PacketShaper

Transcription

PacketShaper

IBM Forum
16. Septembar 2010., Sarajevo
Aplication Delivery Network (ADN)
Mreža za isporku aplikacija
Saša Mandžukić
Emerging Markets Consultants
Firma EMC – Emerging Markets Consultants (konsultanti tržišta u razvoju), je
osnovana krajem 2007. sa sjedištem u Sarajevu.
Misija
Informatička podrška malim, srednjim i velikim preduzećima, te drugim
poslovnim subjektima u zemlji i inostranstvu.
Cilj
Našim klijentima pružiti rješenja “najbolje vrste”, koja će zadovoljiti njihove
potrebe i ponudimo naprednu podršku za njihove poslovne procese.
Vizija
Biti prepoznatljivi na tržištu kao pouzdana kompanija, na koju se klijenti oslanjaju
jer realno zadovoljavamo njihove potrebe i očekivanja.
Slide 2
Usluge koje nudimo:
•
savjetovanje (konsalting)
•
vođenje i koordinacija projekata
•
projektovanje računarskih, telekomunikacionih i sigurnosnih
sistema
•
razvoj i prilagodba poslovnih aplikacija
•
implementacija
•
tehnička podrška i održavanje
•
edukacija
T, U
S
O OL
V
I
L J NT R
D
I
V KO IJA
E
IT ST I AC
D
E O NIK
V
U RN MU
GU KO
I
S
Slide 3
Rješenja:
Mrežna i sigurnosna rješenja
Routing & Switching, VPN rješenja, IP Telephony & Unified
Communication,Bežična tehnologija, Antivirusna zaštita, Enkripcija.
Wan Optimizacija, Secure web gateway, IPS.
Sistemska rješenja
Active Directory, File Server, Print Server, Fax Server, Web application
server (IIS, ASP.NET), Terminal server, Remote access/VPN server, DNS
Server, DHCP server, Storage sistemi, Backup i arhiva podataka.
Aplikativna rješenja
ERP Microsoft Dynamics Navision, CRM, Aplikacije po narudžbi.
SaaS-Hostrani web i mail security.
Slide 4
Satelitski pristup internetu:
U suradnji sa evropskim i lokalnim Internet provajderima, u mogućnosti
smo ponuditi implementaciju sistema satelitske komunikacije i pristup
Internetu.
Satelitski internet je ponajprije namijenjen firmama s poslovnicama na
lokacijama koje su izvan pokrivenosti aDSL-om, kablovskog interneta ili
wireless rješenja, a imaju potrebe za brzim internetom, ili kao rezervni
link za kritične poslovne aplikacije.
Slide 5
Reference
•
BH Telecom d.d.
•
Raiffeisen Bank d.d.
•
Fabrika Duhana Sarajevo
•
NATO Peace Support Operations Training Center
•
Raiffeisen Leasing d.o.o.
•
Petrol BH Oil Company d.o.o.
•
Agencija za poštanski promet
•
Regulatorna agencija za komunikacije
•
Institut za intelektualno vlasništvo
•
Vlada Federacije Bosne i Hercegovine
•
Fondacija za inovativne tehnologije BIT Centar
•
... i drugi
Slide 6
Rješanja za
vidljivost komunikacija i akceleraciju
Security
Acceleration
Visibility
Slide 7
IBM Forum
Saša Mandžukić
ADN Solution Suite
PacketShaper
Application Visibility & QOS
Secure Web Gateway
WAN Optimization
Network Assessment
Malware Prevention
File & Email Acceleration
Network & Application
Performance Monitoring
SSL Visibility and Control
Data/Server Consolidation
Web Content Filtering
Web & SSL Acceleration
Voice & Video Conference
Quality Delivery
Remote Web Control
Rich Media Delivery / CDN
Bandwidth Management
IM & P2P Control
Replication & Backup
P2P Traffic Shaping
Digital Leakage Protection
Live Video Stream Splitting
MPLS Migration
9
ProxySG
Slide 9
Sve na Webu - Sigurnost
Web Browser je postao univerzalan način pristupa
Neprikladno
korištenje
Surfanje po Webu
Instant Messaging
P2P file sharing
Ali donosi
rizike za
poslovanje!!
Zloupotreba
mreže
Backdoor,
Virusi
Web email
Instant Messaging
P2P file sharing
P2P file sharing
Audio/Video Streaming
Spyware
Rješenje je u kontroli, ne samo blokiranju
Slide 10
Virtualisation and Centralisation - Wan Optimizacija
• Virtualisation
• Centralisation
– Eliminate storage arrays in
Remote Offices
– Business-driven
– Business-driven
• Compliance
• Cost
• Cost
• Security
• High availability
• Control
• Power consumption
• Hardware utilisation
Data Center
Storage Centralisation
Remote
Office
11
– Completely abstracting
logical storage from
physical storage
Slide 11
Vidljivost - QOS
End User
Network/NO
C
Helpdesk
• Valid?
• Is SAP slow?
• Which part of SAP?
• Network problem?
• What is causing issue?
• Who is causing it?
• How do I fix it?
Complaint
“Network is slow,
SAP is slow”
Slide 12
Resolution?
Secure Web Gateway Requirements
• Organizations struggle to battle malware threat
• Corporate compliance for acceptable Internet
use
• Visibility into web and network trends
• Need to mitigate data leakage of sensitive info
• Unproductive content overwhelms the
network
• IT needs to protect all users, all locations
13
Slide 13
Blue Coat WebPulse:
Implementing Dynamic Link Analysis
Multiple Threat Engines
Machine Analysis
Human Raters
+1B Requests
Per Week
WebFilter
54 Million Users
ProxySG & ProxyClient
Enterprise Users
K9 Consumer Users
Immediately Protects Blue Coat Web Gateway
and Remote Users
14
Slide 14
SWG Request Controls - All
• All Requests:
– Default & Custom Logging & Reporting
– Object Caching upwards of 50% (optional for SSL)
• Object Pipelining & Adaptive Refresh patented technologies
– Bandwidth Management (e.g. Streaming media)
– Protocol Optimization
Object
Cache
Bandwidth
Management
Protocol
Optimization
Log Files
Reporter
Malware
Detection
Protocol
Content
Compliance Filters
Data
Types
Active
Content
Internet
URL
Filtering
DLP
Checks
AAA
Policy
Method Controls
Cert. Validation
ProxySG
15
Slide 15
Blue Coat Layered Defenses
Cloud Service
WebPulse & WebFilter
Inline Threat Detection
ProxyAV
Web Application & Content Controls
ProxySG
Integrated Data Loss Prevention
ProxySG with 6 DLP partners
Remote Users
ProxyClient
16
Slide 16
Firewall Æ Ne pušta loše momke unutra
Web
poslužitelji na
intranetu
Vatrozid
Javni
Web
poslužitelji
Javni
Internet
Interna mreža
Korisnici
Vatrozid štiti
u pristupu . . .
Ali nije dizajniran za
kontrolu na razini korisnika
Slide 17
Hakeri
Proxy Æ Neka dobri momci ostanu dobri
Potpuna vidljivost i kontrola svih komunikacija preko Weba
Web
poslužitelji na
intranetu
Javni
Web
poslužitelji
Proxy
Vatrozid
Javni
Internet
Interna mreža
Users
Korisnici
Ograničenje ili kontrola
pristupa
neproduktivnim
Webovima
Početna stranica s
pravilima upotrebe
Interneta
Zaustavljanje sadržaja
na Webu kao što su
.vbs, .exe
Kontrola pop-up-a,
reklama i spyware-a
Sprečavanje
Logiranje
i arhiva
skidanja
IM
Ograničenje
Zaustavljanje
Sprečavanje
Početna stranica
ilivirusa
curenja
kontrola
ssa
Zaustavljanje
sadržaja
Kontrola pop-upa,
MP3
prometa
datoteka
na
razini
pod
pristupa
pravilima
webmaila
intelektualnog
neproduktivnim
upotrebe
(Yahoo,
na
Webu
kao
što
su
reklama i spyware-a
pojedinih
copyrightom
poruka
vlasništva
Hotmail,
Webovima
Interneta
etc)
preko
i IM
IM
.vbs,
.exe
Zaustavljanje virusa
sa webmaila (Yahoo,
Hotmail, etc) i IM
Sprečavanje curenja
intelektualnog
vlasništva preko IM
Slide 18
Sprečavanje skidanja
MP3 datoteka pod
copyrightom
Logiranje i arhiva IM
prometa na razini
pojedinih poruka
Blue Coat SG
Vidljivost. Kontrola. Performanse.
Napredno upravljanje pravilima
Tehnološki
partneri
ISS
Blue Coat AV
Usluge
On-Proxy
URL filtriranje
Web
Anti-Virus
AntiSpyware
IM, Streaming Reverse
& P2P kontrola
Proxy
Pravila
Engine za procesiranje pravila
Proxy
Autentikacija, autorizacija, logiranje
Vlastiti OS
SGOS™ Æ Objektno-bazirani OS + caching
Slide 19
Pod kontrolom s Blue Coatom
• Da “dobri” radnici ne rade “loše” stvari na Internetu
– Sve na Webu dovodi do povećanih rizika
• Blue Coat je #1 proizvođač proxy uređaja (IDC)
– Vlastiti, objektno bazirani OS i cache omogućuje wirespeed propusnost
– Upozoravanje, učenje i ograničavanje pomoću fleksibilnih
prava pristupa, do razine pojedinog korisnika
– Isporučeno preko 20000 proxy uređaja širom svijeta
• Znate li što vaši djelatnici rade na Internetu?
– Saznajte, pomoću “Ocjene Web prometa”
– I naučite kako zaustaviti spyware
Slide 20
A Day in the Life of “Bob Kent”
Bob.Kent
zzzzzzz
Edge_Corp4
Slide 22
Launch Internet Explorer Browser
Finds and displays information and Web sites on the Internet
Slide 23
10:45
Edge Corp new AUP - Microsoft Internet Explorer
Internet usage – Edge Corp Acceptable User Agreement.
You are logged in as: Bob Kent
Please respect our Acceptable Use Policy.
Edge Corp. reserves the right to log, monitor and manage all of your Internet usage
including the contents of encrypted sessions.
Click here to accept the policies
Click here to decline and close your browser
Edge Corp new AUP
Slide 24
Yahoo! – Microsoft Internet Explorer
http://www.katysfriends.com
Yahoo!
Slide 25
10:59
Adult content warning – Microsoft Internet Explorer
http://www.amazon.com
Hello again, Bob Kent
This is a message from the IT department. The website you are trying to access:
www.katysfriends.com
Is listed as a site within the category ADULT CONTENT and you are not allowed to visit this site.
Our Internet Acceptable Use Policy is available here: http://intranet.edgecorp.com/aup.htmp
For more help, email IT Support Desk or call extension 2875
Adult content warning
Slide 26
Amazon – Microsoft Internet Explorer
http://www.cnn.com\si.html
Hello again
Bob Kent
This is a message from the IT department. The
company policy is to allow users access to shopping
sites, however all access is logged and sent to
management every week.
This window will disappear in 10 seconds.
Amazon
Slide 27
CNN – Microsoft Internet Explorer
Hello again
Bob Kent
This is a message from the IT department. Your role
allows you to access Sports sites before 9:00 AM, from
12:00-1:00 PM, and after 4:00 PM. Please continue.
This window will disappear in 10 seconds.
CNN
Slide 28
Comet Cursor – 10,000 free cursors - Microsoft Internet Explorer
http://www.cisco.com/jobs
Bob Kent,
This is the IT Department.
You are attempting to download SPYWARE.
Edge Corp blocks known and unknown
spyware downloads at the gateway without
blocking safe content, so you can continue
browsing this site.
Comet Cursor
Slide 29
Hello from Human Resources - Microsoft Internet Explorer
https://gmail.google.com
As valued member of staff, we want to make sure you are happy here at Edge Corp.
If you would like an interview with HR to discuss your role, please email me.
Best Regards,
Lucy Smith
Human Resources
Slide 30
Gmail – Secure email from Google - Microsoft Internet Explorer
https://gmail.goole.com/inbox/28677$5552739/show.do
Gmail – Secure email …
Slide 31
Gmail – Secure email from Google - Microsoft Internet Explorer
https://gmail.goole.com/inbox/28677$5552739/attch-dload.do
Bob Kent,
This is the IT department.
We decrypted this attachment,
found a virus in it, and have
successfully deleted it.
Gmail – Secure email …
Slide 32
Spyware infection - Microsoft Internet Explorer
Hello, Bob Kent
This is a message from the IT department.
Your PC has just tried to send information to a known spyware site:
www.gator.com
We have blocked the spyware from sending your personal information out of the organization (using our
Proxy appliance), however your PC will run more slowly until the spyware is removed.
We are about to redirect you to the spyware removal software to remove this and any other spyware
from your PC, please click HERE to start.
Spyware infection
Slide 33
Slide 34
Paypa1 - Login - Microsoft Internet Explorer
https://www.paypa1.com/PayPal%20-%20Welcome.htm
[email protected]
*******
Bob Kent,
You have tried to POST information
to www.paypa1.com, we think this
could be a phishing site.
Call x3214 immediately for help
Paypa1 - Login
Slide 35
Windows Media Player
Plays your digital media including music, videos, CDs, DVDs and Internet Radio
Slide 36
1:45
Hello again
Bob Kent
Streaming media can adversely effect
network performance and employee productivity.
You cannot access Internet radio sites, or streaming media from
entertainment and sports sites.
Streaming from approved business sites is limited to 128Kbps.
You can access streaming media from internal sites with no
restrictions.
Slide 37
1:46
*******
Slide 38
10:45
Slide 39
BobK: Hey Martin, how are you?
MartinS: Great, what about you?
BobK: Not too bad
MartinS: have you heard about your results yet?
Slide 40
BobK: Hey Martin, I heard of a new development
MartinS: Oh yes, what?
BobK: Well, its project name is Goldengate and…
Slide 41
A Day in the Life of “Bob Kent”
Behind The Scenes
Launch Internet Explorer Browser
Finds and displays information and Web sites on the Internet
Slide 43
10:45
http://www.playboy.com
Slide 44
10:59
Adult Content Policy – Microsoft Internet Explorer
This is a message from the IT department. The website you are trying to access:
www.playboy.com
Is listed as a site within the category PORNOGRAPHY and you are not allowed to visit this site.
Our Internet Acceptable Use Policy is available here: http://intranet.edgecorp.com/aup.htmp
Slide 45
10:59
Statistics for 28/Apr/2005 - 05/May/2005, 9 days
Authenticated usernames:
Jednostavan pregled korisničkih web aktivnosti
Slide 46
Bob Kent
Slide 47
www.playboy.com
Slide 48
Microsoft Corporation – Microsoft Internet Explorer
http://www.hotmail.com
Slide 49
2:05
10:46
MSN Hotmail – Inbox – Microsoft Internet Explorer
[email protected]
[email protected]
Funny email from Jack R.
May 5
29KB
You’[email protected]
Win A Trip for Two To Hawaii
May 5
768KB
Hotmail Staff
Increase your email capacity
May 5
1KB
[email protected]
Here’s Your File!
May 5
29KB
Sam Johnson
Did you see the game last night?
May 4
7KB
Cassandra Love
Call Me.
May 4
540KB
[email protected]
Dinner with Peg and Alan on 4th?
May 4
29KB
Mary Smith
Did you call mom and dad about photos?
May 4
19KB
Kyle Lissabet
Win a free computer.
May 3
760KB
Slide 50
2:06
[email protected]
May 5, 2005 2:35 pm
[email protected]
[email protected]
Free_trip.pif
Mar 31
29KB
Mar 31
768KB
Hotmail Staff
Mar 30
1KB
[email protected]
Here’s Your File!
Mar 30
29KB
Sam Johnson
Mar 30
7KB
[email protected],
Call Me.
Mar 30
540KB
[email protected]
You’ve won a free trip to Hawaii.
Mar 30
29KB
Mary Smith
Mar 29
19KB
Kyle Lissabet
Mar 29
760KB
Cassandra Love
Download the Attached claim form to register and win your trip !
Slide 51
2:06
[email protected]
May 5, 2005 2:35 pm
[email protected]
[email protected]
Free_trip.pif
Mar 31
29KB
Mar 31
768KB
Hotmail Staff
Mar 30
1KB
[email protected]
Here’s Your
File!
Free_trip.pif
Mar 30
29KB
Mar 30
7KB
Sam Johnson
Cassandra Love
[email protected],
Call Me.
Mar 30
540KB
[email protected]
You’ve won a free trip to Hawaii.
Mar 30
29KB
Mary Smith
Mar 29
19KB
Kyle Lissabet
Mar 29
760KB
Download the Attached claim form to register and win your trip !
Hello
Bob Kent
A virus was detected in the file you were attempting to
download.
The attachment/file has been successfully deleted.
Slide 52
2:06
Anti-Virus izvješća:
- ICAP virus ID
- Crvi prema IP adresi
- ICAP virus IP detalji
- ICAP virus korisnički detalji
Slide 53
Bob Kent
Slide 54
Slide 55
Microsoft Internet Explorer
Hello, Bob Kent
This is a message from the IT department.
Your PC has just tried to send information to a known spyware site.
www.gator.com
We have blocked the spyware from sending your personal information out of the organisation (using our
Proxy appliance), however your PC will run more slowly until the spyware is removed.
We are about to redirect you to the spyware removal software to remove this and any other spyware
from your PC, please click on [OK] to start.
Provided by Edge Corp IT Support in conjunction with:
Slide 56
Spyware izvješća:
- Spyware promet
- Zaraženi klijenti
- Blokiran spyware
- Upitne klijentske aplikacije
Slide 57
Slide 58
Spyware blokiran na gatewayu
Slide 59
BobK: Hey Martin, what’s the price of model R?
MartinS: It’s £2,500
BobK: Great, thanks
Last message received on 05/04/2005 at 12:58
Slide 60
Authenticated usernames:
Jednostavan pregled korisničkih web aktivnosti
Pun uvid u IM
komunikacije
Slide 61
http://od-msn.msn.com/14/mbr/dtw_underwtrforensics_msn.wmv
Slide 62
10:59
profile: streaming users
Korisnički profili
Slide 63
.
bob.kent
mark.johnson
adam.fore
mary.smith
jason.shaffer
ed.ward
jill.edwards
mason.peters
stuart.martin
sara.ashly
Bob Kent: 158.06 MB skinutih
streaming sadržaja
Slide 64
Underwater Forensics show
bob.kent
.
389.90 k
Slide 65
Slide 66
Sumarno izvješće
Content Categories
Software Downloads
Slide 67
Blue Coat Solution Suite
PacketShaper
Secure Web Gateway
WAN Optimization
Network Assessment
Malware Prevention
Quality Delivery
Remote Web Control
IM & P2P Control
P2P Traffic Shaping
MPLS Migration
68
ProxySG
Slide 68
Virtualisation and Centralisation
Korak dalje – Akceleracija aplikacija
Multiprotocol Accelerated Caching Hierarchy
Upravljanje Optimizacija
propusnošću protokola
Cache
objekata
Cache
bajtova
Kompresija
File Services (CIFS), Web (HTTP), Exchange (MAPI),
Streaming (RTSP, MMS), Secure Web (SSL), Generic TCP...
Slide 70
Virtualisation and Centralisation
• Centralisation
• Virtualisation
– Eliminate storage arrays in
Remote Offices
– Business-driven
– Business-driven
• Compliance
• Cost
• Cost
• Security
• High availability
• Control
• Power consumption
• Hardware utilisation
Data Center
Storage Centralisation
Remote
Office
71
– Completely abstracting
logical storage from
physical storage
Slide 71
Centralisation with VMWare
• Centralisation and Virtualisation hand-in-hand:
– Moving “physical” servers to a “virtual” Data Center
– Invested in VMware to make this more efficient
• Distance and network characteristics:
– Higher latency, less bandwidth
Virtual DC
– Data transfers are
slower
Bandwidth:
1.5 Mbps (T1)
Latency: 100 ms RTT
– Example data set of 3GB VMware virtual disk file
• Represents 8GB Windows 2003 R2 server
72
72
Slide 72
• Time for V2V via VMware
Converter: 19 mins
Protocols and network
characteristics
• High-level protocols are “chatty”
– TCP, FTP, CIFS and most others
• Network characteristics
– Latency conspires
73
Slide 73
Protocol Acceleration improves
things
• Replaces protocols with a WAN optimized
alternative
– Local acknowledgement
– Larger windows
– Transparent
74
Slide 74
Centralisation, VMWare and Blue
Coat
• Acceleration of:
– Conversions
– Backups / mirrors
• Blue Coat is part of the Technology Alliance
Program
• White Paper and End User presentation
available
75
Slide 75
Basic Return on Investment benefits
• Successful Centralisation and Consolidation
– Faster, more efficient operations
– Benefits not compromised by performance
• More reliable Disaster Recovery
– RPO: Enabled more frequent backups of virtual
servers
– RTO: Faster restoration of virtual servers, limit
downtime
76
Slide 76
Faster V2V Operations
Virtual DC
Bandwidth: 1.5 Mbps (T1)
Latency: 100 ms RTT
77
77
Slide 77
Faster Mirroring and Restores
Virtual DR Site
Bandwidth: 45 Mbps (T3)
Latency: 200 ms RTT
78
78
Slide 78
Quicker Backups of ESX Servers
Bandwidth: 45 Mbps (T3)
Latency: 200 ms RTT
79
79
Slide 79
Bigger Picture
Enterprise Application Delivery
Non-business
Web
CRM / ERP
Transactions
Malware /
Threats
Data CenterFiles
&
Email
Voice / Video
Real Time
Remote
Office
81
Business Web
& SaaS
Slide 81
Identify and Control Traffic
• Identify and contain recreational traffic
– Bandwidth impacting
– Evasive applications
– Dynamic policies
without
Application QoS
• Identify and protect business traffic
– Application-level QoS
– Applications and sub-apps
– Consistent performance
82
Slide 82
with
Application QoS
Apply the right acceleration
investment
• Application performance problems
– Caused by different network and application
characteristics
– Benefit from different WAN Optimization
technologies
Server / storage
consolidation
CIFS, MAPI, TCP protocol acceleration
Byte and Object Caching
Content compression
Voice and
Rich Media
Per-call QoS for voice
Object caching and content pushing for video
Byte caching and feed splitting for streaming media
Business web and
SaaS
HTTPS acceleration
Differentiation between applications and content
Differentiation within applications
–
83
Slide 83
Accelerate business applications
Reduce bandwidth and latency with Object Caching
Reduce bandwidth with Byte Caching
Reduce bandwidth with Compression
Reduce latency with Protocol Optimisation
WAN
ProxySG
84
ProxySG
Slide 84
Acceleration benefits across the
board
85
85
Slide 85
Big Picture Return on Investment
• Control traffic
– Contain recreational traffic, protect business apps
– Reclaim 50% of WAN bandwidth expenditures
• Solve WAN congestion
– Maximize WAN link capacity
– Avoid bandwidth-driven upgrade costs
• Leverage WAN optimization investment
– Understand what business traffic can benefit
– Increase network capacity by 2x-4x and more
86
Slide 86
Summary
Summary
• Virtualisation and Centralisation
– Driven by business goals
• Cost, control and availability
– Problems undermine these goals
• Blue Coat solves those problems
• They exist in the context of a Bigger Picture
– Organisations need to
• Identify and control traffic
• Invest in the right acceleration technologies
• Major Return on Investment with Blue Coat
– Basic ROI benefits: costs and reliability
88
– Big Picture ROI benefits:
Slide 88 costs and performance
PacketShaper
Secure Web Gateway
WAN Optimization
Network Assessment
Malware Prevention
Quality Delivery
Remote Web Control
IM & P2P Control
P2P Traffic Shaping
MPLS Migration
89
ProxySG
Slide 89
Blue Coat Visibility Overview
& PacketShaper Detail
Market & Customer Issues
Blue Coat Visibility & How We Help
AGENDA
PacketShaper Overview
PacketShaper Detail & Management
Solution Focus: Voice & Real Time Apps
Summary
91
91
© Blue Coat Systems, Inc. 2008. All Rights Reserved. Confidential.
Slide 91
Customer Problem - Unknown
Problems
• Key Applications Not Performing
• Network Performance Issues
• Network Takes Blame
• New Apps/Initiatives Planned
92
Slide 92
Tools Deployed Not Good Enough: Slow MTTR
Not Smart Enough
New Demands:
Voice, Video
Reactive
No Ability to Fix
93
• No application view (network based)
• Big problems avoid detection/resolution
• Newly added to converged MPLS networks
• VERY performance sensitive, no tools deployed
• End user complaints
• How do you resolve issues?
Slide 93
Not Smart Enough – Layer 3 & 4 Info
• NetFlow & Probe Based
• 80% HTTP/SSL (Port 80/443)
– SAP, Oracle, Salesforce, Intranet,
Exchange,
– YouTube, iTunes, P2P, Streaming
• Compound Enterprise Apps
– Order entry vs. DB replication
• Difficult to troubleshoot
94
Slide 94
Biggest Causes of Problems Are
Elusive
• Recreation 40-60% of WAN
– Port hop, tunneled, encrypted
– Backhauled over WAN
– Drive out Mission Critical
Intranet
SaaS
(Software as a Service)
Wiki Blog
Shares
95
Slide 95
New Demands Voice & Video
Conference
Unmet Needs for Voice
• Voice Quality
– Mean Opinion Score
(MOS)
• Network Parameters
Unmet Needs for
Voice Monitoring
Nemertes Research
96
Slide 96
– Loss, latency, jitter
• Bandwidth Utilization
Reactive Workflows – No Resolution
End User
Network/NO
C
Helpdesk
Resolution?
• Valid?
• Is SAP slow?
• Which part of SAP?
• Network problem?
• What is causing issue?
• Who is causing it?
• How do I fix it?
Complaint
“Network is slow,
SAP is slow”
• Reactive – End User Starts the Process
– Complaints are main source of “alerts”
– Can’t we track key applications?
• Resolution – how do you fix network problems?
– Shut down user/server?
– Twiddle with ACLs on router?
97
Slide 97
Blue Coat Visibility – Overcome
Limits
• Application View, Fix Problems & Deliver ROI
98
NotClassification
Smart Enough
•
•
•
Layer 7+ Autodiscovers 600+ Applications
Find elusive recreation: iTunes, YouTube, etc.
Break down compound Enterprise apps: SAP, Oracle, Citrix
New
Demands:
Voice
Quality
Voice, Video
•
•
•
Real traffic, in real time for voice and video conf (RTP)
Quality (MOS, rFactor) and Utilization (peak & average)
Jitter, delay, loss
Proactive Response
Reactive
Time Monitoring
•
•
•
Track end user experience – network delay, server delay
Set baselines and exception thresholds
Alert, alarm & integrate: SNMP, XML, Email
FixAbility
Problems
No
to Fix
•
•
•
Apply Powerful QOS & Compression - RESOLVE
Contain recreation, protect mission critical
Integrate with acceleration devices like ProxySG
Slide 98
Visibility Return on Investment (ROI)
• Reclaim bandwidth
– Minimize recreation
– Regain 20-60% of WAN
• Increase Capacity
– 2x-4x WAN bandwidth
increase
• Faster Isolation
– Simplify troubleshooting
– Reduce helpdesk calls
• Insurance
– Assure performance of apps
– Protect infrastructure
investment
99
Slide 99
– Maintain business continuity
How Blue Coat Helps - PacketShaper
•
Install (inline or out of line)
•
Classify - AutoDiscover Applications
•
Measure 120+ stats per class
– Utilization
– End user response – server, network delay
– Voice MOS, Jitter, Delay, Loss
– Diagnostics (TCP Health, Hosts, etc)
•
Resolve Immediately & Build ROI
– Quickly isolate issues
– Repair - QOS: Contain recreation, protect
critical
– Increase capacity 2x-4x – Compression
10
0
Slide 100
Classification: Basis of Control
Classification
Metrics
Usage
RTM
VoIP
Diagnostics
Management
• Discover Applications on Network
• Find Elusive P2P, YouTube, iTunes,
etc
• Break down Oracle, SAP, Citrix,
Microsoft
• Align Class Tree to Business
– Track business processes – end user response
– Monitor SLAs – carrier, internal app
– Monitor utilization/budget per application
– LimitSlide
recreation
101
The Smartest Classification
Technology
Classification
Metrics
Usage
RTM
VoIP
Diagnostics
Management
• Layer 7+ AutoDiscovery
• Validation, Behavior, History, etc.
• Business vs Recreational
• Plug-in Architecture
Slide 102
Application Based Utilization &
Metrics
Classification
Metrics
Usage
RTM
VoIP
Diagnostics
Management
• Top Applications, Users
• Where is WAN Budget
spent?
• Real Time
Troubleshooting
Customer Sees 60% of
WAN is Recreational
• Long Term Capacity
Planning
Slide 103
Response Times: Measure
Transactions
Classification
Metrics
Usage
RTM
• End-user experience
• Network & Server
Delay
• Thresholds for SLA
– Alert, alarm, integrate
Slide 104
VoIP
Diagnostics
Management
Voice Metrics: Real Traffic, Real
Time
Classification
Metrics
Usage
RTM
VoIP
•
Diagnostics
Management
For Real Time Protocol (RTP)
– Voice
– Video Conferencing
•
Call Volume
•
Network Metrics
– Loss
– Latency
– Jitter
•
Quality
– Mean Opinion Score (MOS)
– rFactor
Slide 105
Troubleshooting Diagnostics
Classification
10
6
Metrics
Usage
RTM
VoIP
Diagnostics
Management
•
Host Analysis – Real time host/IP address view (below)
•
TCP Health – Connection state (good, aborted, refused, ignored)
•
PacketCapture – Targeted Capture TCPDump format
•
Synthetic Transactions – HTTP/S, FTP, SMTP, Echo & Custom
Slide 106
Using PacketShaper Information
Classification
Metrics
Usage
RTM
VoIP
Diagnostics
Management
• PacketShaper Onboard Reporting (on-box)
• Adaptive Response – Automate
• Integrate into frameworks
– SNMP, XML & NetFlow
• Blue Coat Central Management
– Central collection & reporting (ReportCenter)
– Centralized policy & administration (PolicyCenter)
10
7
Slide 107
Integrate into Management
Frameworks
Classification
Metrics
Usage
RTM
VoIP
Diagnostics
Management
• Real Time Application View for Existing
Frameworks
– PacketShaper classification intelligence
– Application based – utilization (capacity), response,
diags
– QOS control to fix issues on same platform
• Standardized Interfaces
– SNMP, XML and NetFlow interfaces
– Alarm & trap in existing infrastructure
10
8
Slide 108
Central Management:
IntelligenceCenter
Classification
Metrics
Usage
RTM
VoIP
•
Diagnostics
Management
Centralized Reporting
– Collection (flows or ME)
– Correlation
– Reporting & Alarms
•
SLA Dashboard (left)
– Quick summary app
performance
•
Different Roles & Views
– Per app
– Per site
– Customized portals
IntelligenceCenter
10
9
Slide 109
Central Management: PolicyCenter
Classification
Metrics
Usage
RTM
VoIP
•
Diagnostics
Management
Centralized Policy
– Templates & Group Policies
– Layered & local policies
•
Automated Administration
– Back up configurations
– Distribute software updates
– Access & distribute plug-ins
• Monitor Health & Status
– Asset info
– Status & health
•
Simplify Large Deployments
– 1000 units from single console
11
0
Slide 110
Blue Coat QOS: Fix Problems
•
Smarter:
– Application based
Blue Coat Application QOS Manager
– Identify recreation
•
Granular
– Per application
– Per call, per flow
•
Powerful
– Includes Inbound
– Patented TCP Rate
Control
•
Simple
– On box policy manager
– Centralized PolicyCenter
111
Slide 111
Compression: Increase Capacity
• Real Time
Compression
– RAM Only - Low
latency
– Application specific
– All apps (RTP, UDP,
etc)
• 2x-4x Capacity Gain
– Increase WAN pipe
– Fit more calls, sessions
• ProxySG for Caching!
11
2
– Object caching
Slide 112
Byte caching
PacketShaper Compression
• Byte Cache Libraries
Traffic Type
Service Examples
Algorithm
Remote Desktop
(binary)
Citrix-ICA, GoToMyPC
Email (text)
SMTP-Clear, POP3Clear
ICNA
Enterprise
(binary)
RADIUS-Auth, rsync
CNA
File Server (text)
NetBEUI, Microsoft-ds
CNA
Web
HTTP, SOAP-HTTP
CNA
– Header compression
Text
Telnet-Clear, FTPCmd-Clear
CNA
– Packing
VoIP
Clarent-Voice-S, RTP-I
UDPRT
Instant Messaging
(text)
Lotus-IM-SrvrEx, IRCChat
CNA
Database
Oracle-netv2, MSSQLServer
CNA
ICNA
– RAM-based
– Per application libraries
• Multiple compressors
– CNA, ICNA, UDPRT
– Optimize per app type
• Automatic Backoff
– Revert to “stateless”
– High loss links
– Scale to 1000 tunnels
Slide 113
QOS Limitations: MPLS & Routers
• MPLS Manages Carrier Cloud
– Not CPE LANÆWAN Transition
• Marking Policies Hard
– No application view (IP address,
VLAN)
– No validation
– Complex ACLs
– Tough to provision
• Oversubscription
– Provision real time class
– More calls: overflow
– Add video: overflow
– RED – drop across calls
Slide 114
“For simple environments
aggregate QOS schemes can
work. As voice moves en
masse to WAN – with video –
simple schemes go awry”
Effective QOS
•
Citrix Sub Class
Needs to Be Smart
Voice: RTP-I by Codec
– ID recreational traffic
– Sub-classify compound apps
– Thin Client: Interactive v. Bulk
•
Contain Problems
– Recreation
– Disruptive Enterprise Apps
– **Thin Client Print
•
Contain Disruptive Traffic
Protect Critical
– Application based
Rate
Control!
– Per call QOS
– When aggregates fail
11
5
Slide 115
Provision QOS
Great ERP performance
Protected from apps and
congestion
Voice quality – 100%
assured
all-level QoS
• Contain Disruptive
• Protect Voice
• Mark MPLS
11
6
Slide 116
100% control of
recreational traffic
No matter how much it tries to
hide
Intelligent Marking for MPLS
Networks
DiffServ, MPLS, TOS
VoIP
Bandwidth allocation
SAP
256 Kbps
Email
768 Kbps
Best effort
Slide 117
Classes of Service
PacketShaper Models
Branch Office
Enterprise Core
PacketShaper Product Line
PS900
PS1700
PS3500
PS7500
PS10000
Max Throughput
2Mbps
10Mbps
45Mbps
200Mbps
1Gbps
Maximum Classes
256
512
1024
1024
2048
Max Concurrent Flows
5K
30K/15K
40K/20K
200K/100K
300K/150K
Compression
2Mbps
20Mbps
20Mbps
45Mbps
155Gbps
Max Compression Tunnels
5
15
30
100
1000
Link Speeds with Shaping Options
(bps)
512K, 2M
2M, 6M, 10M
2M, 6M, 10M,
45M
10M, 45M, 100M, 100M, 200M,
200M
310M, 1G
Interface Pairs
2
1
1 + LEM option
1 + LEM option
1 + LEM option
Interface Type
Copper
Copper
Copper
Fiber Options
Fiber Options
Size
Small Form
1U Rack
2U Rack
2U Rack
2U Rack
11
8
Slide 118
Network Assessment
• Also known as:
– Network Performance
Analysis
– Performance Baseline
• Process
– Install PacketShaper:
• Out-of-line: span, mirror,
tap
– Let it run for a few
days/week
– Extract reports and info
– Create recommendation
119
Slide 119
PacketShaper: Asymmetric Core Deployment
Branch
Offices
Centralized Data and
Applications
Core
PacketShaper
WAN
Data
Center
IntelligenceCenter
PolicyCenter
12
0
Slide 120
PacketShaper: Symmetric Deployment
Public Web
Servers
Web Content and
Applications
Centralized Data and
Applications
Internet
Customers and Partners
Branch
PacketShaper
Core
PacketShaper
WAN
Branch
Offices
Data
Center
IntelligenceCenter
Branch
PacketShaper
PolicyCenter
12
1
Slide 121
Employees
ProxySG Classification Plug In
•
Blue Coat Has Acceleration
– CIFS Acceleration, Byte
Caching
– Magic Quadrant Leader
•
Blue Coat Accelerates More
– Streaming/Rich Media
– Web SSL
•
ProxySG is best acceleration,
– ProxySG Classification PlugIn:
– Visibility for Accelerated Apps
PacketShaper Classification Plug-In
for Blue Coat ProxySG
12
2
Slide 122
Product Suite to Integrated ADN
Blue Coat Application Delivery Networks
Visibility
• 54+ million Web URLs
Full Web/SSL Visibility
Discover Applications
PacketShaper
Assess & Monitor
Performance
• Discovery
& Classification
• Performance Monitoring
•Troubleshoot
Granular QOS & Report
• RAM-based Compression
Best in World Classification
Acceleration
Security
ProxySG
• Byte Caching & Compression
WAN Optimization
• Protocol Acceleration
• Object Caching & Pipelining
Web Cache &
• Content Delivery Network (CDN)
• QOS Acceleration
• Streaming Acceleration
TrafficWeb
Control
• Asymmetric
& SSL
• Direct to Net Recreation Control
Real
Time
Applications
Magic
Quadrant
Leader
Voice, Video Conf, Thin Client
WAN Recreational Control
Slide 123
•Web
URL &Content
Content Filter
& URL
• Malware Protection
Filtering
• Authentication
• Policy Control
Malware Protection
• Advanced security proxies
• Cloud Service Redirect
Real-Time Cloud
Protection Service
Magic Quadrant Leader
PacketShaper
Secure Web Gateway
WAN Optimization
Network Assessment
Malware Prevention
Quality Delivery
Remote Web Control
IM & P2P Control
P2P Traffic Shaping
MPLS Migration
124
ProxySG
Slide 124
Full Spectrum Acceleration: Blue
Coat
Bulk Data Services
Web & SSL Applications
Rich Media
External Applications
Real Time Applications
Files, Email, Backup
Enterprise Apps, ERP/CRM, Intranet
Live Casts, Training Video, Streaming Media
SaaS/Business Web, Recreation, Malware
Voice, Video Conf, Thin Client, Transactions
Slide 125
Blue Coat Acceleration Benefits
Bulk Data Services
Web & SSL Applications
Accelerate 15-40x (up to 300x)
Reduce Bandwidth 50-99%
Speed 15-25x, reduce bandwidth 30-99%
Securely Mediate SSL through PKI Integration
Rich Media
Multiply Bandwidth 100-1000x
Deliver Streaming & Live Video over Existing Links
External Applications
Business Web 15-50x Faster, Reduce Bandwidth
Reduce Recreation 90% Enforce Policy & Secure
Real Time Applications
Reduce Jitter & Delay by 60%
Enable Convergence, Thin Client & VDI
Slide 126
IBM Forum
HV
AL
A
Saša Mandžukić
[email protected]
www.emc.ba
033 789 480

PacketShaper

Transcription

Similar documents

Magic-YES-Double T - Lubbock Radio Advertising

Doublehead Resort on Beautiful Lake Wilson Town Creek, AL Cost

Appendix 2 PDF 2 MB

September 25, 2015 - Kent School District

Body Seam Selaers Quickseal

Pg 9

Zippity Do Da - Digital Commons @ Kent State University Libraries

GET THE WORLD`S LEADING PROXY APPLIANCE

Presentation

Cobblestone Grill

PacketShaper

Packeteer`s PacketShaper

How to add new device models and classes to NetVoyant

PacketShaper Quick Start Guide

PacketShaper CLI Commands (11.2)