為什麼要使用Reverse Proxy?
Download
Report
Transcript 為什麼要使用Reverse Proxy?
BLUECOAT PRODUCTS REVERSE PROXY
網頁安全閘道
–反向代理
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
2
客戶會遇到的問題!?
Web伺服器的擴充性
Web 伺服器的控管
太多的Server難以整合
太多及突發性的資料流
SSL 資料處理過於緩慢
串流(Streaming)的可擴充性
服務過於分散處理
Complex user passwords for
multiple services
檔案上傳時可能夾帶惡意攻擊程式
保護Windows伺服器直接暴露於
Internet
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
3
為什麼要使用REVERSE PROXY?
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
4
為什麼要使用REVERSE PROXY?
增加Web Server的可擴充性
加強Web Server的控管
加速資料傳輸的能力
隱藏原來的Web Server
接管SSL負載
提供Single SignOn
強大的管理能力
對於上傳的資料作病毒掃瞄
更大的網路頻寬
防止惡意攻擊
強大的擴充能力
簡化使用及管理
減低資訊人員的負荷-服務更強大及
更簡單化
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
5
SOLUTION: WEB APPLICATION REVERSE
PROXY
PROTECTS Web Servers
ACCELERATES Web Content
• Secure, object-based OS
• Controls access to web apps
• Web AV scanning
• Intelligent caching
• Compression and bandwidth mgt.
• SSL offload
Web Servers
Users
Proxy
Internal
Network
Public
Internet
Firewall
Firewall
SIMPLIFIES Operations
• Scalable, optimized appliance
• Easy policy creation & management
• Complete logging & reporting
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
6
1.PROTECT WEB SERVERS
Features a purpose-built, secure operating
system (SGOS)
Isolates web servers from direct access
Enables fine-grained control of users
– Robust authentication: NTLM, LDAP,
RADIUS, local passwords, certificates,
sequence realms
– Intuitive policy creation and management:
Visual Policy Manager (VPM)
Optional ProxyAV™ provides real-time
scanning of uploaded files
Supports “plug-and-play” SSL services
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
7
2.ACCELERATE WEB CONTENT
Proven proxy architecture with optimized
TCP stack
– Patented acceleration technologies
Intelligent cache optimizes web server
performance
– Serves 60-90% of web content directly to
users
Built-in HTTP compression increases
performance and minimizes bandwidth
SSL services include hardware-accelerated
key negotiation, encryption, and decryption
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
8
3.SIMPLIFY OPERATIONS
“Set and forget” appliance
– No need to install applications
– No need to ensure hardware compatibility
– No need to upload and support OS patches
VPM for comprehensive policy rule creation
and management
Scalable solution efficiently increases
capacity of each existing web server
Comprehensive logging and reporting
Modular, expandable solution
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
9
SECURING AND ACCELERATING A
WEBSITE
3
2
Users
1
Internal
Network
Public
Internet
Firewall
Web Farm
1
2
3
4
Firewall
ProxySG
4
User attempts to connect to e-mail web server via HTTP(S).
ProxySG checks internal cache for requested content.
If requested content is not available in cache, ProxySG retrieves content from web server.
ProxySG immediately stores requested content in cache and delivers accelerated content to user.
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
10
SCANNING UPLOADED FILES FOR
VIRUSES
Authentication Server
(LDAP, NTLM, etc.)
ProxySG
Users
5
Internal
Network
Public
Internet
Firewall
ICAP+
STOP
7
Firewall
6
E-mail Web Server
CAS
DMZ
5
6
7
Authorized user attempts to upload infected file.
CAS conducts real-time threat scan of file.
CAS immediately sends “File infected” alert to ProxySG. ProxySG forwards notification to
client and prevents user from uploading file to Web server.
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
11
SECURING CORPORATE WEBMAIL
Authentication Server
(LDAP, NTLM, etc.)
3
Users
1
2
Internal
Network
Public
Internet
Firewall
E-mail Web Server
Firewall
ProxySG
4
DMZ
1
2
3
4
User attempts to connect to e-mail web server via HTTPS.
ProxySG connects to authentication server via HTTP(S).
Authenticated user checked against policy in ProxySG.
ProxySG securely delivers accelerated content to authenticated authorized user.
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
14
使用BLUECOAT 的原因
相較於傳統的PC Server Bluecoat提升更高的效能 (數倍的效能提升)
使用Thin OS, 為高速傳輸而設計!
更簡易及強大的管理介面
• Appliance design means no configuration or complex
management
• 提供強的的GUI管理介面
更有彈性及擴充性
比市面上一般作業系統更為安全
• SGOS –安全的作業系統
• 不需要安裝任何應用程式或修補軟體
• 專門的 TCP/IP stack
• 防止DOS攻擊!
• 可檢查HTTPS的資料流。
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
15
REVERSE PROXY的應用
入口網站 (Yahoo, Google,PChome等)
企業應用 (Email服務,B2B, B2C等)
線上遊戲
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
16
THE CASE
FOR
REVERSE
PROXY
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
18
– ECOMMERCE BOOST
After
•
•
•
•
•
BlueCoat
Installed
Revenue
Escalating traffic required
full scale upgrade
• - Firewalls and servers
were nearing capacity
Transactions doubled
92% of requests served
by BlueCoat
Firewalls and servers
focus on transactions
End user response times
improved
Cut costs
BlueCoat created
“instantaneous” ROI
Time
Expenses
Before
Time
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
19
TCG (REVERSE PROXY)
Service over 100 Web sites
Internet
L4 Switch
Web Server farm
BC Reporter
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
20
PIXNET (REVERSE PROXY)
Internet
Web Server farm
BC Reporter
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
21
BANDWIDTH GAIN
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
22
EFFICIENCY
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
23
REVERSE PROXY 客戶
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
24
ProxySG APAC References
2
Financial
Health & Pharmaceuticals
Energy, Oil & Gas
Manufacturing/Industrial
Consumer & Retail
Government
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
25
THANKS
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
26