SlideShare a Scribd company logo

Purpose-Built-SSL-VPN White Paper

Array Networks

As more organizations turn to virtual private networks (VPNs) based on Secure Sockets Layer (SSL) technology to meet their remote access needs, it’s becoming clear that SSL VPN solutions based on a general purpose computing platform are not equipped to meet the demanding requirements of medium to large enterprises and service providers. Such customers have stringent demands for security, user experience, response time, throughput, and scalability. At the same time, they want to become more efficient by consolidating a plethora of access control lists (ACLs)—from firewalls, LAN switches, wireless LAN devices and application security proxies—onto a single VPN system. Only a purpose-built SSL VPN platform can satisfy these demands. This paper will discuss the attributes of such a purpose-built SSL VPN platform—the Array Networks SPX— and how it cost-effectively delivers real-world benefits to enterprises and service providers including: • Improved security, flexibility and control • Improved performance, productivity and user experience • Reduced total cost of ownership (TCO)

Technology
1 of 14
Download to read offline
Array Purpose-Built SSL VPN White Paper Delivering Fast, Secure, and Scalable Universal Access Array Networks, Inc. 1371 McCarthy Blvd. Milpitas, CA 95035 Phone: (408) 240-8700
Array Purpose-Built SSL VPN p. Executive Summary As more organizations turn to virtual private networks (VPNs) based on Secure Sockets Layer (SSL) technology to meet their remote access needs, it’s becoming clear that SSL VPN solutions based on a general purpose computing platform are not equipped to meet the demanding requirements of medium to large enterprises and service providers. Such customers have stringent demands for security, user experience, response time, throughput, and scalability. At the same time, they want to become more efficient by consolidating a plethora of access control lists (ACLs)—from firewalls, LAN switches, wireless LAN devices and application secu- rity proxies—onto a single VPN system. Only a purpose-built SSL VPN platform can satisfy these demands. This paper will discuss the attributes of such a purpose-built SSL VPN platform—the Array Networks SPX— and how it cost-effectively delivers real-world benefits to enterprises and service providers including: • Improved security, flexibility and control • Improved performance, productivity and user experience • Reduced total cost of ownership (TCO) Introduction More and more organizations these days are turning to virtual private networks (VPNs) based on SecureSocketsLayer(SSL)technologyforsolvingtheirremoteaccessneeds. AccordingtoGartnerresearch: “By 2008, SSL VPNs will be the primary remote access method for more than two-thirds of business telework- ing employees, more than three-quarters of contractors and for more than 90 percent of casual employee access (0.7 probability).” “SSL VPNs also will eventually replace millions of simpler SSL sessions in B2C portals.” “Growth potential is sufficient to attract every major network player as well as to sustain a sizeable popula- tion of smaller incumbents, startups and investors.” Attribution: Gartner, “Magic Quadrant for SSL VPN, North America, 3Q05” by John Girard. December 8, 2005. In response to the increasingly mobile and diverse nature of users—including non-employees who typically utilize their own laptop computers with varying levels of security—enterprises and carriers are looking to make secure application and network access an integral part of the resources they provide to end users. General-purpose SSL VPNs enable users to securely access data and applications from multiple loca- tions and computing devices, offering granular, identity-based access controls. But most SSL VPNs pay almost no attention to the performance required for a positive end-user experience as well as the scalability that large-scale universal deployments demand.
Array Purpose-Built SSL VPN p. A General-Purpose SSL VPN is Not Sufficient SSL VPN solutions leverage the ubiquitous SSL encryption of any browser to encrypt traffic, provide data confidentiality and data integrity. As Gartner notes, corporations have generally accepted SSL VPNs as a better remote access alternative to those based on the Internet Security (IPsec) protocol or leased line VPNs. To date, however, SSL VPN vendors have focused almost exclusively on the flexibility and security benefits of SSL VPNs in providing clientless and client/server application access control. They have done little to ensure that the overall scalability and performance of their SSL VPN solutions match or exceed those of IPsec VPNs. The problem is that most SSL VPN solutions are packaged as software on a general-purpose Linux platform and thus cannot meet enterprise customer demands in areas including: • Performance and user experience – The ability to nearly match the latency and throughput performance of IPsec VPNs, and improve the end user application performance experience without having to deploy and manage expensive third party solutions. • Scalability – The ability to scale to a large number of concurrent users on a single hardware platform without performance degradation. • Security – The ability to provide not only encryption, but also deep packet inspection and application-level filtering without adversely affecting overall system performance. • Universal access –The ability to consolidate remote users, branch office users, wired and wireless LAN (WLAN) users onto a single SSL VPN platform, without hardware changes. Performance SSL VPN solutions delivered on general-purpose platforms have design and architecture limitations that can result in processing bottlenecks that negatively impact latency and throughput. As an ex- ample, consider SSL bulk encryption. Most general-purpose SSL VPN solutions perform SSL key ex- changes in hardware, using an SSL VPN co-processor, but rely on the main CPU for bulk encryption. Bulk encryption is a CPU-intensive process that puts a heavy toll on system throughput and intro- duces significant latency. Application-level throughput is another important factor. As SSL VPNs become more popular, they are being called upon to handle loads that most general-purpose platforms simply weren’t designed for. Many SSL VPN platforms are thus being pushed to their practical limit, which may be far below the vendor’s stated limit in terms of number of concurrent users supported. The result is they either cease to function properly or function so poorly that it hampers end user productivity. To achieve an acceptable performance level, customers often find they have to purchase multiple general-purpose SSL VPN boxes and operate them at far below their claimed performance in terms of throughput and concurrent users. This, of course, leads to increased costs – in terms of both initial capital expense and ongoing management – and decreased reliability, due to multiple points of failure. Some organizations suffer such poor performance that they have to purchase and maintain separate third-party application acceleration solutions. This again leads to higher costs and decreased reliability.
Array Purpose-Built SSL VPN p. Scalability Avoiding such costs means finding an SSL VPN solution that is highly scalable. Scalability is measured largely by two factors: maximum number of concurrent users and maximum number of concurrent SSL connections. While general purpose SSLVPN solutions may claim to scale up to 2,500 concurrent users, their practi- cal limit is likely far less, as noted above. Yet even the 2,500 concurrent user number is far too few for many enterprises and, certainly, service providers. For a service provider that provides SSL VPN managed services, the ability to scale beyond 10,000 users and hundreds of customers on a single system is essential. The same is true for many large enterprises, given that most Global 2000 companies employ more than 100,000 people. While not all employees need secure remote access, and those that do won’t all be logging in at the same time, it’s important to remember that SSL VPN use is not limited to employees. In many cases, numerous contractors, partners, suppliers and customers must be given secure access. Given their simple, cli- ent-less nature, most IT professionals would prefer to use SSL VPNs to meet the secure access needs of these various groups and individuals. But unless the SLL VPN solution can scale beyond the typical limit of 500 to 1,000 users per system, it is not architecturally or economically feasible for it to support such heavy demands. In addition, every user community, whether it be different business units, partners, suppliers or cus- tomers, have different levels of access privileges. General-purpose SSL VPN solutions can support granular role-based policies for diverse user groups, but they require a separate SSL VPN system to secure each group’s user portal. As a result, total cost of ownership (TCO) can skyrocket when more diverse users are added. Security The performance and scalability shortcomings of general-purpose SSL VPN platforms also play a part in limiting their security capabilities. Providing proper security requires processing power. On a gen- eral-purpose SSL VPN solution, security may be set at the desired level when only 50 users are on the system, but as more and more users are added, performance declines. As a result, the IT manager may be tempted to scale back the level of security until performance is restored to an acceptable level. Clearly, this is not an optimum strategy. Another problem with general-purpose SSL VPNs is that they are built on off-the-shelf operating sys- tems, and therefore are subject to all the vulnerabilities and security holes associated with those operating systems. Most general-purpose SSL VPNs also lack any advanced security features, such as an integrated firewall and deep packet inspection, which mean customers must add another device to handle such functions – adding complexity, cost and latency. Additionally, general-purpose SSL VPN solutions typically provide transport security only between the client and the SSLVPN appliance, not between the appliance and any attached servers. This leaves the user organization at risk from an internal attack, which account for a significant percentage of all security threats. In fact, 56% of respondents to the 2005 CSI/FBI Computer Crime and Security Survey reported at least one attack from inside their organization in the previous 12 months.
Array Purpose-Built SSL VPN p. Universal Access While general-purpose SSLVPN solutions enable access to corporate resources for remote users, they typically do not address access requirements for other enterprise users, such as those attaching to the network from the corporate LAN or wireless LAN. That means the SSL VPN platform becomes yet another area where IT must administer access control lists (ACLs), joining existing ACLs on their LAN and WLAN switches, firewalls and corporate directories. Keeping all these ACLs in sync, with up-to- date information, is a real challenge, and can create security holes if not properly addressed. Even if general-purpose SSLVPNs claim to support universal access, their limited capacity make them impractical for service provider or enterprise-wide deployments. Introducing the Purpose-built SSL VPN The various shortcomings associated with general-purpose SSL VPNs can all be addressed by using a platform built specifically for SSL VPNs. This is the approach Array Networks has taken with its SPX series of high-performance SSL VPN systems. Array’s SPX systems are based on a purpose-built platform that runs the custom ArrayOS™ operating system. Its optimized and streamlined operations deliver dramatically higher throughput as com- pared to general-purpose SSL VPNs platforms and lower latency, while allowing for a much higher number of concurrent users and SSL sessions. Array Purpose-built SSL VPN Advanced Architecture General-purpose SSL VPN Array Purpose-built Solution • Data must travel through several opensourced interfaces • Streamlined, linear packet processing • Each interface introduces security holes and vendor implementation dependency • All data goes through stacks once and are processed in parallel • Processing delay may cause “unpredictable behavior” • Each processing component is optimized • Difficult to optimize data path • Custom-made operating system and hardware are built specifically for security processing and performance. OPEN SSL ARRAY OS I/O MEMORY PCI APACHE LINUX OS MAIN CPU I/O MEMORY PCI SSL HARDWARE SSL HARDWARE MAIN CPU General Purpose SSL VPN Array Purpose-built SSL VPN
Array Purpose-Built SSL VPN p. A general-purpose computing platform introduces significant bottlenecks and latency as processes wind their way through multiple layers of processing. Array’s custom ArrayOS™ operating system streamlines processing, and ensures CPU-intensive operations such as key exchanges and bulk en- cryption are performed in hardware. Superior Performance and User Experience In fact, its purpose-built platform enables Array to deliver performance, throughput and capacity that’s 8 times faster than the nearest SSL VPN platform can offer. Much of the performance story is owed to both ArrayOS™ and SpeedStack™, which is an Array pro- cessing engine that enables TCP overhead functions to be performed just once on behalf of multiple integrated data flows. The diagram below illustrates the integrated features that are able to access data within memory without having to move the data around. If you think of features as being com- posed of functions, there is a large amount of function overlap. This means, at any given time, a func- tion request may be servicing more than one feature, resulting in more efficient resource utilization and improved performance. InadditiontoperformingbothSSLkeyexchangeandbulkencryptioninhardware,Arrayalsointegrates compression and connection multiplexing, to improve response time and reduce server workloads by offloading network connection chores. As a result, Array can maintain an average Web page response time of just 2ms with 500 concurrent SSL users, and remain in single digits with tens of thousands of concurrent users. For those environments where application servers are too expensive to perform low-levelTCP network operations, andWAN bandwidths are precious for remote users, Array SPX offers integrated application acceleration including industry-leading TCP connection multiplexing and hardware-based HTTP com- pression.This level of integrated feature and performance improves server response time and end user experience while reducing costs. SSL End Point Security Application Support Application Acceleration HTTP Rewrite Deep Packet Inspection Filtering ACL AAA Data in memory / function overlap SpeedStack™ Application Presentation Session TCP/UDP IP Datalink Physical
Array Purpose-Built SSL VPN p. Enhanced Security Array’s strong performance capabilities also mean users don’t have to sacrifice security for perfor- mance, as is often the case with general-purpose SSL VPN solutions. Array can simultaneously main- tain both maximum security and instantaneous user response time. Like all SSL VPN solutions, Array supports authentication, authorization and auditing (AAA), and end point security with cache cleaning. But Array has also built in numerous security features not found in typical general-purpose SSL VPN solutions. The security story starts with the proprietary ArrayOS operating system. As a purpose-built OS, Ar- rayOS has none of the extraneous features and functions inherent in a general-purpose OS like Win- dows or Linux, and their concomitant security vulnerabilities. ArrayOS is a security hardened OS, with a greatly reduced potential attack surface. ArrayOS also employs a full reverse proxy architecture, meaning it fully terminates all connections, and establishes new connections to back-end servers.That serves multiple purposes. For one, it helps protect those back end servers from attack; since all connections stop at the Array device, down- stream devices can’t “see” those back end servers. Array also uses a delayed binding technique that requires the connection to be fully terminated on the Array box before it is passed to the application server. That prevents spoofed IP addresses from connecting to servers, since they will not terminate correctly. Array SPX also employs a wire-speed stateful firewall and Layer 7 packet inspection, to immediately detect—and drop—anomalous packets. For particularly sensitive applications that require end-to- end security, Array can also re-encrypt sessions between the Array device and back-end servers. Scalable and Virtualized Universal Access As explained earlier, large enterprises and service providers require the highest scalability, lowest TCO, and universal access control to support large number of diverse users. Array SPX meets these stringent demands with its industry leading scalability, virtualization and universal access control capabilities. A single Array system can support up to: • 64,000 concurrent users • 100,000 concurrent SSL sessions • 10,000 SSL transactions per second • 850M bps throughput • 256 virtual portals These 256 virtual portals can each have unique access policies, as well as their own look, feel and security configuration. That means from a single system, an enterprise can give its customers access to its public Web-based ordering system, enable employees to access e-mail, ERP and CRM systems, and give suppliers access to their extranet. And service providers can support up to 256 distinct cus- tomers from a single Array system, dramatically cutting their provisioning and operations costs as compared to a general-purpose SSL VPN solution.
Array Purpose-Built SSL VPN p. With respect to providing universal access control, Array has made a quantum leap as compared to general purpose SSLVPNs. Array SSLVPN can eliminate the need to set up and maintain ACLs on mul- tiple LAN switches, SSL VPN appliances, and separate wireless LAN switches. With Array SSL VPN, a user’s access method is supported whether they happen to be accessing the network remotely, from the wireless LAN, or when directly connected to the LAN. Array’s comprehensive security policies can be enforced for all users accessing the network, not just for remote users. Secure universal access depends on a number of key attributes of the Array SSL VPN system, including: • Highest number of concurrent users and sessions; without the ability to support a large number of users, it’s simply not possible to add users for universal access control. • Low response time, high throughput, enabling Array to add users for universal access control without slowing down productivity. • Integrated high performance network and application firewall, enabling an organization to re place its current firewall ACL. • Up to 256 virtual portals for diverse user groups, making it simpler to support and administer multiple portals for a large number of users, whether they are remote or access the network via the WLAN or LAN. • Advanced role-based administration, which allows security and network policy responsibilities to be delegated throughput the IT department. Array is defining the market by enabling an organization to control end-users’ access policies and endpoint security in just one place: on the Array SSL VPN. This reduces the costs of administration by eliminating the need to set up and maintain ACLs on multiple LAN switches, firewalls, SSL VPN appli- ances and separate WLAN switches. Meeting Your Demanding Requirements The combination of universal and scalable access, enhanced security and superior performance that Array provides means customers realize significant savings in both cost and time. Being able to meet all remote access requirements with a single system means a lower TCO as compared to employing multiple general-purpose SSL VPN systems. Further cost savings can be realized with the advanced security features that Array offers, and from being able to centrally control all access requirements. At the same time, Array gives customers a foundation upon which to build for future VPN requirements, including site-to-site SSL VPNs.
Array Purpose-Built SSL VPN p. Higher performance, lower TCO Array’s capacity of 64,000 concurrent users per system, and 100,000 concurrent SSL sessions, makes for a powerful TCO story when you consider cost per user. Array is cost-effective even below 1,000 users, but at higher numbers the cost dramatically decreases.The cost of competing solutions, mean- while, increases dramatically above 1,000 users because they require more boxes, with the accompa- nying management complexity. And by offloading tasks from back end servers, Array’s connection multiplexing technology reduces server hardware and software costs, further lowering TCO. When a $13 billion healthcare company needed to add 5,000 people to its network within two months, it considered numerous VPN and thin client alternatives. It opted for an Array system be- cause it provided significantly higher performance, with higher reliability and greater security than competing solutions. It could also scale to as many as 100,000 users without a hardware upgrade and proved simpler to manage. The Array system cost the company just $40 per user to implement, vs. $200 or more for competing solutions. It also required far less help desk support and was simpler to manage, bringing the total savings from the Array system to more than $1 million as compared to the alternatives. No client software is needed Any standard browser works Array provides SSL encryption and AAA to enhance MLPS or leased line security Array SSL can easily travel through IPsec and Firewall Layer 7 centralized policy control • Quicker to set up • Cheaper to operate • Lowest latency • Highest scalability • Home Telecommuters • Small Office / Home Office • Mobile Users • Hotels • Airports • Kiosks • Roaming • PDA Cell • Branch Office • Franchise Store • Remotely Hosted Applications Partners Customer A, B, C, D SSL SSL SSL SSL Local Users LAN WLAN Array SPX Enterprise Headquarters or Service Provider POP Web, Application and Database Servers SSL SSL SSL SSL Internet Network-to-Network Connection Remote or Hosted Resources and Applications
Array Purpose-Built SSL VPN p. 10 Another healthcare organization, Presbyterian Healthcare, deployed the Array SPX to enable doc- tors and other support staff to securely access patient information. It realized a 100% increase in the number of concurrent users it could handle as compared to its previous solution, along with a 50% improvement in end user response times. Additionally, the organization saw a 400% increase in server capacity, with its Microsoft IIS Web servers handling about 4,000 users per server, up from the previous 800. The organization also realized a 50% reduction in the number of back-end servers it needed. Similarly, one of the world’s largest communications service providers, which provides mobile tele- communications services to more than 100 million customers, was spending $3.1 million per year on help desk personnel to help its vendor clients manage their IPsec-based VPN access solution. That solution couldn’t scale beyond 2,000 users, yet the provider already had a community of 5,000 vendors, which was continuing to grow. Switching to an Array SPX system enabled the company to dramatically reduce its support costs, since client side support and training were no longer required. And the Array system can easily support the company’s 5,000 users, with plenty of room to grow. Array’s virtualization features also lead to significant cost savings vs. general-purpose SSL VPNs. Con- sider the cost savings of supporting all your diverse user groups—employees, partners, suppliers and customers—from the same platform, as opposed to buying and managing separate SSL VPN boxes for each group. For service providers, in addition to supporting up to 256 customers on a single plat- form, deploying an Array SPX means no longer having to place appliances at the customer premise, a significant cost savings in both the initial expense and ongoing management. All the while, the Array system doesn’t require customers to skimp on security for the sake of per- formance. Its purpose-built architecture, with the ability to handle many CPU-intensive tasks in hardware, enables the SPX to deliver performance that far surpasses competing solutions. And its integrated Web firewall and deep packet inspection technology means customers don’t have to buy additional security products to handle those functions, further reducing TCO. Security everywhere: Universal access control Another aspect of TCO has to do with the way organizations handle user access policies, a process that is often riddled with inefficiency, redundancy and complexity. Most organizations are forced to define user access policies at numerous points within the network for the same users, including: • SSL VPN devices, for remote access • WLAN switches, for wireless access • LAN switches, for wired access • Firewalls • Proxy servers, such as for E-mail and other applications Besides being costly to administer, defining policies numerous times in this manner makes it difficult to ensure all policies are in sync, leading to the unintentional creation of security holes. Array SSLVPN systems enable IT managers to define end-users access policies in just one place, elimi- nating the need to set up and maintain ACLs on multiple switches and appliances.
Array Purpose-Built SSL VPN p. 11 The idea of universal access control is especially important now that network access has become ubiquitous, with users logging on to the corporate network from wherever they may be, using myr- iad devices that may or may not be configured according to corporate security policies. Enterprise users, business partners or guests may become unknowingly infected when surfing the Internet or working remotely, then bring those infected devices directly into the network. Similarly, without proper access controls, internal users on the corporate LAN could open the network to a host of threats when they access the Internet. These kinds of threats are unacceptable to any organization, but especially those that must meet stringent regulatory requirements to protect corporate data. Enterprises need a centralized universal access solution that ties together all aspects of the user’s identity, device and network permissions, and can uniformly enforce policies, even for groups they do not control. Array provides just such a solution. Array SSL VPN systems provide user access control no matter whether the user is accessing the network remotely, from the wireless LAN or directly from the wired LAN. And Array’s comprehensive security policies can be enforced for all users accessing the net- work, not just remote users. Array offers a host of security features, including: • Client-side integrity checking, to ensure client machines adhere to company security policies. Multiple remediation options are available, including limiting access, directing offending machines to a patch server and restricting access to certain applications or environments. • Secure access to Web applications, with role-based secure access to intranets and extranets and URL masking, to protect Web applications. • Secure access to file servers and client/server applications • Role-based administration, with the ability to delegate administration for different groups to appropriate IT staff. • Strong authentication, including support for two-factor authentication and integration with Microsoft Active Directory, RADIUS, UNIX NIS or a local authentication database. • Integrated network and application-layer firewall. The Array SPX platform itself is also crucial to the notion of providing universal access. Only a platform that is capable of supporting a large number of concurrent users and sessions, with high throughput and low response time, is suitable for handling universal access in a large environment. Security for thin client applications In addition to providing secure access to Web applications, e-mail, file servers and the like, Array SPX also provides a crucial security layer for thin client applications, including Citrix and Windows Terminal Server. Placing an Array system in front of a Citrix server, for example, reduces an organization’s network exposure. Traditionally, remote clients are connected directly to the Citrix server, which is typically resident on the corporate network. That means an intruder who gains access to the Citrix server
Array Purpose-Built SSL VPN p. 12 could likewise gain access to the rest of the network. Array’s reverse proxy architecture eliminates that threat. All remote sessions are terminated on the Array system, which then re-establishes a connection with the Citrix server, thus preventing remote users from gaining access to any other network resources. The Citrix server, then, becomes just one more application protected by the Array SPX (see Figure x). Protection for Your Citrix Servers The Array SPX also gives administrators granular control of user access rights, right down to the URL, directory or application level. Array also provides enhanced auditing features, covering all user ac- tions from the time they log in to when they log . A solution for real-time transactions Many organizations are facing increasingly stringent requirements for fast response time. Whether it’s customers demanding better performance from your customer-facing Web site or internal users pounding on the ERP system, nobody wants to wait to get what they’re after. In many instances, time is indeed money. In the financial services arena, for example, fast response time is essential, because huge sums of money are dependent on timely access and trades. Stock prices change literally every second, and can fluctuate greatly from one minute to the next.The prob- lem is compounded by the fact that many traders are not in a traditional office. Rather, they’re on the road, visiting clients, yet they still need fast, secure access to trading applications. All users Non-employees Employees Remote Virtual Desktop Citrix Presentation Server “Fat Client” Applications DMZ Web Applications File Sharing Email Corporate Network Contractors Partners Employees Internet
Array Purpose-Built SSL VPN p. 13 In such a case, an SSL VPN solution is likely to be the preferred option, because it’s far simpler than installing and maintaining IPsec software on each client machine. But a general-purpose SSL VPN solution is unlikely to be able to provide the kind of response time – typically less that 5ms – that trading applications require, especially for a large user base. Array SPX, however, is up to the task, with a response time of less than 2ms for as many as 500 concurrent users. Banks Key Requirements Array Purpose- built Solution Other SSL VPN 100% clientless remote access to web- based applications Yes Partially No more than 5ms Lowest latency 1.7ms 10 times slower Integrated Symantec End Point Security Yes Yes High Scalability Yes No High Performance Yes No A foundation for the future While SSL VPNs are clearly displacing IPsec VPNs for remote access, IPsec is still widely used for site- to be highly scalable. With its ability to support 64,000 concurrent users today, and 256 virtual portals, Array is well-posi- tioned to take this next step in the evolution of SSL VPN technology. Summary SSL VPN technology has won the battle with IPsec for remote access requirements, with Gartner pre- dicting that by 2008, SSL VPNs will be the primary remote access method for most business use. But as SSL VPN use increases, so do the demands for access, security and performance. General-purpose VPN solutions are simply not equipped to meet these growing demands, falling short in terms of performance, scalability, security, end user experience and the ability to provide universal access. Only a platform built from the ground up to meet SSL VPN requirements can meet the demands of enterprises and service providers. Array’s SPX system, with its proprietary ArrayOS operating system, has the horsepower to meet even the most demanding needs, with support for as many as 64,000 concurrent users and 100,000 SSL sessions. And its virtualization capabilities, with support for 256 distinct portals, are unmatched in the industry. Such features position Array not only as a sound choice to meet today’s requirements, but as the only platform that can grow with you to meet the VPN requirements of tomorrow. 2000 1800 1600 1400 1200 1000 800 600 400 200 0 Average HTTP Response Times (ms) Array SPX Competitor J Competitor F Orders of Magnitude Lower Latency Web Application Response Time
Array Purpose-Built SSL VPN p. 14 About Array Networks Array Networks Inc. is a global leader in enterprise secure application delivery and universal access solutions for the rapidly growing SSL VPN and application delivery controller (ADC) markets. More than 3,500 customers worldwide – including enterprises, service providers, government and vertical organizations in healthcare, finance, insurance and education – rely on Array to provide anytime, anywhere secure and optimized application access. Industry leaders including Deloitte, Red Herring, Gartner, and Frost and Sullivan have recognized Array as a market and technology leader. - approximately 60 resellers and VARs worldwide. For more information, please visit www.arraynetworks.net or call 1-866-MY-ARRAY.

Recommended

Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 Networks
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
 
How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications Array Networks
 

Recommended

Scaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachScaling Mobile Network Security for LTE: A Multi-Layer Approach
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
 
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Securing Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsSecuring Servers in Public and Hybrid Clouds
Securing Servers in Public and Hybrid CloudsRightScale
 
F5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 networks the_expectation_of_ssl_everywhere
F5 networks the_expectation_of_ssl_everywhereF5 Networks
 
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)The F5 DDoS Protection Reference Architecture (Technical White Paper)
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
 
How SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksHow SASE can help you move securely from the PSN with VMware and Breeze Networks
How SASE can help you move securely from the PSN with VMware and Breeze NetworksArticulate Marketing
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications Array Networks
 
What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?QOS Networks
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksCisco Service Provider Mobility
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Paul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul Hobbs
 
NetScaler ADC - Customer Overview
NetScaler ADC - Customer OverviewNetScaler ADC - Customer Overview
NetScaler ADC - Customer OverviewMichelle Guerrero Montalvo
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cohesive Networks
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Sangfor SSL VPN Brochure
Sangfor SSL VPN BrochureSangfor SSL VPN Brochure
Sangfor SSL VPN BrochureSangfor Technologies USA
 
SECURE ACCESS GATEWAYS
SECURE ACCESS GATEWAYSSECURE ACCESS GATEWAYS
SECURE ACCESS GATEWAYS Array Networks
 
Cyber Priority - Judson Walker
Cyber Priority - Judson WalkerCyber Priority - Judson Walker
Cyber Priority - Judson Walkerscoopnewsgroup
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
SASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BASASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BAbourhan88100
 
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Happiest Minds Technologies
 
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...LiveAction Next Generation Network Management Software
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE Haris Chughtai
 
What we Learned from Sunburst with Zero Trust
What we Learned from Sunburst with Zero TrustWhat we Learned from Sunburst with Zero Trust
What we Learned from Sunburst with Zero TrustAndrew Harris
 
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Cisco Canada
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltMazeBolt Technologies
 
DDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBoltDDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBoltMazeBolt Technologies
 
SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Wp cipher graph-cag-topology
Wp cipher graph-cag-topologyWp cipher graph-cag-topology
Wp cipher graph-cag-topologyIRSHAD RATHER
 

More Related Content

What's hot

What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?QOS Networks
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsDr. Sunil Kr. Pandey
 
Paul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul Hobbs
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cohesive Networks
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Cyber Priority - Judson Walker
Cyber Priority - Judson WalkerCyber Priority - Judson Walker
Cyber Priority - Judson Walkerscoopnewsgroup
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyHappiest Minds Technologies
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloudAzure Group
 
SASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BASASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BAbourhan88100
 
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Happiest Minds Technologies
 
What we Learned from Sunburst with Zero Trust
What we Learned from Sunburst with Zero TrustWhat we Learned from Sunburst with Zero Trust
What we Learned from Sunburst with Zero TrustAndrew Harris
 
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Cisco Canada
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltMazeBolt Technologies
 
DDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBoltDDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBoltMazeBolt Technologies
 

What's hot (20)

What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?What is SASE and How Can Partners Talk About it?
What is SASE and How Can Partners Talk About it?
 
Monetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless NetworksMonetizing the Enterprise: Borderless Networks
Monetizing the Enterprise: Borderless Networks
 
Cloud Security, Standards and Applications
Cloud Security, Standards and ApplicationsCloud Security, Standards and Applications
Cloud Security, Standards and Applications
 
Paul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media ServicesPaul hobbs @ Verzon Digital Media Services
Paul hobbs @ Verzon Digital Media Services
 
NetScaler ADC - Customer Overview
NetScaler ADC - Customer OverviewNetScaler ADC - Customer Overview
NetScaler ADC - Customer Overview
 
Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2Cloud Security Best Practices - Part 2
Cloud Security Best Practices - Part 2
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the Future
 
Sangfor SSL VPN Brochure
Sangfor SSL VPN BrochureSangfor SSL VPN Brochure
Sangfor SSL VPN Brochure
 
SECURE ACCESS GATEWAYS
SECURE ACCESS GATEWAYSSECURE ACCESS GATEWAYS
SECURE ACCESS GATEWAYS
 
Cyber Priority - Judson Walker
Cyber Priority - Judson WalkerCyber Priority - Judson Walker
Cyber Priority - Judson Walker
 
BlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network SecuirtyBlockChain Enabled-Cloud Delivered For Network Secuirty
BlockChain Enabled-Cloud Delivered For Network Secuirty
 
The security of SAAS and private cloud
The security of SAAS and private cloudThe security of SAAS and private cloud
The security of SAAS and private cloud
 
SASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BASASE Future Proof sdwan 20 Sep2020 v2.1 BA
SASE Future Proof sdwan 20 Sep2020 v2.1 BA
 
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
Azure bastion- Remote desktop RDP/SSH in Azure using Bastion Service as (PaaS)
 
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
Phantom Virtualization Tap Plus RSA NetWitness Add Up to Exceptional Gains in...
 
Understanding SASE
Understanding SASE Understanding SASE
Understanding SASE
 
What we Learned from Sunburst with Zero Trust
What we Learned from Sunburst with Zero TrustWhat we Learned from Sunburst with Zero Trust
What we Learned from Sunburst with Zero Trust
 
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...
 
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBoltDDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
DDoS Mitigation Guide |DDoS Protection Cyber Security | MazeBolt
 
DDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBoltDDoS Defenses | DDoS Protection and Mitigation | MazeBolt
DDoS Defenses | DDoS Protection and Mitigation | MazeBolt
 

Similar to Purpose-Built-SSL-VPN White Paper

SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide Array Networks
 
Wp cipher graph-cag-topology
Wp cipher graph-cag-topologyWp cipher graph-cag-topology
Wp cipher graph-cag-topologyIRSHAD RATHER
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityBrian Kesecker
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the CloudCloudSmartz
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptxchelsi33
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfSahilSingh316535
 
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...Amazon Web Services
 
The changing landscape of SDN. What your customers need to know.
The changing landscape of SDN. What your customers need to know.The changing landscape of SDN. What your customers need to know.
The changing landscape of SDN. What your customers need to know.Tech Data
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpnRajesh Porwal
 
ITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelHitesh Mohapatra
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSLarry Austin
 

Similar to Purpose-Built-SSL-VPN White Paper (20)

SSL VPN Evaluation Guide
SSL VPN Evaluation GuideSSL VPN Evaluation Guide
SSL VPN Evaluation Guide
 
Wp cipher graph-cag-topology
Wp cipher graph-cag-topologyWp cipher graph-cag-topology
Wp cipher graph-cag-topology
 
en_secur_br_secure_access_mobility
en_secur_br_secure_access_mobilityen_secur_br_secure_access_mobility
en_secur_br_secure_access_mobility
 
Rik Ferguson
Rik FergusonRik Ferguson
Rik Ferguson
 
zscaler-aws-zero-trust.pdf
zscaler-aws-zero-trust.pdfzscaler-aws-zero-trust.pdf
zscaler-aws-zero-trust.pdf
 
Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?Can You Trust Cloud Security In Public Cloud?
Can You Trust Cloud Security In Public Cloud?
 
Whitepaper: Security of the Cloud
Whitepaper: Security of the CloudWhitepaper: Security of the Cloud
Whitepaper: Security of the Cloud
 
Security of the Cloud
Security of the CloudSecurity of the Cloud
Security of the Cloud
 
SaaS Security.pptx
SaaS Security.pptxSaaS Security.pptx
SaaS Security.pptx
 
saassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdfsaassecurity-230424030940-08314322.pdf
saassecurity-230424030940-08314322.pdf
 
2010fall ch31 naymka
2010fall ch31 naymka2010fall ch31 naymka
2010fall ch31 naymka
 
Multi cloud networking
Multi cloud networkingMulti cloud networking
Multi cloud networking
 
Ip tunneling and vpns
Ip tunneling and vpnsIp tunneling and vpns
Ip tunneling and vpns
 
WEB SERVERS
WEB SERVERSWEB SERVERS
WEB SERVERS
 
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...
 
The changing landscape of SDN. What your customers need to know.
The changing landscape of SDN. What your customers need to know.The changing landscape of SDN. What your customers need to know.
The changing landscape of SDN. What your customers need to know.
 
F5 TLS & SSL Practices
F5 TLS & SSL PracticesF5 TLS & SSL Practices
F5 TLS & SSL Practices
 
Ip tunnelling and_vpn
Ip tunnelling and_vpnIp tunnelling and_vpn
Ip tunnelling and_vpn
 
ITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment modelITU-T requirement for cloud and cloud deployment model
ITU-T requirement for cloud and cloud deployment model
 
Forcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPSForcepoint SD-WAN and NGFW + IPS
Forcepoint SD-WAN and NGFW + IPS
 

More from Array Networks

Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl... Array Networks
 
WAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCEWAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCE Array Networks
 
Array Networks’ Application Delivery Solutions Now Available Through Promark ...
Array Networks’ Application Delivery Solutions Now Available Through Promark ...Array Networks’ Application Delivery Solutions Now Available Through Promark ...
Array Networks’ Application Delivery Solutions Now Available Through Promark ... Array Networks
 
Array Networks - Application Availability, Security & Performance
Array Networks - Application Availability, Security & PerformanceArray Networks - Application Availability, Security & Performance
Array Networks - Application Availability, Security & Performance Array Networks
 
Virtual WAN Optimization Controllers Data Sheet - Array Networks
Virtual WAN Optimization Controllers Data Sheet - Array NetworksVirtual WAN Optimization Controllers Data Sheet - Array Networks
Virtual WAN Optimization Controllers Data Sheet - Array Networks Array Networks
 
Web Application Firewall (WAF) Data Sheet - Array Networks
Web Application Firewall (WAF) Data Sheet - Array NetworksWeb Application Firewall (WAF) Data Sheet - Array Networks
Web Application Firewall (WAF) Data Sheet - Array Networks Array Networks
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks Array Networks
 
Array Networks Case Study - SoftLayer
Array Networks Case Study - SoftLayerArray Networks Case Study - SoftLayer
Array Networks Case Study - SoftLayer Array Networks
 
DELL STORAGE REPLICATION aCelera and WAN Series Solution Brief
DELL STORAGE REPLICATION aCelera and WAN Series Solution BriefDELL STORAGE REPLICATION aCelera and WAN Series Solution Brief
DELL STORAGE REPLICATION aCelera and WAN Series Solution Brief Array Networks
 
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
DATA STORAGE REPLICATION aCelera and WAN Series Solution BriefDATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief Array Networks
 
Array Networks & Microsoft Exchange Server 2010
Array Networks & Microsoft Exchange Server 2010Array Networks & Microsoft Exchange Server 2010
Array Networks & Microsoft Exchange Server 2010 Array Networks
 
eCLINICALWORKS APV Series Solution Brief
eCLINICALWORKS APV Series Solution BriefeCLINICALWORKS APV Series Solution Brief
eCLINICALWORKS APV Series Solution Brief Array Networks
 
Array APV Series application delivery controllers help scale performance, ava...
Array APV Series application delivery controllers help scale performance, ava...Array APV Series application delivery controllers help scale performance, ava...
Array APV Series application delivery controllers help scale performance, ava... Array Networks
 
APPLICATION DELIVERY CONTROLLERS
APPLICATION DELIVERY CONTROLLERSAPPLICATION DELIVERY CONTROLLERS
APPLICATION DELIVERY CONTROLLERS Array Networks
 
WAN OPTIMIZATION CONTROLLERS
WAN OPTIMIZATION CONTROLLERSWAN OPTIMIZATION CONTROLLERS
WAN OPTIMIZATION CONTROLLERS Array Networks
 
VIRTUAL SECURE ACCESS GATEWAY
VIRTUAL SECURE ACCESS GATEWAYVIRTUAL SECURE ACCESS GATEWAY
VIRTUAL SECURE ACCESS GATEWAY Array Networks
 
VIRTUAL APPLICATION DELIVERY CONTROLLERS
VIRTUAL APPLICATION DELIVERY CONTROLLERSVIRTUAL APPLICATION DELIVERY CONTROLLERS
VIRTUAL APPLICATION DELIVERY CONTROLLERS Array Networks
 
CENTRALIZED MANAGEMENT APPLIANCES
CENTRALIZED MANAGEMENT APPLIANCESCENTRALIZED MANAGEMENT APPLIANCES
CENTRALIZED MANAGEMENT APPLIANCES Array Networks
 
AVX SERIES VIRTUALIZED APPLIANCES
AVX SERIES VIRTUALIZED APPLIANCESAVX SERIES VIRTUALIZED APPLIANCES
AVX SERIES VIRTUALIZED APPLIANCES Array Networks
 
Array Networks to Deliver First Highly-Resilient “Open Sandwich” Layer-3 Scal...
Array Networks to Deliver First Highly-Resilient “Open Sandwich” Layer-3 Scal...Array Networks to Deliver First Highly-Resilient “Open Sandwich” Layer-3 Scal...
Array Networks to Deliver First Highly-Resilient “Open Sandwich” Layer-3 Scal... Array Networks
 

More from Array Networks (20)

Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl...
 
WAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCEWAF FOR PCI-DSS COMPLIANCE
WAF FOR PCI-DSS COMPLIANCE
 
Array Networks’ Application Delivery Solutions Now Available Through Promark ...
Array Networks’ Application Delivery Solutions Now Available Through Promark ...Array Networks’ Application Delivery Solutions Now Available Through Promark ...
Array Networks’ Application Delivery Solutions Now Available Through Promark ...
 
Array Networks - Application Availability, Security & Performance
Array Networks - Application Availability, Security & PerformanceArray Networks - Application Availability, Security & Performance
Array Networks - Application Availability, Security & Performance
 
Virtual WAN Optimization Controllers Data Sheet - Array Networks
Virtual WAN Optimization Controllers Data Sheet - Array NetworksVirtual WAN Optimization Controllers Data Sheet - Array Networks
Virtual WAN Optimization Controllers Data Sheet - Array Networks
 
Web Application Firewall (WAF) Data Sheet - Array Networks
Web Application Firewall (WAF) Data Sheet - Array NetworksWeb Application Firewall (WAF) Data Sheet - Array Networks
Web Application Firewall (WAF) Data Sheet - Array Networks
 
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array NetworksVirtual Web Application Firewall (vAWF) Data Sheet - Array Networks
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks
 
Array Networks Case Study - SoftLayer
Array Networks Case Study - SoftLayerArray Networks Case Study - SoftLayer
Array Networks Case Study - SoftLayer
 
DELL STORAGE REPLICATION aCelera and WAN Series Solution Brief
DELL STORAGE REPLICATION aCelera and WAN Series Solution BriefDELL STORAGE REPLICATION aCelera and WAN Series Solution Brief
DELL STORAGE REPLICATION aCelera and WAN Series Solution Brief
 
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
DATA STORAGE REPLICATION aCelera and WAN Series Solution BriefDATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief
 
Array Networks & Microsoft Exchange Server 2010
Array Networks & Microsoft Exchange Server 2010Array Networks & Microsoft Exchange Server 2010
Array Networks & Microsoft Exchange Server 2010
 
eCLINICALWORKS APV Series Solution Brief
eCLINICALWORKS APV Series Solution BriefeCLINICALWORKS APV Series Solution Brief
eCLINICALWORKS APV Series Solution Brief
 
Array APV Series application delivery controllers help scale performance, ava...
Array APV Series application delivery controllers help scale performance, ava...Array APV Series application delivery controllers help scale performance, ava...
Array APV Series application delivery controllers help scale performance, ava...
 
APPLICATION DELIVERY CONTROLLERS
APPLICATION DELIVERY CONTROLLERSAPPLICATION DELIVERY CONTROLLERS
APPLICATION DELIVERY CONTROLLERS
 
WAN OPTIMIZATION CONTROLLERS
WAN OPTIMIZATION CONTROLLERSWAN OPTIMIZATION CONTROLLERS
WAN OPTIMIZATION CONTROLLERS
 
VIRTUAL SECURE ACCESS GATEWAY
VIRTUAL SECURE ACCESS GATEWAYVIRTUAL SECURE ACCESS GATEWAY
VIRTUAL SECURE ACCESS GATEWAY
 
VIRTUAL APPLICATION DELIVERY CONTROLLERS
VIRTUAL APPLICATION DELIVERY CONTROLLERSVIRTUAL APPLICATION DELIVERY CONTROLLERS
VIRTUAL APPLICATION DELIVERY CONTROLLERS
 
CENTRALIZED MANAGEMENT APPLIANCES
CENTRALIZED MANAGEMENT APPLIANCESCENTRALIZED MANAGEMENT APPLIANCES
CENTRALIZED MANAGEMENT APPLIANCES
 
AVX SERIES VIRTUALIZED APPLIANCES
AVX SERIES VIRTUALIZED APPLIANCESAVX SERIES VIRTUALIZED APPLIANCES
AVX SERIES VIRTUALIZED APPLIANCES
 
Array Networks to Deliver First Highly-Resilient “Open Sandwich” Layer-3 Scal...
Array Networks to Deliver First Highly-Resilient “Open Sandwich” Layer-3 Scal...Array Networks to Deliver First Highly-Resilient “Open Sandwich” Layer-3 Scal...
Array Networks to Deliver First Highly-Resilient “Open Sandwich” Layer-3 Scal...
 

Recently uploaded

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 

Recently uploaded (20)

SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 

Purpose-Built-SSL-VPN White Paper

  • 1. Array Purpose-Built SSL VPN White Paper Delivering Fast, Secure, and Scalable Universal Access Array Networks, Inc. 1371 McCarthy Blvd. Milpitas, CA 95035 Phone: (408) 240-8700
  • 2. Array Purpose-Built SSL VPN p. Executive Summary As more organizations turn to virtual private networks (VPNs) based on Secure Sockets Layer (SSL) technology to meet their remote access needs, it’s becoming clear that SSL VPN solutions based on a general purpose computing platform are not equipped to meet the demanding requirements of medium to large enterprises and service providers. Such customers have stringent demands for security, user experience, response time, throughput, and scalability. At the same time, they want to become more efficient by consolidating a plethora of access control lists (ACLs)—from firewalls, LAN switches, wireless LAN devices and application secu- rity proxies—onto a single VPN system. Only a purpose-built SSL VPN platform can satisfy these demands. This paper will discuss the attributes of such a purpose-built SSL VPN platform—the Array Networks SPX— and how it cost-effectively delivers real-world benefits to enterprises and service providers including: • Improved security, flexibility and control • Improved performance, productivity and user experience • Reduced total cost of ownership (TCO) Introduction More and more organizations these days are turning to virtual private networks (VPNs) based on SecureSocketsLayer(SSL)technologyforsolvingtheirremoteaccessneeds. AccordingtoGartnerresearch: “By 2008, SSL VPNs will be the primary remote access method for more than two-thirds of business telework- ing employees, more than three-quarters of contractors and for more than 90 percent of casual employee access (0.7 probability).” “SSL VPNs also will eventually replace millions of simpler SSL sessions in B2C portals.” “Growth potential is sufficient to attract every major network player as well as to sustain a sizeable popula- tion of smaller incumbents, startups and investors.” Attribution: Gartner, “Magic Quadrant for SSL VPN, North America, 3Q05” by John Girard. December 8, 2005. In response to the increasingly mobile and diverse nature of users—including non-employees who typically utilize their own laptop computers with varying levels of security—enterprises and carriers are looking to make secure application and network access an integral part of the resources they provide to end users. General-purpose SSL VPNs enable users to securely access data and applications from multiple loca- tions and computing devices, offering granular, identity-based access controls. But most SSL VPNs pay almost no attention to the performance required for a positive end-user experience as well as the scalability that large-scale universal deployments demand.
  • 3. Array Purpose-Built SSL VPN p. A General-Purpose SSL VPN is Not Sufficient SSL VPN solutions leverage the ubiquitous SSL encryption of any browser to encrypt traffic, provide data confidentiality and data integrity. As Gartner notes, corporations have generally accepted SSL VPNs as a better remote access alternative to those based on the Internet Security (IPsec) protocol or leased line VPNs. To date, however, SSL VPN vendors have focused almost exclusively on the flexibility and security benefits of SSL VPNs in providing clientless and client/server application access control. They have done little to ensure that the overall scalability and performance of their SSL VPN solutions match or exceed those of IPsec VPNs. The problem is that most SSL VPN solutions are packaged as software on a general-purpose Linux platform and thus cannot meet enterprise customer demands in areas including: • Performance and user experience – The ability to nearly match the latency and throughput performance of IPsec VPNs, and improve the end user application performance experience without having to deploy and manage expensive third party solutions. • Scalability – The ability to scale to a large number of concurrent users on a single hardware platform without performance degradation. • Security – The ability to provide not only encryption, but also deep packet inspection and application-level filtering without adversely affecting overall system performance. • Universal access –The ability to consolidate remote users, branch office users, wired and wireless LAN (WLAN) users onto a single SSL VPN platform, without hardware changes. Performance SSL VPN solutions delivered on general-purpose platforms have design and architecture limitations that can result in processing bottlenecks that negatively impact latency and throughput. As an ex- ample, consider SSL bulk encryption. Most general-purpose SSL VPN solutions perform SSL key ex- changes in hardware, using an SSL VPN co-processor, but rely on the main CPU for bulk encryption. Bulk encryption is a CPU-intensive process that puts a heavy toll on system throughput and intro- duces significant latency. Application-level throughput is another important factor. As SSL VPNs become more popular, they are being called upon to handle loads that most general-purpose platforms simply weren’t designed for. Many SSL VPN platforms are thus being pushed to their practical limit, which may be far below the vendor’s stated limit in terms of number of concurrent users supported. The result is they either cease to function properly or function so poorly that it hampers end user productivity. To achieve an acceptable performance level, customers often find they have to purchase multiple general-purpose SSL VPN boxes and operate them at far below their claimed performance in terms of throughput and concurrent users. This, of course, leads to increased costs – in terms of both initial capital expense and ongoing management – and decreased reliability, due to multiple points of failure. Some organizations suffer such poor performance that they have to purchase and maintain separate third-party application acceleration solutions. This again leads to higher costs and decreased reliability.
  • 4. Array Purpose-Built SSL VPN p. Scalability Avoiding such costs means finding an SSL VPN solution that is highly scalable. Scalability is measured largely by two factors: maximum number of concurrent users and maximum number of concurrent SSL connections. While general purpose SSLVPN solutions may claim to scale up to 2,500 concurrent users, their practi- cal limit is likely far less, as noted above. Yet even the 2,500 concurrent user number is far too few for many enterprises and, certainly, service providers. For a service provider that provides SSL VPN managed services, the ability to scale beyond 10,000 users and hundreds of customers on a single system is essential. The same is true for many large enterprises, given that most Global 2000 companies employ more than 100,000 people. While not all employees need secure remote access, and those that do won’t all be logging in at the same time, it’s important to remember that SSL VPN use is not limited to employees. In many cases, numerous contractors, partners, suppliers and customers must be given secure access. Given their simple, cli- ent-less nature, most IT professionals would prefer to use SSL VPNs to meet the secure access needs of these various groups and individuals. But unless the SLL VPN solution can scale beyond the typical limit of 500 to 1,000 users per system, it is not architecturally or economically feasible for it to support such heavy demands. In addition, every user community, whether it be different business units, partners, suppliers or cus- tomers, have different levels of access privileges. General-purpose SSL VPN solutions can support granular role-based policies for diverse user groups, but they require a separate SSL VPN system to secure each group’s user portal. As a result, total cost of ownership (TCO) can skyrocket when more diverse users are added. Security The performance and scalability shortcomings of general-purpose SSL VPN platforms also play a part in limiting their security capabilities. Providing proper security requires processing power. On a gen- eral-purpose SSL VPN solution, security may be set at the desired level when only 50 users are on the system, but as more and more users are added, performance declines. As a result, the IT manager may be tempted to scale back the level of security until performance is restored to an acceptable level. Clearly, this is not an optimum strategy. Another problem with general-purpose SSL VPNs is that they are built on off-the-shelf operating sys- tems, and therefore are subject to all the vulnerabilities and security holes associated with those operating systems. Most general-purpose SSL VPNs also lack any advanced security features, such as an integrated firewall and deep packet inspection, which mean customers must add another device to handle such functions – adding complexity, cost and latency. Additionally, general-purpose SSL VPN solutions typically provide transport security only between the client and the SSLVPN appliance, not between the appliance and any attached servers. This leaves the user organization at risk from an internal attack, which account for a significant percentage of all security threats. In fact, 56% of respondents to the 2005 CSI/FBI Computer Crime and Security Survey reported at least one attack from inside their organization in the previous 12 months.
  • 5. Array Purpose-Built SSL VPN p. Universal Access While general-purpose SSLVPN solutions enable access to corporate resources for remote users, they typically do not address access requirements for other enterprise users, such as those attaching to the network from the corporate LAN or wireless LAN. That means the SSL VPN platform becomes yet another area where IT must administer access control lists (ACLs), joining existing ACLs on their LAN and WLAN switches, firewalls and corporate directories. Keeping all these ACLs in sync, with up-to- date information, is a real challenge, and can create security holes if not properly addressed. Even if general-purpose SSLVPNs claim to support universal access, their limited capacity make them impractical for service provider or enterprise-wide deployments. Introducing the Purpose-built SSL VPN The various shortcomings associated with general-purpose SSL VPNs can all be addressed by using a platform built specifically for SSL VPNs. This is the approach Array Networks has taken with its SPX series of high-performance SSL VPN systems. Array’s SPX systems are based on a purpose-built platform that runs the custom ArrayOS™ operating system. Its optimized and streamlined operations deliver dramatically higher throughput as com- pared to general-purpose SSL VPNs platforms and lower latency, while allowing for a much higher number of concurrent users and SSL sessions. Array Purpose-built SSL VPN Advanced Architecture General-purpose SSL VPN Array Purpose-built Solution • Data must travel through several opensourced interfaces • Streamlined, linear packet processing • Each interface introduces security holes and vendor implementation dependency • All data goes through stacks once and are processed in parallel • Processing delay may cause “unpredictable behavior” • Each processing component is optimized • Difficult to optimize data path • Custom-made operating system and hardware are built specifically for security processing and performance. OPEN SSL ARRAY OS I/O MEMORY PCI APACHE LINUX OS MAIN CPU I/O MEMORY PCI SSL HARDWARE SSL HARDWARE MAIN CPU General Purpose SSL VPN Array Purpose-built SSL VPN
  • 6. Array Purpose-Built SSL VPN p. A general-purpose computing platform introduces significant bottlenecks and latency as processes wind their way through multiple layers of processing. Array’s custom ArrayOS™ operating system streamlines processing, and ensures CPU-intensive operations such as key exchanges and bulk en- cryption are performed in hardware. Superior Performance and User Experience In fact, its purpose-built platform enables Array to deliver performance, throughput and capacity that’s 8 times faster than the nearest SSL VPN platform can offer. Much of the performance story is owed to both ArrayOS™ and SpeedStack™, which is an Array pro- cessing engine that enables TCP overhead functions to be performed just once on behalf of multiple integrated data flows. The diagram below illustrates the integrated features that are able to access data within memory without having to move the data around. If you think of features as being com- posed of functions, there is a large amount of function overlap. This means, at any given time, a func- tion request may be servicing more than one feature, resulting in more efficient resource utilization and improved performance. InadditiontoperformingbothSSLkeyexchangeandbulkencryptioninhardware,Arrayalsointegrates compression and connection multiplexing, to improve response time and reduce server workloads by offloading network connection chores. As a result, Array can maintain an average Web page response time of just 2ms with 500 concurrent SSL users, and remain in single digits with tens of thousands of concurrent users. For those environments where application servers are too expensive to perform low-levelTCP network operations, andWAN bandwidths are precious for remote users, Array SPX offers integrated application acceleration including industry-leading TCP connection multiplexing and hardware-based HTTP com- pression.This level of integrated feature and performance improves server response time and end user experience while reducing costs. SSL End Point Security Application Support Application Acceleration HTTP Rewrite Deep Packet Inspection Filtering ACL AAA Data in memory / function overlap SpeedStack™ Application Presentation Session TCP/UDP IP Datalink Physical
  • 7. Array Purpose-Built SSL VPN p. Enhanced Security Array’s strong performance capabilities also mean users don’t have to sacrifice security for perfor- mance, as is often the case with general-purpose SSL VPN solutions. Array can simultaneously main- tain both maximum security and instantaneous user response time. Like all SSL VPN solutions, Array supports authentication, authorization and auditing (AAA), and end point security with cache cleaning. But Array has also built in numerous security features not found in typical general-purpose SSL VPN solutions. The security story starts with the proprietary ArrayOS operating system. As a purpose-built OS, Ar- rayOS has none of the extraneous features and functions inherent in a general-purpose OS like Win- dows or Linux, and their concomitant security vulnerabilities. ArrayOS is a security hardened OS, with a greatly reduced potential attack surface. ArrayOS also employs a full reverse proxy architecture, meaning it fully terminates all connections, and establishes new connections to back-end servers.That serves multiple purposes. For one, it helps protect those back end servers from attack; since all connections stop at the Array device, down- stream devices can’t “see” those back end servers. Array also uses a delayed binding technique that requires the connection to be fully terminated on the Array box before it is passed to the application server. That prevents spoofed IP addresses from connecting to servers, since they will not terminate correctly. Array SPX also employs a wire-speed stateful firewall and Layer 7 packet inspection, to immediately detect—and drop—anomalous packets. For particularly sensitive applications that require end-to- end security, Array can also re-encrypt sessions between the Array device and back-end servers. Scalable and Virtualized Universal Access As explained earlier, large enterprises and service providers require the highest scalability, lowest TCO, and universal access control to support large number of diverse users. Array SPX meets these stringent demands with its industry leading scalability, virtualization and universal access control capabilities. A single Array system can support up to: • 64,000 concurrent users • 100,000 concurrent SSL sessions • 10,000 SSL transactions per second • 850M bps throughput • 256 virtual portals These 256 virtual portals can each have unique access policies, as well as their own look, feel and security configuration. That means from a single system, an enterprise can give its customers access to its public Web-based ordering system, enable employees to access e-mail, ERP and CRM systems, and give suppliers access to their extranet. And service providers can support up to 256 distinct cus- tomers from a single Array system, dramatically cutting their provisioning and operations costs as compared to a general-purpose SSL VPN solution.
  • 8. Array Purpose-Built SSL VPN p. With respect to providing universal access control, Array has made a quantum leap as compared to general purpose SSLVPNs. Array SSLVPN can eliminate the need to set up and maintain ACLs on mul- tiple LAN switches, SSL VPN appliances, and separate wireless LAN switches. With Array SSL VPN, a user’s access method is supported whether they happen to be accessing the network remotely, from the wireless LAN, or when directly connected to the LAN. Array’s comprehensive security policies can be enforced for all users accessing the network, not just for remote users. Secure universal access depends on a number of key attributes of the Array SSL VPN system, including: • Highest number of concurrent users and sessions; without the ability to support a large number of users, it’s simply not possible to add users for universal access control. • Low response time, high throughput, enabling Array to add users for universal access control without slowing down productivity. • Integrated high performance network and application firewall, enabling an organization to re place its current firewall ACL. • Up to 256 virtual portals for diverse user groups, making it simpler to support and administer multiple portals for a large number of users, whether they are remote or access the network via the WLAN or LAN. • Advanced role-based administration, which allows security and network policy responsibilities to be delegated throughput the IT department. Array is defining the market by enabling an organization to control end-users’ access policies and endpoint security in just one place: on the Array SSL VPN. This reduces the costs of administration by eliminating the need to set up and maintain ACLs on multiple LAN switches, firewalls, SSL VPN appli- ances and separate WLAN switches. Meeting Your Demanding Requirements The combination of universal and scalable access, enhanced security and superior performance that Array provides means customers realize significant savings in both cost and time. Being able to meet all remote access requirements with a single system means a lower TCO as compared to employing multiple general-purpose SSL VPN systems. Further cost savings can be realized with the advanced security features that Array offers, and from being able to centrally control all access requirements. At the same time, Array gives customers a foundation upon which to build for future VPN requirements, including site-to-site SSL VPNs.
  • 9. Array Purpose-Built SSL VPN p. Higher performance, lower TCO Array’s capacity of 64,000 concurrent users per system, and 100,000 concurrent SSL sessions, makes for a powerful TCO story when you consider cost per user. Array is cost-effective even below 1,000 users, but at higher numbers the cost dramatically decreases.The cost of competing solutions, mean- while, increases dramatically above 1,000 users because they require more boxes, with the accompa- nying management complexity. And by offloading tasks from back end servers, Array’s connection multiplexing technology reduces server hardware and software costs, further lowering TCO. When a $13 billion healthcare company needed to add 5,000 people to its network within two months, it considered numerous VPN and thin client alternatives. It opted for an Array system be- cause it provided significantly higher performance, with higher reliability and greater security than competing solutions. It could also scale to as many as 100,000 users without a hardware upgrade and proved simpler to manage. The Array system cost the company just $40 per user to implement, vs. $200 or more for competing solutions. It also required far less help desk support and was simpler to manage, bringing the total savings from the Array system to more than $1 million as compared to the alternatives. No client software is needed Any standard browser works Array provides SSL encryption and AAA to enhance MLPS or leased line security Array SSL can easily travel through IPsec and Firewall Layer 7 centralized policy control • Quicker to set up • Cheaper to operate • Lowest latency • Highest scalability • Home Telecommuters • Small Office / Home Office • Mobile Users • Hotels • Airports • Kiosks • Roaming • PDA Cell • Branch Office • Franchise Store • Remotely Hosted Applications Partners Customer A, B, C, D SSL SSL SSL SSL Local Users LAN WLAN Array SPX Enterprise Headquarters or Service Provider POP Web, Application and Database Servers SSL SSL SSL SSL Internet Network-to-Network Connection Remote or Hosted Resources and Applications
  • 10. Array Purpose-Built SSL VPN p. 10 Another healthcare organization, Presbyterian Healthcare, deployed the Array SPX to enable doc- tors and other support staff to securely access patient information. It realized a 100% increase in the number of concurrent users it could handle as compared to its previous solution, along with a 50% improvement in end user response times. Additionally, the organization saw a 400% increase in server capacity, with its Microsoft IIS Web servers handling about 4,000 users per server, up from the previous 800. The organization also realized a 50% reduction in the number of back-end servers it needed. Similarly, one of the world’s largest communications service providers, which provides mobile tele- communications services to more than 100 million customers, was spending $3.1 million per year on help desk personnel to help its vendor clients manage their IPsec-based VPN access solution. That solution couldn’t scale beyond 2,000 users, yet the provider already had a community of 5,000 vendors, which was continuing to grow. Switching to an Array SPX system enabled the company to dramatically reduce its support costs, since client side support and training were no longer required. And the Array system can easily support the company’s 5,000 users, with plenty of room to grow. Array’s virtualization features also lead to significant cost savings vs. general-purpose SSL VPNs. Con- sider the cost savings of supporting all your diverse user groups—employees, partners, suppliers and customers—from the same platform, as opposed to buying and managing separate SSL VPN boxes for each group. For service providers, in addition to supporting up to 256 customers on a single plat- form, deploying an Array SPX means no longer having to place appliances at the customer premise, a significant cost savings in both the initial expense and ongoing management. All the while, the Array system doesn’t require customers to skimp on security for the sake of per- formance. Its purpose-built architecture, with the ability to handle many CPU-intensive tasks in hardware, enables the SPX to deliver performance that far surpasses competing solutions. And its integrated Web firewall and deep packet inspection technology means customers don’t have to buy additional security products to handle those functions, further reducing TCO. Security everywhere: Universal access control Another aspect of TCO has to do with the way organizations handle user access policies, a process that is often riddled with inefficiency, redundancy and complexity. Most organizations are forced to define user access policies at numerous points within the network for the same users, including: • SSL VPN devices, for remote access • WLAN switches, for wireless access • LAN switches, for wired access • Firewalls • Proxy servers, such as for E-mail and other applications Besides being costly to administer, defining policies numerous times in this manner makes it difficult to ensure all policies are in sync, leading to the unintentional creation of security holes. Array SSLVPN systems enable IT managers to define end-users access policies in just one place, elimi- nating the need to set up and maintain ACLs on multiple switches and appliances.
  • 11. Array Purpose-Built SSL VPN p. 11 The idea of universal access control is especially important now that network access has become ubiquitous, with users logging on to the corporate network from wherever they may be, using myr- iad devices that may or may not be configured according to corporate security policies. Enterprise users, business partners or guests may become unknowingly infected when surfing the Internet or working remotely, then bring those infected devices directly into the network. Similarly, without proper access controls, internal users on the corporate LAN could open the network to a host of threats when they access the Internet. These kinds of threats are unacceptable to any organization, but especially those that must meet stringent regulatory requirements to protect corporate data. Enterprises need a centralized universal access solution that ties together all aspects of the user’s identity, device and network permissions, and can uniformly enforce policies, even for groups they do not control. Array provides just such a solution. Array SSL VPN systems provide user access control no matter whether the user is accessing the network remotely, from the wireless LAN or directly from the wired LAN. And Array’s comprehensive security policies can be enforced for all users accessing the net- work, not just remote users. Array offers a host of security features, including: • Client-side integrity checking, to ensure client machines adhere to company security policies. Multiple remediation options are available, including limiting access, directing offending machines to a patch server and restricting access to certain applications or environments. • Secure access to Web applications, with role-based secure access to intranets and extranets and URL masking, to protect Web applications. • Secure access to file servers and client/server applications • Role-based administration, with the ability to delegate administration for different groups to appropriate IT staff. • Strong authentication, including support for two-factor authentication and integration with Microsoft Active Directory, RADIUS, UNIX NIS or a local authentication database. • Integrated network and application-layer firewall. The Array SPX platform itself is also crucial to the notion of providing universal access. Only a platform that is capable of supporting a large number of concurrent users and sessions, with high throughput and low response time, is suitable for handling universal access in a large environment. Security for thin client applications In addition to providing secure access to Web applications, e-mail, file servers and the like, Array SPX also provides a crucial security layer for thin client applications, including Citrix and Windows Terminal Server. Placing an Array system in front of a Citrix server, for example, reduces an organization’s network exposure. Traditionally, remote clients are connected directly to the Citrix server, which is typically resident on the corporate network. That means an intruder who gains access to the Citrix server
  • 12. Array Purpose-Built SSL VPN p. 12 could likewise gain access to the rest of the network. Array’s reverse proxy architecture eliminates that threat. All remote sessions are terminated on the Array system, which then re-establishes a connection with the Citrix server, thus preventing remote users from gaining access to any other network resources. The Citrix server, then, becomes just one more application protected by the Array SPX (see Figure x). Protection for Your Citrix Servers The Array SPX also gives administrators granular control of user access rights, right down to the URL, directory or application level. Array also provides enhanced auditing features, covering all user ac- tions from the time they log in to when they log . A solution for real-time transactions Many organizations are facing increasingly stringent requirements for fast response time. Whether it’s customers demanding better performance from your customer-facing Web site or internal users pounding on the ERP system, nobody wants to wait to get what they’re after. In many instances, time is indeed money. In the financial services arena, for example, fast response time is essential, because huge sums of money are dependent on timely access and trades. Stock prices change literally every second, and can fluctuate greatly from one minute to the next.The prob- lem is compounded by the fact that many traders are not in a traditional office. Rather, they’re on the road, visiting clients, yet they still need fast, secure access to trading applications. All users Non-employees Employees Remote Virtual Desktop Citrix Presentation Server “Fat Client” Applications DMZ Web Applications File Sharing Email Corporate Network Contractors Partners Employees Internet
  • 13. Array Purpose-Built SSL VPN p. 13 In such a case, an SSL VPN solution is likely to be the preferred option, because it’s far simpler than installing and maintaining IPsec software on each client machine. But a general-purpose SSL VPN solution is unlikely to be able to provide the kind of response time – typically less that 5ms – that trading applications require, especially for a large user base. Array SPX, however, is up to the task, with a response time of less than 2ms for as many as 500 concurrent users. Banks Key Requirements Array Purpose- built Solution Other SSL VPN 100% clientless remote access to web- based applications Yes Partially No more than 5ms Lowest latency 1.7ms 10 times slower Integrated Symantec End Point Security Yes Yes High Scalability Yes No High Performance Yes No A foundation for the future While SSL VPNs are clearly displacing IPsec VPNs for remote access, IPsec is still widely used for site- to be highly scalable. With its ability to support 64,000 concurrent users today, and 256 virtual portals, Array is well-posi- tioned to take this next step in the evolution of SSL VPN technology. Summary SSL VPN technology has won the battle with IPsec for remote access requirements, with Gartner pre- dicting that by 2008, SSL VPNs will be the primary remote access method for most business use. But as SSL VPN use increases, so do the demands for access, security and performance. General-purpose VPN solutions are simply not equipped to meet these growing demands, falling short in terms of performance, scalability, security, end user experience and the ability to provide universal access. Only a platform built from the ground up to meet SSL VPN requirements can meet the demands of enterprises and service providers. Array’s SPX system, with its proprietary ArrayOS operating system, has the horsepower to meet even the most demanding needs, with support for as many as 64,000 concurrent users and 100,000 SSL sessions. And its virtualization capabilities, with support for 256 distinct portals, are unmatched in the industry. Such features position Array not only as a sound choice to meet today’s requirements, but as the only platform that can grow with you to meet the VPN requirements of tomorrow. 2000 1800 1600 1400 1200 1000 800 600 400 200 0 Average HTTP Response Times (ms) Array SPX Competitor J Competitor F Orders of Magnitude Lower Latency Web Application Response Time
  • 14. Array Purpose-Built SSL VPN p. 14 About Array Networks Array Networks Inc. is a global leader in enterprise secure application delivery and universal access solutions for the rapidly growing SSL VPN and application delivery controller (ADC) markets. More than 3,500 customers worldwide – including enterprises, service providers, government and vertical organizations in healthcare, finance, insurance and education – rely on Array to provide anytime, anywhere secure and optimized application access. Industry leaders including Deloitte, Red Herring, Gartner, and Frost and Sullivan have recognized Array as a market and technology leader. - approximately 60 resellers and VARs worldwide. For more information, please visit www.arraynetworks.net or call 1-866-MY-ARRAY.