1 / 22

Application Challenges and Solutions Server Farm and Application Security

Layer 4-7 Application Switches in the Data Centre and beyond High Availability, Security, Scalability and Business Continuity for Critical Applications. Agenda. Application Challenges and Solutions Server Farm and Application Security Layer 4-7 Security Switches Q&A.

arwen
Download Presentation

Application Challenges and Solutions Server Farm and Application Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Layer 4-7 Application Switches in the Data Centre and beyondHigh Availability, Security, Scalability and Business Continuity for Critical Applications

  2. Agenda • Application Challenges and Solutions • Server Farm and Application Security • Layer 4-7 Security Switches • Q&A Foundry Networks Confidential and Proprietary

  3. Key Challenges of Business Critical Applications and Server Farms • High Availability • Resource Down Implies Service Down – Tight Linkage to Service Availability • Poor Recovery and Fault Tolerance from Traditional Clustering • No Service Resilience During Disasters – Need for Datacenter Redundancy • Security • Increasing Threat from Sophisticated and High-Speed Attacks • Minimal Security Built into Traditional Servers and Applications • Scalability and Performance • Scalability Requires Massive Servers and Forklift Upgrades • Sub-Optimal Resource Utilization and Poor Service Response Time • Performance and Bandwidth Bottlenecks for SSL-Enabled Web Applications • Manageability • Application and Server Proliferation Contributes to Complexity • Operational Changes Disruptive to Service Foundry Networks Confidential and Proprietary

  4. The New Datacenter – High Performance Application Switching with Web Acceleration • Superior Application Switching, Security Performance and Scalability • On-Demand and Scalable Web Acceleration and Optimization • Transparent High Performance Web and Non-Web Application Switching • Investment Protection for Servers and Layer 4-7 Switches E-Mail Servers Layer 4-7 Application Switches Web Browsers Web Servers Financial App Servers Mobile and Wireless Users DoS Attack Prevention Data Storage and Database FTP Internet and Intranet Users SSL Accelerators, Bandwidth Optimizers and Web Caches Foundry Networks Confidential and Proprietary

  5. Virtual Application Infrastructure Server Farm Application Switching Web Apps Add a New Server to Pool Transparently Remove Server from Available Pool Financial Apps Health Check Fails Layer 4-7 Switch ERP Apps Key Features and Benefits • Efficient Load Balancing • Granular Server and Application Health Checking • Advanced Content Switching • URL, Cookies, SSL ID, HTTP Header, XML, Others • Graceful Shutdown and Slow Start for Server Management • Server Connection Offload with HTTP Persistent Connections • Transparent Support for any IP Application – TCP, UDP, Others • High Availability Load Balancing with Rapid Stateful Failover • Inbound or Outbound Caches Foundry Networks Confidential and Proprietary

  6. SSL and Web Accelerators • Dedicated Accelerators Co-Deployed with Application Switches or Embedded within them • SSL Acceleration and Termination • Layer 7 Persistence for SSL Traffic • Transparent HTTP Compression • Centralized Certificate Management • Accelerator Scalability with Load Balancing and Failover • Protection against Accelerator Failures – Rapid Failover and Automatic Failure Detection Virtual Application Infrastructure Server Farm Application Switching Web Apps Email Financial Apps Application Switches ERP Apps SSL Accelerators Foundry Networks Confidential and Proprietary

  7. Global Server Load Balancing (GSLB) • Geographic Scalability for Critical Applications • Multi-Site Redundancy and Disaster Recovery • Optimized Performance and End-User Response Time by Localizing Traffic • Transparently Leverage Existing DNS • Select Best Site for User Based on a Range of GSLB Policies • Direct Users to the Selected Site by Returning Site IP in DNS Response • Re-Direct Users to Available Sites GSLB Controller ADNS Server 2 2 LDNS #1 LDNS #2 3 3 Application Switches Using GSLB Protocol 1 4 1 4 5 5 Real Servers Real Servers User Group User Group Datacenter #1 Datacenter #2 Foundry Networks Confidential and Proprietary

  8. Primary Datacenter Health Monitor Application Switches Critical Applications Disaster Internet / Extranet Disaster Recovery Site Application Switches Critical Applications Users Multi-Site Redundancy with Intelligent Routing Based Global Load Balancing Direct User Requests to the Nearest Available Site Primary/Backup Datacenter Operation with Automatic Site Failover Totally Transparent (Leverages Standards-Based Routing Protocols) Optimized Performance and End-User Response by Localizing Traffic Rapid Service Restoration During Datacenter Failures Foundry Networks Confidential and Proprietary

  9. ISP Link Load Balancing (LLB) Router #1 • Utilize all available ISP links simultaneously • Intelligently balance traffic to achieve optimal utilization • Gain leverage for price and service • Aggregate low-capacity links to create “fat” virtual links ISP1 Router #2 Enterprise Network Internet ISP2 Load Balancer Router #3 ISP3 Foundry Networks Confidential and Proprietary

  10. Agenda • Application Challenges and Solutions • Server Farm and Application Security • Layer 4-7 Security Switches • Q&A Foundry Networks Confidential and Proprietary

  11. New Security Requirements for Emerging Threats • Application Level Threats are the New Menace • Denial of Service Attacks (@ Wire-Speed Gigabit Rates) • Viruses, Worms, Illegal Content Spreading via Application Messages • Application Resource Abuse • E-Mail SPAM • Key Challenges to Defeating these Threats • Host-Based Approaches are Inadequate and Poor to Scale • Traditional Network Security is NOT Application Aware • Traditional Firewalls Not Designed for High-Performance Protection • Lack of Visibility into the Network • Layer of Defense for Server Farm and Applications Required • Purpose-Built Layer 4-7 Application Switches Provide this Defense Foundry Networks Confidential and Proprietary

  12. Protection from Attack for Server Farms and Applications • Denial of Service Attack Protection with SYN-Guard • Application Level Rate Limiting of Server and Client Connections • SPAM Protection and Mitigation with Spam-Def • Always-On sFlow Traffic Monitoring • Virus and Worm Protection with Content Inspection and Filtering • High Performance ACL and NAT • Peak Application Performance while Under Attack Hardware based Security - Peak Application Performance Under Attack Virtual Application Infrastructure Multi-Gigabit Rate Denial of Service Attack Blocked Application Messages Hacker Miss-Critical Application Servers IP Network Application Switch Legitimate Client Legitimate Traffic Foundry Networks Confidential and Proprietary

  13. Complete TCP Connection C1 Good Client NO TCP Connection C2 Bad Client High-Performance SYN and ACK DoS Attack Protection Using SYN Cookies Server A 1 TCP SYN Application Switch 4 2 TCP SYN ACK – Special SEQ 3 TCP ACK – Special SEQ Servers TCP SYN 1 Server B TCP SYN ACK – Special SEQ 2 BAD TCP ACK – Special SEQ 3 Protects Server from Attack • ServerIron’s Connection Proxy and Smart SYN-Cookie Protects Against TCP ACK Attacks • Offers Firewall Protection when Deployed in Front of Firewalls • Protects against SYN and ACK Flood Attacks Foundry Networks Confidential and Proprietary

  14. Network-Based SPAM Prevention and Mitigation is the New Emerging Trend • Goal: Block as Much SPAM as Possible @ the Network • Minimizes Scope of the Problem by Substantially Reducing SPAM • Makes the Problem Manageable with Reasonable Resources at the Host Level • Key Requirements: Dynamic Policy Enforcement • SPAM Lists Could Run into Millions – Scalability is Critical • Lists are Subject to Change – Frequent Download • No Open Windows of Opportunity for Spammers • Scalability and High Availability of Content Solutions • Host-Based Solutions will Always be Necessary • Targeted Processing Critical to Scale and not go Bankrupt • Intelligent Switching and Load Balancing Brings Sanity Foundry Networks Confidential and Proprietary

  15. Agenda • Application Challenges and Solutions • Server Farm and Application Security • Layer 4-7 Security Switches • Q&A Foundry Networks Confidential and Proprietary

  16. Security Market Needs and Trends • Network Perimeter as we knew it is Disappearing • Mobility, Convergence, Remote Access, Growing Internal Threats • Need for Security Everywhere in the Network • Well Established and Agreed Role of Network to Deliver Security • Organizations are Gravitating Towards Network-Based Security Solutions • Protection for Infrastructure, Services, Critical Resources • Moving Beyond the Firewall Without Giving Up on Firewalls • Enterprises Endorse the Need for Solutions that Augment Firewalls • Firewall Market is STRONG, but Layer 7 Security is Growing Rapidly • Emerging Vision/Trend of Network-Wide Security is Catching On • Network Integration is Seen as Inevitable and Required • Solutions that Promote Incremental Steps are Needed • Growing Attacks and Threats in Content and Service Provider Infrastructure – These Customers Can’t Rely on Firewalls Foundry Networks Confidential and Proprietary

  17. Secure Network Architecture Using Layer 4-7 Security Switches Wire Speed LAN Switching Security -L2/L4DoS Attack Prevention -Port, CPU, VLAN, & Rogue Protection sFlow based Anomaly IPS Solution -Zero-Day Solution -Interface to Network Mgmt. for Remediation Anomaly Based IPS • External Collector, Analyzer • External Closed-Loop Interface Network Manager Web & Application Servers sFlow From Switches Edge Port Remediation Web & Application Servers Internet Security Traffic Manager (Perimeter Security) Secure LAN Switch (Server Farm Protection) Radius Security Traffic Manager (In-Line Inside LAN Protection) Secure LAN Switch (Direct Desktop Protection) NAC Server sFlow Network Admission Control Agents on the Desktops Network Admission Control Agents on the Desktops Security Traffic Mgr. and LAN Switch -Signature based IPS and More -Edge, Aggregation, and Perimeter Application Security and Protection -Web and URL Security -Network-based SPAM, DNS and VoIP Security Foundry Networks Confidential and Proprietary

  18. Perimeter Traditional Firewall Enterprise Core WAN In-Line Security Switch Application Switch as Firewall Front End • Most Firewalls DO NOT • Provide Robust and High Performance DoS • Offer Wire-Speed ACLs • Perform Deep Packet Inspection • Offer High Performance Stateful NAT • Deliver Application Specific Security Protection • Some Firewall Vendors Position L7 Intrusion Devices Behind the Firewalls • Security Switch Fits In Front of Firewalls to Offload and Augment • Delivers Wire-Speed L2/3 and Multi-Gigabit L4-7 Security Foundry Networks Confidential and Proprietary

  19. Security Switches Inside the Enterprise LAN – Distribution Layer Position it as Internal Firewall in the Enterprise Network Aggregation Layer – Against Likes of CheckPoint InterSpect L4-7 Security Switch Superior Performance, Switch Architecture, Total Security Features at Attractive LAN Switch Pricing Poor Performance and Steep Price for Minimal Features, and PC Inside the Network SecureIron Traffic Manager Provides High Density Gigabit Aggregation and 10 Gigabit Network Connectivity Foundry Networks Confidential and Proprietary

  20. Statistical Sampling Delivers Visibility to All Traffic Flows Throughout the Network Layer 2 through 7 visibility and analysis Scales with Network Size and Speeds with no Performance Impact Technology must be able to Scale to GbE and 10 GbE rates Embedded implementations available today – Free! Augment with sFlow for Network-Wide Wire-Speed Visibility Foundry Networks Confidential and Proprietary

  21. Agenda • Application Challenges and Solutions • Server Farm and Application Security • Layer 4-7 Security Switches • Q&A Foundry Networks Confidential and Proprietary

  22. Thank You

More Related