Traffic<br />Resolve IssuesPre-empt Problems<br />MonitorUser Experience<br />Control and ProtectApplication Performance<br />Application Visibility<br />Application QoS<br />TroubleshootPerformance Issues<br />
  5. 5. 5<br />PacketShaper Deployment Option: Asymmetric in the Core<br />BranchOffices<br />Centralized Data and Applications<br />Core<br />PacketShaper<br />WAN<br />Data Center<br />IntelligenceCenter<br />PolicyCenter<br />
  6. 6. 6<br />PacketShaper Deployment Option:Symmetric with Branch Deployment<br />Public Web<br />Servers<br />Web Content andApplications<br />Centralized Data andApplications<br />Internet<br />Customers and Partners<br />Branch<br />PacketShaper<br />Core<br />PacketShaper<br />WAN<br />BranchOffices<br />Data Center<br />Employees<br />IntelligenceCenter<br />Branch<br />PacketShaper<br />PolicyCenter<br />
  7. 7. 7<br />PacketShaper Application Visibility<br />
  8. 8. 8<br />What is Application Visibility?<br />Identifies Applications for What They Really Are<br />Recreational Streaming8%<br />E-mail20%<br />P2P12%<br />InternetGaming5%<br />FileTransfers9%<br />Oracle7%<br />Citrix5%<br />Web Browsing28%<br />53% of bandwidth being used by recreational applications<br />14% of bandwidth is “business critical”<br />TN32702%<br />Other4%<br />
  9. 9. 9<br />Application Visibility<br />Discover All Application Traffic<br />600+ applications, good & bad, sub-classify within complex apps / HTTP<br />Monitor User Experience<br />Measure & alarm, SLA compliance, VoIP metrics, integrate with other tools<br />Troubleshoot Performance Issues<br />Isolate delays, connections, host and app performance, capture & analyze<br />
  10. 10. 10<br />Discovery<br />Maps traffic to its classification library <br />Automatically builds a list of the applications running on your network<br />Provides basis for PacketShaper Application QoS technology<br />Starts collecting performance data<br />Utilization<br />Efficiency<br />Response times<br />
  11. 11. 11<br />Industry-Leading Application Identification<br />Blue Coat PacketShaper<br />Unique to Blue Coat <br />Behavioral characteristics<br />Multi-packet flow analysis and profiling<br />Beyond address andport-based analysis<br />Identifies evasive applications <br />Encrypted<br />Port-hopping <br />Tunneled<br />
  12. 12. 12<br />Classification<br />Maps traffic to its classification library <br />Automatically builds a list of the applications running on your network<br />600+ Application classes<br />Sub-classify within complex apps / HTTP<br />Good, bad and malicious traffic<br />Current and next generation applications<br />Plug-In Architecture<br />Enables new application definitions without firmware upgrade<br />
  13. 13. 13<br />Application QoS Technology: Application-specific Bandwidth Control<br />Application Session Provisioning provides:<br />Hierarchical subclassifications of apps<br />Per call or per session differentiation <br />Far richer classification than routers<br />Layer 7 Plus differentiation<br />Customer-critical over recreational apps<br />Latency-sensitive over bandwidth-hungry apps <br />TCP and UDP Rate Control <br />Managed on a flow- by flow basis at application level<br />Guaranteed delay bounds for IP telephony on converged networks<br />
  14. 14. 14<br />Monitor and Troubleshoot<br />Measure <br />Utilization, response times, performance & SLAs – per application<br />Isolate<br />What (application), where (server or network), who (users), how (captures, histories) <br />Diagnose and fix problems<br />Identify protocols, link latency & other environmental variables<br />Determine what optimization / will help<br />
  15. 15. 15<br />PacketShaper Application QoS <br />
  16. 16. 16<br />What is Application QoS?<br />Unacceptable ERP performance Insufficient bandwidth and congestion<br />Unpredictable Voice qualityCrowded out by bandwidth hungry apps<br /> Uncontrolled recreational traffic<br /> Wasted bandwidth and impact on business- critical applications<br />
  17. 17. 17<br />What is Application QoS?<br />Powerful, Dynamic Application-aware Bandwidth Shaping<br />Great ERP performanceProtected from apps and congestion<br />Voice quality – 100% assured all-level QoS<br />100% control of recreational traffic<br />No matter how much it tries to hide<br />
  18. 18. 18<br />Application QoS <br />Resolve application performance issues<br />Pre-empt performance problems <br />Control bandwidth, dynamically<br />Apportion and ensure service levels for applications<br />Control and protect applications<br />Protect and optimize time-sensitive / real-time apps<br />SLAs for voice, transactions, streams<br />Restrict bandwidth impact of recreational traffic <br />
  19. 19. 19<br />Application QoS Technology: Policies and Partitions <br />Policy-based Application QoS definitions and partitions by:<br />Application<br />Site or server <br />User or user group<br />Beyond Standard QoS<br />Apply policies to protect critical traffic<br />Smooth disruptive, bandwidth-intensive traffic<br />Contain recreational traffic<br />Block malicious traffic<br />Set priorities to protect business-critical apps<br />Non-critical apps can use remaining bandwidth<br />
  20. 20. 20<br />Application QoS Technology: Rate Control and Predictive Scheduler<br />Manages congestion proactively<br />Latency reduced<br />Packets drops minimized<br />Fewer retransmissions <br />Improved application performance.<br />Improve efficiency to increase throughput<br />Without App QOS<br />With App QOS<br />
  21. 21. 21<br />Compare Router-based QoS<br />Manage bandwidth passively and react to congestion and packet loss<br />Use port-based application traffic classification<br />Use various packet-based queuing methods that:<br />Are not bi-directional – cannot control inbound traffic at the other edge<br />Add delay to transaction time and latency<br />Cannot provide per-flow guarantees<br />Are only truly effective as part of a comprehensive control strategy<br />Are managed on a per-router basis<br />Big management overhead in distributed deployments<br />
  22. 22. 22<br />Router-based QoS Compared toPacketShaper Inbound Rate Control<br />Configured in all the branches and Data Center, router-based Queuing relies on the bulk transfers being throttled down after packet loss…<br />Branch Offices<br />A<br />Data Center<br />Bulk Data<br />512Kbps<br />1Mbps<br />B<br />512Kbps<br />Citrix<br />C<br />512Kbps<br />PacketShaper’s Patented Rate Control applied only in the Data Center slows down the Bulk traffic without packet loss and before queues can build<br />Bulk Data<br />
  23. 23. 23<br />Compare Packet Marking and MPLS<br />Applies only to carriers core<br />Provisioned WAN service, not the entire link<br />No way of assigning preference at the last mile<br />Biggest bottleneck is typically last mile<br />Aggregate shaping only<br />Treats all connection requests the same <br />Lacks ability to assign limit to number of call requests<br />Needs complementary technology to overcome deficiencies<br />Application classification for accurate marking<br />Packet rate, bandwidth and flow control<br />
  24. 24. 24<br />Intelligent Marking for MPLS Networks <br />Application <<<GRANULARITY>>> enable accurate marking of application traffic<br />DiffServ, MPLS, TOS<br />Bandwidth allocation<br />VoIP<br />Classes of Service<br />256 Kbps<br />SAP<br />768 Kbps<br />Email<br />Best effort<br />RemoteOffice<br />MPLSBackbone<br />
  25. 25. 25<br />Application QoS and MPLS Working Together<br />MPLSCore<br />
  26. 26. 26<br />Application QoS and MPLS: End to End QoS<br /> Quality of Service<br />Premium  256kbit/s DSCP 1<br />Platinum  256kbit/s DSCP 3<br />Gold  512kbit/s DSCP 5<br />Silver  512kbit/s DSCP 7<br />Best Effort  512kbit/s DSCP 9<br />
  27. 27. About ProxySG<br />
  28. 28. ProxySG<br />Key Functionality<br />WAN Optimization<br />Secure Web Gateway<br />WAN Optimization accelerates business applications<br />Files, Email and Internal Bulk Traffic<br />Business Web / SaaS<br />Content Delivery<br />Secure Web Gateway secures the network <br />Protect from Malware<br />Guard Employee Productivity<br />Prevent Data Leaks<br />Validate Trusts<br />Additional Products<br />ProxyClient satisfies the needs of the remote user<br />PacketShaper provides Application Visibility and QoS<br />
  29. 29. What Can ProxySG Do?<br />Protect Against Malware<br />AccelerateInternal Bulk Traffic<br />GuardEmployee Productivity<br />Control and OptimizeExternal Applications<br />Secure Web Gateway<br />WAN Optimization<br />PreventInformation Leaks<br />Manage and DeliverVideo and Content<br />ValidateTrust<br />
  30. 30. ProxySG in the Network<br />Centralized Data andApplications<br />Public Web<br />Servers<br />Web Content andApplications<br />Internet<br />Customers and Partners<br />Internet Gateway /Content Filtering<br />Reverse Proxy<br />BranchProxySG<br />WAN<br />ConcentratorProxy<br />Data Center<br />BranchProxySG<br />Employees<br />Reporter<br />Remote Workers<br />Director<br />BranchOffices<br />ProxyClient<br />30<br />
  31. 31. SWG Design Criteria<br />Appliance/OS/TCP-stack/Cache designed for web object processing<br />Maximize utilization, throughput, and reliability <br />Reduce rack space required, green solution<br />Web protocol/application coverage (legacy & new)<br />Authentication, Authorization, Logging & Reporting<br />Web content optimization & acceleration<br />Latency = Closed <br />Filter & block unwanted web content<br />URL Filtering options, real-time analysis of new content<br />Web object filtering & blocking via policy controls<br />Scan, detect and block threats<br />Anti-malware/virus scanning options with cache intelligence<br />MMC filtering/strip/replace/block policy controls<br />Data Loss Prevention & Open Integration Point<br />DLP/ILP options, plus web content & method controls<br />Secure-ICAP and ICAP<br />
  32. 32. Proxy Design benefits:Ultimate Control Point <br />Full Protocol Termination = Total Visibility & Context<br />(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)<br />Custom built Blue Coat SGOS<br />Secure platform that provides maximum benefit for caching<br />Industry proven object caching capability<br />Policy architecture enables flexible user controls on applications<br />Secure ICAP for added security features and integration with DLP vendors<br />
  33. 33. ProxySGWAN Optimization<br />
  34. 34. What is ProxySG WAN Optimization?<br />AccelerationwithControl<br />
  35. 35. ProxySG WAN Optimization Technologies<br />Object Caching<br />Get web, file and video content close to users again<br />Byte Caching <br />Store repetitive network traffic for dramatic acceleration<br />Compression<br />Inline reduction of data to reduce application bandwidth <br />Protocol Optimization <br />Align high-level protocols with network characteristics<br />
  36. 36. Object Caching - Get web, file and video content close to users again<br />Automatically determines the “right” data<br />No legal or compliance risk like other solutions<br />Simply the fastest, most compressed data transfer<br />All applications, internal and external<br />
  37. 37. Object Caching<br />DATACENTER<br />Internet<br />Full File Cached Locally (proxy)<br />No data sent across WAN<br />Reduced traffic and bandwidth usage<br />Better user experience<br />Lower WAN costs<br />WAN<br />BRANCH<br />37<br />
  38. 38. Byte Caching - Store repetitive network traffic for dramatic acceleration<br />110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100<br />110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100<br />110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100<br />110111110011100100100101110[REF#1]00011110001110011000110000010011110000001101111010010[REF#2]010101010100101000010100<br />Proxies Cache common patterns<br />All files & applications over TCP<br />Reduced traffic and bandwidth usage<br />Better user experience<br />Lower WAN costs<br />38<br />
  39. 39. Compression - Inline reduction of data to reduce application bandwidth <br />110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100101010101010010101010101010100101000010100<br />110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010010010101010010101010101101100101100010100<br />11011111001110010010010111001100101011101100100001001100111001000001111000111001100011<br />Industry-standard gzip algorithm<br />Removes predictable “white space” <br />Reduced traffic and bandwidth usage<br />Better user experience<br />Lower WAN costs<br />39<br />
  40. 40. High-level protocols and network characteristics<br />High-level protocols are “chatty”<br />Microsoft file access, Web/HTTP, File Transfer (FTP), Exchange, Citrix, ERP, etc<br />Network characteristics<br />WAN latency, not cured by simply adding more bandwidth<br />
  41. 41. Protocol Acceleration - Align high-level protocols with network characteristics<br />Protocol Acceleration replaces chatty protocols with a WAN optimized alternative<br />Local acknowledgement<br />Larger windows<br />Transparent <br />
  42. 42. WAN Optimization Technologies Working Together<br />Object Caching<br />Caches repeated, static app-level data; reduces andwidth and latency<br />Byte Caching<br />Caches any TCP application using similar/changed data; reduces BW<br />Compression<br />Reduces amount of data transmitted; saves BW<br />Protocol Optimization<br />Remove inefficiencies, reduce latency<br />
  43. 43. Acceleration Gains<br />
  44. 44. ProxySG Policy Control<br />Control network resources by user, application or content<br />Full protocol termination for visibility and context<br />HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS<br />Fine-grained policy for: <br />Application Protocols <br />Content <br />Users (allow, deny, transform, etc)<br />Authentication integration, for example Active Directory<br />Granular, flexible logging<br />
  45. 45. Comparing ProxySG Control with PacketShaper Application QoS<br />ProxySG Control focused on:<br />Policy for user behavior and content management<br />Eliminates dangerous or inappropriate traffic<br />[Terminated] Application traffic-specific bandwidth shaping<br />Depth of understanding, <br />Protects against negative impact on business and compliance<br />PacketShaper Application QoS focused on:<br />Application behavior and bandwidth management<br />Contains disruptive traffic<br />Sees and manages all applications and entire network link<br />Breadth of understanding<br />Protects and maintains SLAs for business traffic<br />

×