0
SecureAppDeliveryTM




How to Bring Back Productivity with Secure Application Delivery




                              ...
Agenda

       Enterprise Requirements for Access
        − Differences between Mobile, non-Mobile users and partners


  ...
Enterprise Requirements


       No information access, no productivity




       Your Most Valuable Asset         Busine...
Who Needs Access?

      Mobile                  Non-Mobile               Partners
      Employees               Employees...
Business Continuity




           When disasters strike, can your employees have access to
           enterprise informat...
Anatomy of Application Performance

        Number of Hops matter

        Distance matters, routing matters

        Amou...
Today’s Enterprise Workforce


Permanently Remote /
Mobile Workforce




   Remote or Mobile      Corporate          WAN  ...
Mobile Worker

       Permanently Remote Employees (office at home or offsite)
       Highly Mobile Employees (road warrio...
Non-Mobile Workers

       Deskbound Employees (situated in the office)

       Non-corporate PCs when working remotely
  ...
Business Continuity

      Allow extra users to log in seamlessly during emergencies
                           q
      No...
DesktopDirectTM : An illustration

 1.     Browse (https://mydesktop.arraynetworks.net)
 2.     Sign in
          g
 3.   ...
Partner Access: Security Risk

                              Information to share
                                        ...
SiteDirectTM: Third Party Access

                      Information to share
                                             ...
Application Delivery Problems and Solutions




9/29/2009                                            14
Evolution of Application Delivery

       Server Load Balancing
        − directs traffic to healthiest server


       Ap...
App Delivery Challenges

            Server could be oversubscribed
            −   CPU, RAM, network interface overload
 ...
Technology Overview

       High Availability
        − Server load balancing
        − Device redundancy
        − Global...
High Availability

       Server Load Balancing

                                    Real IP
                             ...
High Availability (One Data center)

       Device Redundancy




                  Device A
                  Replaced
  ...
High Availability (Multiple Sites)

       GSLB




              DNS
                S                 DNS
              ...
High Availability (Branch Office)

                                                              • Current Infrastructure
...
Acceleration (SSL)

       SSL Offload




                                 digital
                               certifi...
Acceleration (Caching)

       Caching offloads web server utilization by over 40%




                         Deliver co...
Acceleration (Compression)

       Compression reduces bandwidth usage by 30%+




                     Compresses text, p...
Acceleration (TCP)

      Connection Multiplexing reduces server conns by 100:1




                   3-way TCP
         ...
Best-Practice Network Security

       Application-Level Protection




                            DoS attack




       ...
Best-Practice Network Security

       Application-Level Protection




                                                 h...
App Delivery from the Cloud




9/29/2009                      28
Cloud: Virtualization And Scalability


       Mobile
       employees                        Data Center        Applicati...
Conceptual Architecture




9/29/2009                  30
SecureAppDeliveryTM




How to Bring Back Productivity with Secure Application Delivery




                              ...
Upcoming SlideShare
Loading in...5
×

Sunil Cherian - How to Bring Back Productivity With Secure Application Delivery - Interop Mumbai 2009

1,102

Published on

If offices were created to foster productive work environments, why do workers often receive faster connection speeds and application performance at home? In a typical office setting, multiple workers access applications and Web sites using the same infrastructure, creating traffic bottlenecks that slow the entire system and hinder productivity. This session will explore how to avoid server and network traffic jams while maintaining strong security.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,102
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
15
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Transcript of "Sunil Cherian - How to Bring Back Productivity With Secure Application Delivery - Interop Mumbai 2009"

  1. 1. SecureAppDeliveryTM How to Bring Back Productivity with Secure Application Delivery 9/29/2009
  2. 2. Agenda Enterprise Requirements for Access − Differences between Mobile, non-Mobile users and partners Application Delivery − Problems and Solutions − Key component technologies Tying them all together Summary 9/29/2009 2
  3. 3. Enterprise Requirements No information access, no productivity Your Most Valuable Asset Business-Critical Processes February 9/29/2009 29, 2008 3
  4. 4. Who Needs Access? Mobile Non-Mobile Partners Employees Employees − Need to access − Corporate-issued − Non-corporate PCs at certain applications t i li ti laptops home − Not trusted enough − WAN speed − Used to LAN speed to put them on your network − Daily to constant − Seldom to never remote access remote access − Have access solutions to partner − Small fraction of − Large percentage of networks but not to the corporate corporate employees y your network and employee body your applications 9/29/2009 4
  5. 5. Business Continuity When disasters strike, can your employees have access to enterprise information so they can continue to provide services to your customers? Harvard study: two-thirds of businesses surveyed could not maintain normal operations if half of their workers were out for two weeks. k February 9/29/2009 29, 2008 5
  6. 6. Anatomy of Application Performance Number of Hops matter Distance matters, routing matters Amount of traffic matters Quality of network matters − Congestion and Packet Loss Number of people on the network matters Type of applications in use on the network matters Where they access from and what they access matters 9/29/2009 6
  7. 7. Today’s Enterprise Workforce Permanently Remote / Mobile Workforce Remote or Mobile Corporate WAN Daily to Constant USER TYPE REMOTE PC TYPE NETWORK SPEED ACCESS FREQUENCY Non-Mobile Non Mobile Non-Corporate Non Corporate LAN Never Non-Mobile Workforce 9/29/2009 7
  8. 8. Mobile Worker Permanently Remote Employees (office at home or offsite) Highly Mobile Employees (road warrior) Corporate-issued laptops, sometimes desktops Accustomed to WAN speeds Daily to constant access of corporate resources Small fraction of corporate employee body USER TYPE REMOTE PC TYPE NETWORK SPEEDS ACCESS FREQUENCY Remote or Mobile Corporate WAN Daily to Constant 9/29/2009 8
  9. 9. Non-Mobile Workers Deskbound Employees (situated in the office) Non-corporate PCs when working remotely Accustomed to LAN speeds Do not remotely access corporate resources Large percentage of corporate employee body USER TYPE REMOTE PC NETWORK SPEEDS ACCESS FREQUENCY Campus Worker None or LAN Never Or Day Extender Da E tender Non-Corporate Non Corporate 9/29/2009 9
  10. 10. Business Continuity Allow extra users to log in seamlessly during emergencies q No IT intervention required One-time license fee for small number of days Burst up to a pre-defined concurrent user count 100 90 80 70 60 50 40 30 20 10 0 1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75 77 79 September 9/29/2009 29, 2009 10
  11. 11. DesktopDirectTM : An illustration 1. Browse (https://mydesktop.arraynetworks.net) 2. Sign in g 3. Click, automatically turn on the office PC if it is off 4. Work Only 30kbps!! 9/29/2009 11
  12. 12. Partner Access: Security Risk Information to share Partner Network Information to protect Your Network September 9/29/2009 29, 2009 12
  13. 13. SiteDirectTM: Third Party Access Information to share Partner Network Resource Publishing P blishing Information to protect IP conflict is resolved automatically Your Network SSL on port 443, No NAT/Firewall Only necessary resources are exposed y y p User level control on remote site access September 9/29/2009 29, 2009 13
  14. 14. Application Delivery Problems and Solutions 9/29/2009 14
  15. 15. Evolution of Application Delivery Server Load Balancing − directs traffic to healthiest server Application Accelerator − SSL offload Application Delivery Controller − connection multiplexing and application acceleration Was primarily useful for websites − before growing demand for web-based applications Mature technology now delivers any application − in production networks for over a decade 9/29/2009 15
  16. 16. App Delivery Challenges Server could be oversubscribed − CPU, RAM, network interface overload − Too many requests at once − High amount of SSL traffic − Too many connections to a single server Server could stop responding − Hardware failure − Power outage − Operating system crash In line In-line devices could stop responding − Hardware failure − Power outage − Other issue 9/29/2009 16
  17. 17. Technology Overview High Availability − Server load balancing − Device redundancy − Global server load balancing Application Acceleration − Secure Sockets Layer offload − TCP connection multiplexing Best-Practice Security − Application level protection Application-level 9/29/2009 17
  18. 18. High Availability Server Load Balancing Real IP Address 1 Real IP Address 2 traffic health checking flow Virtual IP Address Real IP Address 3 Real IP Address 4 9/29/2009 18
  19. 19. High Availability (One Data center) Device Redundancy Device A Replaced Device A Device A Maintenanced Active Again Active Device B Active A ti 9/29/2009 19
  20. 20. High Availability (Multiple Sites) GSLB DNS S DNS S primary backup data d t center t data center global traffic health local flow checking health checking 9/29/2009 20
  21. 21. High Availability (Branch Office) • Current Infrastructure •Costly 2 Mbps to 8 Mbps links shared by 100 to 300 people •Bandwidth per user less th 100 B d idth l than kbps, sometimes as low as 10kbps •Some large offices with T3 or up to 100 Mbps •People working from home with 256 p g kbps broadband or higher • Solutions •Lack of redundancy, susceptible for network failures • Link Loadbalancing • Combine multiple DSLs to improve overall throughput, performance & availability at lower cost • QoS / Priority Queueing / monitoring / filtering • WAN optimization / Acceleration • Compression & Caching • Data reduction / de-duplication 9/29/2009 21
  22. 22. Acceleration (SSL) SSL Offload digital certificates ssl encrypted unencrypted t d overload of end-to-end ssl sessions 9/29/2009 22
  23. 23. Acceleration (Caching) Caching offloads web server utilization by over 40% Deliver content From memory cache 9/29/2009 23
  24. 24. Acceleration (Compression) Compression reduces bandwidth usage by 30%+ Compresses text, ppt On the fly 9/29/2009 24
  25. 25. Acceleration (TCP) Connection Multiplexing reduces server conns by 100:1 3-way TCP 3 handshake 3-way TCP open TCP connection handshake 3-way TCP handshake too many TCP connections ti 3-way TCP handshake 3-way TCP handshake h d h k 9/29/2009 25
  26. 26. Best-Practice Network Security Application-Level Protection DoS attack attacker 9/29/2009 26
  27. 27. Best-Practice Network Security Application-Level Protection http://malformed_url malformed URL dropped malformed URL attack attacker 9/29/2009 27
  28. 28. App Delivery from the Cloud 9/29/2009 28
  29. 29. Cloud: Virtualization And Scalability Mobile employees Data Center Applications pp Desktops Resources to share with partners Partners P t Public or Private Public or Private Networks Networks Data Center Non-mobile • Many virtual portals employees • Large number of concurrent users • One URL among multiple data centers • Supports real or virtual desktops • Secure applications in the Cloud 9/29/2009 29
  30. 30. Conceptual Architecture 9/29/2009 30
  31. 31. SecureAppDeliveryTM How to Bring Back Productivity with Secure Application Delivery 9/29/2009
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×