Sunil Cherian - How to Bring Back Productivity With Secure Application Delivery - Interop Mumbai 2009

  • 860 views
Uploaded on

If offices were created to foster productive work environments, why do workers often receive faster connection speeds and application performance at home? In a typical office setting, multiple workers …

If offices were created to foster productive work environments, why do workers often receive faster connection speeds and application performance at home? In a typical office setting, multiple workers access applications and Web sites using the same infrastructure, creating traffic bottlenecks that slow the entire system and hinder productivity. This session will explore how to avoid server and network traffic jams while maintaining strong security.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
860
On Slideshare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
12
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. SecureAppDeliveryTM How to Bring Back Productivity with Secure Application Delivery 9/29/2009
  • 2. Agenda Enterprise Requirements for Access − Differences between Mobile, non-Mobile users and partners Application Delivery − Problems and Solutions − Key component technologies Tying them all together Summary 9/29/2009 2
  • 3. Enterprise Requirements No information access, no productivity Your Most Valuable Asset Business-Critical Processes February 9/29/2009 29, 2008 3
  • 4. Who Needs Access? Mobile Non-Mobile Partners Employees Employees − Need to access − Corporate-issued − Non-corporate PCs at certain applications t i li ti laptops home − Not trusted enough − WAN speed − Used to LAN speed to put them on your network − Daily to constant − Seldom to never remote access remote access − Have access solutions to partner − Small fraction of − Large percentage of networks but not to the corporate corporate employees y your network and employee body your applications 9/29/2009 4
  • 5. Business Continuity When disasters strike, can your employees have access to enterprise information so they can continue to provide services to your customers? Harvard study: two-thirds of businesses surveyed could not maintain normal operations if half of their workers were out for two weeks. k February 9/29/2009 29, 2008 5
  • 6. Anatomy of Application Performance Number of Hops matter Distance matters, routing matters Amount of traffic matters Quality of network matters − Congestion and Packet Loss Number of people on the network matters Type of applications in use on the network matters Where they access from and what they access matters 9/29/2009 6
  • 7. Today’s Enterprise Workforce Permanently Remote / Mobile Workforce Remote or Mobile Corporate WAN Daily to Constant USER TYPE REMOTE PC TYPE NETWORK SPEED ACCESS FREQUENCY Non-Mobile Non Mobile Non-Corporate Non Corporate LAN Never Non-Mobile Workforce 9/29/2009 7
  • 8. Mobile Worker Permanently Remote Employees (office at home or offsite) Highly Mobile Employees (road warrior) Corporate-issued laptops, sometimes desktops Accustomed to WAN speeds Daily to constant access of corporate resources Small fraction of corporate employee body USER TYPE REMOTE PC TYPE NETWORK SPEEDS ACCESS FREQUENCY Remote or Mobile Corporate WAN Daily to Constant 9/29/2009 8
  • 9. Non-Mobile Workers Deskbound Employees (situated in the office) Non-corporate PCs when working remotely Accustomed to LAN speeds Do not remotely access corporate resources Large percentage of corporate employee body USER TYPE REMOTE PC NETWORK SPEEDS ACCESS FREQUENCY Campus Worker None or LAN Never Or Day Extender Da E tender Non-Corporate Non Corporate 9/29/2009 9
  • 10. Business Continuity Allow extra users to log in seamlessly during emergencies q No IT intervention required One-time license fee for small number of days Burst up to a pre-defined concurrent user count 100 90 80 70 60 50 40 30 20 10 0 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75 77 79 September 9/29/2009 29, 2009 10
  • 11. DesktopDirectTM : An illustration 1. Browse (https://mydesktop.arraynetworks.net) 2. Sign in g 3. Click, automatically turn on the office PC if it is off 4. Work Only 30kbps!! 9/29/2009 11
  • 12. Partner Access: Security Risk Information to share Partner Network Information to protect Your Network September 9/29/2009 29, 2009 12
  • 13. SiteDirectTM: Third Party Access Information to share Partner Network Resource Publishing P blishing Information to protect IP conflict is resolved automatically Your Network SSL on port 443, No NAT/Firewall Only necessary resources are exposed y y p User level control on remote site access September 9/29/2009 29, 2009 13
  • 14. Application Delivery Problems and Solutions 9/29/2009 14
  • 15. Evolution of Application Delivery Server Load Balancing − directs traffic to healthiest server Application Accelerator − SSL offload Application Delivery Controller − connection multiplexing and application acceleration Was primarily useful for websites − before growing demand for web-based applications Mature technology now delivers any application − in production networks for over a decade 9/29/2009 15
  • 16. App Delivery Challenges Server could be oversubscribed − CPU, RAM, network interface overload − Too many requests at once − High amount of SSL traffic − Too many connections to a single server Server could stop responding − Hardware failure − Power outage − Operating system crash In line In-line devices could stop responding − Hardware failure − Power outage − Other issue 9/29/2009 16
  • 17. Technology Overview High Availability − Server load balancing − Device redundancy − Global server load balancing Application Acceleration − Secure Sockets Layer offload − TCP connection multiplexing Best-Practice Security − Application level protection Application-level 9/29/2009 17
  • 18. High Availability Server Load Balancing Real IP Address 1 Real IP Address 2 traffic health checking flow Virtual IP Address Real IP Address 3 Real IP Address 4 9/29/2009 18
  • 19. High Availability (One Data center) Device Redundancy Device A Replaced Device A Device A Maintenanced Active Again Active Device B Active A ti 9/29/2009 19
  • 20. High Availability (Multiple Sites) GSLB DNS S DNS S primary backup data d t center t data center global traffic health local flow checking health checking 9/29/2009 20
  • 21. High Availability (Branch Office) • Current Infrastructure •Costly 2 Mbps to 8 Mbps links shared by 100 to 300 people •Bandwidth per user less th 100 B d idth l than kbps, sometimes as low as 10kbps •Some large offices with T3 or up to 100 Mbps •People working from home with 256 p g kbps broadband or higher • Solutions •Lack of redundancy, susceptible for network failures • Link Loadbalancing • Combine multiple DSLs to improve overall throughput, performance & availability at lower cost • QoS / Priority Queueing / monitoring / filtering • WAN optimization / Acceleration • Compression & Caching • Data reduction / de-duplication 9/29/2009 21
  • 22. Acceleration (SSL) SSL Offload digital certificates ssl encrypted unencrypted t d overload of end-to-end ssl sessions 9/29/2009 22
  • 23. Acceleration (Caching) Caching offloads web server utilization by over 40% Deliver content From memory cache 9/29/2009 23
  • 24. Acceleration (Compression) Compression reduces bandwidth usage by 30%+ Compresses text, ppt On the fly 9/29/2009 24
  • 25. Acceleration (TCP) Connection Multiplexing reduces server conns by 100:1 3-way TCP 3 handshake 3-way TCP open TCP connection handshake 3-way TCP handshake too many TCP connections ti 3-way TCP handshake 3-way TCP handshake h d h k 9/29/2009 25
  • 26. Best-Practice Network Security Application-Level Protection DoS attack attacker 9/29/2009 26
  • 27. Best-Practice Network Security Application-Level Protection http://malformed_url malformed URL dropped malformed URL attack attacker 9/29/2009 27
  • 28. App Delivery from the Cloud 9/29/2009 28
  • 29. Cloud: Virtualization And Scalability Mobile employees Data Center Applications pp Desktops Resources to share with partners Partners P t Public or Private Public or Private Networks Networks Data Center Non-mobile • Many virtual portals employees • Large number of concurrent users • One URL among multiple data centers • Supports real or virtual desktops • Secure applications in the Cloud 9/29/2009 29
  • 30. Conceptual Architecture 9/29/2009 30
  • 31. SecureAppDeliveryTM How to Bring Back Productivity with Secure Application Delivery 9/29/2009