Blue Coat System(Securing and accelerating the Remote
Download
Report
Transcript Blue Coat System(Securing and accelerating the Remote
Blue Coat Systems
Securing and accelerating the Remote
office
Matt Bennett
The Business of IT
Applications
Delivered over the Network
Experienced by Users
Challenge: How to Reliably Deploy Applications
Across Distributed Enterprise, While Reducing Costs?
And Keep it Fast and Safe too!
Common Themes
• Application Deployment Velocity
–
–
–
–
Everything Web (Evolving)
End to end encryption
Ubiquitous Access (application utility infrastructure)
Strategic application platform for all services
• Distributed Enterprise
–
–
–
–
Use of the public infrastructure (Emerging)
Business centric Internet based services
Employee / Partner / Customer Access
Lower cost of bandwidth
• Reducing Cost
– Data Center / File Server Consolidation (Maturing)
– Operational / License / Infrastructure cost savings
The Power of the Proxy™
CONTROL
PROTECT
• Prevent spyware,
malware & viruses
• Stop DoS attacks
• IE vulnerabilities, IM
threats
&
• Fine-grained policy for applications,
protocols, content & users (allow,
deny, transform, etc)
• Granular, flexible logging
• Authentication integration
&
ACCELERATE
• Caching
• BW Shaping, Compression,
Protocol Optimization
• Sequence, Object &
Predictive Caching
Full Protocol Termination = Total Visibility & Context
(HTTP, HTTPS, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)
Ultimate Control for Application Sessions
Expanding the Proxy Solution
Enterprise Application
Servers
Deposits
Customers
Public Web
Servers
Checking
Loans
Gateway
Proxy
Application-Front-End
Proxy
Datacenter
Branch Office
Proxy
Internet
Head-End
Proxy
Internet Users Sessions
Visibility, Control & Acceleration
Branch
WAN
Remote Users
Branch Office
Proxy
Branch
Investment Advisors
Loan Agents
Expanded Focus to:
All Users & Apps Sessions
Visibility, Control & Acceleration
Tellers
Proxy Solutions for the Distributed Enterprise
1. Get “bad” sessions off the network first
Built on Blue Coat Proxy Architecture
#1 Get “Bad” Sessions Off the Network
• Why?
– No business wants
viruses, worms, spyware,
porn, P2P, MP3s …
Datacenter
Internet
• How?
– Policy control and
authentication
– URL filtering
– AV Scanning
– Spyware prevention
– IM, P2P blocking and
control
– Next! More session-level
knowledge for specific
web-apps
Internal WAN
Branch
Branch
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
Built on Blue Coat Proxy Architecture
#2 Keep Good Content Local
• Why?
– LAN access will always
be better than over the
WAN
Datacenter
Internet
• How?
– Web (HTTP/FTP)
Caching
– Secure Web (HTTPS)
Caching
– Streaming Caching and
Splitting
– Next! File Services
(CIFS) Caching
– Next! MAPI Proxy
– Next! Byte Caching
– Next! More customized
Internal WAN
Branch
Branch
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
3. Maintain control of encrypted sessions
Built on Blue Coat Proxy Architecture
#3 Maintain control of encrypted sessions
• Why?
– End-to-end encryption
assures information
access to authorized
personnel only
– But end-to-end
encryption should not
thwart prototection,
control and acceleration
Datacenter
Internal WAN
• How?
Branch
– SSL reverse proxy
• Internal apps
• Externally facing apps
– 4.2! SSL forward proxy
• Internet apps
– Next! SSL forward proxy
at branch
Internet
Branch
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
3. Maintain control of encrypted sessions
4. Prioritize mission-critical sessions
Built on Blue Coat Proxy Architecture
#4 Prioritize Mission-Critical Sessions
• Why?
– Can’t allow background
sessions to affect
sessions that are timecritical
• How?
– 4.1! Traffic prioritization
Internet
Datacenter
Low Priority
Background POSTs
High Priority
Teller Transactions
Internal WAN
– 4.1! B/W management
Branch
– 4.1! Prioritization with
user and protocol-level
knowledge
– Next! Integration with
network QoS
(ToS/DiffServ) systems
Branch
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
3. Maintain control of encrypted sessions
4. Prioritize mission-critical sessions
5. Optimize the traffic on WAN
Built on Blue Coat Proxy Architecture
#5 Optimize the Traffic on WAN
• Why?
– Reduce effect of WAN
latency and improve enduser response times
Datacenter
Internet
• How?
– SSL offload & TCP
offload to the branch
– Protocol optimizations
like HTTP Object
Pipelining
– 4.1! Compression for
Enterprise Web
Applications and Internet
traffic
– 4.1! Compression for
Enterprise Client-Server
Applications
– Next! Byte Caching
Internal WAN
Optimize the traffic
that is left on the
WAN
Branch
Branch
Proxy Solution for the Distributed Enterprise
1. Get “bad” sessions off the network
2. Keep “good” content local
3. Maintain control of encrypted sessions
4. Prioritize mission-critical sessions
5. Optimize the traffic on WAN
6. Provide user & application visibility
Built on Blue Coat Proxy Architecture
#6 Provide user & application Visibility
Director & VPM
• Why?
– Visibility enables action
towards issue resolution
Centralized
Mgmt
• How?
– Director: Centralized
management and policy
control
– Reporter: Detailed
logging and reporting
w/Reporter
Visibility
Session
Monitoring
Director
– Next! Health monitoring
of delivery network
w/Director
– Next! Session-Level
visibility of key metrics
Health
Monitoring
Reporter
Management – The Big Picture
Application
Google
Support
WebPower
Finance
Salesforce.com
Oracle
Perforce
10.0
Encryption
Certificate
Validation
Active
Idle
Response Protection
Sessions Sessions Time
Level
10.0
1
0
0.6 sec
6.0
18
5
6.1 sec
10.0
45
4
6 sec
10.0
12
20
12 sec
8.0
22
3
1.3 sec
7.0
19
12
5.2 sec
15
40
29 sec 3.0
Protection Drilldown
Anti-Virus DOS
MITM
Anti Access Strict
Spyware
Logging
Parsing
Auth
Web
Filter
Summary
• The Power of the Proxy
– Firewall to protect, Proxy to control
• Management Consolidation
• Reporting is key
K9 - Free
• Free Web Filtering for consumers
• Download to Windows PCs
• Supports all 58 Blue Coat WebFilter
categories
– Dynamic Rating