As more organizations turn to virtual private networks (VPNs) based on Secure Sockets Layer (SSL)
technology to meet their remote access needs, it’s becoming clear that SSL VPN solutions based on
a general purpose computing platform are not equipped to meet the demanding requirements of
medium to large enterprises and service providers.
Such customers have stringent demands for security, user experience, response time, throughput,
and scalability. At the same time, they want to become more efficient by consolidating a plethora of
access control lists (ACLs)—from firewalls, LAN switches, wireless LAN devices and application security
proxies—onto a single VPN system.
Only a purpose-built SSL VPN platform can satisfy these demands.
This paper will discuss the attributes of such a purpose-built SSL VPN platform—the Array Networks
SPX— and how it cost-effectively delivers real-world benefits to enterprises and service providers
including:
• Improved security, flexibility and control
• Improved performance, productivity and user experience
• Reduced total cost of ownership (TCO)
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
Service providers know they need to protect the network, maintain stability, and manage millions of real-time sessions without costs spiraling out of control. In this paper, Patrick Donegan, Senior Analyst at Heavy Reading, outlines the new challenges introduced by LTE and the security architecture in the service provider network. He stresses the importance of implementing a dynamic, multi-layered security approach that makes use of virtualization, service chaining, and real-time subscriber awareness.
Security is a top priority for service providers, who must deliver superior network quality and customer experiences without adding complexity or cost. F5 Networks offers a suite of dynamic, multi-layered solutions that simplify delivery architectures, boost service availability, and enhance application awareness and control
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
CIOs want harmony. Security directors loathe point products. Network operations won’t buy into anything new. CIOs can get the harmony they need around DDoS mitigation by extending the F5 Application Delivery Controller into a hybrid solution: on-premises with a new cloud component.
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Paper)
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
Learn how to remove operational complexity from achieving secure – and easily auditable – user access to your AWS systems. Automate tightly controlled user access in highly dynamic AWS environments. Painlessly report exactly who accessed which resources, from where, and when – in near real-time – and save your teams thousands of hours in audit prep work.
Securing Servers in Public and Hybrid CloudsRightScale
RightScale Webinar: Security and compliance remain major challenges to adoption of public cloud infrastructure hosting. Technical differences in public cloud environments render many established security models and controls inoperable. Understanding these differences and the options available to you are key to running a secure cloud environment.
Join Carson Sweet, co-founder and CEO of CloudPassage and Uri Budnik, Director, ISV Partner Program of RightScale for a free webinar where industry experts discuss why security and compliance are different in the cloud, outline a model for securing cloud-based hosting environments, and explain best practices for implementing a secure cloud infrastructure.
We will discuss:
- What's different about security in the cloud
- Shared responsibility
- Architectural challenges
- Key features to secure your cloud servers
- Secure deployment via RightScripts
Don't miss out on this opportunity to find out about all you need to secure your cloud servers!
The security of data in transit has traditionally been the purview of nation states. Now the global adoption of the world wide web is bringing cryptography to the common man. But the forces of malicious actors and eavesdroppers are moving nearly all significant speech and commerce into a single cryptographic protocol: SSL.
SSL is the set of cryptographic protocols that secure data in transit. Today SSL is often the only tool standing between an eavesdropper and a target, or a thief and a merchant. The stakes around SSL have been upleveled to the limit. Whether or not it’s convenient to admit, it’s time for organizations to uplevel their overall security posture to protect this last line of defense.
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
F5 Networks offers guidance to security and network architects in designing, deploying, and managing architecture to protect against increasingly sophisticated, application-layer DDoS attacks.
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The consumerization of IT is under way. Workers want tablet access to business applications, often from personal devices. Learn why VPNs are not ideal for mobile connectivity and why remote desktop is a more secure, less expensive approach to tablet access that is easier to deploy, manage and use.
Scaling Mobile Network Security for LTE: A Multi-Layer ApproachF5 Networks
Service providers know they need to protect the network, maintain stability, and manage millions of real-time sessions without costs spiraling out of control. In this paper, Patrick Donegan, Senior Analyst at Heavy Reading, outlines the new challenges introduced by LTE and the security architecture in the service provider network. He stresses the importance of implementing a dynamic, multi-layered security approach that makes use of virtualization, service chaining, and real-time subscriber awareness.
Security is a top priority for service providers, who must deliver superior network quality and customer experiences without adding complexity or cost. F5 Networks offers a suite of dynamic, multi-layered solutions that simplify delivery architectures, boost service availability, and enhance application awareness and control
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Pa...F5 Networks
CIOs want harmony. Security directors loathe point products. Network operations won’t buy into anything new. CIOs can get the harmony they need around DDoS mitigation by extending the F5 Application Delivery Controller into a hybrid solution: on-premises with a new cloud component.
F5 Networks: The Right Way to Protect Against DDoS Attacks (Business White Paper)
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
Learn how to remove operational complexity from achieving secure – and easily auditable – user access to your AWS systems. Automate tightly controlled user access in highly dynamic AWS environments. Painlessly report exactly who accessed which resources, from where, and when – in near real-time – and save your teams thousands of hours in audit prep work.
Securing Servers in Public and Hybrid CloudsRightScale
RightScale Webinar: Security and compliance remain major challenges to adoption of public cloud infrastructure hosting. Technical differences in public cloud environments render many established security models and controls inoperable. Understanding these differences and the options available to you are key to running a secure cloud environment.
Join Carson Sweet, co-founder and CEO of CloudPassage and Uri Budnik, Director, ISV Partner Program of RightScale for a free webinar where industry experts discuss why security and compliance are different in the cloud, outline a model for securing cloud-based hosting environments, and explain best practices for implementing a secure cloud infrastructure.
We will discuss:
- What's different about security in the cloud
- Shared responsibility
- Architectural challenges
- Key features to secure your cloud servers
- Secure deployment via RightScripts
Don't miss out on this opportunity to find out about all you need to secure your cloud servers!
The security of data in transit has traditionally been the purview of nation states. Now the global adoption of the world wide web is bringing cryptography to the common man. But the forces of malicious actors and eavesdroppers are moving nearly all significant speech and commerce into a single cryptographic protocol: SSL.
SSL is the set of cryptographic protocols that secure data in transit. Today SSL is often the only tool standing between an eavesdropper and a target, or a thief and a merchant. The stakes around SSL have been upleveled to the limit. Whether or not it’s convenient to admit, it’s time for organizations to uplevel their overall security posture to protect this last line of defense.
The F5 DDoS Protection Reference Architecture (Technical White Paper)F5 Networks
F5 Networks offers guidance to security and network architects in designing, deploying, and managing architecture to protect against increasingly sophisticated, application-layer DDoS attacks.
The F5 DDoS Protection Reference Architecture (Technical White Paper)
The consumerization of IT is under way. Workers want tablet access to business applications, often from personal devices. Learn why VPNs are not ideal for mobile connectivity and why remote desktop is a more secure, less expensive approach to tablet access that is easier to deploy, manage and use.
What is SASE and How Can Partners Talk About it?QOS Networks
Security + SD-WAN is the next step in the network story. Customers today are keen to identify how to keep their ecosystems secure and business continuity intact. Join us as we discuss the SASE approach and how to have that conversation with your customers.
Meeting the business and technical challenges of today's organizations requires an architectural approach. The Cisco Borderless Network Architecture is the technical architecture that allows organizations to connect anyone, anywhere, anytime, and on any device - securely, reliably, and seamlessly. It is built on an infrastructure of scalable and resilient hardware and software. Components of the architecture come together to build network systems that span your organization from network access to the cloud. Intelligent network, endpoint, and user services provide the flexibility, speed, and scale to support new devices, applications, and deployment models.
The impact of the consumerization of IT and mobility cannot be understated. The impact that these two key business elements have on the evolution of Enterprise Architecture and for Service Provider's ability to offer services to Enterprises, Governments, and Consumers will be addressed in this webinar. We will talk about the importance of the shift and movement of the secure network edge leads to a very close examination of the changing threat vectors and vulnerabilities impacting your businesses today. We will also detail service delivery and consumption on the three 'service horizons,' (Mobile Endpoint and CPE, Virtualized Network Edge/Data Center Edge, and the Cloud).
Security in Clouds: Cloud security challenges – Software as a
Service Security, Common Standards: The Open Cloud Consortium – The Distributed management Task Force – Standards for application Developers – Standards for Messaging – Standards for Security, End user access to cloud computing, Mobile Internet devices and the cloud. Hadoop – MapReduce – Virtual Box — Google App Engine – Programming Environment for Google App Engine.
White paper from Cohesive Networks - Cloud Security Best Practices - Part 2
Learn about Defense in Depth, layers of security for cloud networking, and how you as the application owner can take back control of networking security features with VNS3.
Data Center Security Now and into the FutureCisco Security
Understand all the latest Data Center trends and Data Center security requirements. Take a deep dive on Cisco’s value-added integrated approach on Data Center Security Strategy.
Sangfor SSL VPN is an integrated, full-featured secure remote access platform for easy-to-use, anytime, anywhere connectivity. Remote and mobile users can quickly and easily access internal resources, applications and files - using any device with a web browser. Multi-layered security protection includes authentication, endpoint security, transmitting security and resource authorization policies.
AG Series secure access gateways provide scalable and
controlled remote and mobile access to corporate networks,
enterprise applications and cloud services for any user,
anywhere on any device.
Aure Bastion is a PaaS solution for your remote desktop which is more secure than the
jump server. It comes with web-based login, and never expose VM public IP to the
internet. This service will work seamlessly on your environment using VM’s private IP
address within your Vnet. Highly secure and trustable.
Net Optics and EMC-RSA
Virtualization deployments can offer many great, cost-saving benefits, however it also creates new challenges when it comes to network security, compliance, and meeting regulations and SLAs. The introduction of vSwitches means that current physical monitoring tools, such as the EMC – RSA NetWitness™Investigator, cannot easily extend into the Intra-VM level within virtual hypervisors. The time may not yet be ideal for investment in new virtualization-specific tools and training, and the company may wish to continue leveraging such system resources as vCPU, vRAM, vNIC, storage and others. Find out more by downloading the joint solution brief. http://www.netoptics.com
What we Learned from Sunburst with Zero TrustAndrew Harris
What did the industry learn from Sunburst as it relates to Zero Trust? What missteps did we identify? What technical controls did we realize we were missing? How does this mature our thinking while we approach Zero Trust?
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Cisco Canada
Digital transformation is the key buzz word today. But how do you get there? How do you plan now for the future? Cisco delivers the most complete SDN solutions to meet your data center needs - from programmable networks to programmable fabrics to a fully integrated solution with Application Centric Infrastructure (ACI). Here about our latest innovations for all areas, from Applications to ASICs, that bring unique capabilities and value to the industry. Hear your peers share their SDN journeys and how Cisco's open choice solutions have helped them improve agility and attain astounding results for their business. And learn how to lay the foundation now for your digital transformation in the decade ahead. Get ready!
Guide answers the questions like - Which tools are available in the marketplace to mitigate ddos attacks? Is Scrubbing Center enough to mitigate ddos attacks?
With several DDoS defense technologies available in the market, which one is good for your organization? Choose the mitigation solution that works best for your needs.
Remote connectivity is crucial for enterprise productivity and SSL has gained fast popularity as a remote access
tool. In fact, SSL VPNs as a technology have shown promise in eliminating many of the client side issues associated
with IPSec, and other forms of remote access. Furthermore, SSL VPNs offer a smooth migration to a more costeffective,
easier to deploy remote access solution than IPSec. SSL VPN’s combination of flexibility and functionality
makes it competitive with IPSec even when deployed for enterprise’s “power users.”
In today’s crowded SSL VPN market, it’s easy to become overwhelmed by the wide range of solutions available.
Obviously, there are many factors to consider when purchasing an SSL VPN product, and you want to make the
best choice possible. This SSL VPN Evaluation Guide serves as an important resource in identifying, describing, and
prioritizing the criteria you should consider when selecting an SSL VPN provider that best fits the needs of your
organization.
Selection Criteria
In coming up with a selection criteria, the functions offered by SSL VPNs have to be evaluated against two key
aspects: security and user experience. A truly successful deployment of a secure access solution cannot be achieved
without taking both aspects into consideration. Look for an SSL VPN that can also serve the organization’s longterm
needs, integrates seamlessly with the network architecture, and provides powerful management tools. The
optimal provider will exceed in these key areas:
n Performance and scalability
n Security
n Ease of use
n Company reputation
n Technology leadership
What is SASE and How Can Partners Talk About it?QOS Networks
Security + SD-WAN is the next step in the network story. Customers today are keen to identify how to keep their ecosystems secure and business continuity intact. Join us as we discuss the SASE approach and how to have that conversation with your customers.
Meeting the business and technical challenges of today's organizations requires an architectural approach. The Cisco Borderless Network Architecture is the technical architecture that allows organizations to connect anyone, anywhere, anytime, and on any device - securely, reliably, and seamlessly. It is built on an infrastructure of scalable and resilient hardware and software. Components of the architecture come together to build network systems that span your organization from network access to the cloud. Intelligent network, endpoint, and user services provide the flexibility, speed, and scale to support new devices, applications, and deployment models.
The impact of the consumerization of IT and mobility cannot be understated. The impact that these two key business elements have on the evolution of Enterprise Architecture and for Service Provider's ability to offer services to Enterprises, Governments, and Consumers will be addressed in this webinar. We will talk about the importance of the shift and movement of the secure network edge leads to a very close examination of the changing threat vectors and vulnerabilities impacting your businesses today. We will also detail service delivery and consumption on the three 'service horizons,' (Mobile Endpoint and CPE, Virtualized Network Edge/Data Center Edge, and the Cloud).
Security in Clouds: Cloud security challenges – Software as a
Service Security, Common Standards: The Open Cloud Consortium – The Distributed management Task Force – Standards for application Developers – Standards for Messaging – Standards for Security, End user access to cloud computing, Mobile Internet devices and the cloud. Hadoop – MapReduce – Virtual Box — Google App Engine – Programming Environment for Google App Engine.
White paper from Cohesive Networks - Cloud Security Best Practices - Part 2
Learn about Defense in Depth, layers of security for cloud networking, and how you as the application owner can take back control of networking security features with VNS3.
Data Center Security Now and into the FutureCisco Security
Understand all the latest Data Center trends and Data Center security requirements. Take a deep dive on Cisco’s value-added integrated approach on Data Center Security Strategy.
Sangfor SSL VPN is an integrated, full-featured secure remote access platform for easy-to-use, anytime, anywhere connectivity. Remote and mobile users can quickly and easily access internal resources, applications and files - using any device with a web browser. Multi-layered security protection includes authentication, endpoint security, transmitting security and resource authorization policies.
AG Series secure access gateways provide scalable and
controlled remote and mobile access to corporate networks,
enterprise applications and cloud services for any user,
anywhere on any device.
Aure Bastion is a PaaS solution for your remote desktop which is more secure than the
jump server. It comes with web-based login, and never expose VM public IP to the
internet. This service will work seamlessly on your environment using VM’s private IP
address within your Vnet. Highly secure and trustable.
Net Optics and EMC-RSA
Virtualization deployments can offer many great, cost-saving benefits, however it also creates new challenges when it comes to network security, compliance, and meeting regulations and SLAs. The introduction of vSwitches means that current physical monitoring tools, such as the EMC – RSA NetWitness™Investigator, cannot easily extend into the Intra-VM level within virtual hypervisors. The time may not yet be ideal for investment in new virtualization-specific tools and training, and the company may wish to continue leveraging such system resources as vCPU, vRAM, vNIC, storage and others. Find out more by downloading the joint solution brief. http://www.netoptics.com
What we Learned from Sunburst with Zero TrustAndrew Harris
What did the industry learn from Sunburst as it relates to Zero Trust? What missteps did we identify? What technical controls did we realize we were missing? How does this mature our thinking while we approach Zero Trust?
Driving Innovation: A Path to Digitization, Speed and Visibility in an Applic...Cisco Canada
Digital transformation is the key buzz word today. But how do you get there? How do you plan now for the future? Cisco delivers the most complete SDN solutions to meet your data center needs - from programmable networks to programmable fabrics to a fully integrated solution with Application Centric Infrastructure (ACI). Here about our latest innovations for all areas, from Applications to ASICs, that bring unique capabilities and value to the industry. Hear your peers share their SDN journeys and how Cisco's open choice solutions have helped them improve agility and attain astounding results for their business. And learn how to lay the foundation now for your digital transformation in the decade ahead. Get ready!
Guide answers the questions like - Which tools are available in the marketplace to mitigate ddos attacks? Is Scrubbing Center enough to mitigate ddos attacks?
With several DDoS defense technologies available in the market, which one is good for your organization? Choose the mitigation solution that works best for your needs.
Remote connectivity is crucial for enterprise productivity and SSL has gained fast popularity as a remote access
tool. In fact, SSL VPNs as a technology have shown promise in eliminating many of the client side issues associated
with IPSec, and other forms of remote access. Furthermore, SSL VPNs offer a smooth migration to a more costeffective,
easier to deploy remote access solution than IPSec. SSL VPN’s combination of flexibility and functionality
makes it competitive with IPSec even when deployed for enterprise’s “power users.”
In today’s crowded SSL VPN market, it’s easy to become overwhelmed by the wide range of solutions available.
Obviously, there are many factors to consider when purchasing an SSL VPN product, and you want to make the
best choice possible. This SSL VPN Evaluation Guide serves as an important resource in identifying, describing, and
prioritizing the criteria you should consider when selecting an SSL VPN provider that best fits the needs of your
organization.
Selection Criteria
In coming up with a selection criteria, the functions offered by SSL VPNs have to be evaluated against two key
aspects: security and user experience. A truly successful deployment of a secure access solution cannot be achieved
without taking both aspects into consideration. Look for an SSL VPN that can also serve the organization’s longterm
needs, integrates seamlessly with the network architecture, and provides powerful management tools. The
optimal provider will exceed in these key areas:
n Performance and scalability
n Security
n Ease of use
n Company reputation
n Technology leadership
SMBs are fast at adapting to innovation and change, cloud computing has grabbed the spotlight for safer business with data security solutions. Know how today's business can reap and adopt cloud security features for public cloud.
Enterprise IT is transitioning from the use of traditional on-premise data centers to hybrid cloud environments. As a result, we’re experiencing a paradigm shift in the way we must think about and manage enterprise security. From Four Walls to No Walls Until now, the conventional view on IT security has been that applications and data are safe because they’re physically housed within the confines of a company’s data center walls using company-owned equipment. So, it’s not surprising that many decision makers perceive greater risks as they trade physical assets for cloud-based solutions.
Through our partnerships with leading cloud providers, we are able to offer hybrid, private and public cloud solutions. At Epoch Universal, we supply cloud the way you want it with deep control, extreme performance, and broad customization capabilities. When you join the Epoch Universal fold, you take back the keys to your kingdom. Reign as supreme commander in chief of your cloud. No compromises. No exceptions.
AWS Summit Singapore - Best Practices for Cloud Security in the Cloud Adoptio...Amazon Web Services
Warren Wu, Sr Director, Global Product Marketing, Cloud Security, Fortinet
Organizations are migrating their on-premise data center and application environments to public cloud to accelerate digital business. AWS enables agility and elasticity for digital workloads and DevOps teams, but the expanded digital attack surface across the hybrid cloud needs to be protected in order to ensure secure interactions and data. We discuss best practices for securing hybrid cloud environments, and how AWS and Fortinet are working together to build and integrate trust and security natively into the cloud.
The changing landscape of SDN. What your customers need to know.Tech Data
Software-defined networking is crucial for customers who are looking to virtualise their data centres. Find out why it’s becoming increasingly important and how to capitalise on the opportunities it presents.
if your are always confused about ip tunneling L2/L3 tunneling ipsec acces vpn u have to come to right place This presentation in pdf will get you started on right path towards tunnling concept & implementaion
ITU-T requirement for cloud and cloud deployment modelHitesh Mohapatra
List and explain the functional requirements for networking as per the ITU-T technical report. List and explain cloud deployment models and list relative strengths and weaknesses of the deployment models with neat diagram.
Redefining ADCs for Software-as-a-Service Application Delivery that’s Scalabl... Array Networks
Whether software-as-a-service (SaaS) providers rely on their network, application or DevOps group – or some combination thereof – to deploy and manage applications and application infrastructure, the goal is the same: to ensure that each new release functions properly over the Internet to a large and growing end-user community. Due to the demands of Web-scale operations and the need to maintain competitive advantage through rapid release cycles, it is essential that SaaS providers select and deploy networking solutions that are scalable, adaptable, affordable and simple. This is especially true for application delivery solutions which play a critical role in ensuring high availability, application performance and security for Web and cloud-based applications and services.
This paper contrasts app delivery in the context of traditional enterprise applications with app delivery for SaaS applications in order to identify and define ADC characteristics and Array advantages that match the unique requirements of cloud-based application service providers.
AWF Series Web Application Firewall Helps Meet PCI DSS Standard, Protecting Cardholder Data, Reducing Fraud and Mitigating Security Vulnerabilities.
Array’s AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity and high availability of Web applications while reducing security risks. The AWF Series not only detects the complex Web application attacks of today, but also blocks attack traffic in real time without affecting the normal flow of traffic. In addition, the AWF Series provides extremely fine-grained attack detection and analysis capabilities while protecting against a broad spectrum of Web application attacks.
Array Networks’ Application Delivery Solutions Now Available Through Promark ... Array Networks
Array Networks Inc., a global leader in application delivery networking, today announced that it has entered into a distribution agreement with Promark Technology, a premier U.S.-focused value-added distributor (VAD) and wholly-owned subsidiary of Ingram Micro Inc. Under the terms of the agreement, Promark will offer Array’s application delivery networking products and solutions, including load balancing, SSL VPN and WAN optimization, as well as Array’s line of next-generation virtualized appliances.
Proven in over 5000 worldwide customer deployments, Array Networks improves application availability, performance and security – optimizing traffic from any cloud or data center to any user, anywhere while minimizing cost and complexity.
Virtual WAN Optimization Controllers Data Sheet - Array Networks Array Networks
aCelera VA Virtual WAN Optimization Controllers accelerate
applications, speed data transfers and reduce bandwidth costs using a combination of application, network and protocol optimization.
Web Application Firewall (WAF) Data Sheet - Array Networks Array Networks
AWF Series Web application firewalls provide industry-leading
Web application attack protection, ensuring continuity and high
availability of Web applications while reducing security risks.
Virtual Web Application Firewall (vAWF) Data Sheet - Array Networks Array Networks
vAWF virtual Web application firewalls provide industry-leading
Web application attack protection, ensuring continuity and high
availability of Web applications while reducing security risks.
SoftLayer, an IBM CompanyIaaS provider offers load-balancing services powered by Array ADCs, and leverages Array
SSL VPNs to enable on-the-fly provisioning
and remote management for customer and
provider administrators.
DELL STORAGE REPLICATION aCelera and WAN Series Solution Brief Array Networks
aCelera: Accelerating Dell EqualLogic PS Series and
Compellent Series iSCSI SAN-to-SAN Replication.
Array Networks aCelera™ WAN optimization controllers, in conjunction with
Dell EqualLogic or Compellent SANs, enable more efficient data replication
and backup over the WAN. aCelera can be deployed in WAN Series physical appliances, or as virtual appliances or Windows software
DATA STORAGE REPLICATION aCelera and WAN Series Solution Brief Array Networks
aCelera and WAN Series WAN Optimization Controllers: Accelerating storage backup, replication and recovery over the WAN, efficiently and cost-effectively.
Array Networks & Microsoft Exchange Server 2010 Array Networks
Array Networks Enables Highly Optimized Microsoft
Exchange Server 2010 Services.
Array Networks has worked closely with
Microsoft to create a joint solution which
accelerates, secures and optimizes the
delivery of Exchange services. This joint
solution enables organizations to gain
the greatest value from their Exchange
investment and to deliver business critical
Exchange services. The Array solution also
addresses the problem of securely accessing
Exchange email from anywhere on any
device.
Cost-effective, high-performance APV Series load balancing solutions accelerate EMR and PM applications while improving high-availability and security.
Array APV Series application delivery controllers help scale performance, ava... Array Networks
Application delivery solution is capable of optimizing healthcare applications including PM and EMR in the service provider cloud or healthcare provider data center.
APV Series application delivery controllers optimize the availability,
performance and security of cloud services and enterprise
applications while reducing cost and complexity in the data center.
Powered by Array’s 64-bit SpeedCore® architecture, APV Series application delivery controllers (ADCs) costeffectively
drive industry-leading performance across a robust set of availability, acceleration and security features
to deliver
aCelera WAN optimization controllers accelerate applications,
speed data transfers and reduce bandwidth costs using a
combination of application, network and protocol optimization.
vxAG Virtual Secure Access Gateways enable secure access to
business applicaitons for remote and mobile workers and dynamic,
flexible and elastic provisioning of secure access services.
JUMP IN. THE MOBILE WATERS ARE FINE.
Powered by
vAPV Virtual Application Delivery Controllers improve application
availability, performance and security while enabling dynamic,
flexible and elastic provisioning in cloud and virtual environments.
CMX100 centralized management appliances allow customers
to monitor and manage up to 100 Array Networks APV or AG
appliances to reduce the time and cost of IT administration.
AVX Series multi-tenant virtualized appliances support multiple
independent ADC or SSL VPN instances to deliver the performance of physical appliances with the agility of virtual appliances.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Purpose-Built-SSL-VPN White Paper
1. Array Purpose-Built SSL VPN
White Paper
Delivering Fast, Secure, and Scalable Universal Access
Array Networks, Inc.
1371 McCarthy Blvd.
Milpitas, CA 95035
Phone: (408) 240-8700
2. Array Purpose-Built SSL VPN p.
Executive Summary
As more organizations turn to virtual private networks (VPNs) based on Secure Sockets Layer (SSL)
technology to meet their remote access needs, it’s becoming clear that SSL VPN solutions based on
a general purpose computing platform are not equipped to meet the demanding requirements of
medium to large enterprises and service providers.
Such customers have stringent demands for security, user experience, response time, throughput,
and scalability. At the same time, they want to become more efficient by consolidating a plethora of
access control lists (ACLs)—from firewalls, LAN switches, wireless LAN devices and application secu-
rity proxies—onto a single VPN system.
Only a purpose-built SSL VPN platform can satisfy these demands.
This paper will discuss the attributes of such a purpose-built SSL VPN platform—the Array Networks
SPX— and how it cost-effectively delivers real-world benefits to enterprises and service providers
including:
• Improved security, flexibility and control
• Improved performance, productivity and user experience
• Reduced total cost of ownership (TCO)
Introduction
More and more organizations these days are turning to virtual private networks (VPNs) based on
SecureSocketsLayer(SSL)technologyforsolvingtheirremoteaccessneeds. AccordingtoGartnerresearch:
“By 2008, SSL VPNs will be the primary remote access method for more than two-thirds of business telework-
ing employees, more than three-quarters of contractors and for more than 90 percent of casual employee
access (0.7 probability).”
“SSL VPNs also will eventually replace millions of simpler SSL sessions in B2C portals.”
“Growth potential is sufficient to attract every major network player as well as to sustain a sizeable popula-
tion of smaller incumbents, startups and investors.”
Attribution: Gartner, “Magic Quadrant for SSL VPN, North America, 3Q05” by John Girard. December 8,
2005.
In response to the increasingly mobile and diverse nature of users—including non-employees who
typically utilize their own laptop computers with varying levels of security—enterprises and carriers
are looking to make secure application and network access an integral part of the resources they
provide to end users.
General-purpose SSL VPNs enable users to securely access data and applications from multiple loca-
tions and computing devices, offering granular, identity-based access controls. But most SSL VPNs
pay almost no attention to the performance required for a positive end-user experience as well as the
scalability that large-scale universal deployments demand.
3. Array Purpose-Built SSL VPN p.
A General-Purpose SSL VPN is Not Sufficient
SSL VPN solutions leverage the ubiquitous SSL encryption of any browser to encrypt traffic, provide
data confidentiality and data integrity. As Gartner notes, corporations have generally accepted SSL
VPNs as a better remote access alternative to those based on the Internet Security (IPsec) protocol or
leased line VPNs.
To date, however, SSL VPN vendors have focused almost exclusively on the flexibility and security
benefits of SSL VPNs in providing clientless and client/server application access control. They have
done little to ensure that the overall scalability and performance of their SSL VPN solutions match or
exceed those of IPsec VPNs.
The problem is that most SSL VPN solutions are packaged as software on a general-purpose Linux
platform and thus cannot meet enterprise customer demands in areas including:
• Performance and user experience – The ability to nearly match the latency and throughput
performance of IPsec VPNs, and improve the end user application performance experience
without having to deploy and manage expensive third party solutions.
• Scalability – The ability to scale to a large number of concurrent users on a single hardware
platform without performance degradation.
• Security – The ability to provide not only encryption, but also deep packet inspection and
application-level filtering without adversely affecting overall system performance.
• Universal access –The ability to consolidate remote users, branch office users, wired and wireless
LAN (WLAN) users onto a single SSL VPN platform, without hardware changes.
Performance
SSL VPN solutions delivered on general-purpose platforms have design and architecture limitations
that can result in processing bottlenecks that negatively impact latency and throughput. As an ex-
ample, consider SSL bulk encryption. Most general-purpose SSL VPN solutions perform SSL key ex-
changes in hardware, using an SSL VPN co-processor, but rely on the main CPU for bulk encryption.
Bulk encryption is a CPU-intensive process that puts a heavy toll on system throughput and intro-
duces significant latency.
Application-level throughput is another important factor. As SSL VPNs become more popular, they
are being called upon to handle loads that most general-purpose platforms simply weren’t designed
for. Many SSL VPN platforms are thus being pushed to their practical limit, which may be far below
the vendor’s stated limit in terms of number of concurrent users supported. The result is they either
cease to function properly or function so poorly that it hampers end user productivity.
To achieve an acceptable performance level, customers often find they have to purchase multiple
general-purpose SSL VPN boxes and operate them at far below their claimed performance in terms
of throughput and concurrent users. This, of course, leads to increased costs – in terms of both initial
capital expense and ongoing management – and decreased reliability, due to multiple points of failure.
Some organizations suffer such poor performance that they have to purchase and maintain separate
third-party application acceleration solutions. This again leads to higher costs and decreased reliability.
4. Array Purpose-Built SSL VPN p.
Scalability
Avoiding such costs means finding an SSL VPN solution that is highly scalable. Scalability is measured
largely by two factors: maximum number of concurrent users and maximum number of concurrent
SSL connections.
While general purpose SSLVPN solutions may claim to scale up to 2,500 concurrent users, their practi-
cal limit is likely far less, as noted above. Yet even the 2,500 concurrent user number is far too few for
many enterprises and, certainly, service providers.
For a service provider that provides SSL VPN managed services, the ability to scale beyond 10,000
users and hundreds of customers on a single system is essential. The same is true for many large
enterprises, given that most Global 2000 companies employ more than 100,000 people. While not all
employees need secure remote access, and those that do won’t all be logging in at the same time,
it’s important to remember that SSL VPN use is not limited to employees. In many cases, numerous
contractors, partners, suppliers and customers must be given secure access. Given their simple, cli-
ent-less nature, most IT professionals would prefer to use SSL VPNs to meet the secure access needs
of these various groups and individuals. But unless the SLL VPN solution can scale beyond the typical
limit of 500 to 1,000 users per system, it is not architecturally or economically feasible for it to support
such heavy demands.
In addition, every user community, whether it be different business units, partners, suppliers or cus-
tomers, have different levels of access privileges. General-purpose SSL VPN solutions can support
granular role-based policies for diverse user groups, but they require a separate SSL VPN system to
secure each group’s user portal. As a result, total cost of ownership (TCO) can skyrocket when more
diverse users are added.
Security
The performance and scalability shortcomings of general-purpose SSL VPN platforms also play a part
in limiting their security capabilities. Providing proper security requires processing power. On a gen-
eral-purpose SSL VPN solution, security may be set at the desired level when only 50 users are on the
system, but as more and more users are added, performance declines. As a result, the IT manager may
be tempted to scale back the level of security until performance is restored to an acceptable level.
Clearly, this is not an optimum strategy.
Another problem with general-purpose SSL VPNs is that they are built on off-the-shelf operating sys-
tems, and therefore are subject to all the vulnerabilities and security holes associated with those
operating systems. Most general-purpose SSL VPNs also lack any advanced security features, such as
an integrated firewall and deep packet inspection, which mean customers must add another device
to handle such functions – adding complexity, cost and latency. Additionally, general-purpose SSL
VPN solutions typically provide transport security only between the client and the SSLVPN appliance,
not between the appliance and any attached servers. This leaves the user organization at risk from an
internal attack, which account for a significant percentage of all security threats.
In fact, 56% of respondents to the 2005 CSI/FBI Computer Crime and Security Survey reported at least one
attack from inside their organization in the previous 12 months.
5. Array Purpose-Built SSL VPN p.
Universal Access
While general-purpose SSLVPN solutions enable access to corporate resources for remote users, they
typically do not address access requirements for other enterprise users, such as those attaching to
the network from the corporate LAN or wireless LAN. That means the SSL VPN platform becomes yet
another area where IT must administer access control lists (ACLs), joining existing ACLs on their LAN
and WLAN switches, firewalls and corporate directories. Keeping all these ACLs in sync, with up-to-
date information, is a real challenge, and can create security holes if not properly addressed.
Even if general-purpose SSLVPNs claim to support universal access, their limited capacity make them
impractical for service provider or enterprise-wide deployments.
Introducing the Purpose-built SSL VPN
The various shortcomings associated with general-purpose SSL VPNs can all be addressed by using
a platform built specifically for SSL VPNs. This is the approach Array Networks has taken with its SPX
series of high-performance SSL VPN systems.
Array’s SPX systems are based on a purpose-built platform that runs the custom ArrayOS™ operating
system. Its optimized and streamlined operations deliver dramatically higher throughput as com-
pared to general-purpose SSL VPNs platforms and lower latency, while allowing for a much higher
number of concurrent users and SSL sessions.
Array Purpose-built SSL VPN Advanced Architecture
General-purpose SSL VPN Array Purpose-built Solution
• Data must travel through several
opensourced interfaces
• Streamlined, linear packet processing
• Each interface introduces security holes and
vendor implementation dependency
• All data goes through stacks once and are
processed in parallel
• Processing delay may cause
“unpredictable behavior”
• Each processing component is optimized
• Difficult to optimize data path
• Custom-made operating system and hardware
are built specifically for security processing
and performance.
OPEN SSL
ARRAY OS
I/O MEMORY PCI
APACHE
LINUX OS
MAIN CPU
I/O MEMORY PCI
SSL
HARDWARE
SSL
HARDWARE
MAIN
CPU
General Purpose SSL VPN Array Purpose-built SSL VPN
6. Array Purpose-Built SSL VPN p.
A general-purpose computing platform introduces significant bottlenecks and latency as processes
wind their way through multiple layers of processing. Array’s custom ArrayOS™ operating system
streamlines processing, and ensures CPU-intensive operations such as key exchanges and bulk en-
cryption are performed in hardware.
Superior Performance and User Experience
In fact, its purpose-built platform enables Array to deliver performance, throughput and capacity
that’s 8 times faster than the nearest SSL VPN platform can offer.
Much of the performance story is owed to both ArrayOS™ and SpeedStack™, which is an Array pro-
cessing engine that enables TCP overhead functions to be performed just once on behalf of multiple
integrated data flows. The diagram below illustrates the integrated features that are able to access
data within memory without having to move the data around. If you think of features as being com-
posed of functions, there is a large amount of function overlap. This means, at any given time, a func-
tion request may be servicing more than one feature, resulting in more efficient resource utilization
and improved performance.
InadditiontoperformingbothSSLkeyexchangeandbulkencryptioninhardware,Arrayalsointegrates
compression and connection multiplexing, to improve response time and reduce server workloads by
offloading network connection chores. As a result, Array can maintain an average Web page response
time of just 2ms with 500 concurrent SSL users, and remain in single digits with tens of thousands of
concurrent users.
For those environments where application servers are too expensive to perform low-levelTCP network
operations, andWAN bandwidths are precious for remote users, Array SPX offers integrated application
acceleration including industry-leading TCP connection multiplexing and hardware-based HTTP com-
pression.This level of integrated feature and performance improves server response time and end user
experience while reducing costs.
SSL End Point
Security
Application
Support
Application
Acceleration
HTTP
Rewrite
Deep Packet
Inspection
Filtering
ACL
AAA
Data in memory /
function overlap
SpeedStack™
Application
Presentation
Session
TCP/UDP
IP
Datalink
Physical
7. Array Purpose-Built SSL VPN p.
Enhanced Security
Array’s strong performance capabilities also mean users don’t have to sacrifice security for perfor-
mance, as is often the case with general-purpose SSL VPN solutions. Array can simultaneously main-
tain both maximum security and instantaneous user response time.
Like all SSL VPN solutions, Array supports authentication, authorization and auditing (AAA), and end
point security with cache cleaning. But Array has also built in numerous security features not found
in typical general-purpose SSL VPN solutions.
The security story starts with the proprietary ArrayOS operating system. As a purpose-built OS, Ar-
rayOS has none of the extraneous features and functions inherent in a general-purpose OS like Win-
dows or Linux, and their concomitant security vulnerabilities. ArrayOS is a security hardened OS, with
a greatly reduced potential attack surface.
ArrayOS also employs a full reverse proxy architecture, meaning it fully terminates all connections,
and establishes new connections to back-end servers.That serves multiple purposes. For one, it helps
protect those back end servers from attack; since all connections stop at the Array device, down-
stream devices can’t “see” those back end servers. Array also uses a delayed binding technique that
requires the connection to be fully terminated on the Array box before it is passed to the application
server. That prevents spoofed IP addresses from connecting to servers, since they will not terminate
correctly.
Array SPX also employs a wire-speed stateful firewall and Layer 7 packet inspection, to immediately
detect—and drop—anomalous packets. For particularly sensitive applications that require end-to-
end security, Array can also re-encrypt sessions between the Array device and back-end servers.
Scalable and Virtualized Universal Access
As explained earlier, large enterprises and service providers require the highest scalability, lowest
TCO, and universal access control to support large number of diverse users. Array SPX meets these
stringent demands with its industry leading scalability, virtualization and universal access control
capabilities.
A single Array system can support up to:
• 64,000 concurrent users
• 100,000 concurrent SSL sessions
• 10,000 SSL transactions per second
• 850M bps throughput
• 256 virtual portals
These 256 virtual portals can each have unique access policies, as well as their own look, feel and
security configuration. That means from a single system, an enterprise can give its customers access
to its public Web-based ordering system, enable employees to access e-mail, ERP and CRM systems,
and give suppliers access to their extranet. And service providers can support up to 256 distinct cus-
tomers from a single Array system, dramatically cutting their provisioning and operations costs as
compared to a general-purpose SSL VPN solution.
8. Array Purpose-Built SSL VPN p.
With respect to providing universal access control, Array has made a quantum leap as compared to
general purpose SSLVPNs. Array SSLVPN can eliminate the need to set up and maintain ACLs on mul-
tiple LAN switches, SSL VPN appliances, and separate wireless LAN switches. With Array SSL VPN, a
user’s access method is supported whether they happen to be accessing the network remotely, from
the wireless LAN, or when directly connected to the LAN. Array’s comprehensive security policies can
be enforced for all users accessing the network, not just for remote users.
Secure universal access depends on a number of key attributes of the Array SSL VPN system, including:
• Highest number of concurrent users and sessions; without the ability to support a large number
of users, it’s simply not possible to add users for universal access control.
• Low response time, high throughput, enabling Array to add users for universal access control
without slowing down productivity.
• Integrated high performance network and application firewall, enabling an organization to re
place its current firewall ACL.
• Up to 256 virtual portals for diverse user groups, making it simpler to support and administer
multiple portals for a large number of users, whether they are remote or access the network via
the WLAN or LAN.
• Advanced role-based administration, which allows security and network policy responsibilities to
be delegated throughput the IT department.
Array is defining the market by enabling an organization to control end-users’ access policies and
endpoint security in just one place: on the Array SSL VPN. This reduces the costs of administration by
eliminating the need to set up and maintain ACLs on multiple LAN switches, firewalls, SSL VPN appli-
ances and separate WLAN switches.
Meeting Your Demanding Requirements
The combination of universal and scalable access, enhanced security and superior performance that
Array provides means customers realize significant savings in both cost and time. Being able to meet
all remote access requirements with a single system means a lower TCO as compared to employing
multiple general-purpose SSL VPN systems. Further cost savings can be realized with the advanced
security features that Array offers, and from being able to centrally control all access requirements. At
the same time, Array gives customers a foundation upon which to build for future VPN requirements,
including site-to-site SSL VPNs.
9. Array Purpose-Built SSL VPN p.
Higher performance, lower TCO
Array’s capacity of 64,000 concurrent users per system, and 100,000 concurrent SSL sessions, makes
for a powerful TCO story when you consider cost per user. Array is cost-effective even below 1,000
users, but at higher numbers the cost dramatically decreases.The cost of competing solutions, mean-
while, increases dramatically above 1,000 users because they require more boxes, with the accompa-
nying management complexity. And by offloading tasks from back end servers, Array’s connection
multiplexing technology reduces server hardware and software costs, further lowering TCO.
When a $13 billion healthcare company needed to add 5,000 people to its network within two
months, it considered numerous VPN and thin client alternatives. It opted for an Array system be-
cause it provided significantly higher performance, with higher reliability and greater security than
competing solutions. It could also scale to as many as 100,000 users without a hardware upgrade and
proved simpler to manage.
The Array system cost the company just $40 per user to implement, vs. $200 or more for competing
solutions. It also required far less help desk support and was simpler to manage, bringing the total
savings from the Array system to more than $1 million as compared to the alternatives.
No client software is needed
Any standard browser works
Array provides SSL
encryption and AAA
to enhance MLPS or
leased line security
Array SSL can easily travel
through IPsec and Firewall
Layer 7 centralized policy control
• Quicker to set up
• Cheaper to operate
• Lowest latency
• Highest scalability
• Home Telecommuters
• Small Office / Home Office
• Mobile Users
• Hotels
• Airports
• Kiosks
• Roaming
• PDA Cell
• Branch Office
• Franchise Store
• Remotely Hosted
Applications Partners
Customer
A, B, C, D
SSL
SSL
SSL
SSL
Local
Users
LAN
WLAN
Array SPX
Enterprise Headquarters
or Service Provider POP
Web, Application and Database Servers
SSL SSL SSL SSL
Internet
Network-to-Network
Connection
Remote or Hosted
Resources and Applications
10. Array Purpose-Built SSL VPN p. 10
Another healthcare organization, Presbyterian Healthcare, deployed the Array SPX to enable doc-
tors and other support staff to securely access patient information. It realized a 100% increase in
the number of concurrent users it could handle as compared to its previous solution, along with a
50% improvement in end user response times. Additionally, the organization saw a 400% increase
in server capacity, with its Microsoft IIS Web servers handling about 4,000 users per server, up from
the previous 800. The organization also realized a 50% reduction in the number of back-end servers
it needed.
Similarly, one of the world’s largest communications service providers, which provides mobile tele-
communications services to more than 100 million customers, was spending $3.1 million per year
on help desk personnel to help its vendor clients manage their IPsec-based VPN access solution.
That solution couldn’t scale beyond 2,000 users, yet the provider already had a community of 5,000
vendors, which was continuing to grow. Switching to an Array SPX system enabled the company to
dramatically reduce its support costs, since client side support and training were no longer required.
And the Array system can easily support the company’s 5,000 users, with plenty of room to grow.
Array’s virtualization features also lead to significant cost savings vs. general-purpose SSL VPNs. Con-
sider the cost savings of supporting all your diverse user groups—employees, partners, suppliers and
customers—from the same platform, as opposed to buying and managing separate SSL VPN boxes
for each group. For service providers, in addition to supporting up to 256 customers on a single plat-
form, deploying an Array SPX means no longer having to place appliances at the customer premise,
a significant cost savings in both the initial expense and ongoing management.
All the while, the Array system doesn’t require customers to skimp on security for the sake of per-
formance. Its purpose-built architecture, with the ability to handle many CPU-intensive tasks in
hardware, enables the SPX to deliver performance that far surpasses competing solutions. And its
integrated Web firewall and deep packet inspection technology means customers don’t have to buy
additional security products to handle those functions, further reducing TCO.
Security everywhere: Universal access control
Another aspect of TCO has to do with the way organizations handle user access policies, a process
that is often riddled with inefficiency, redundancy and complexity. Most organizations are forced to
define user access policies at numerous points within the network for the same users, including:
• SSL VPN devices, for remote access
• WLAN switches, for wireless access
• LAN switches, for wired access
• Firewalls
• Proxy servers, such as for E-mail and other applications
Besides being costly to administer, defining policies numerous times in this manner makes it difficult
to ensure all policies are in sync, leading to the unintentional creation of security holes.
Array SSLVPN systems enable IT managers to define end-users access policies in just one place, elimi-
nating the need to set up and maintain ACLs on multiple switches and appliances.
11. Array Purpose-Built SSL VPN p. 11
The idea of universal access control is especially important now that network access has become
ubiquitous, with users logging on to the corporate network from wherever they may be, using myr-
iad devices that may or may not be configured according to corporate security policies. Enterprise
users, business partners or guests may become unknowingly infected when surfing the Internet or
working remotely, then bring those infected devices directly into the network. Similarly, without
proper access controls, internal users on the corporate LAN could open the network to a host of
threats when they access the Internet.
These kinds of threats are unacceptable to any organization, but especially those that must meet
stringent regulatory requirements to protect corporate data.
Enterprises need a centralized universal access solution that ties together all aspects of the user’s
identity, device and network permissions, and can uniformly enforce policies, even for groups they
do not control.
Array provides just such a solution. Array SSL VPN systems provide user access control no matter
whether the user is accessing the network remotely, from the wireless LAN or directly from the wired
LAN. And Array’s comprehensive security policies can be enforced for all users accessing the net-
work, not just remote users.
Array offers a host of security features, including:
• Client-side integrity checking, to ensure client machines adhere to company security policies.
Multiple remediation options are available, including limiting access, directing offending
machines to a patch server and restricting access to certain applications or environments.
• Secure access to Web applications, with role-based secure access to intranets and extranets and
URL masking, to protect Web applications.
• Secure access to file servers and client/server applications
• Role-based administration, with the ability to delegate administration for different groups to
appropriate IT staff.
• Strong authentication, including support for two-factor authentication and integration with
Microsoft Active Directory, RADIUS, UNIX NIS or a local authentication database.
• Integrated network and application-layer firewall.
The Array SPX platform itself is also crucial to the notion of providing universal access. Only a platform
that is capable of supporting a large number of concurrent users and sessions, with high throughput
and low response time, is suitable for handling universal access in a large environment.
Security for thin client applications
In addition to providing secure access to Web applications, e-mail, file servers and the like, Array
SPX also provides a crucial security layer for thin client applications, including Citrix and Windows
Terminal Server.
Placing an Array system in front of a Citrix server, for example, reduces an organization’s network
exposure. Traditionally, remote clients are connected directly to the Citrix server, which is typically
resident on the corporate network. That means an intruder who gains access to the Citrix server
12. Array Purpose-Built SSL VPN p. 12
could likewise gain access to the rest of the network.
Array’s reverse proxy architecture eliminates that threat. All remote sessions are terminated on the
Array system, which then re-establishes a connection with the Citrix server, thus preventing remote
users from gaining access to any other network resources. The Citrix server, then, becomes just one
more application protected by the Array SPX (see Figure x).
Protection for Your Citrix Servers
The Array SPX also gives administrators granular control of user access rights, right down to the URL,
directory or application level. Array also provides enhanced auditing features, covering all user ac-
tions from the time they log in to when they log .
A solution for real-time transactions
Many organizations are facing increasingly stringent requirements for fast response time. Whether
it’s customers demanding better performance from your customer-facing Web site or internal users
pounding on the ERP system, nobody wants to wait to get what they’re after.
In many instances, time is indeed money. In the financial services arena, for example, fast response
time is essential, because huge sums of money are dependent on timely access and trades. Stock
prices change literally every second, and can fluctuate greatly from one minute to the next.The prob-
lem is compounded by the fact that many traders are not in a traditional office. Rather, they’re on the
road, visiting clients, yet they still need fast, secure access to trading applications.
All users
Non-employees
Employees
Remote
Virtual
Desktop
Citrix Presentation
Server
“Fat Client”
Applications
DMZ
Web
Applications
File
Sharing
Email
Corporate
Network
Contractors
Partners
Employees
Internet
13. Array Purpose-Built SSL VPN p. 13
In such a case, an SSL VPN solution is likely to be the preferred option, because it’s far simpler than
installing and maintaining IPsec software on each client machine. But a general-purpose SSL VPN
solution is unlikely to be able to provide the kind of response time – typically less that 5ms – that
trading applications require, especially for a large user base.
Array SPX, however, is up to the task, with a response time of less than 2ms for as many as 500
concurrent users.
Banks Key Requirements
Array Purpose-
built Solution
Other SSL VPN
100% clientless remote access to web-
based applications
Yes Partially
No more than 5ms Lowest latency 1.7ms 10 times slower
Integrated Symantec End Point Security Yes Yes
High Scalability Yes No
High Performance Yes No
A foundation for the future
While SSL VPNs are clearly displacing IPsec VPNs for remote access, IPsec is still widely used for site-
to be highly scalable.
With its ability to support 64,000 concurrent users today, and 256 virtual portals, Array is well-posi-
tioned to take this next step in the evolution of SSL VPN technology.
Summary
SSL VPN technology has won the battle with IPsec for remote access requirements, with Gartner pre-
dicting that by 2008, SSL VPNs will be the primary remote access method for most business use. But
as SSL VPN use increases, so do the demands for access, security and performance.
General-purpose VPN solutions are simply not equipped to meet these growing demands, falling
short in terms of performance, scalability, security, end user experience and the ability to provide
universal access.
Only a platform built from the ground up to meet SSL VPN requirements can meet the demands of
enterprises and service providers. Array’s SPX system, with its proprietary ArrayOS operating system,
has the horsepower to meet even the most demanding needs, with support for as many as 64,000
concurrent users and 100,000 SSL sessions. And its virtualization capabilities, with support for 256
distinct portals, are unmatched in the industry.
Such features position Array not only as a sound choice to meet today’s requirements, but as the only
platform that can grow with you to meet the VPN requirements of tomorrow.
2000
1800
1600
1400
1200
1000
800
600
400
200
0
Average HTTP Response Times (ms)
Array SPX
Competitor J
Competitor F
Orders of Magnitude
Lower Latency
Web Application Response Time
14. Array Purpose-Built SSL VPN p. 14
About Array Networks
Array Networks Inc. is a global leader in enterprise secure application delivery and universal access solutions for
the rapidly growing SSL VPN and application delivery controller (ADC) markets. More than 3,500 customers
worldwide – including enterprises, service providers, government and vertical organizations in healthcare, finance,
insurance and education – rely on Array to provide anytime, anywhere secure and optimized application access.
Industry leaders including Deloitte, Red Herring, Gartner, and Frost and Sullivan have recognized Array as a market
and technology leader.
-
approximately 60 resellers and VARs worldwide.
For more information, please visit www.arraynetworks.net or call 1-866-MY-ARRAY.