Blue Coat Confidential Rethinking the Network With X-Series Nathan Brady – Technical Marketing.

Slides:



Advertisements
Similar presentations
IBM Software Group ® Integrated Server and Virtual Storage Management an IT Optimization Infrastructure Solution from IBM Small and Medium Business Software.
Advertisements

Chapter 1: Introduction to Scaling Networks
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
Confidential Prepared by: System Sales PM Version: 1.0 Lean Design with Luxury Performance.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
MSIT 458: Information Security & Assurance By Curtis Pethley.
FirePOWER Services for ASA Sizing Guidance and Performance Discussion
RIT Campus Data Network. General Network Statistics Over 23,000 wired outlets Over 14,500 active switched ethernet ports > 250 network closets > 1,000.
Citrix Partner Update The Citrix Delivery Centre.
MIGRATION FROM SCREENOS TO JUNOS based firewall
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.
EWAN Equipment Last Update Copyright 2010 Kenneth M. Chipps Ph.D. 1.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.
Data Center Network Redesign using SDN
1 Managed Security. 2 Managed Security provides a comprehensive suite of security services to manage and protect your network assets –Managed Firewall.
Chapter 1: Hierarchical Network Design
Extreme Networks Confidential and Proprietary. © 2010 Extreme Networks Inc. All rights reserved.
VPN for Sales Nokia FireWall-1 Products Complete Integrated Solution including: –CheckPoint FireWall-1 enterprise security suite –Interfaces installed.
Barracuda Load Balancer Server Availability and Scalability.
1 October 20-24, 2014 Georgian Technical University PhD Zaza Tsiramua Head of computer network management center of GTU South-Caucasus Grid.
Hosting Virtual Networks on Commodity Hardware VINI Summer Camp.
Version 4.0. Objectives Describe how networks impact our daily lives. Describe the role of data networking in the human network. Identify the key components.
1 Second ATLAS-South Caucasus Software / Computing Workshop & Tutorial October 24, 2012 Georgian Technical University PhD Zaza Tsiramua Head of computer.
The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.
LAN Switching and Wireless – Chapter 1
© 1999, Cisco Systems, Inc. Module 9: Understanding Virtual LANs.
Web Cache Redirection using a Layer-4 switch: Architecture, issues, tradeoffs, and trends Shirish Sathaye Vice-President of Engineering.
Clusterix:National IPv6 Computing Facility in Poland Artur Binczewski Radosław Krzywania Maciej Stroiński
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.
FireProof. The Challenge Firewall - the challenge Network security devices Critical gateway to your network Constant service The Challenge.
Clustering In A SAN For High Availability Steve Dalton, President and CEO Gadzoox Networks September 2002.
Israel, August 2000 Eyal Nouri, Product Manager Optical-Based Switching Solutions Introduction to the OptiSwitch TM Solution.
Chapter 7 Backbone Network. Announcements and Outline Announcements Outline Backbone Network Components  Switches, Routers, Gateways Backbone Network.
Net Optics Confidential and Proprietary 1 Bypass Switches Intelligent Access and Monitoring Architecture Solutions.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.
Chapter 3 - VLANs. VLANs Logical grouping of devices or users Configuration done at switch via software Not standardized – proprietary software from vendor.
VMware vSphere Configuration and Management v6
Network design Topic 4 LAN design. Agenda Modular design Hierarchal model Campus network design Design considerations Switch features.
Wavetrix Changing the Paradigm: Remote Access Using Outbound Connections Remote Monitoring, Control & Automation Orlando, FL October 6, 2005.
Architecture & Cybersecurity – Module 3 ELO-100Identify the features of virtualization. (Figure 3) ELO-060Identify the different components of a cloud.
© 2015 VMware Inc. All rights reserved. Software-Defined Data Center Module 2.
PART1: NETWORK COMPONENTS AND TRANSMISSION MEDIUM Wired and Wireless network management 1.
EX SERIES SWITCHES KEEPING IT SIMPLE Ing. Stephen Attard Computime Ltd Senior Network Engineer.
By Harshal Ghule Guided by Mrs. Anita Mahajan G.H.Raisoni Institute Of Engineering And Technology.
NSA 240 Overview For End Users. 2 New Challenges To Solve  Threats Are Increasing  Web 2.0 & SaaS  Impacts to servers, users & networks  Threats go.
Lecture 11. Switch Hardware Nowadays switches are very high performance computers with high hardware specifications Switches usually consist of a chassis.
FusionCube At-a-Glance. 1 Application Scenarios Enterprise Cloud Data Centers Desktop Cloud Database Application Acceleration Midrange Computer Substitution.
© 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. HP ProCurve 2910 Series Switches.
E2800 Marco Deveronico All Flash or Hybrid system
Instructor Materials Chapter 7: Network Evolution
Virtual Data Center LAN
Instructor Materials Chapter 1: LAN Design
X-Series Architecture
Module 2: DriveScale architecture and components
Campus Communications Fabric
1.
Chapter 7 Backbone Network
Overview Introduction VPS Understanding VPS Architecture
QNX Technology Overview
Presentation transcript:

Blue Coat Confidential Rethinking the Network With X-Series Nathan Brady – Technical Marketing

2 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Typical Defense-in-Depth Strategy Layer 2 switches for interconnectivity Application load balancers for scalability / flow management High-speed edge routers Internet core or distribution layer routing Defense in depth: Firewalls, IPS, Antivirus, Content and URL Filtering, and other security services

3 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Consolidating with Next-Generation Firewalls Next-Generation Firewall Benefits Fewer devices Less network complexity Reduced CAPEX and OPEX Increased availability “Will the all-in-one features in NGFW appliance satisfy my security needs?” “Will NGFW appliances meet current and future performance needs of my network?” Consolidate all of these devices… …onto this pair of NGFW devices. Next-generation firewalls promise outstanding device consolidation, but raise new questions…

4 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Can NGFW Appliances Keep Up? 70 0 Security Features Enabled Great large packet performance Use realistic protocols and traffic sizes Identify users and applications Enable Light- Duty IPS …based on datasheet numbers* with optimal port configuration, small policies, no redundancy, few IPS features, and no logging. Throughput (Gbps) Performance Impact of Security on NGFW Appliances *As of March, 2012

5 © Blue Coat Systems, Inc. 2012Blue Coat Confidential A Constellation of Metrics 5 Network Performance Connections per second Concurrent Connections Security Application s Deployed Packet Sizes Protocol Mix Application Features Enabled Security infrastructure should be able to adapt to changing metrics and requirements. Vendor data sheets list a few metrics, but each independently. But what about other metrics? How does each of these impact network performance?

6 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Security is Processing Intensive Realism & Security FeaturesPerformance Performance/Security Trade-off Very little inspection, large packets Realistic traffic inspected thoroughly True for many services Firewall Intrusion Prevention Data Loss Prevention Web, Database, and Application firewalls Antivirus This effect is multiplied for Next Generation Firewall devices performing multiple security functions.

7 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Security FeaturesPerformance Security Requirements Changing Network and Security Landscape 10 Gbps 20 Gbps Next Generation Firewall Performance Performance Requirements FW IPS LB FW IPS LB

8 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Strategies for Scaling Appliances AdvantagesDisadvantages Scales linearlyComplex switching and load balancing Scaling does not affect architecture Difficult to troubleshoot Simplified routing tablesHigh capital costs High operational costs AdvantagesDisadvantages Lower CAPEXNo scalability within segments Easy to troubleshootScaling changes network architecture Simplified switchingComplex routing tables High operational costs Physical Segmentation Load Balancing Still a complex mesh of several appliances. NGFW appliances often create the same problem they were intended to solve. Still a complex mesh of several appliances. NGFW appliances often create the same problem they were intended to solve.

9 © Blue Coat Systems, Inc. 2012Blue Coat Confidential The X-Series Strategy Internet X-Series creates a “Network in a Box” Network Processor Modules Application Processor Modules Control Processing Modules FW L2 IPS LB X-Series provides unprecedented consolidation and scalability in a single chassis.

10 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Network Processing Module (NPM)  Provides Switching Fabric for Data Plane Switching fabric connects all NPMS and APMs 9600 series provides 10 to 40Gb/s per module 8600 series provides 5 to 10Gb/s per module Up to 140Gbps of non-blocking backplane  Flexible Physical Network Interfaces Multiple configurations available from 10xGbE to 16x10GbE All ports are hot-pluggable, standard SFP, SFP+, XFP form factor  Distributes Traffic Efficiently and Intelligently Scales by distributing traffic across APMs and processing cores Automatically redistributes load around failed resources  Consolidates Network Infrastructure Virtualizes switches, load balancers, patch & power cords Eliminates common network devices found in security infrastructure NPM 9650

11 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Application Processing Module (APM)  Hosts Applications Responsible for running the security application(s) Can be pooled into a “Virtual Application Processor Group” (VAP Group) Dynamically provisioned - no local configuration  Scales Performance Multiple APMs in a VAP Group share load to scale performance APM 8650: 4 Core and 8 Core configurations, up to 16Gb RAM APM 9600:12 Core configuration, up to 24Gb RAM  Maintain Defense in Depth Layer multiple VAP Groups with different security applications NPM’s network virtualization provides connectivity between layers  Provides Application Redundancy VAPs can run on any APM APMs can be re-provisioned on-the-fly Un-provisioned APMs automatically assume warm-standby role APM-9600

12 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Control Processing Module (CPM)  System Management Provides out of band management of chassis through dedicated backplane and management ports. Centralized configuration for all elements in the system  Provision Applications Easily Define VAP groups and install applications centrally Automatically provisions the right resources for the application Hosts a dedicated file system for each Application Processor  Health Monitoring Continuously checks health and collects statistics on of all modules (available through SNMP or web interface) Dynamically provisions new resources to replace failed resources CPM-9600

13 © Blue Coat Systems, Inc. 2012Blue Coat Confidential 1GE & 10GE Network Interfaces NPM Flow Distribution Switch ASIC Network Processor FPGAs Flow Classification XOS Linux Management Local I/O Control XOS Linux CPM Provisioning Management Storage CPUs & Memory Control I/O 1GE System Architecture APM CPUs & Memory Linux Application XOS Linux Non-Linux Application KVM VM High-Performance Network Flow Distribution Interface

14 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Security FeaturesPerformance X-Series System Performance Performance Requirements Security Requirements X-Series Flexibility 14 FW IPS 15 Gbps 30 Gbps

15 © Blue Coat Systems, Inc. 2012Blue Coat Confidential APM VersionAPM CoreAPM CoreAPM 9600 # Processing Cores4 CPU Cores per Module8 CPU Cores per Module12 CPU Cores per Module IP Forwarding Packet Rate (PPS)1.7 Mpps2.2 Mpps7.0 Mpps Fabric Connection Speed12.8 Gbps 20 Gbps Memory4GB Standard (Upgradable to 16 GB) 8GB Standard (Upgradable to 16 GB) 12GB Standard (Upgradable to 24 GB Hard DriveDiskless Design Optional up to 2 HDD‘s available with RAID System Specs At-a-Glance NPM VersionNPM 8620NPM 8650NPM 9600 Network Throughput5 Gbps10 Gbps40 Gbps Packet Forwarding Rate (PPS)7 Mpps12 Mpps40 Mpps Maximum Connections8 Million / 40 Million (8G) 18 Million / 100 Million Connection Setup Rate65,000 CPS130,000 CPS

16 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Architecture Redundancy X60 / X80-S CPM (Control) redundancy APM (Application) redundancy NPM (Network) redundancy Fan redundancy Backplane trace redundancy Power redundancy Crossbeam’s Virtual Infrastructure has created a design with no single points of failure

17 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Self-healing with Hot Standby Firewalls IPS Stand-by Original Configuration 4 Firewall APMs 3 IPS APMs 1 Stand-by APM One Firewall APM experiences a problem The Stand-by APM automatically takes the Firewall APM’s profile “No more emergency wake-up calls at 3AM to replace appliances”

18 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Original Configuration 4 Firewall APMs 4 IPS APMs One Firewall APM experiences a problem A IPS APM automatically takes the Firewall APM’s profile based on priority Self-healing via Prioritization Firewalls (Priority 1) IPS (Priority 2) “Automate self-healing to fit your business”

19 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Greenlight Element Manager A visual, information-rich interface to your X-Series. Power supply and fan status Chassis utilization and usage statistics Application and system software information Efficiency and capacity planning statistics

20 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Modular Chassis X60X80-S Network Connectivity (Maximum)32 Ten Gigabit / Gigabit Ethernet64 Ten Gigabit / Gigabit Ethernet Network Throughput68 Gbps140 Gbps Packet Rate (PPS)21 Million54 Million Concurrent Connections40 Million100 Million Connection Setup Rate (CPS)180,000320,000 Check Point R75 FW+IPS Throughput68 Gbps135 Gbps

21 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Flexible Chassis X20 X30X50 Network Connectivity (Maximum)10 Gigabit Ethernet10 Gigabit Gb Ethernet16 Ten Gigabit / Gigabit Ethernet Network Throughput5Gbps10Gbps17.5Gbps Packet Rate (PPS)4.4 Million 11 Million Concurrent Connections8 Million 18 Million Connection Setup Rate (CPS)110, ,000 Check Point R75 FW+IPS Throughput5Gbps10Gbps17Gbps

22 © Blue Coat Systems, Inc. 2012Blue Coat Confidential X-Series Key Values Consolidation House multiple security applications in a single chassis. Scale each application to meet performance demands.Consolidation House multiple security applications in a single chassis. Scale each application to meet performance demands. Adaptability Add, remove, or change applications on a common hardware platform. Provision resources where and when they are needed.Adaptability Add, remove, or change applications on a common hardware platform. Provision resources where and when they are needed. Availability Self healing architecture. 5-9’s high availability in a single chassis, 7-9’s with dual chassis.Availability Self healing architecture. 5-9’s high availability in a single chassis, 7-9’s with dual chassis. Operational Efficiency Dramatically reduce maintenance time and effort. Manage and monitor the security environment from a common interface. Operational Efficiency Dramatically reduce maintenance time and effort. Manage and monitor the security environment from a common interface.

Blue Coat Confidential – Internal Use Only Please provide feedback on this webcast to: Webcast replay and slide deck found here: er-support-technical-webcasts er-support-technical-webcasts (requires BTO login)

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.