blue coat systems l.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Blue Coat Systems PowerPoint Presentation
Download Presentation
Blue Coat Systems

Loading in 2 Seconds...

play fullscreen
1 / 81

Blue Coat Systems - PowerPoint PPT Presentation


  • 788 Views
  • Uploaded on

Blue Coat Systems. Roger Gotthardsson Sr. Systems Engineer roger@bluecoat.com. Agenda. Company Corporate data Solutions Client Proxy Solution Blue Coat Webfilter SSL Proxy Reverse Proxy MACH5 Products ProxySG, ProxyAV, Director, Reporter K9, - Blue Coat Webfilter at home for free.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

Blue Coat Systems


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
blue coat systems

Blue Coat Systems

Roger Gotthardsson

Sr. Systems Engineer

roger@bluecoat.com

agenda
Agenda
  • Company
    • Corporate data
  • Solutions
    • Client Proxy Solution
    • Blue Coat Webfilter
    • SSL Proxy
    • Reverse Proxy
    • MACH5
  • Products
    • ProxySG, ProxyAV, Director, Reporter
    • K9, - Blue Coat Webfilter at home for free
about blue coat

Integrated Solution for Acceleration & Security

About Blue Coat
  • Innovative leader in secure content & application delivery
    • 500+ employees; $146M annual revenue run rate
    • 25,000+ appliances shipped worldwide to more than 4,000 customers
    • #1 (37%) market leader in Secure Content & Application Delivery (IDC)
  • Founded in 1996 with a focus on Acceleration
    • Accelerating Web applications…making Internet applications faster
    • Innovative proxy caching appliance with object pipelining, adaptive content refresh
  • Expanded in 2002 to include Policy Control &Security
    • Rich policy framework integrated with performance engine for visibility and control of users, content and applications
      • Visibility: Who, what, where, when, how
      • Control: accelerate, deny, limit, scan, strip, transform…
about blue coat5

Integrated Solution for Acceleration & Security

About Blue Coat
  • Strategic Investments
      • March 1996 Scalable Software (HTTP and OS Kernel)
      • September 1999 Invertex (SSL Hardware Encryption)
      • June 2000 Springbank Networks (Hardware Design and Routing Protocols)
      • December 2000 Entera (Streaming and Content Distribution)
      • November 2003 Ositis (Virus scanning appliance)
      • 2004 – Cerberian (Content filtering)
      • 2006 – Permeo Technologies (SSL VPN & client security)
client proxy
Client Proxy

Byte Caching

Protocol detection

Logging

BW management

Authentication

Policy

Internet

Clients

Caching

Antivirus

Protocol optimization

Compression

URL-Filtering

application proxy
Application proxy

AOL-IM

Streaming

Yahoo-IM

HTTP & HTTPS

FTP

MSN-IM

Internet

MAPI

.mp3

.xxx

?

gral.se

CIFS

P2P

DNS

TCP-Tunnel

SOCKS

Telnet/Shell

how we secure the web
How We Secure the Web

IntranetWebServer

PublicWebServer

Internal Network

Public Internet

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

authentication
Authentication

NT, W2000 or W2003DC

RADIUS

Server

Netegrity

SiteMinder

Policy

Substitution

AD

Directory

Directory

Directory

Clients

Internet

LDAP

Client Certifficate

On box

Database

Oblix

Directory

X509/CA

List

Directory

how we secure the web11

How We Secure the Web

IntranetWebServer

PublicWebServer

Internal Network

Public Internet

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

Policy Processing Engine: All user web application requests are subjected to granular security policy

how we secure the web12

How We Secure the Web

IntranetWebServer

PublicWebServer

Internal Network

Public Internet

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

Policy Processing Engine: All user web application requests are subjected to granular security policy

Content Filtering: Requests for content are controlled using content filtering based on granular policy

content filtering
Content Filtering
  • Organizations need to control what users are doing when accessing the internet to protect from legal liability and productivity risks
  • Blue Coat and our partners enable enterprise-class content filtering
    • Powerful granular user control using Blue Coat’s Policy Processing Engine
      • By user, group, destination IP and/or URL, time of day, site, category, lots more
    • Multiple logging and reporting options
    • Integrates with all authentication (LDAP, RADIUS, NTLM, AD, 2-factor, etc)
    • Coaching, warnings, etc.
    • High performance with integrated caching
    • Drop-in appliance for easy to deploy and manage
    • De-facto industry content filtering platform
content filtering databases

DRTR

Content filtering databases

Optenet

IWF

InterSafe

Digital Arts

WebWasher

Proventia

Smartfilter

SurfControl

Websense

Clients

Internet

BlueCoat

webfilter

Your lists

exceptions

how we secure the web15

How We Secure the Web

IntranetWebServer

PublicWebServer

Internal Network

Public Internet

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

Policy Processing Engine: All user web application requests are subjected to granular security policy

Content Filtering: Requests for content are controlled using content filtering based on granular policy

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

http compression

Core ProxySG

Edge ProxySG

compressed

uncompressed

compressed

compressed

compressed

compressed

uncompressed

uncompressed

uncompressed

uncompressed

HTTP Compression

ProxySG can support a mixed mode of HTTP compression operation

Original Content Server (OCS) or Core ProxySG can send either (de)compressed content to edge or core ProxySG using GZIP or Deflate algorithms

Remote Office

HQ Office

ProxySG

Enterprise

Internet

bandwidth management bwm
Bandwidth Management (BWM)

OBJECTIVE

Classify, control and limit the amount of bandwidth used by a class of network traffic

  • BENEFITS
  • Protect performance of mission critical applications
    • SAP, ERP apps
  • Prevent bandwidth greedy applications from impacting other applications
    • P2P
  • Provision bandwidth for applications that require a per-session amount of bandwidth
    • Streaming
  • Balance necessary and important, bandwidth intensive, applications
    • HTTP, IM
how we secure the web18

How We Secure the Web

IntranetWebServer

PublicWebServer

Internal Network

Public Internet

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

Policy Processing Engine: All user web application requests are subjected to granular security policy

Content Filtering: Requests for content are controlled using content filtering based on granular policy

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network via HTTP, HTTPS and FTP is stripped or scanned by ProxyAV.

virus code script scanning
Virus, Code & Script scanning

Other ICAP servers

Clients

Internet

Sophos

McAfee

ProxyAV

Kaspersky

Panda

proxy av

ProxySG & ProxyAV

  • Large Enterprise/Network Core
  • Scan once, serve many (cache benefit)

Internet

Internal Network

  • Virus Scans HTTP, FTP with caching benefit
  • ProxySG Load Balances

ProxyAV

ProxySG

ProxyAV
  • Purpose-built appliances for speed
  • “Scan once, serve many” to increase performance
  • High-availability & load-balancing
  • Purpose built operating systems
how we secure the web21

How We Secure the Web

IntranetWebServer

PublicWebServer

Internal Network

Public Internet

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

Policy Processing Engine: All user web application requests are subjected to granular security policy

Content Filtering: Requests for content are controlled using content filtering based on granular policy

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.

Spyware: Prevention is better than a cure.

bluecoat spyware prevention solution

Internet

ProxySG

Internal

Network

ProxyAV

BlueCoat Spyware Prevention Solution
  • Stopsspyware installations
    • Detect drive-by installers
  • Blocks spyware websites
    • On-Proxy URL categorization
  • Scans for spyware signatures
    • High-performance Web AV
  • Detects suspect systems
    • Forward to cleansing agent
how we secure the web23

How We Secure the Web

IntranetWebServer

PublicWebServer

Internal Network

Public Internet

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

Policy Processing Engine: All user web application requests are subjected to granular security policy

Content Filtering: Requests for content are controlled using content filtering based on granular policy

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.

Spyware: Prevention is better than a cure.

IM Traffic Control: IM traffic is subjected to policies and is logged

im control with blue coat proxysg
IM Control with Blue Coat ProxySG
  • Granular IM policy control
    • By enterprise, group or user level
    • Control by IM feature (IM only, chat, attachments, video, etc.), internal or external IM, time of day, etc.
    • Control IM options include deny connection, strip attachment, log chat (including attachment)
    • Key word actions include send alert to IT or manager, log, strip, send warning message to user
  • Drop-in appliance for easy to deploy and manage IM control
how we secure the web25

How We Secure the Web

IntranetWebServer

PublicWebServer

Internal Network

Public Internet

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

Policy Processing Engine: All user web application requests are subjected to granular security policy

Content Filtering: Requests for content are controlled using content filtering based on granular policy

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.

Spyware: Prevention is better than a cure.

IM Traffic Control: IM traffic is subjected to policies and is logged

Caching: Acceptable, clean content is stored in cache and delivered to requestor.

streaming acceleration
Streaming acceleration
  • Streaming
    • Microsoft Streaming & Native RTSP
    • Live Stream split, VOD Stream cache
    • Rich Streaming features, Unicast-Multicast
    • Scheduling live streaming from VOD
  • Enhancements
    • Store, Cache & distribute Video On Demand
    • Schedule VOD content to be played as Live Content
    • Convert between Multicast-Unicast
    • Authenticate Streaming usersTo NTLM, Ldap, RADIUS+Onbox
how we secure the web27

How We Secure the Web

IntranetWebServer

PublicWebServer

Internal Network

Public Internet

AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

Policy Processing Engine: All user web application requests are subjected to granular security policy

Content Filtering: Requests for content are controlled using content filtering based on granular policy

Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.

Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.

Spyware: Prevention is better than a cure.

IM Traffic Control: IM traffic is subjected to policies and is logged

Caching: Acceptable, clean content is stored in cache and delivered to requestor.

Reporting: All browser, streaming, IM & virus activity, can be reported using Bluecoat's highly configurable reporter.

the internet
The Internet

The internet today consists of 350 million webservers.

A large ammount of these conatain information you

don’t want in your organisation.

A cleaver solution would be to use Content Filtering.

BlueCoat now introduces Generation 3 of content

filtering, BlueCoat Webfilter.

350 Million

generation 1
Generation 1

The first generation of content filters consisted of

static manually managed lists of popular pornographic

and unproductive websites. Very often retreived from

access logs, popular bad sites where banned.

The intended purpose was to save bandwidth and

warn users that inapropriate behaviour was logged.

People got together and distributed their lists in free

lists compatible with proxies such as Squid.

The distributed list where in the size of a million URL:s

1 Million

349 Million

generation 2
Generation 2

Corporations relised they could make money of a list

and started to collect lists and logs from the web, manually

rating these in larger scale. More categories where added

to increase value. The systems started to collect URL:S

autmatically and download new lists periodicly. Some

of them even many times every day.

Special categories where added for static security threats

placed on known webservers, spyware phishing etc. Other

than bad sites where added such as Economy, business,

news etc. to present statistics of Internet usage.

15 Million

335 Million

generation 233
Generation 2

Number of URL:s was in the numbers of 10-20 millions.

Hitrates in logsystems presented was in the numbers of

50-80%. Regular expression on URL:s and other tricks

sometimes gave a false picture of rating over 90%. But in

fact less than 5% of the Internet was covered.

15 Million

335 Million

generation 3
Generation 3

The dynamics of internet and new security risks urged for a new way of categorizing the Internet, Dynamic rating of uncategorized websites can today rate most websites, the ones thats impossible to rate could be stripped down to present only html and images to reduce risk.

The static URL database are constantly updated like any Generation 2 filter. This database is cached in some systems (ProxySG) to increase performance.

The rest (95%) of the Internet is categorised using dynamic rating.

15 Million

335 Million

dynamic real time rating

RS

language 1

language 2

language 3

Language detection

To background rating

language 4

44µs

language 5

DBR

HR

language n

DRTR

DXD

Dynamic Real Time Rating

Servers

Internet

G2

Clients

BlueCoat

Customer

* The picture is simplified, all systems are redundant.

ssl proxy policy enforcement

Internet

InternalNetwork

Apps

SSL

SSL

User

SSL Proxy: Policy Enforcement
  • Control web content, applications, and services…regardless of encryption
    • Block, allow, throttle, scan, accelerate, insert, strip, redirect, transform …
    • Apply the same policies to encrypted traffic as to normal traffic
    • Stops/controls rogue applications that take advantage of SSL
  • Protect the enterprise from SSL-borne threats
    • Stop spyware and secured phishing
    • SSL-secured webmail and extranets – virus transmissions
    • SSL-borne malicious and inappropriate content
  • Accelerate critical applications
    • Enables a variety of acceleration techniques (e.g., caching)

Policy

blue coat visibility and context

Client

Proxy

Server

Algorithms I support.

Connection Request.

Algorithms I support.

Connection Request.

Use this algorithm.

Server’s digital certificate.

Let’s use this algorithm.

Emulated certificate.

Verify certificate and extract (proxy’s) public key.

Verify certificate and extract server’s public key.

CompleteAuthentication.

CompleteAuthentication.

CompleteAuthentication.

CompleteAuthentication.

Tunnel Established

Tunnel Established

Blue Coat: Visibility and Context

Client-Proxy Connection

Server-Proxy Connection

flexible configurations

Internet

TCP

TCP

SSL

User

Flexible Configurations
  • Trusted applications passed through
    • Sensitive, known, financial or health care
  • No cache, visibility
  • Awareness of network-level information only

Option 1

Control

Apps

flexible configurations40

Internet

TCP

TCP

SSL

User

Flexible Configurations
  • Initial checks performed
    • Valid user, valid application
    • Valid server cert
  • User/application traffic passed through after initial checks
  • No cache
  • Visibility and context of network-level info, certificates, user, and applications
  • Can warn user, remind of AUP, and offer opt-out

Option 2

Control

Apps

flexible configurations41

Internet

TCP

TCP

SSL

SSL

User

Flexible Configurations
  • Initial checks performed
    • Valid user, valid application
    • Valid server cert
  • User/application traffic proxied after initial checks
  • Full caching and logging options
  • Visibility and context of network-level info, certificates, user, applications, content, etc.
    • Full termination/proxy
  • Can warn user, remind of AUP, and offer opt-out

Option 3

Control

Apps

reverse proxy43
Reverse Proxy

Policy

Logging

Authentication

URL-rewrite

Internet

Clients

Servers

AV

SSL/Certificate

Caching

reverse proxy44

PROTECTS Web Servers

  • Secure, object-based OS
  • Controls access to web apps
  • Web AV scanning
  • ACCELERATES Web Content
  • Intelligent caching
  • Compression and bandwidth mgt.
  • TCP & SSL offload

Users

  • SIMPLIFIES Operations
  • Scalable, optimized appliance
  • Easy policy creation & management
  • Complete logging & reporting

Secure & Accelerate Web Applications

Reverse Proxy

WebServers

ProxySG

Firewall

Internal Network

Public

Internet

Users

https termination
HTTPS Termination
  • HTTPS Termination (Client  ProxySG)
    • Off-load secure website or portal
  • HTTPS Origination (ProxySG  Server)
    • Secure channel to content server for clients
  • Man-in-the-Middle (Termination & Origination)
    • Allows caching, policy and virus scanning
  • Secure credential acquisitions
  • SSL Hardware Acceleration Cards
    • 800 RSA transactions per second per card
    • SSL v2.0, v3.0, and TLS v1 support
  • Off-load web application servers to improve performance
example scenarios for reverse proxy
Example Scenarios for Reverse Proxy
  • Secure and Accelerate Public Websites
    • Improves content delivery with integrated caching
    • Services legitimate users while resisting DoS attacks
    • High-performance SSL
  • Secure Corporate Webmail
    • Securely isolates Web servers from direct Internet access
    • Proxy authentication for additional layer of protection
    • Plug-n-play SSL
  • Scanning Uploaded Files for Viruses
    • Simple integration with ProxyAV™
    • Real-time scanning of uploaded content
    • Protects Web infrastructure from malware
recipe for branch performance problems

+

Increased application traffic

+

Inefficient application protocols

+

Highly distributed users

+

Narrow bandwidth links

=

Poor Application Performance

Recipe for Branch Performance Problems

Server Consolidation

minimum for application acceleration

Complete Solution Requires More

Minimum for Application Acceleration
  • Optimize use of existing WAN bandwidth
  • Reduce latency associated with applications
  • Improve the efficiency of application protocols
  • Prioritize the applications that matter most
  • Re-use and compress data where possible
  • Accelerate File Sharing, Email, and browser-based enterprise applications
platform for application acceleration

File Services (CIFS), Web (HTTP), Exchange (MAPI), Video/Streaming (RTSP, MMS), Secure Web (SSL)

Platform for Application Acceleration

Multiprotocol Accelerated Caching Hierarchy

Bandwidth

Management

Protocol

Optimization

Object

Caching

Byte

Caching

Compression

new requirement ssl acceleration
New Requirement: SSL Acceleration
  • Nearly 50% of all corporate Web application traffic is SSL
  • 70% of all mobile and teleworkers use SSL for secure application delivery
  • 68% of Blue Coat customers depend on externally hosted Web applications

More and More SSL…

SSL Traffic

Internally

Hosted Apps

Externally

Hosted Apps

Source: Blue Coat Customer Surveys

new requirement video acceleration
New Requirement: Video Acceleration
  • Enterprise users becoming more distributed
    • Mobile, teleworker, and branch/remote offices
    • Regulatory and cost drivers
  • Remote employee training becoming a necessity
    • Live (streaming) and on-demand video
  • Performance quality becoming a requirement
    • Network and application issues must be addressed
    • Control and acceleration of video is needed
bandwidth management
Bandwidth Management

Sales Automation AppPriority 1

Min 400Kb, Max 800Kb

E-Mail

Priority 2

Min 100Kb, Max 400Kb

  • Divide user and application traffic into classes
  • Guarantee min and/or max bandwidth for a class
  • Align traffic classes to business priorities

File Services

Priority 3

Min 400Kb, Max 800Kb

General Web Surfing

Priority 4

Min 0Kb, Max 200Kb

protocol optimization55

10-100X Faster

Includes CIFS, MAPI, HTTP, HTTPS, TCP

Protocol Optimization
object caching
Object Caching
  • Built on high-level applications and protocols
    • HTTP/Web caching
    • Streaming caches
    • CIFS cache
  • Advantages
    • Fastest response times
    • Offload work from servers (and networks)
    • Can be deployed asymmetrically
  • Limitations
    • Application-specific
    • All or nothing: No benefit if whole object not found or changed
byte caching

Sequences are found in the local history cache

They are transmitted as small references over the WAN

The original stream is reconstructed using the remote history cache

Byte Caching

Local History Cache

Remote History Cache

…..11011111001110011...111001111001100101011101100100001101001100111001000001111000111001100011000001001111000000110111101001000011011000101111100101010101110011010011101001111001000000000000111001011100101101101101001010110010110011110001111111111000000000

…..11011111001110011...111001111001100101011101100100001101001100111001000001111000111001100011000001001111000000110111101001000011011000101111100101010101110011010011101001111001000000000000111001011100101101101101001010110010110011110001111111111000000000

Proxies keep a history of all bytes sent and received

110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100

110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100

[R1]0010010[R2]100101111100110100111011010011[R3]

Remote LAN

WAN Link

Local LAN

compression
Compression
  • Industry-standard gzip algorithm compresses all traffic
  • Removes predictable “white space” from content and objects being transmitted

110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100010100100101010101010100010111

110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100010100100101010101010100010111

COMPRESSION

110111110011100100100101110011001010111011001000010011001110010000011110001110011000110000010011

mach 5 techniques work together
MACH5 Techniques Work Together

Object Caching

  • Caches repeated, static app-level data; reduces BW and latency

Byte Caching

  • Caches any TCP application using similar/changed data; reduces BW

Compression

  • Reduces amount of data transmitted; saves BW

Bandwidth Management

  • Prioritize, limit, allocate, assign DiffServ – by user or application

Protocol Optimization

  • Remove inefficiencies, reduce latency
object caching60
Object Caching
  • Object caches are built on higher level applications and protocols
    • HTTP/Web caching
    • Streaming caches
    • CIFS cache
  • Object cache advantages
    • Fastest response times
    • Offload work from servers
    • Can be deployed asymmetrically
  • Object cache disadvantages
    • Works with limited set of applications
    • Works on limited range of data inside applications
    • All or nothing: No benefit if whole object not found or changed
mach 5 ships with blue coat sgos 5
GA April 2006

Appliances start at US$1,995

MACH5 Ships with Blue Coat SGOS 5

SG8000 Series

Corporate

Headquarters

SG800 Series

SG400 Series

SG200 Series

Remote

Offices

Branch Office Enterprise Core

proxyav appliances
ProxyAV Appliances

Corporate

Headquarters

2000-E Series

400-E Series

Remote

Offices

ConnectedUsers

Up to 250 users

100-2000 users

1000 -50,000+ users

WAN Bandwidth

Sub 1.5Mbps

Bandwidth

1.5Mbps- 45Mbps

Bandwidth

150Mbps +

Bandwidth

Performance

400 e1
400-E1
  • One Model: 400-E1
  • RAM: 512 MB
  • CPU: 1.26GHz PIII
  • Disk drive 40 GB IDE
  • Network Interfaces (2 on board) 10/100 Base-T Ethernet
  • 19" Rack-mountable
software
Software
  • Reporter (SW)
    • Advanced Java application to generate statistics from logs
licenced products
Licenced products
  • Licensed products
    • Streaming
      • Real Networks, Microsoft, Quicktime
    • Instant Messaging
      • MSN, Yahoo, AOL
    • Optional Security (HW+SW bundle)
      • SSL termination/proxy
licenced products68
Licenced products
  • Licensed products
    • Content filtering
      • BlueCoat Webfilter
    • ICAP AV Scanner
      • ProxyAV (McAfee, Sophos, Panda, Kaspersky, Ahn Labs)
the power of the proxy

Web Security

    • Prevent spyware, malware & viruses
    • Stop DoS attacks
    • IE vulnerabilities, IM threats
  • Policy Control
    • Fine-grained policy for applications, protocols, content & users (allow, deny, transform, etc)
    • Granular, flexible logging
    • Authentication integration
  • Accelerated Applications
    • Multiprotocol Accelerated Caching Hierarchy
    • BW mgmt, compression, protocol optimization
    • Byte & object caching

Full Protocol Termination = Total Visibility & Context

(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)

Ultimate Control Point for Communications

The Power of the Proxy

+

+

management71
Management
  • User Interface
    • HTTP (HTTPS), web GUI Interface
    • Telnet (Cisco CLI)
    • SSH & Serial console
    • Java Policy interface
    • CPL, Policy Language
    • SNMP MIBII + Traps
    • Monitor network status and statistics
  • Reporting tools
    • BlueCoat Reporter
  • Scalable management
    • Centralized configuration management in Director
slide72

Reporting (example)

18.2 % Spyware (gator)

16.5 % Aftonbladet

9.5 % Ad’s (in top 40)

6.8 % https (encrypted)

system wide management and control

Both Director and Reporter are proven, with thousands of nodes under management…

System-wide Management and Control
  • Blue Coat Director
    • Centralized configuration of Blue Coat appliances – set up, policy, etc
    • Centralized monitoring – appliance health, application use, user experience
  • Blue Coat Reporter
    • Enterprise roll-up and analysis of application delivery information: appliances, application use, user experience
director configuration management
Director configuration Management

Work-station

Remotely and securely manage via GUI or CLI.

  • Configuration Management
  • Policy Management
  • Disaster protection centrally Configuration Management
  • Monitor and control
  • Resource Management
  • Monitor network status and statistics
  • Profile Management
  • Backup configuration
  • Create overlays using GUI or CLI. Automate changes
  • License Management

Director

(2) Snapshot profile and save on Director

(3) Create and edit overlays using GUI or CLI.

“Profile” system

(4) Push profiles and overlays to one or more systems

(1) Configure and test “profile” system

Production systems

content delivery network

Publish content

1

Pull content from origin servers.

WWW

Servers

4

EdgeSystems

Director

Tell Directorabout new content

2

Deliver the content.

5

Tell caches to update content

3

Users

Content Delivery Network

Content Owners

k9 for free
K9 – For free

If you want to protect your family with Content Filtering

Blue Coat is now giving it away, read more at:

http://www.getk9.com/refer/Roger.Gotthardsson

Please send this link to anyone you want !!!!