Security and Acceleration - A contradiction in terms? Nigel Hawthorn VP EMEA Marketing
Blue Coat: WAN Application Delivery Profitable, public company (NASDAQ: BCSI), founded in of Fortune Global 100 are Blue Coat customers 6,000+ customers across 150+ countries Global Support Services team Proven pedigree of web performance and security innovation
TECHNOLOGY TRENDS Faster, Global, Mobile, Secure REGULATORY TRENDS Climate of Governance Protect Privacy Manage Risk BUSINESS TRENDS Enterprises Accelerate the Business Business Boundaries Blur Virtual, Flat Corporation Adoption of Web 2.0 & SOA (Service Orientated Architcture) Worker Mobility and Devices Services – Not Software
Remote Offices On-Demand Applications and Services Server Consolidation Challenges for IT Executives Mobile Workers Legacy Client/Server Applications HTTPS Personalized Portals my Web 2.0 Applications & Mash-Ups Long distances, more traffic and chatty protocols hurt performance Uncontrolled/unwanted traffic causes congestion Security attacks hide in the application layer, more applications are encrypted Can’t deliver applications quickly to remote and mobile users
OR Packet and Storage Accelerators ACCELERATE EVERYTHING! Assume its all good and accelerate Security and Acceleration – A Never ending battle STOP EVERYTHING! Assume its all bad and check SECURITY Technologies SECURITY Technologies
STOP BAD. ACCELERATE GOOD Faster, Secure Delivery of Business-Critical Information ….. To Help the Business Run Better The Answer: Stop the Bad. Accelerate Good
Acceleration – Its all about traffic & latency
Why So Slow?! Take the Quiz 45Mbps = 5.625MBps so 4 / = A) 0.7 seconds. Your Network: 45Mbps bandwidth 100ms latency (round trip) Question: You open a 4MB PPT file from a remote server. How long will it take? Hint: CIFS is a WAN protocol “worst-offender”. It sends data in 4KB chunks, then waits for an acknowledgement. 4MB = 1000 x 4KB chunks 1000 trips there 1000 trips back 2000 trips x 0.1 sec = 200 B) 200 seconds. 4KB Sent ACK!
RESULT: Non-Linear Performance Gains as Bandwidth is Added! Why So Slow?! Bandwidth is the width of the road Latency is the speed We make our data travel millions of miles and the speed of light is too slow! Add Layer 7 protocols Designed for LANs Add rogue traffic Add congestion (firewall, server, OS overhead, routers) Performance → Bandwidth → Expectation Reality Price
WAN Optimisation Technology
Legacy WAN Optimization What about the rest of your traffic? Fix Basic Protocols Compress with Byte Caching Some Add Wide Area File Services
Accelerate SSL Applications SSL use is growing –If it’s important, it’s encrypted! Internal apps are hard to accelerate External apps are even harder Handle with care Open, Inspect, Accelerate SSL Applications
Are You Video Ready? Remove unwanted video. Accelerate the rest What’s already on the WAN –Earnings announcement –Compliance mandated E-learning –YouTube.com Is it at least controlled? Split streams for live broadcast Distributed video on demand
Stop Accelerating the Junk! Why accelerate? –Frivolous surfing –Bulk downloads –Peer-to-peer Get rid of it! –Or it will grow –Crowd out good apps Flexible, User Based Bandwidth Control
Start Accelerating the Rest Web traffic is huge Fastest growing traffic HTTP, and then some –Web services –Web widgets –Java clients Get the Internet off your WAN; connect remote offices direct to the ‘net Deliver Web-Based Applications Without Extra Bandwidth
WAN Optimisation Acceleration Results
Ultimate in WAN Optimization M ultiprotocol A ccelerated C aching H ierarchy Bandwidth Management Protocol Optimization Object Caching Byte Caching Compression File Services (CIFS), Web (HTTP), Exchange (MAPI), Video/Streaming (RTSP, MMS), Secure Web (SSL)
Divide traffic into classes, by: –User, application, content, transaction, application protocol, etc. Guarantee priority and min and/or max bandwidth for a class Align traffic classes to business priorities Even for SSL encrypted applications Operates alone, or integrates with your existing packet-layer QoS Salesperson, placing order with Sales Automation App Priority 1 Min 400Kb, Max 800Kb Non-Sales Management Pulls Client List Block Salesperson query with Sales Automation App Priority 2 Min 100Kb, Max 400Kb Bandwidth Management – Business Process Marketing person, Surfing Sales Automation App (reporting) Priority 3 Min 0Kb, Max 200Kb
Protocol Optimization X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP
Object Caching Client served from local proxy 100% acceleration – no data across WAN Works on second, and all subsequent requests BRANCH DATACENTER
Byte Caching [REF#1] [REF#2] Byte Caching Proxies “learn” common patterns Create short references and pass those instead Works on all files, all applications over TCP
Compression COMPRESSION Industry-standard gzip algorithm compresses all traffic Removes predictable “white space” from content and objects being transmitted
MACH 5 Techniques Work Together Object Caching Caches repeated, static app-level data; reduces BW and latency Byte Caching Caches any TCP application using similar/changed data; reduces BW Compression Reduces amount of data transmitted; saves BW Bandwidth Management Prioritize, limit, allocate, assign DiffServ – by user or application Protocol Optimization Remove inefficiencies, reduce latency
What About The Office of One? Poor performance Inconsistent performance No control over user experience Desktop Client for Acceleration and Control Aren’t We All Mobile Users?
Acceleration Performance Microsoft Word File size - 10 MB 104 sec. 1 min 2 min 16 sec. No Client With SG Client File Open File Open (warm) File Open (cold) 3 sec. Microsoft PowerPoint File size - 1 MB 21 sec. 20 sec. 6 sec. 2 sec. No Client With SG Client File Open File Open (warm) File Open (cold) Test bed: Office 2003, Win XP, mbps full duplex, 200 ms
Security – Its all about context Who, what, when, why, how,
Today’s Network Requirements TODAY’S NEEDS SEE SECURE ACCELERATE CONTROL Complete view and understanding of all applications Granular control over all users, devices and any application Defend against external and user-based threats Faster delivery of business- critical applications unique to each office, department, user
WAN/ Internet Internal or External Users Applications Users and Applications Internal or External WAN Application Delivery (WAD) WAN optimization, User security, Policy control Packet Delivery Packets, Ports and Flow Control
Full Protocol Termination = Total Visibility & Context (HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, Telnet, DNS, etc.) Only a Proxy can deliver PROTECT Prevent spyware, malware & viruses Stop DoS attacks IE vulnerabilities, IM threats See, Secure, Accelerate, Control ACCELERATE Governed by policy BW Shaping, Compression, Protocol Optimization Byte, Object & Predictive Caching + CONTROL Fine-grained policy for applications, protocols, content & users (allow, deny, transform, etc) Granular, flexible logging Authentication integration +
Define appropriate policies AnyMMSHTTPSFTPHTTP AnyIE 6.xRealPlayerAOL IM IE 5.0 Any Stream.XLSStreamP2P Job-sitesWeb-mailSportsNews PupilsExecutivesIT StaffTom TokyoParisLondonNew York Weekends 5:00 – 12:008:00 – 5:0012:00 – 8:00 TrainingCustomerSupplierIntranet Protocol Agent File/MIME type Content User/Group Place Time Source AllowDisallowVirus ScanAccelerateReplaceAllow, but limit Coach Splash Page Log by user mgmnt Patience page Log traffic Block on keyword Block non-text
Why Performance and Security Together? Single policy Increasingly, we can’t install security without acceleration – impeding business is unacceptable Removing unwanted traffic results in a performance increase Branch offices must minimize hardware and management Need to maximize WAN investment
Legacy WAN Optimization Blue Coat WAN Application Delivery Going Beyond Legacy Optimization Fix Protocols Byte Cache Compress 4. Optimize Web Traffic 3. Remove the Junk 2. Manage Video 1. Accelerate SSL 5. For All Users Everywhere
What makes Blue Coat unique 10 years experience of improving content delivery –First caching appliances worldwide Deep understanding of users and content –Layer 7 knowledge, not just packet networking Most powerful security functionality –All types of data, unlimited policy flexibility Flexible deployment options –From country to end device High performance appliances –Thin OS, no public-domain, no general-purpose OS No compromise – performance and control together