SecureAppDeliveryTM

How to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application Delivery

9/29/2009

Agenda

Enterprise Requirements for Access− Differences between Mobile, non-Mobile users and partners

Application Delivery− Problems and Solutions− Key component technologies

Tying them all together

Summary

9/29/2009 2

Enterprise Requirements

No information access, no productivity

Your Most Valuable Asset Business-Critical Processes

9/29/2009 3February 29, 2008 3

Who Needs Access?

Mobile Employees

Non-Mobile Employees

Partners− Need to access

t i li ti− Corporate-issued laptops

− WAN speed− Daily to constant

− Non-corporate PCs at home

− Used to LAN speed− Seldom to never

certain applications− Not trusted enough

to put them on your networkDaily to constant

remote access− Small fraction of

the corporate employee body

Seldom to never remote access

− Large percentage of corporate employees

− Have access solutions to partner networks but not to your network and employee body yyour applications

9/29/2009 49/29/2009 4

Business Continuity

When disasters strike, can your employees have access to enterprise information so they can continue to provide services to your customers?

Harvard study: two-thirds of businesses surveyed could notmaintain normal operations if half of their workers were out for

k

9/29/2009 5February 29, 2008 5

two weeks.

Anatomy of Application Performance

Number of Hops matter

Distance matters, routing matters

Amount of traffic mattersAmount of traffic matters

Quality of network mattersCongestion and Packet Loss− Congestion and Packet Loss

Number of people on the network matters

Type of applications in use on the network matters

9/29/2009 6

Where they access from and what they access matters

Today’s Enterprise Workforce

Permanently Remote /Permanently Remote / Mobile Workforce

USER TYPE REMOTE PC TYPE NETWORK SPEED ACCESS FREQUENCY

Non Mobile Non Corporate LAN Never

Remote or Mobile Corporate WAN Daily to Constant

Non-Mobile Non-Corporate LAN Never

Non-Mobile Workforce

9/29/2009 7

Mobile Worker

Permanently Remote Employees (office at home or offsite)Highly Mobile Employees (road warrior)

Corporate-issued laptops, sometimes desktopsAccustomed to WAN speedsAccustomed to WAN speedsDaily to constant access of corporate resourcesSmall fraction of corporate employee body

USER TYPE REMOTE PC TYPE NETWORK SPEEDS ACCESS FREQUENCY

Remote or Mobile Corporate WAN Daily to Constant

9/29/2009 8

Non-Mobile Workers

Deskbound Employees (situated in the office)

Non-corporate PCs when working remotelyAccustomed to LAN speedsDo not remotely access corporate resourcesDo not remotely access corporate resourcesLarge percentage of corporate employee body

USER TYPE REMOTE PC NETWORK SPEEDS ACCESS FREQUENCY

Campus WorkerOr Da E tender

None or Non Corporate

LAN NeverOr Day Extender Non-Corporate

9/29/2009 9

Business Continuity

Allow extra users to log in seamlessly during emergenciesNo IT intervention requiredqOne-time license fee for small number of daysBurst up to a pre-defined concurrent user count

100

60

70

80

90

10

20

30

40

50

9/29/2009 10September 29, 2009 10

0

10

1 3 5 7 9 11 13 15 17 19 21 23 25 27 29 31 33 35 37 39 41 43 45 47 49 51 53 55 57 59 61 63 65 67 69 71 73 75 77 79

DesktopDirectTM : An illustration

1. Browse (https://mydesktop.arraynetworks.net)2. Sign ing3. Click, automatically turn on the office PC if it is off4. Work

Only 30kbps!!

9/29/2009 119/29/2009 11

Partner Access: Security Risk

Partner Network

Information to share

Information to protect

9/29/2009 12September 29, 2009 12

Your Network

SiteDirectTM: Third Party Access

Partner NetworkInformation to share

ResourceP blishingPublishing

Information to protect

Your NetworkIP conflict is resolved automaticallySSL on port 443, No NAT/FirewallOnly necessary resources are exposed

9/29/2009 13September 29, 2009 13

y y pUser level control on remote site access

Application Delivery Problems and Solutions

9/29/2009 14

Evolution of Application Delivery

Server Load Balancing− directs traffic to healthiest server

Application Accelerator− SSL offload

Application Delivery Controller− connection multiplexing and application acceleration

Was primarily useful for websites− before growing demand for web-based applications

Mature technology now delivers any application− in production networks for over a decade

9/29/2009 15

App Delivery Challenges

Server could be oversubscribed− CPU, RAM, network interface overload− Too many requests at once− High amount of SSL traffic− Too many connections to a single server

Server could stop responding− Hardware failure

Power outage− Power outage− Operating system crash

In-line devices could stop respondingIn line devices could stop responding− Hardware failure− Power outage− Other issue

9/29/2009 16

Technology Overview

High Availability− Server load balancing− Device redundancy− Global server load balancing

Application Acceleration− Secure Sockets Layer offload− TCP connection multiplexingTCP connection multiplexing

Best-Practice SecurityApplication level protection− Application-level protection

9/29/2009 17

High Availability

Server Load Balancing

Real IPAddress 1

Real IPAddress 2

Virtual IPAddress

healthcheckingtrafficflow

Address Real IPAddress 3

9/29/2009 18

Real IPAddress 4

High Availability (One Data center)

Device Redundancy

Device A

Device AActive

Device AMaintenanced

Device AReplaced

Device AActive Again

Device BA tiActive

9/29/2009 19

High Availability (Multiple Sites)

GSLB

DNSDNS

primaryd t t

backup

SS

data center data center

localhealth

globalhealth

checking

trafficflow

healthcheckingchecking

9/29/2009 20

High Availability (Branch Office)

• Current Infrastructure•Costly 2 Mbps to 8 Mbps links shared by 100 to 300 peopleB d idth l th 100•Bandwidth per user less than 100

kbps, sometimes as low as 10kbps•Some large offices with T3 or up to 100 Mbps•People working from home with 256

• Solutions

• Link Loadbalancing

p gkbps broadband or higher•Lack of redundancy, susceptible for network failures

Link Loadbalancing

• Combine multiple DSLs to improve overall throughput, performance & availability at lower cost

• QoS / Priority Queueing / monitoring / filteringQoS / Priority Queueing / monitoring / filtering

• WAN optimization / Acceleration

• Compression & Caching

9/29/2009 21

• Data reduction / de-duplication

Acceleration (SSL)

SSL Offload

digitaldigitalcertificates

t d

ssl encrypted

overload of end-to-end

ssl sessions

unencrypted

9/29/2009 22

Acceleration (Caching)

Caching offloads web server utilization by over 40%

Deliver contentFrom memory cache

9/29/2009 23

Acceleration (Compression)

Compression reduces bandwidth usage by 30%+

Compresses text, pptOn the fly

9/29/2009 24

Acceleration (TCP)

Connection Multiplexing reduces server conns by 100:1

3 TCPopen TCP

connection3-way TCPhandshake

3-way TCPhandshake

3-way TCPhandshake too many

TCP ti

3-way TCPh d h k

3-way TCPhandshake

TCP connections

handshake

9/29/2009 25

Best-Practice Network Security

Application-Level Protection

DoS attack

9/29/2009 26

attacker

Best-Practice Network Security

Application-Level Protection

http://malformed_url

malformedURL attack

malformedURL dropped

9/29/2009 27

attacker

App Delivery from the Cloud

9/29/2009 28

Cloud: Virtualization And Scalability

Mobile employees ApplicationsData Center pp

Desktops

Resources to share

with partners

P t

Data Center

Public or Private Networks

PartnersPublic or Private

Networks

Data Center

Non-mobile employees

• Many virtual portals• Large number of concurrent users• One URL among multiple data centers• Supports real or virtual desktops

9/29/2009 299/29/2009 29

Supports real or virtual desktops• Secure applications in the Cloud

Conceptual Architecture

9/29/2009 309/29/2009 30

SecureAppDeliveryTM

How to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application DeliveryHow to Bring Back Productivity with Secure Application Delivery

9/29/2009