blue coat systems securing and accelerating the remote office matt bennett

Blue Coat Systems

Securing and accelerating the Remote office

Matt Bennett

The Business of IT

Applications

Delivered over the Network

Experienced by Users

Challenge: How to Reliably Deploy Applications Across Distributed Enterprise, While Reducing Costs?

Challenge: How to Reliably Deploy Applications Across Distributed Enterprise, While Reducing Costs?

And Keep it Fast and Safe too!

Common Themes

• Application Deployment Velocity– Everything Web (Evolving)– End to end encryption– Ubiquitous Access (application utility infrastructure)– Strategic application platform for all services

• Distributed Enterprise– Use of the public infrastructure (Emerging)– Business centric Internet based services– Employee / Partner / Customer Access– Lower cost of bandwidth

• Reducing Cost– Data Center / File Server Consolidation (Maturing)– Operational / License / Infrastructure cost savings

The Power of the Proxy™

PROTECT• Prevent spyware,

malware & viruses• Stop DoS attacks• IE vulnerabilities, IM

threats

Ultimate Control for Application SessionsUltimate Control for Application Sessions

ACCELERATE• Caching • BW Shaping, Compression,

Protocol Optimization• Sequence, Object &

Predictive Caching

&

CONTROL• Fine-grained policy for applications,

protocols, content & users (allow, deny, transform, etc)

• Granular, flexible logging• Authentication integration

&

Full Protocol Termination = Total Visibility & Context(HTTP, HTTPS, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)

Expanding the Proxy Solution

InternetDatacenter

WANBranch

Branch

Enterprise ApplicationServers Public Web

Servers

Internet Users SessionsVisibility, Control & Acceleration

GatewayProxy

Deposits

LoansChecking

Tellers

Loan Agents

Investment Advisors

Expanded Focus to:

All Users & Apps SessionsVisibility, Control & Acceleration

Application-Front-EndProxy

Branch OfficeProxy

Branch OfficeProxy

Head-EndProxy

Customers

Remote Users

Proxy Solutions for the Distributed Enterprise

1. Get “bad” sessions off the network first

Built on Blue Coat Proxy Architecture

#1 Get “Bad” Sessions Off the Network

• Why?– No business wants viruses,

worms, spyware, porn, P2P, MP3s …

• How?– Policy control and

authentication– URL filtering– AV Scanning– Spyware prevention– IM, P2P blocking and control– Next! More session-level

knowledge for specific web-apps

InternetDatacenter

Internal WAN

Branch

Branch

Proxy Solution for the Distributed Enterprise

1. Get “bad” sessions off the network

2. Keep “good” content local


#2 Keep Good Content Local

• Why?– LAN access will always be

better than over the WAN

• How?– Web (HTTP/FTP) Caching

– Secure Web (HTTPS) Caching

– Streaming Caching and Splitting

– Next! File Services (CIFS) Caching

– Next! MAPI Proxy

– Next! Byte Caching

– Next! More customized application-level caching for specific web-apps

InternetDatacenter

Internal WAN

Branch

Branch




3. Maintain control of encrypted sessions


#3 Maintain control of encrypted sessions

• Why?– End-to-end encryption assures

information access to authorized personnel only

– But end-to-end encryption should not thwart prototection, control and acceleration

• How?– SSL reverse proxy

• Internal apps• Externally facing apps

– 4.2! SSL forward proxy• Internet apps

– Next! SSL forward proxy at branch

• Internal and Internet apps

InternetDatacenter

Internal WAN

Branch

Branch





4. Prioritize mission-critical sessions


#4 Prioritize Mission-Critical Sessions

• Why?– Can’t allow background

sessions to affect sessions that are time-critical

• How?– 4.1! Traffic prioritization

– 4.1! B/W management

– 4.1! Prioritization with user and protocol-level knowledge

– Next! Integration with network QoS (ToS/DiffServ) systems

InternetDatacenter

Internal WAN

Branch

Branch

High PriorityTeller TransactionsLow Priority

Background POSTs






5. Optimize the traffic on WAN


#5 Optimize the Traffic on WAN

• Why?– Reduce effect of WAN latency

and improve end-user response times

• How?– SSL offload & TCP offload to the

branch– Protocol optimizations like HTTP

Object Pipelining– 4.1! Compression for Enterprise

Web Applications and Internet traffic

– 4.1! Compression for Enterprise Client-Server Applications

– Next! Byte Caching– Next! New TCP stack and

performance optimizations

Internet

Datacenter

Internal WAN

Branch

Branch

Optimize the traffic that is left on the

WAN






5. Optimize the traffic on WAN

6. Provide user & application visibility


#6 Provide user & application Visibility

• Why?– Visibility enables action

towards issue resolution

• How?– Director: Centralized

management and policy control

– Reporter: Detailed logging and reporting w/Reporter

– Next! Health monitoring of delivery network w/Director

– Next! Session-Level visibility of key metrics

Reporter

HealthMonitoring

Session Monitoring

CentralizedMgmt

Director

VisibilityVisibility

Director & VPM

Management – The Big Picture

Application Active Sessions

Idle Sessions

Response Time

Protection Level

Google 1 0 0.6 sec

Support 18 5 6.1 sec

WebPower 45 4 6 sec

Finance 12 20 12 sec

Salesforce.com

22 3 1.3 sec

Oracle 19 12 5.2 sec

Perforce 15 40 29 sec

10.0

6.0

10.0

10.0

8.0

7.0

3.0

Protection DrilldownEncryption Anti-Virus DOS MITM Auth

Certificate Validation

Anti-Spyware

Access Logging

Strict Parsing

Web Filter

10.0

Summary

• The Power of the Proxy– Firewall to protect, Proxy to control

• Management Consolidation

• Reporting is key

K9 - Free

• Free Web Filtering for consumers

• Download to Windows PCs

• Supports all 58 Blue Coat WebFilter categories– Dynamic Rating

blue coat systems securing and accelerating the remote office matt bennett

Documents

mapi proxy

application sessions

proxy solutions

control of encrypted

bad sessions

distributed enterprise

dns slide

policy control