Secure your users
Accelerate your data
Harri Kurronen
Agenda
• Secure your users
• Accelerate your data
• New – SG Client
About Blue Coat
• Founded in 1996 with a focus on Acceleration
– Accelerating Web applications…making Internet applications faster
– Innovative proxy caching appliance with object pipelining, adaptive
content refresh
• Expanded in 2002 to include Policy Control & Security
– Rich policy framework integrated with performance engine for visibility and
control of users, content and applications
• Visibility: Who, what, where, when, how
• Control: accelerate, deny, limit, scan, strip, transform…
• Innovative leader in secure content & application delivery
– 700+ employees; $200M annual revenue run rate
– 30,000+ appliances shipped worldwide to more than 4,000 customers
– #1 market leader in Secure Content & Application Delivery (IDC)
Integrated Solution for Acceleration & Security
Secure and Accelerate Your Business
SG Family
Internal
Network Public Internet
High Performance Appliances
AV Family User Control
URL Filtering
Virus Scanning
Instant Messenger Control
Peer-to-Peer Block/Allow
Per User Reporting
Streaming splitting/caching/control
Spyware blocking and reporting
Application Acceleration (MACH5)
Comprehensive, flexible content policies
World’s Major Institutions Trust Blue Coat
Financial Health & Pharmaceuticals
Energy, Oil & Gas Mfg/Industrial Consumer & Retail
Government
Safe … its all about the data
Enterprise Traffic is complex
• Accelerate good
• Stop bad (“junk”)
• Understand priorities
• By user, application,
time, office etc.
The Power of the Proxy
CONTROL
PROTECT • Fine-grained policy for applications, ACCELERATE
protocols, content & users (allow,
• Prevent spyware,
malware & viruses
+ deny, transform, etc) + • Governed by policy
• BW Shaping, Compression,
• Granular, flexible logging
• Stop DoS attacks Protocol Optimization
• Authentication integration
• IE vulnerabilities, • Byte, Object & Predictive
IM threats Caching
Full Protocol Termination = Total Visibility & Context
(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, Telnet, DNS, etc.)
Ultimate Control Point for Web Communications
Complete Range of Blue Coat Appliances
SG8100 Series
Corporate
Headquarters
SG810 Series
SG510 Series AV810 Series
Remote AV510 Series
Offices SG200 Series
Connected
Users Up to 250 users 150 – 1000 users 800 – 4000 users 3000 – 50,000+ users
WAN
Throughput Up to 20Mbps 30 – 50 Mbps 100Mbps – 140Mbps 200Mbps – 400+ Mbps
Performance
Fast … its all about the user
The Enterprise in Motion
ASP
ASP
ASP Branch Office
Supplier
Procurement
App SFA App
Branch Office
CRM App
HR App
File Servers Branch Office
Corp Data
Center
Corp
Intranet Corp
E-Mail
Platform for Application Acceleration
Multiprotocol Accelerated Caching Hierarchy
Bandwidth Protocol Object Byte
Compression
Management Optimization Caching Caching
File Services (CIFS), Web (HTTP), Exchange (MAPI),
Video/Streaming (RTSP, MMS), Secure Web (SSL)
Bandwidth Management
Sales Automation App E-Mail
Priority 1 Priority 2
Min 400Kb, Max 800Kb Min 100Kb, Max 400Kb
File Services General Web Surfing
Priority 3 Priority 4
Min 400Kb, Max 800Kb Min 0Kb, Max 200Kb
• Divide user and application traffic into classes
• Guarantee min and/or max bandwidth for a class
• Align traffic classes to business priorities
Protocol Optimization
Protocol Optimization
10-100X Faster
Includes CIFS, MAPI, HTTP, HTTPS, TCP
Object Caching
• Built on high-level applications and protocols
– HTTP/Web caching
– Streaming caches
– CIFS cache
• Advantages
– Fastest response times
– Offload work from servers (and networks)
– Can be deployed asymmetrically
• Limitations
– Application-specific
– All or nothing: No benefit if whole object not found or changed
Byte Caching
Local History Cache Remote History Cache
…..B24D77E8A00E1...4ABEF8853821A
31B482F6C8D920A00CEF225A0F634F …..
Sequences are B24D77E8A00E1...4ABEF885382
They are
8200A2D6BC87F0AB227D95239BE0A1 The original1A31B482F6C8D920A00CEF225A0F63
found in the local
5F07A6238C9DDBE0ACFD97652BDD0 Proxies keep
C0AA017629CAD9E99DE0
transmitted as stream is 4F8200A2D6BC87F0AB227D95239BE0
history cache
smalla history of all reconstructed
A15F07A6238C9DDBE0ACFD97652BD
D0C0AA017629CAD9E99DE0
bytes
references over sent using the
and received
the WAN remote history
cache
B24D77E8A00E4785ACB7EE2
B24D77E8A00E4785ACB7E 0A31B482F6C8D920A00CEF2
E20A31B482F6C8D920A00C [R1]4785ACB7EE20[R2]
25A0F634F8200A2D6BC87FA
EF225A0F634F8200A2D6BC AAB266E8DC9A00A[R3]
AB266E8DC9A00A15F07A623
87FAAB266E8DC9A00A15F0 8C9DDBE0ACFD97652BDD0
7A6238C9DDBE0ACFD9765 C0AA0
2BDD0C0AA0
Local LAN WAN Link Remote LAN
Compression
1101111100111001001001011 110111110011100100100101
100110010101110110010000 110011001010111011001000
1101001100111001000001111 011010011001110010000011
000111001100011000001001 110001110011000110000010
111000000110111101001000 COMPRESSION 011110000001101111010010
0110110100101111100110100 1101111100111001001001011100110010101110110010000 000110110100101111100110
1110110100110100111100100 1001100111001000001111000111001100011 100111011010011010011110
000000000011100101110010 010000000000001110010111
110110110100101011001011 001011011011010010010010
001010101010100101010101 101010010101010101101100
01010100101000010100 101100010100
• Industry-standard gzip algorithm compresses all traffic
• Removes predictable “white space” from content and
objects being transmitted
Ensure Priorities Fed to WAN Network
QoS
DSCP
ToS
• Take business-process prioritization and translate
to packet-level
• Set and preserve QoS settings
• DiffServ (Differentiated Services)
• MPLS (Multi-protocol label switching)
• Superior to packet-only, coarse grained
approaches
MACH5 Techniques Work Together
Object Caching
• Caches repeated, static app-level data; reduces BW and latency
Byte Caching
• Caches any TCP application using similar/changed data;
reduces BW
Compression
• Reduces amount of data transmitted; saves BW
Bandwidth Management
• Prioritize, limit, allocate, assign DiffServ – by user
or application
Protocol Optimization
• Remove inefficiencies, reduce latency
Don’t Forget Branch Office of One
• Today’s appliance-based WAN optimization solutions
address the data center and branch offices…
• …but what about:
Telecommuters Micro-Branch
Road Warriors Employees
Remote Users Are Getting Left Behind
• Poor performance
• No control or
security
• No business
continuity
• Inconsistent devices
and networks
Application delivery must be extended to ALL remote users
Requirement: Acceleration to Desktop
• Acceleration client for laptops
and desktops necessary
• Improve performance of file
access, client-server apps,
email, etc. (latency, bandwidth
issues, packet loss)
• Transparently work across VPNs
and WANs
• Easy to deploy and administer
• No changes to end user
behavior
The Solution: Blue Coat SG Client
• Client software that extends Mach5
acceleration capabilities to the
desktop
• Improves performance of email,
client-server applications and file
services
• Accelerates traffic between SG
appliance and end user machine
• Transparent to IPSec VPNs
• No changes to end user experience
apps and file downloads are just
faster!
SG Client Features & Benefits
Feature Benefit
CIFS acceleration Significant improvement to wide area
– Client Side Object Caching file service delivery, improving end user
– CIFS protocol optimization productivity
Improves utilization of bandwidth for
GZIP compression
TCP applications
Policy-based acceleration Granular control of when to accelerate
traffic
Centralize management of client Minimizes cost to deploy and maintain
software and configuration the solution
Load balancing across clients Fail over to other concentrators
Graphically display acceleration results
Real time client-side statistics
and benefits
Delivering data safe and fast
• Manage: • Accelerate:
– Video – Remote offices
– SSL – Travelling users
– Skype
– Peer-to-peer
What makes Blue Coat unique
• 10 years experience of improving content delivery
– First caching appliances worldwide
• Deep understanding of users and content
– Layer 7 knowledge, not just packet networking
• Most powerful security functionality
– All types of data, unlimited policy flexibility
• Flexible deployment options
– From country to end device
• High performance appliances
– Thin OS, no public-domain, no general-purpose OS
• No compromise – performance and control together