security and acceleration - a contradiction in terms?
DESCRIPTION
Security and Acceleration - A contradiction in terms?. Nigel Hawthorn VP EMEA Marketing. Blue Coat: WAN Application Delivery. Profitable, public company (NASDAQ: BCSI), founded in 1996 93 of Fortune Global 100 are Blue Coat customers 6,000+ customers across 150+ countries - PowerPoint PPT PresentationTRANSCRIPT
Security and Acceleration - A contradiction in terms?
Nigel HawthornVP EMEA Marketing
Blue Coat: WAN Application Delivery
• Profitable, public company (NASDAQ: BCSI), founded in 1996
• 93 of Fortune Global 100 are Blue Coat customers
• 6,000+ customers across 150+ countries
• Global Support Services team
• Proven pedigree of web performance and security innovation
TEC
HN
OLO
GY
TRE
ND
S
Faster, Global, Mobile, Secure
REGULATORYTRENDS
Climate of Governance
Protect Privacy
Manage Risk
BU
SIN
ESS
TREN
DS
EnterprisesEnterprises
Accelerate the Business
Business Boundaries Blur
Virtual, Flat Corporation
Adoption of Web 2.0 & SOA (Service Orientated Architcture)
Worker Mobility and Devices
Services – Not Software
Remote Offices
On-Demand Applications and Services
Server Consolidation
Challenges for IT Executives
Mobile Workers
Legacy Client/Server Applications
HTTPS
Personalized Portals
my
Web 2.0 Applications & Mash-Ups
• Long distances, more traffic and chatty protocols hurt performance
• Uncontrolled/unwanted traffic causes congestion• Security attacks hide in the application layer, more
applications are encrypted• Can’t deliver applications quickly to remote and
mobile users
OR
Packet and Storage
Accelerators
Packet and Storage
Accelerators
ACCELERATE EVERYTHING!Assume its all good and accelerate
Security and Acceleration – A Never ending battle
STOP EVERYTHING!Assume its all bad and check
SECURITYTechnologies
SECURITYTechnologies
STOP BAD. ACCELERATE GOOD
Faster, Secure Delivery of Business-Critical Information….. To Help the Business Run Better
The Answer: Stop the Bad. Accelerate Good
Acceleration – Its all about traffic & latency
Why So Slow?! Take the Quiz
45Mbps = 5.625MBps so 4 / 5.625 = 0.7111
A) 0.7 seconds.
Your Network: 45Mbps bandwidth100ms latency (round trip)
Question: You open a 4MB PPT file from a remote server. How long will it take?
Hint: CIFS is a WAN protocol “worst-offender”.It sends data in 4KB chunks, then waits for an acknowledgement.
4MB = 1000 x 4KB chunks1000 trips there1000 trips back 2000 trips x 0.1 sec = 200
B) 200 seconds.
4K
B S
en
t4
KB
Se
nt
4K
B S
en
t4
KB
Se
nt
AC
K!
AC
K!
AC
K!
AC
K!
RESULT: Non-Linear Performance Gains as Bandwidth is Added!
Why So Slow?!
• Bandwidth is the width of the road• Latency is the speed
• We make our data travelmillions of miles andthe speed of light is too slow!
• Add Layer 7 protocols Designed for LANs
• Add rogue traffic• Add congestion (firewall, server, OS overhead, routers)
Pe
rfo
rman
ce →
Bandwidth →
ExpectationExpectation
RealityReality
PricePrice
WAN Optimisation Technology
Legacy WAN Optimization
What about the rest of your traffic?
• Fix Basic Protocols
• Compress with Byte Caching
• Some Add Wide Area File Services
Accelerate SSL Applications
• SSL use is growing– If it’s important,
it’s encrypted!
• Internal apps are hard to accelerate
• External apps are even harder
• Handle with care
Open, Inspect, Accelerate SSL Applications
Are You Video Ready?
Remove unwanted video. Accelerate the rest
• What’s already on the WAN – Earnings announcement
– Compliance mandated E-learning
– YouTube.com
• Is it at least controlled?
• Split streams for live broadcast
• Distributed video on demand
Stop Accelerating the Junk!
• Why accelerate? – Frivolous surfing
– Bulk downloads
– Peer-to-peer
• Get rid of it!– Or it will grow
– Crowd out good apps
Flexible, User Based Bandwidth Control
Start Accelerating the Rest
• Web traffic is huge
• Fastest growing traffic
• HTTP, and then some
– Web services
– Web widgets
– Java clients
• Get the Internet off your WAN; connect remote offices direct to the ‘net
Deliver Web-Based Applications Without Extra Bandwidth
Ultimate in WAN Optimization
Multiprotocol Accelerated Caching Hierarchy
BandwidthManagement
ProtocolOptimization
ObjectCaching
ByteCaching Compression
File Services (CIFS), Web (HTTP), Exchange (MAPI), Video/Streaming (RTSP, MMS), Secure Web (SSL)
• Divide traffic into classes, by:– User, application, content, transaction, application protocol, etc.
• Guarantee priority and min and/or max bandwidth for a class• Align traffic classes to business priorities• Even for SSL encrypted applications• Operates alone, or integrates with your existing packet-layer QoS
Salesperson, placing order with Sales Automation App
Priority 1Min 400Kb, Max 800Kb
Non-Sales Management Pulls Client List
Block
Salesperson query with Sales Automation App Priority 2Min 100Kb, Max 400Kb
Bandwidth Management – Business Process
Marketing person, Surfing Sales Automation App (reporting) Priority 3Min 0Kb, Max 200Kb
Protocol Optimization
10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP
Object Caching
• Client served from local proxy
• 100% acceleration – no data across WAN
• Works on second, and all subsequent requests
BRANCH
DATACENTER
Byte Caching
110111110011100100100101110[REF#1] 00011110001110011000110000010011110000001101111010010[REF#2] 010101010100101000010100
110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100
Byte CachingByte Caching
1101111100111001001001011101111111111111111111111111111111111111111000111100011100110001100000100111100000011011110100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101010101001
01000010100
• Proxies “learn” common patterns
• Create short references and pass those instead
• Works on all files, all applications over TCP
110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100
Compression
11011111001110010010010111001100101011101100100001001100111001000001111000111001100011
110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100101010101010010101010101010100101000010100
COMPRESSIONCOMPRESSION
11011111001110010010010111001100101011101100100001101001100111001000001111000111001100011000001001111000000110111101001000011011010010111110011010011101101001101001111001000000000000111001011100101101101101001001001010101001010101
0101101100101100010100
• Industry-standard gzip algorithm compresses all traffic
• Removes predictable “white space” from content and objects being transmitted
MACH5 Techniques Work Together
Object Caching• Caches repeated, static app-level data; reduces BW and latency
Byte Caching• Caches any TCP application using similar/changed data;
reduces BWCompression
• Reduces amount of data transmitted; saves BW
Bandwidth Management• Prioritize, limit, allocate, assign DiffServ – by user
or application
Protocol Optimization• Remove inefficiencies, reduce latency
What About The Office of One?
• Poor performance
• Inconsistent performance
• No control over user experience
Desktop Client for Acceleration and Control
Aren’t We All Mobile Users?
Acceleration Performance
Microsoft Word File size - 10 MB
104 sec.1 min
2 min
16 sec.
No Client
With SG Client
File Open
File Open
(warm)
File Open (cold)
3 sec.
Microsoft PowerPoint File size - 1 MB
21 sec.
20 sec.
6 sec.
2 sec.
No Client
With SG Client
File Open
File Open
(warm)
File Open (cold)
Test bed: Office 2003, Win XP, 1.544 mbps full duplex, 200 ms
Security – Its all about context
Who, what, when, why, how,
Today’s Network Requirements
TODAY’S NEEDS
SEE
SECURE
ACCELERATE
CONTROL
Complete view and understanding of all applications
Granular control over all users, devices and any application
Defend against external and user-based threats
Faster delivery of business-critical applications unique to each office, department, user
WAN/Internet
Internalor
External
Users Applications
Users and Applications
Internalor
External
WAN Application Delivery (WAD)WAN optimization, User security, Policy control
Packet DeliveryPackets, Ports and Flow Control
Full Protocol Termination = Total Visibility & Context(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, Telnet, DNS, etc.)
Only a Proxy can deliver
PROTECT• Prevent spyware,
malware & viruses• Stop DoS attacks• IE vulnerabilities,
IM threats
See, Secure, Accelerate, ControlSee, Secure, Accelerate, Control
ACCELERATE• Governed by policy• BW Shaping, Compression,
Protocol Optimization• Byte, Object & Predictive
Caching
+
CONTROL• Fine-grained policy for applications,
protocols, content & users (allow, deny, transform, etc)
• Granular, flexible logging• Authentication integration
+
Define appropriate policies
AnyMMSHTTPSFTPHTTP
AnyIE 6.xRealPlayerAOL IMIE 5.0
Any
Any
Any
Any
Any
Any
Stream.XLSStreamP2P
Job-sitesWeb-mailSportsNews
PupilsExecutivesIT StaffTom
TokyoParisLondonNew York
Weekends5:00 – 12:008:00 – 5:0012:00 – 8:00
TrainingCustomerSupplierIntranet
Protocol
Agent
File/MIME type
Content
User/Group
Place
Time
Source
Allow Disallow Virus Scan Accelerate Replace Allow, but limit
Coach Splash Page Log by user Email mgmnt Patience page
Log traffic Block on keyword Block non-text
Why Performance and Security Together?
• Single policy
• Increasingly, we can’t install security without acceleration – impeding business is unacceptable
• Removing unwanted traffic results in a performance increase
• Branch offices must minimize hardware and management
• Need to maximize WAN investment
Legacy WAN Optimization
Blue Coat WAN Application Delivery
Going Beyond Legacy Optimization
Fix Protocols
Byte Cache
Compress
4. Optimize Web Traffic
3. Remove the Junk
2. Manage Video
1. Accelerate SSL
5. For All Users Everywhere
What makes Blue Coat unique
• 10 years experience of improving content delivery– First caching appliances worldwide
• Deep understanding of users and content– Layer 7 knowledge, not just packet networking
• Most powerful security functionality– All types of data, unlimited policy flexibility
• Flexible deployment options– From country to end device
• High performance appliances– Thin OS, no public-domain, no general-purpose OS
• No compromise – performance and control together