Blue Coat WAN Optimierung MACH5 & SG Client Mathias Widler About Blue Coat Why Blue Coat Can Deliver Founded in 1996 as CacheFlow “Its current offering – Focused on web acceleration looks strong. Consider Blue Coat if Expanded in 2002 your branch office as Blue Coat needs include – Added Control and Security ECDN and Expanded in 2006 media playback, with MACH5 HTTP(S) acceleration – Added WAN Optimization or comprehensive security 10,000 customers in addition to WAN 40,000 appliances optimization.” 650+ Employees Gartner – 2006 World’s Major Institutions Trust Blue Coat Financial Health & Pharmaceuticals Energy, Oil & Gas Mfg/Industrial Consumer & Retail Government The Wide Area Network Problem An Enterprise Without Boundaries Outsourced Managed Web Apps Datacenter Branch Office Branch Office •LOB App Users are Everywhere • Applications are Everywhere File Servers Branch Office • Performance is Poor Intranet E-Mail • Security is Poor Why Are Applications So Slow? Something Is Broken What’s Really Broken? Is it File Services? Is it Backup? Is it a Critical App? The WAN… Latency Ruins LAN Applications Overcrowding Makes it Worse Bandwidth Upgrades an Endless Cycle Why So Slow?! Take the Quiz Your Network: 34 Mbps – yeah, that’s big 100 ms – yeah, that’s fast Question: ACK! ACK! You copy a 4MB PPT File. How long will it take? Hint: CIFS is a WAN worst-offender. It sends data in 4KB chunks, then waits for an acknowledgement. A) 0.9 seconds. B) 200 seconds. 4KB Sent 4KB Sent 34 Mbps = 4.25 MBps 4MB = 1000 x 4KB chunks so 4 / 4.25 = 0.9412 s 1000 trips there 1000 trips back 2000 trips x 0.1 sec = 200 Why So Slow?! Bandwidth is the width of the road Latency is the speed Performance → Price Add Layer 7 protocols Expectation Designed for LANs Add rogue traffic Add unrealistic expectations Reality Bandwidth → RESULT: Non-Linear Performance Gains as Bandwidth is Added! WAN Optimization Technology Ultimate in WAN Optimization Multiprotocol Accelerated Caching Hierarchy Bandwidth Protocol Object Byte TCP Compression Management Optimization Caching Caching Enhancements File Services (CIFS), Web (HTTP), Exchange (MAPI), Video/Streaming (RTSP, MMS), Secure Web (SSL) MACH5 Accelerates Applications MACH5 Optimizes More Protocol Types, Removes More Latency and Saves More Bandwidth than Other Solutions Bandwidth Management – Business Process Salesperson, placing order with Salesperson query with Sales Automation App Sales Automation App Priority 1 Priority 2 Min 400Kb, Max 800Kb Min 100Kb, Max 400Kb Non-Sales Management Pulls Marketing person, Surfing Sales Client List Automation App (reporting) Block Priority 3 Min 0Kb, Max 200Kb Divide traffic into classes, by: – User, application, content, transaction, application protocol, etc. Guarantee priority and min and/or max bandwidth for a class Align traffic classes to business priorities Even for SSL encrypted applications Operates alone, or integrates with your existing packet-layer QoS Protocol Optimization 10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP Object Caching DATACENTER Client served from local proxy 100% acceleration – no data across WAN Works on second, and all subsequent requests BRANCH Byte Caching 1101111100111001001001011 110111110011100100100101 101111111111111111111111111 10111111111111111111111111 11011111111111111111111111 11111111111111100011110001 1111111111111111000111100 11111111111111111000111100 0111001100011000001001111 110011000110000010011110 011100110001100000100111 000000110111101001000000 000001101111010010000000 Byte Caching 100000011011110100100000 000000000000000000000000110111110011100100100101110[REF#1] 000000000000000000000000 0000000000000000000000000001111000111001100011000001001111000000110111101 000000000000000000000000 0000000000000000000000000010[REF#2] 010101010100101000010100 000000000000000000000000 000000000000000000000000 000000000000000000000000 000000000000000000001010 000000000000000000010101 000000000000000000000101 1010100101000010100 010100101000010100 01010100101000010100 Proxies “learn” common patterns Create short references and pass those instead Works on all files, all applications over TCP TCP Enhancements Windows Scaling TCP Selective Acknowledgement (SACK) Packet Loss Handling (loosely based on RFC 3649 “HighSpeed TCP for Large Congestion Windows” and the research paper “Scalable TCP: Improving Performance in Highspeed Wide Area Networks “) The Blue Coat Difference: TCP Double Buffer, TCP Connection Control, TCP Pipelining Compression 1101111100111001001001011 110111110011100100100101 100110010101110110010000 110011001010111011001000 1101001100111001000001111 011010011001110010000011 000111001100011000001001 110001110011000110000010 111000000110111101001000 COMPRESSION 011110000001101111010010 0110110100101111100110100 1101111100111001001001011100110010101110110010000 000110110100101111100110 1110110100110100111100100 1001100111001000001111000111001100011 100111011010011010011110 000000000011100101110010 010000000000001110010111 110110110100101011001011 001011011011010010010010 001010101010100101010101 101010010101010101101100 01010100101000010100 101100010100 Industry-standard gzip algorithm compresses all traffic Removes predictable “white space” from content and objects being transmitted MACH5 Techniques Work Together Object Caching • Caches repeated, static app-level data; reduces BW and latency Byte Caching • Caches any TCP application using similar/changed data; reduces BW Compression • Reduces amount of data transmitted; saves BW Bandwidth Management • Prioritize, limit, allocate, assign DiffServ – by user or application Protocol Optimization • Remove inefficiencies, reduce latency TCP Enhancements • Window scaling, SACK, Packet Loss ... Legacy WAN Optimization Fix Basic Protocols Compress with Byte Caching Some Add Wide Area File Services What about the rest of your traffic? Start Accelerating the Rest Web traffic is huge HTTP, and then some – Web services – Web widgets – Java clients Video a growing issue Get rid of the junk Accelerate the Good. Stop the Bad. MACH5 Accelerates SSL Applications One side must participate – Server-side enables interception of internal apps – Client-side enables interception of both internal and external apps Server-side enables acceleration – Offloads server – Accelerates apps you have keys for Delegation of Trust enables security and acceleration of all applications, internal and external – Granular policy over users, applications, and content – Accelerate all apps, regardless of ownership or location – Enabled at the Certificate Server MACH5 Accelerates Multimedia Apps Video on Demand – Local cache eliminates latency – Pre-populate at line speed Live Streaming – Transparent stream splitting – Record for subsequent broadcast – No network upgrades needed What About The Office of One? Aren’t We Poor performance All Mobile Users? Inconsistent performance No control over user experience Desktop Client for Acceleration and Control The Solution: Blue Coat SG Client Client software that extends Mach5 acceleration capabilities to the desktop Improves performance of email, client-server applications and file services Accelerates traffic between SG appliance and end user machine Transparent to IPSec VPNs No changes to end user experience apps and file downloads are just faster! Byte caching coming soon! SG Client Features & Benefits Feature Benefit CIFS acceleration Significant improvement to wide area file service – Client Side Object Caching delivery, improving end user productivity – CIFS protocol optimization Improves utilization of bandwidth for TCP GZIP compression applications Policy-based acceleration Granular control of when to accelerate traffic Centralize management of client software and Minimizes cost to deploy and maintain the solution configuration Load balancing across clients Fail over to other concentrators Graphically display acceleration results and Real time client-side statistics benefits Addressing End User Frustration Microsoft Word Microsoft PowerPoint File size - 10 MB File size - 1 MB No Client No Client 2 min 20 sec. With SG Client 21 sec. 1 min 104 sec. With SG Client 6 sec. 16 sec. 3 sec. 2 sec. File File File File File File Open Open Open Open Open Open (cold) (warm) (cold) (warm) Test bed: Office 2003, Win XP, 1.544 mbps full duplex, 200 ms Deploying in the Network Complete Range of Blue Coat Appliances SG8100 Series Corporate Headquarters SG810 Series SG510 Series Remote Offices SG210 Series Connected Users Up to 250 users 150 – 1000 users 800 – 4000 users 3000 – 50,000+ users WAN Throughput Up to 2 Mbps 2-12 Mbps 12-45 Mbps 30-155 Mbps Performance Inline or Out-of-Path? Inline Deployments LAN – Simple, Fast Switch – Single Point of Failure BlueCoat Out of Path Router – More Configuration – Addresses Logic Failure – Multiple Points of Semi-Failure WAN Supports WCCP, IP Redirect Router BlueCoat Switch LAN Clustering for HA and Performance LAN Active-Active Clusters Switch – TCP Clustering – WCCP Clustering BlueCoat Active-Passive Clusters Router – Explict Proxy Load Balance – Serial SGRP Cluster WAN – Automated IP Bypass Router BlueCoat BlueCoat Switch LAN Visibility and Control in the Tunnel Encrypted Data Payload Layer 4 Ports Layer 3 IP Information Translucent Tunnels Show Netflow Ports – Maximum Out-of-Path Visibility Transparent Tunnels Show IP Address and Ports – Total Visibility for Inline Optionally Encrypt the Data Maximize Visibility and Security For Any Deployment Type Explicit vs. Transparent NetFlow Diagrams CIFS HTTP FTP ADN HTTPS Other Oracle Siebel Other No tunnels Tunnels (Transparent tunnels, (Explicit tunnels) translucent tunnels) System-wide Management and Control Blue Coat Director – Centralized configuration of Blue Coat appliances – set up, policy, etc – Centralized monitoring – appliance health, application use, user experience Blue Coat Reporter – Enterprise roll-up and analysis of application delivery information: appliances, application use, user experience Both Director and Reporter are proven, with thousands of nodes under management… Summary Going Beyond Legacy Optimization Blue Coat WAN Optimization 5. For All Users Everywhere 4. Optimize Web Traffic 3. Remove the Junk 2. Manage Video 1. Accelerate SSL Compress Legacy WAN Byte Cache Optimization Fix Protocols Thank you!