Presentation is loading. Please wait.

Presentation is loading. Please wait.

Blue Coat Confidential Rethinking the Network With X-Series Nathan Brady – Technical Marketing.

Published byEleanor Armstrong Modified over 8 years ago

Similar presentations

Presentation on theme: "Blue Coat Confidential Rethinking the Network With X-Series Nathan Brady – Technical Marketing."— Presentation transcript:

1 Blue Coat Confidential Rethinking the Network With X-Series Nathan Brady – Technical Marketing

2 2 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Typical Defense-in-Depth Strategy Layer 2 switches for interconnectivity Application load balancers for scalability / flow management High-speed edge routers Internet core or distribution layer routing Defense in depth: Firewalls, IPS, Antivirus, Content and URL Filtering, and other security services

3 3 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Consolidating with Next-Generation Firewalls Next-Generation Firewall Benefits Fewer devices Less network complexity Reduced CAPEX and OPEX Increased availability “Will the all-in-one features in NGFW appliance satisfy my security needs?” “Will NGFW appliances meet current and future performance needs of my network?” Consolidate all of these devices… …onto this pair of NGFW devices. Next-generation firewalls promise outstanding device consolidation, but raise new questions…

4 4 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Can NGFW Appliances Keep Up? 70 0 Security Features Enabled Great large packet performance Use realistic protocols and traffic sizes Identify users and applications Enable Light- Duty IPS …based on datasheet numbers* with optimal port configuration, small policies, no redundancy, few IPS features, and no logging. Throughput (Gbps) 20 10 40 30 50 60 Performance Impact of Security on NGFW Appliances *As of March, 2012

5 5 © Blue Coat Systems, Inc. 2012Blue Coat Confidential A Constellation of Metrics 5 Network Performance Connections per second Concurrent Connections Security Application s Deployed Packet Sizes Protocol Mix Application Features Enabled Security infrastructure should be able to adapt to changing metrics and requirements. Vendor data sheets list a few metrics, but each independently. But what about other metrics? How does each of these impact network performance?

6 6 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Security is Processing Intensive Realism & Security FeaturesPerformance Performance/Security Trade-off Very little inspection, large packets Realistic traffic inspected thoroughly True for many services Firewall Intrusion Prevention Data Loss Prevention Web, Database, and Application firewalls Antivirus This effect is multiplied for Next Generation Firewall devices performing multiple security functions.

7 7 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Security FeaturesPerformance Security Requirements Changing Network and Security Landscape 10 Gbps 20 Gbps Next Generation Firewall Performance Performance Requirements FW IPS LB FW IPS LB

8 8 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Strategies for Scaling Appliances AdvantagesDisadvantages Scales linearlyComplex switching and load balancing Scaling does not affect architecture Difficult to troubleshoot Simplified routing tablesHigh capital costs High operational costs AdvantagesDisadvantages Lower CAPEXNo scalability within segments Easy to troubleshootScaling changes network architecture Simplified switchingComplex routing tables High operational costs Physical Segmentation Load Balancing Still a complex mesh of several appliances. NGFW appliances often create the same problem they were intended to solve. Still a complex mesh of several appliances. NGFW appliances often create the same problem they were intended to solve.

9 9 © Blue Coat Systems, Inc. 2012Blue Coat Confidential The X-Series Strategy Internet X-Series creates a “Network in a Box” Network Processor Modules Application Processor Modules Control Processing Modules FW L2 IPS LB X-Series provides unprecedented consolidation and scalability in a single chassis.

10 10 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Network Processing Module (NPM)  Provides Switching Fabric for Data Plane Switching fabric connects all NPMS and APMs 9600 series provides 10 to 40Gb/s per module 8600 series provides 5 to 10Gb/s per module Up to 140Gbps of non-blocking backplane  Flexible Physical Network Interfaces Multiple configurations available from 10xGbE to 16x10GbE All ports are hot-pluggable, standard SFP, SFP+, XFP form factor  Distributes Traffic Efficiently and Intelligently Scales by distributing traffic across APMs and processing cores Automatically redistributes load around failed resources  Consolidates Network Infrastructure Virtualizes switches, load balancers, patch & power cords Eliminates common network devices found in security infrastructure NPM 9650

11 11 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Application Processing Module (APM)  Hosts Applications Responsible for running the security application(s) Can be pooled into a “Virtual Application Processor Group” (VAP Group) Dynamically provisioned - no local configuration  Scales Performance Multiple APMs in a VAP Group share load to scale performance APM 8650: 4 Core and 8 Core configurations, up to 16Gb RAM APM 9600:12 Core configuration, up to 24Gb RAM  Maintain Defense in Depth Layer multiple VAP Groups with different security applications NPM’s network virtualization provides connectivity between layers  Provides Application Redundancy VAPs can run on any APM APMs can be re-provisioned on-the-fly Un-provisioned APMs automatically assume warm-standby role APM-9600

12 12 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Control Processing Module (CPM)  System Management Provides out of band management of chassis through dedicated backplane and management ports. Centralized configuration for all elements in the system  Provision Applications Easily Define VAP groups and install applications centrally Automatically provisions the right resources for the application Hosts a dedicated file system for each Application Processor  Health Monitoring Continuously checks health and collects statistics on of all modules (available through SNMP or web interface) Dynamically provisions new resources to replace failed resources CPM-9600

13 13 © Blue Coat Systems, Inc. 2012Blue Coat Confidential 1GE & 10GE Network Interfaces NPM Flow Distribution Switch ASIC Network Processor FPGAs Flow Classification XOS Linux Management Local I/O Control XOS Linux CPM Provisioning Management Storage CPUs & Memory Control I/O 1GE System Architecture APM CPUs & Memory Linux Application XOS Linux Non-Linux Application KVM VM High-Performance Network Flow Distribution Interface

14 14 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Security FeaturesPerformance X-Series System Performance Performance Requirements Security Requirements X-Series Flexibility 14 FW IPS 15 Gbps 30 Gbps

15 15 © Blue Coat Systems, Inc. 2012Blue Coat Confidential APM VersionAPM 8650 4 CoreAPM 8650 8 CoreAPM 9600 # Processing Cores4 CPU Cores per Module8 CPU Cores per Module12 CPU Cores per Module IP Forwarding Packet Rate (PPS)1.7 Mpps2.2 Mpps7.0 Mpps Fabric Connection Speed12.8 Gbps 20 Gbps Memory4GB Standard (Upgradable to 16 GB) 8GB Standard (Upgradable to 16 GB) 12GB Standard (Upgradable to 24 GB Hard DriveDiskless Design Optional up to 2 HDD‘s available with RAID System Specs At-a-Glance NPM VersionNPM 8620NPM 8650NPM 9600 Network Throughput5 Gbps10 Gbps40 Gbps Packet Forwarding Rate (PPS)7 Mpps12 Mpps40 Mpps Maximum Connections8 Million / 40 Million (8G) 18 Million / 100 Million Connection Setup Rate65,000 CPS130,000 CPS

16 16 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Architecture Redundancy X60 / X80-S CPM (Control) redundancy APM (Application) redundancy NPM (Network) redundancy Fan redundancy Backplane trace redundancy Power redundancy Crossbeam’s Virtual Infrastructure has created a design with no single points of failure

17 17 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Self-healing with Hot Standby Firewalls IPS Stand-by Original Configuration 4 Firewall APMs 3 IPS APMs 1 Stand-by APM One Firewall APM experiences a problem The Stand-by APM automatically takes the Firewall APM’s profile “No more emergency wake-up calls at 3AM to replace appliances”

18 18 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Original Configuration 4 Firewall APMs 4 IPS APMs One Firewall APM experiences a problem A IPS APM automatically takes the Firewall APM’s profile based on priority Self-healing via Prioritization Firewalls (Priority 1) IPS (Priority 2) “Automate self-healing to fit your business”

19 19 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Greenlight Element Manager A visual, information-rich interface to your X-Series. Power supply and fan status Chassis utilization and usage statistics Application and system software information Efficiency and capacity planning statistics

20 20 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Modular Chassis X60X80-S Network Connectivity (Maximum)32 Ten Gigabit / Gigabit Ethernet64 Ten Gigabit / Gigabit Ethernet Network Throughput68 Gbps140 Gbps Packet Rate (PPS)21 Million54 Million Concurrent Connections40 Million100 Million Connection Setup Rate (CPS)180,000320,000 Check Point R75 FW+IPS Throughput68 Gbps135 Gbps

21 21 © Blue Coat Systems, Inc. 2012Blue Coat Confidential Flexible Chassis X20 X30X50 Network Connectivity (Maximum)10 Gigabit Ethernet10 Gigabit + 2 10Gb Ethernet16 Ten Gigabit / Gigabit Ethernet Network Throughput5Gbps10Gbps17.5Gbps Packet Rate (PPS)4.4 Million 11 Million Concurrent Connections8 Million 18 Million Connection Setup Rate (CPS)110,000 115,000 Check Point R75 FW+IPS Throughput5Gbps10Gbps17Gbps

22 22 © Blue Coat Systems, Inc. 2012Blue Coat Confidential X-Series Key Values Consolidation House multiple security applications in a single chassis. Scale each application to meet performance demands.Consolidation House multiple security applications in a single chassis. Scale each application to meet performance demands. Adaptability Add, remove, or change applications on a common hardware platform. Provision resources where and when they are needed.Adaptability Add, remove, or change applications on a common hardware platform. Provision resources where and when they are needed. Availability Self healing architecture. 5-9’s high availability in a single chassis, 7-9’s with dual chassis.Availability Self healing architecture. 5-9’s high availability in a single chassis, 7-9’s with dual chassis. Operational Efficiency Dramatically reduce maintenance time and effort. Manage and monitor the security environment from a common interface. Operational Efficiency Dramatically reduce maintenance time and effort. Manage and monitor the security environment from a common interface.

23 Blue Coat Confidential – Internal Use Only Please provide feedback on this webcast to: supportnewsletter@bluecoat.com Webcast replay and slide deck found here: https://bto.bluecoat.com/training/custom er-support-technical-webcasts https://bto.bluecoat.com/training/custom er-support-technical-webcasts (requires BTO login)

Download ppt "Blue Coat Confidential Rethinking the Network With X-Series Nathan Brady – Technical Marketing."

Similar presentations

IBM Software Group ® Integrated Server and Virtual Storage Management an IT Optimization Infrastructure Solution from IBM Small and Medium Business Software.

IBM Software Group ® Integrated Server and Virtual Storage Management an IT Optimization Infrastructure Solution from IBM Small and Medium Business Software.
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:

Logically Centralized Control Class 2. Types of Networks ISP Networks – Entity only owns the switches – Throughput: 100GB-10TB – Heterogeneous devices:
Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)

Introducing New Additions to ProSafe Advanced Smart Switch Family: GS724TR and GS748TR (ProSafe 24 and 48-port Gigabit Smart Switches with Static Routing)
Confidential Prepared by: System Sales PM Version: 1.0 Lean Design with Luxury Performance.

Confidential Prepared by: System Sales PM Version: 1.0 Lean Design with Luxury Performance.
© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.

© 2014 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 High-performance Gigabit Ethernet ports rapidly transfer large files supporting.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.

Copyright 2009 FUJITSU TECHNOLOGY SOLUTIONS PRIMERGY Servers and Windows Server® 2008 R2 Benefit from an efficient, high performance and flexible platform.
MSIT 458: Information Security & Assurance By Curtis Pethley.

MSIT 458: Information Security & Assurance By Curtis Pethley.
FirePOWER Services for ASA Sizing Guidance and Performance Discussion

FirePOWER Services for ASA Sizing Guidance and Performance Discussion
RIT Campus Data Network. General Network Statistics Over 23,000 wired outlets Over 14,500 active switched ethernet ports > 250 network closets > 1,000.

RIT Campus Data Network. General Network Statistics Over 23,000 wired outlets Over 14,500 active switched ethernet ports > 250 network closets > 1,000.
Citrix Partner Update The Citrix Delivery Centre.

Citrix Partner Update The Citrix Delivery Centre.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.

Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Small Business RV320/RV325 Product Overview.
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.

VMware vSphere 4 Introduction. Agenda VMware vSphere Virtualization Technology vMotion Storage vMotion Snapshot High Availability DRS Resource Pools Monitoring.
EWAN Equipment Last Update 2010.02.01 1.0.0 Copyright 2010 Kenneth M. Chipps Ph.D. www.chipps.com 1.

EWAN Equipment Last Update Copyright 2010 Kenneth M. Chipps Ph.D. 1.
Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Similar presentations

Ads by Google