Presentation is loading. Please wait.

Presentation is loading. Please wait.

Gopala Tumuluril - ServerIron Application Switches

Published byDustin Hines Modified over 9 years ago

Similar presentations

Presentation on theme: "Gopala Tumuluril - ServerIron Application Switches"— Presentation transcript:

1 Gopala Tumuluril - ServerIron Application Switches
March 2004 Layer 4-7 Application Switches in the Data Centre and beyond High Availability, Security, Scalability and Business Continuity for Critical Applications Copyright 2004 Foundry Networks, Inc.

2 Gopala Tumuluril - ServerIron Application Switches
March 2004 Agenda Application Challenges and Solutions Server Farm and Application Security Layer 4-7 Security Switches Q&A Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

3 Gopala Tumuluril - ServerIron Application Switches
March 2004 Key Challenges of Business Critical Applications and Server Farms High Availability Resource Down Implies Service Down – Tight Linkage to Service Availability Poor Recovery and Fault Tolerance from Traditional Clustering No Service Resilience During Disasters – Need for Datacenter Redundancy Security Increasing Threat from Sophisticated and High-Speed Attacks Minimal Security Built into Traditional Servers and Applications Scalability and Performance Scalability Requires Massive Servers and Forklift Upgrades Sub-Optimal Resource Utilization and Poor Service Response Time Performance and Bandwidth Bottlenecks for SSL-Enabled Web Applications Manageability Application and Server Proliferation Contributes to Complexity Operational Changes Disruptive to Service Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

4 Gopala Tumuluril - ServerIron Application Switches
March 2004 The New Datacenter – High Performance Application Switching with Web Acceleration Superior Application Switching, Security Performance and Scalability On-Demand and Scalable Web Acceleration and Optimization Transparent High Performance Web and Non-Web Application Switching Investment Protection for Servers and Layer 4-7 Switches Servers Layer 4-7 Application Switches Web Browsers Web Servers Financial App Servers Mobile and Wireless Users DoS Attack Prevention Data Storage and Database FTP Internet and Intranet Users SSL Accelerators, Bandwidth Optimizers and Web Caches Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

5 Gopala Tumuluril - ServerIron Application Switches
March 2004 Key Features and Benefits Efficient Load Balancing Granular Server and Application Health Checking Advanced Content Switching URL, Cookies, SSL ID, HTTP Header, XML, Others Graceful Shutdown and Slow Start for Server Management Server Connection Offload with HTTP Persistent Connections Transparent Support for any IP Application – TCP, UDP, Others High Availability Load Balancing with Rapid Stateful Failover Inbound or Outbound Caches Virtual Application Infrastructure Layer 4-7 Switch Application Switching Financial Apps Server Farm ERP Apps Web Apps Transparently Remove Server from Available Pool Add a New Server to Pool Health Check Fails Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

6 SSL and Web Accelerators
Gopala Tumuluril - ServerIron Application Switches March 2004 SSL and Web Accelerators Dedicated Accelerators Co-Deployed with Application Switches or Embedded within them SSL Acceleration and Termination Layer 7 Persistence for SSL Traffic Transparent HTTP Compression Centralized Certificate Management Accelerator Scalability with Load Balancing and Failover Protection against Accelerator Failures – Rapid Failover and Automatic Failure Detection Virtual Application Infrastructure Server Farm Application Switching Web Apps Financial Apps Application Switches ERP Apps SSL Accelerators Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

7 Gopala Tumuluril - ServerIron Application Switches
March 2004 Global Server Load Balancing (GSLB) Geographic Scalability for Critical Applications Multi-Site Redundancy and Disaster Recovery Optimized Performance and End-User Response Time by Localizing Traffic Transparently Leverage Existing DNS Select Best Site for User Based on a Range of GSLB Policies Direct Users to the Selected Site by Returning Site IP in DNS Response Re-Direct Users to Available Sites GSLB Controller ADNS Server 2 2 LDNS #1 LDNS #2 3 Application Switches Using GSLB Protocol 3 1 4 1 4 5 5 Real Servers Real Servers User Group User Group Datacenter #1 Datacenter #2 Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

8 Gopala Tumuluril - ServerIron Application Switches
March 2004 Multi-Site Redundancy with Intelligent Routing Based Global Load Balancing Direct User Requests to the Nearest Available Site Primary/Backup Datacenter Operation with Automatic Site Failover Totally Transparent (Leverages Standards-Based Routing Protocols) Optimized Performance and End-User Response by Localizing Traffic Rapid Service Restoration During Datacenter Failures Primary Datacenter Application Switches Critical Applications Disaster Recovery Site Health Monitor Users Internet / Extranet Disaster Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

9 ISP Link Load Balancing (LLB)
Router #1 ISP1 Router #2 Enterprise Network Internet ISP2 Load Balancer Router #3 ISP3 Utilize all available ISP links simultaneously Intelligently balance traffic to achieve optimal utilization Gain leverage for price and service Aggregate low-capacity links to create “fat” virtual links Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc.

10 Gopala Tumuluril - ServerIron Application Switches
March 2004 Agenda Application Challenges and Solutions Server Farm and Application Security Layer 4-7 Security Switches Q&A Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

11 Gopala Tumuluril - ServerIron Application Switches
March 2004 New Security Requirements for Emerging Threats Application Level Threats are the New Menace Denial of Service Attacks Wire-Speed Gigabit Rates) Viruses, Worms, Illegal Content Spreading via Application Messages Application Resource Abuse SPAM Key Challenges to Defeating these Threats Host-Based Approaches are Inadequate and Poor to Scale Traditional Network Security is NOT Application Aware Traditional Firewalls Not Designed for High-Performance Protection Lack of Visibility into the Network Layer of Defense for Server Farm and Applications Required Purpose-Built Layer 4-7 Application Switches Provide this Defense Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

12 Gopala Tumuluril - ServerIron Application Switches
March 2004 Protection from Attack for Server Farms and Applications Denial of Service Attack Protection with SYN-Guard Application Level Rate Limiting of Server and Client Connections SPAM Protection and Mitigation with Spam-Def Always-On sFlow Traffic Monitoring Virus and Worm Protection with Content Inspection and Filtering High Performance ACL and NAT Peak Application Performance while Under Attack Hardware based Security - Peak Application Performance Under Attack Virtual Application Infrastructure Multi-Gigabit Rate Denial of Service Attack Blocked Application Messages Hacker Miss-Critical Application Servers IP Network Application Switch Legitimate Client Legitimate Traffic Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

13 Gopala Tumuluril - ServerIron Application Switches
March 2004 High-Performance SYN and ACK DoS Attack Protection Using SYN Cookies C1 Good Client Bad Client C2 Server A Complete TCP Connection 1 TCP SYN Application Switch 4 2 TCP SYN ACK – Special SEQ 3 TCP ACK – Special SEQ Servers TCP SYN 1 NO TCP Connection Server B TCP SYN ACK – Special SEQ 2 BAD TCP ACK – Special SEQ 3 Protects Server from Attack ServerIron’s Connection Proxy and Smart SYN-Cookie Protects Against TCP ACK Attacks Offers Firewall Protection when Deployed in Front of Firewalls Protects against SYN and ACK Flood Attacks Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

14 Network-Based SPAM Prevention and Mitigation is the New Emerging Trend
Gopala Tumuluril - ServerIron Application Switches March 2004 Network-Based SPAM Prevention and Mitigation is the New Emerging Trend Goal: Block as Much SPAM as the Network Minimizes Scope of the Problem by Substantially Reducing SPAM Makes the Problem Manageable with Reasonable Resources at the Host Level Key Requirements: Dynamic Policy Enforcement SPAM Lists Could Run into Millions – Scalability is Critical Lists are Subject to Change – Frequent Download No Open Windows of Opportunity for Spammers Scalability and High Availability of Content Solutions Host-Based Solutions will Always be Necessary Targeted Processing Critical to Scale and not go Bankrupt Intelligent Switching and Load Balancing Brings Sanity Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

15 Gopala Tumuluril - ServerIron Application Switches
March 2004 Agenda Application Challenges and Solutions Server Farm and Application Security Layer 4-7 Security Switches Q&A Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

16 Security Market Needs and Trends
Network Perimeter as we knew it is Disappearing Mobility, Convergence, Remote Access, Growing Internal Threats Need for Security Everywhere in the Network Well Established and Agreed Role of Network to Deliver Security Organizations are Gravitating Towards Network-Based Security Solutions Protection for Infrastructure, Services, Critical Resources Moving Beyond the Firewall Without Giving Up on Firewalls Enterprises Endorse the Need for Solutions that Augment Firewalls Firewall Market is STRONG, but Layer 7 Security is Growing Rapidly Emerging Vision/Trend of Network-Wide Security is Catching On Network Integration is Seen as Inevitable and Required Solutions that Promote Incremental Steps are Needed Growing Attacks and Threats in Content and Service Provider Infrastructure – These Customers Can’t Rely on Firewalls Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc.

17 Secure Network Architecture Using Layer 4-7 Security Switches
Wire Speed LAN Switching Security -L2/L4 DoS Attack Prevention -Port, CPU, VLAN, & Rogue Protection sFlow based Anomaly IPS Solution -Zero-Day Solution -Interface to Network Mgmt. for Remediation Anomaly Based IPS External Collector, Analyzer External Closed-Loop Interface Network Manager Web & Application Servers sFlow From Switches Edge Port Remediation Web & Application Servers Internet Security Traffic Manager (Perimeter Security) Secure LAN Switch (Server Farm Protection) Security Traffic Manager (In-Line Inside LAN Protection) Radius Secure LAN Switch (Direct Desktop Protection) NAC Server sFlow Network Admission Control Agents on the Desktops Network Admission Control Agents on the Desktops Security Traffic Mgr. and LAN Switch -Signature based IPS and More -Edge, Aggregation, and Perimeter Application Security and Protection -Web and URL Security -Network-based SPAM, DNS and VoIP Security Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc.

18 Application Switch as Firewall Front End
Most Firewalls DO NOT Provide Robust and High Performance DoS Offer Wire-Speed ACLs Perform Deep Packet Inspection Offer High Performance Stateful NAT Deliver Application Specific Security Protection Some Firewall Vendors Position L7 Intrusion Devices Behind the Firewalls Security Switch Fits In Front of Firewalls to Offload and Augment Delivers Wire-Speed L2/3 and Multi-Gigabit L4-7 Security In-Line Security Switch WAN Enterprise Core Traditional Firewall Perimeter Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc.

19 Security Switches Inside the Enterprise LAN – Distribution Layer
Position it as Internal Firewall in the Enterprise Network Aggregation Layer – Against Likes of CheckPoint InterSpect L4-7 Security Switch Poor Performance and Steep Price for Minimal Features, and PC Inside the Network Superior Performance, Switch Architecture, Total Security Features at Attractive LAN Switch Pricing SecureIron Traffic Manager Provides High Density Gigabit Aggregation and 10 Gigabit Network Connectivity Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc.

20 Augment with sFlow for Network-Wide Wire-Speed Visibility
Statistical Sampling Delivers Visibility to All Traffic Flows Throughout the Network Layer 2 through 7 visibility and analysis Scales with Network Size and Speeds with no Performance Impact Technology must be able to Scale to GbE and 10 GbE rates Embedded implementations available today – Free! Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc.

21 Gopala Tumuluril - ServerIron Application Switches
March 2004 Agenda Application Challenges and Solutions Server Farm and Application Security Layer 4-7 Security Switches Q&A Foundry Networks Confidential and Proprietary December © 2004 Foundry Networks, Inc. Copyright 2004 Foundry Networks, Inc.

22 Gopala Tumuluril - ServerIron Application Switches
March 2004 Thank You Copyright 2004 Foundry Networks, Inc.

Download ppt "Gopala Tumuluril - ServerIron Application Switches"

Similar presentations

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)

Fred P. Baker CCIE, CCIP(security), CCSA, MCSE+I, MCSE(2000)
Barracuda Link Balancer Link Reliability and Bandwidth Optimization.

Barracuda Link Balancer Link Reliability and Bandwidth Optimization.
New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.

New Solutions to New Threats. The Threats, They Are A Changing Page 2 | © 2008 Palo Alto Networks. Proprietary and Confidential.
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
5-Network Defenses Dr. John P. Abraham Professor UTPA.

5-Network Defenses Dr. John P. Abraham Professor UTPA.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
Copyright © sFlow.org. 2004 All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.

Copyright © sFlow.org All Rights Reserved sFlow & Benefits Complete Network Visibility and Control You cannot control what you cannot see.
F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.

F5 Solution for Microsoft Exchange 2010 James Hendergart Business Development Manager Helen Johnson Solution Engineer.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.

Highly Available Central Services An Intelligent Router Approach Thomas Finnern Thorsten Witt DESY/IT.
Barracuda Web Application Firewall

Barracuda Web Application Firewall
Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.

Blue Coat Systems Securing and accelerating the Remote office Matt Bennett.
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
NetFlow Analyzer Drilldown to the root-QoS Product Overview.

NetFlow Analyzer Drilldown to the root-QoS Product Overview.
MIGRATION FROM SCREENOS TO JUNOS based firewall

MIGRATION FROM SCREENOS TO JUNOS based firewall
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.
Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.

Barracuda Networks Confidential1 Barracuda Backup Service Integrated Local & Offsite Data Backup.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

Similar presentations

Ads by Google