Security and Acceleration - A contradiction in terms?

Nigel HawthornVP EMEA Marketing

Blue Coat: WAN Application Delivery

• Profitable, public company (NASDAQ: BCSI), founded in 1996

• 93 of Fortune Global 100 are Blue Coat customers

• 6,000+ customers across 150+ countries

• Global Support Services team

• Proven pedigree of web performance and security innovation

TEC

HN

OLO

GY

TRE

ND

S

Faster, Global, Mobile, Secure

REGULATORYTRENDS

Climate of Governance

Protect Privacy

Manage Risk

BU

SIN

ESS

TREN

DS

EnterprisesEnterprises

Accelerate the Business

Business Boundaries Blur

Virtual, Flat Corporation

Adoption of Web 2.0 & SOA (Service Orientated Architcture)

Worker Mobility and Devices

Services – Not Software

Remote Offices

On-Demand Applications and Services

Server Consolidation

Challenges for IT Executives

Mobile Workers

Legacy Client/Server Applications

HTTPS

Personalized Portals

my

Web 2.0 Applications & Mash-Ups

• Long distances, more traffic and chatty protocols hurt performance

• Uncontrolled/unwanted traffic causes congestion• Security attacks hide in the application layer, more

applications are encrypted• Can’t deliver applications quickly to remote and

mobile users

OR

Packet and Storage

Accelerators

Packet and Storage

Accelerators

ACCELERATE EVERYTHING!Assume its all good and accelerate

Security and Acceleration – A Never ending battle

STOP EVERYTHING!Assume its all bad and check

SECURITYTechnologies

SECURITYTechnologies

STOP BAD. ACCELERATE GOOD

Faster, Secure Delivery of Business-Critical Information….. To Help the Business Run Better

The Answer: Stop the Bad. Accelerate Good

Acceleration – Its all about traffic & latency

Why So Slow?! Take the Quiz

45Mbps = 5.625MBps so 4 / 5.625 = 0.7111

A) 0.7 seconds.

Your Network: 45Mbps bandwidth100ms latency (round trip)

Question: You open a 4MB PPT file from a remote server. How long will it take?

Hint: CIFS is a WAN protocol “worst-offender”.It sends data in 4KB chunks, then waits for an acknowledgement.

4MB = 1000 x 4KB chunks1000 trips there1000 trips back 2000 trips x 0.1 sec = 200

B) 200 seconds.

4K

B S

en

t4

KB

Se

nt

4K

B S

en

t4

KB

Se

nt

AC

K!

AC

K!

AC

K!

AC

K!

RESULT: Non-Linear Performance Gains as Bandwidth is Added!

Why So Slow?!

• Bandwidth is the width of the road• Latency is the speed

• We make our data travelmillions of miles andthe speed of light is too slow!

• Add Layer 7 protocols Designed for LANs

• Add rogue traffic• Add congestion (firewall, server, OS overhead, routers)

Pe

rfo

rman

ce →

Bandwidth →

ExpectationExpectation

RealityReality

PricePrice

WAN Optimisation Technology

Legacy WAN Optimization

What about the rest of your traffic?

• Fix Basic Protocols

• Compress with Byte Caching

• Some Add Wide Area File Services

Accelerate SSL Applications

• SSL use is growing– If it’s important,

it’s encrypted!

• Internal apps are hard to accelerate

• External apps are even harder

• Handle with care

Open, Inspect, Accelerate SSL Applications

Are You Video Ready?

Remove unwanted video. Accelerate the rest

• What’s already on the WAN – Earnings announcement

– Compliance mandated E-learning

– YouTube.com

• Is it at least controlled?

• Split streams for live broadcast

• Distributed video on demand

Stop Accelerating the Junk!

• Why accelerate? – Frivolous surfing

– Bulk downloads

– Peer-to-peer

• Get rid of it!– Or it will grow

– Crowd out good apps

Flexible, User Based Bandwidth Control

Start Accelerating the Rest

• Web traffic is huge

• Fastest growing traffic

• HTTP, and then some

– Web services

– Web widgets

– Java clients

• Get the Internet off your WAN; connect remote offices direct to the ‘net

Deliver Web-Based Applications Without Extra Bandwidth

Ultimate in WAN Optimization

Multiprotocol Accelerated Caching Hierarchy

BandwidthManagement

ProtocolOptimization

ObjectCaching

ByteCaching Compression

File Services (CIFS), Web (HTTP), Exchange (MAPI), Video/Streaming (RTSP, MMS), Secure Web (SSL)

• Divide traffic into classes, by:– User, application, content, transaction, application protocol, etc.

• Guarantee priority and min and/or max bandwidth for a class• Align traffic classes to business priorities• Even for SSL encrypted applications• Operates alone, or integrates with your existing packet-layer QoS

Salesperson, placing order with Sales Automation App

Priority 1Min 400Kb, Max 800Kb

Non-Sales Management Pulls Client List

Block

Salesperson query with Sales Automation App Priority 2Min 100Kb, Max 400Kb

Bandwidth Management – Business Process

Marketing person, Surfing Sales Automation App (reporting) Priority 3Min 0Kb, Max 200Kb

Protocol Optimization

10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCP

Object Caching

• Client served from local proxy

• 100% acceleration – no data across WAN

• Works on second, and all subsequent requests

BRANCH

DATACENTER

Byte Caching

110111110011100100100101110[REF#1] 00011110001110011000110000010011110000001101111010010[REF#2] 010101010100101000010100

110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100

Byte CachingByte Caching

1101111100111001001001011101111111111111111111111111111111111111111000111100011100110001100000100111100000011011110100100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000101010101001

01000010100

• Proxies “learn” common patterns

• Create short references and pass those instead

• Works on all files, all applications over TCP

110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100

Compression

11011111001110010010010111001100101011101100100001001100111001000001111000111001100011

110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100101010101010010101010101010100101000010100

COMPRESSIONCOMPRESSION

11011111001110010010010111001100101011101100100001101001100111001000001111000111001100011000001001111000000110111101001000011011010010111110011010011101101001101001111001000000000000111001011100101101101101001001001010101001010101

0101101100101100010100

• Industry-standard gzip algorithm compresses all traffic

• Removes predictable “white space” from content and objects being transmitted

MACH5 Techniques Work Together

Object Caching• Caches repeated, static app-level data; reduces BW and latency

Byte Caching• Caches any TCP application using similar/changed data;

reduces BWCompression

• Reduces amount of data transmitted; saves BW

Bandwidth Management• Prioritize, limit, allocate, assign DiffServ – by user

or application

Protocol Optimization• Remove inefficiencies, reduce latency

What About The Office of One?

• Poor performance

• Inconsistent performance

• No control over user experience

Desktop Client for Acceleration and Control

Aren’t We All Mobile Users?

Acceleration Performance

Microsoft Word File size - 10 MB

104 sec.1 min

2 min

16 sec.

No Client

With SG Client

File Open

File Open

(warm)

File Open (cold)

3 sec.

Microsoft PowerPoint File size - 1 MB

21 sec.

20 sec.

6 sec.

2 sec.

No Client

With SG Client

File Open

File Open

(warm)

File Open (cold)

Test bed: Office 2003, Win XP, 1.544 mbps full duplex, 200 ms

Security – Its all about context

Who, what, when, why, how,

Today’s Network Requirements

TODAY’S NEEDS

SEE

SECURE

ACCELERATE

CONTROL

Complete view and understanding of all applications

Granular control over all users, devices and any application

Defend against external and user-based threats

Faster delivery of business-critical applications unique to each office, department, user

WAN/Internet

Internalor

External

Users Applications

Users and Applications

Internalor

External

WAN Application Delivery (WAD)WAN optimization, User security, Policy control

Packet DeliveryPackets, Ports and Flow Control

Full Protocol Termination = Total Visibility & Context(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, Telnet, DNS, etc.)

Only a Proxy can deliver

PROTECT• Prevent spyware,

malware & viruses• Stop DoS attacks• IE vulnerabilities,

IM threats

See, Secure, Accelerate, ControlSee, Secure, Accelerate, Control

ACCELERATE• Governed by policy• BW Shaping, Compression,

Protocol Optimization• Byte, Object & Predictive

Caching

+

CONTROL• Fine-grained policy for applications,

protocols, content & users (allow, deny, transform, etc)

• Granular, flexible logging• Authentication integration

+

Define appropriate policies

AnyMMSHTTPSFTPHTTP

AnyIE 6.xRealPlayerAOL IMIE 5.0

Any

Any

Any

Any

Any

Any

Stream.XLSStreamP2P

Job-sitesWeb-mailSportsNews

PupilsExecutivesIT StaffTom

TokyoParisLondonNew York

Weekends5:00 – 12:008:00 – 5:0012:00 – 8:00

TrainingCustomerSupplierIntranet

Protocol

Agent

File/MIME type

Content

User/Group

Place

Time

Source

Allow Disallow Virus Scan Accelerate Replace Allow, but limit

Coach Splash Page Log by user Email mgmnt Patience page

Log traffic Block on keyword Block non-text

Why Performance and Security Together?

• Single policy

• Increasingly, we can’t install security without acceleration – impeding business is unacceptable

• Removing unwanted traffic results in a performance increase

• Branch offices must minimize hardware and management

• Need to maximize WAN investment

Legacy WAN Optimization

Blue Coat WAN Application Delivery

Going Beyond Legacy Optimization

Fix Protocols

Byte Cache

Compress

4. Optimize Web Traffic

3. Remove the Junk

2. Manage Video

1. Accelerate SSL

5. For All Users Everywhere

What makes Blue Coat unique

• 10 years experience of improving content delivery– First caching appliances worldwide

• Deep understanding of users and content– Layer 7 knowledge, not just packet networking

• Most powerful security functionality– All types of data, unlimited policy flexibility

• Flexible deployment options– From country to end device

• High performance appliances– Thin OS, no public-domain, no general-purpose OS

• No compromise – performance and control together