Blue Coat Systems Roger Gotthardsson Sr. Systems Engineer [email protected].
-
Upload
beverly-chandler -
Category
Documents
-
view
233 -
download
4
Transcript of Blue Coat Systems Roger Gotthardsson Sr. Systems Engineer [email protected].
Blue Coat Systems
Roger GotthardssonSr. Systems [email protected]
CompanyCompany Corporate dataCorporate data
SolutionsSolutions Client Proxy SolutionClient Proxy Solution Blue Coat WebfilterBlue Coat Webfilter SSL ProxySSL Proxy Reverse ProxyReverse Proxy MACH5MACH5
ProductsProducts ProxySG, ProxyAV, Director, ReporterProxySG, ProxyAV, Director, Reporter K9, - Blue Coat Webfilter at home for freeK9, - Blue Coat Webfilter at home for free
Agenda
Company
About Blue Coat
• Innovative leader in secure content & application delivery– 500+ employees; $146M annual revenue run rate
– 25,000+ appliances shipped worldwide to more than 4,000 customers
– #1 (37%) market leader in Secure Content & Application Delivery (IDC)
• Founded in 1996 with a focus on Acceleration– Accelerating Web applications…making Internet applications faster
– Innovative proxy caching appliance with object pipelining, adaptive content refresh
• Expanded in 2002 to include Policy Control & Security– Rich policy framework integrated with performance engine for visibility and control of
users, content and applications• Visibility: Who, what, where, when, how• Control: accelerate, deny, limit, scan, strip, transform…
Integrated Solution for Acceleration & SecurityIntegrated Solution for Acceleration & Security
About Blue Coat
– Strategic Investments – March 1996 Scalable Software (HTTP and OS Kernel)
– September 1999 Invertex (SSL Hardware Encryption)
– June 2000 Springbank Networks (Hardware Design and Routing Protocols)
– December 2000 Entera (Streaming and Content Distribution)
– November 2003 Ositis (Virus scanning appliance)
– 2004 – Cerberian (Content filtering)
– 2006 – Permeo Technologies (SSL VPN & client security)
Integrated Solution for Acceleration & SecurityIntegrated Solution for Acceleration & Security
Client Proxy Solution
Caching
Client Proxy
Antivirus URL-Filtering
InternetClients
LoggingAuthentication
Protocol optimization
BW manageme
nt
Compression
Policy
Protocol detection
Byte Caching
Application proxy
AOL-IM
FTP
HTTP & HTTPS
MSN-IM
Streaming Yahoo-IM
?TCP-Tunnel SOCKS
Internet
CIFS
.mp3.xxxP2P
Telnet/Shell DNS
gral.se
MAPI
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
PublicWeb
Server
IntranetWeb
Server
Public InternetInternal Network
List
On boxDatabase
Authentication
Directory
LDAP
X509/CA
Client Certifficate
InternetClients
AD
NT, W2000 or W2003
DCDirector
y
RADIUSServer
Directory
NetegritySiteMinder
Directory
Oblix
Directory
PolicySubstitutio
n
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
PublicWeb
Server
IntranetWeb
Server
Public InternetInternal Network
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWeb
Server
IntranetWeb
Server
Public InternetInternal Network
Content Filtering
• Organizations need to control what users are doing when accessing the internet to protect from legal liability and productivity risks
• Blue Coat and our partners enable enterprise-class content filtering– Powerful granular user control using
Blue Coat’s Policy Processing Engine• By user, group, destination IP and/or URL,
time of day, site, category, lots more
– Multiple logging and reporting options
– Integrates with all authentication (LDAP, RADIUS, NTLM, AD, 2-factor, etc)
– Coaching, warnings, etc.
– High performance with integrated caching
– Drop-in appliance for easy to deploy and manage
– De-facto industry content filtering platform
Content filtering databases
Websense
InternetClients
Smartfilter SurfControl
Your listsexception
s
BlueCoatwebfilter
WebWasher
Proventia
Digital Arts
InterSafe Optenet
DRTR
IWF
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWeb
Server
IntranetWeb
Server
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
HTTP Compression
compressedCore ProxySG
uncompressed
ProxySG can support a mixed mode of HTTP compression operation
Original Content Server (OCS) or Core ProxySG can send either (de)compressed content to edge or core ProxySG using GZIP or Deflate algorithms
compressed
uncompressed
Edge ProxySGcompressed
uncompressed
ProxySGcompressed
uncompressed
compressed
uncompressed
Remote Office HQ Office
EnterpriseInternet
Bandwidth Management (BWM)
OBJECTIVE
Classify, control and limit the amount of bandwidth used by a class of network traffic
BENEFITS
Protect performance of mission critical applications• SAP, ERP apps
Prevent bandwidth greedy applications from impacting other applications
• P2P
Provision bandwidth for applications that require a per-session amount of bandwidth
• Streaming
Balance necessary and important, bandwidth intensive, applications• HTTP, IM
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWeb
Server
IntranetWeb
Server
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network via HTTP, HTTPS and FTP is stripped or scanned by ProxyAV.
Virus, Code & Script scanning
InternetClients
ProxyAV
Other ICAP servers
Sophos
Panda
McAfee
Kaspersky
ProxyAV
ProxySG & ProxyAV- Large Enterprise/Network Core- Scan once, serve many (cache benefit)
Internet
Internal Network
ProxyAVProxySG
• Virus Scans HTTP, FTP with caching benefit• ProxySG Load Balances
• Purpose-built appliances for speed
• “Scan once, serve many” to increase performance
• High-availability & load-balancing
• Purpose built operating systems
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWeb
Server
IntranetWeb
Server
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
BlueCoat Spyware Prevention Solution
• Stops spyware installations– Detect drive-by installers
• Blocks spyware websites– On-Proxy URL categorization
• Scans for spyware signatures– High-performance Web AV
• Detects suspect systems– Forward to cleansing agent
Internet
Internal Network
ProxyAVProxySG
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWeb
Server
IntranetWeb
Server
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
IM Traffic Control: IM traffic is subjected to policies and is logged
IM Control with Blue Coat ProxySG
• Granular IM policy control– By enterprise, group or user level
– Control by IM feature (IM only, chat, attachments, video, etc.), internal or external IM, time of day, etc.
– Control IM options include deny connection, strip attachment, log chat (including attachment)
– Key word actions include send alert to IT or manager, log, strip, send warning message to user
• Drop-in appliance for easy to deploy and manage IM control
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWeb
Server
IntranetWeb
Server
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
IM Traffic Control: IM traffic is subjected to policies and is loggedCaching: Acceptable, clean content is stored in cache and delivered to requestor.
• Streaming– Microsoft Streaming & Native RTSP
– Live Stream split, VOD Stream cache
– Rich Streaming features, Unicast-Multicast
– Scheduling live streaming from VOD
• Enhancements– Store, Cache & distribute
Video On Demand
– Schedule VOD content to be played as Live Content
– Convert between Multicast-Unicast
– Authenticate Streaming usersTo NTLM, Ldap, RADIUS+Onbox
Streaming acceleration
How We Secure the Web
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy
PublicWeb
Server
IntranetWeb
Server
Public InternetInternal Network
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
IM Traffic Control: IM traffic is subjected to policies and is loggedCaching: Acceptable, clean content is stored in cache and delivered to requestor. Reporting: All browser, streaming, IM & virus activity, can be reported using Bluecoat's highly configurable reporter.
Reporter
Blue Coat Webfilter
The Internet
The internet today consists of 350 million webservers.
A large ammount of these conatain information you don’t want in your organisation.
A cleaver solution would be to use Content Filtering.
BlueCoat now introduces Generation 3 of content filtering, BlueCoat Webfilter.
350 Million
Generation 1
The first generation of content filters consisted ofstatic manually managed lists of popular pornographicand unproductive websites. Very often retreived fromaccess logs, popular bad sites where banned.
The intended purpose was to save bandwidth and warn users that inapropriate behaviour was logged.
People got together and distributed their lists in freelists compatible with proxies such as Squid.
The distributed list where in the size of a million URL:s349 Million
1 Million
Generation 2
335 Million
15 Million
Corporations relised they could make money of a listand started to collect lists and logs from the web, manuallyrating these in larger scale. More categories where addedto increase value. The systems started to collect URL:Sautmatically and download new lists periodicly. Some of them even many times every day.
Special categories where added for static security threatsplaced on known webservers, spyware phishing etc. Otherthan bad sites where added such as Economy, business,news etc. to present statistics of Internet usage.
Generation 2
335 Million
15 Million
Number of URL:s was in the numbers of 10-20 millions.Hitrates in logsystems presented was in the numbers of50-80%. Regular expression on URL:s and other trickssometimes gave a false picture of rating over 90%. But in fact less than 5% of the Internet was covered.
Generation 3
335 Million
15 Million
The dynamics of internet and new security risks urged for a new way of categorizing the Internet, Dynamic rating of uncategorized websites can today rate most websites, the ones thats impossible to rate could be stripped down to present only html and images to reduce risk.
The static URL database are constantly updated like any Generation 2 filter. This database is cached in some systems (ProxySG) to increase performance.The rest (95%) of the Internet is categorised using dynamic rating.
Dynamic Real Time Rating
Servers
Clients
G2
44µs
RS
DXD
* The picture is simplified, all systems are redundant.
HRDBR
DRTR
language 1
language 2
language 3
language 4
language 5
language n
Lang
uage
det
ectio
n
To
back
grou
nd r
atin
g
Customer BlueCoat
Internet
SSL Proxy
SSLSSL
Internet
PolicyPolicy SSLSSL
InternalNetwork
User
Apps
SSL Proxy: Policy Enforcement
• Control web content, applications, and services…regardless of encryption– Block, allow, throttle, scan, accelerate, insert, strip, redirect, transform …
– Apply the same policies to encrypted traffic as to normal traffic
– Stops/controls rogue applications that take advantage of SSL
• Protect the enterprise from SSL-borne threats– Stop spyware and secured phishing
– SSL-secured webmail and extranets – virus transmissions
– SSL-borne malicious and inappropriate content
• Accelerate critical applications– Enables a variety of acceleration techniques (e.g., caching)
Verify certificate and extract server’s
public key.
Blue Coat: Visibility and Context
Use this algorithm.Server’s digital
certificate.
CompleteAuthentication.
Client-Proxy ConnectionClient-Proxy Connection Server-Proxy ConnectionServer-Proxy Connection
Tunnel Established Tunnel Established
CompleteAuthentication.
CompleteAuthentication.
CompleteAuthentication.
ProxyProxy ServerServerClientClient
Algorithms I support.Connection Request.
Algorithms I support.Connection Request.
Verify certificate and extract (proxy’s)
public key.
Let’s use this algorithm.
Emulated certificate.
Flexible Configurations
SSLSSL
TCPTCP
User
Internet
Apps
TCPTCP
• Trusted applications passed through– Sensitive, known, financial or health care
• No cache, visibility
• Awareness of network-level information only
Control
Option 1
SSLSSL
TCPTCP
User
Internet
Apps
TCPTCP
Flexible Configurations
• Initial checks performed– Valid user, valid application– Valid server cert
• User/application traffic passed through after initial checks
• No cache• Visibility and context of network-level info,
certificates, user, and applications• Can warn user, remind of AUP, and
offer opt-out Control
Option 2
Flexible Configurations
SSLSSL
Internet
Apps
User
TCPTCP TCPTCP
SSLSSL
• Initial checks performed– Valid user, valid application– Valid server cert
• User/application traffic proxied after initial checks• Full caching and logging options• Visibility and context of network-level info,
certificates, user, applications, content, etc.– Full termination/proxy
• Can warn user, remind of AUP, and offer opt-out Control
Option 3
Reverse Proxy
Caching
Reverse Proxy
AV SSL/Certificate
InternetClients
Authentication
LoggingPolicy
Servers
URL-rewrite
ACCELERATES Web Content• Intelligent caching• Compression and bandwidth mgt.• TCP & SSL offload
PROTECTS Web Servers• Secure, object-based OS• Controls access to web apps• Web AV scanning
SIMPLIFIES Operations• Scalable, optimized appliance• Easy policy creation & management• Complete logging & reporting
WebServers
Internal Network
Users
FirewallUsers
ProxySG
Public Internet
Secure & Accelerate Web ApplicationsSecure & Accelerate Web Applications
Reverse Proxy
HTTPS Termination
• HTTPS Termination (Client ProxySG)– Off-load secure website or portal
• HTTPS Origination (ProxySG Server)– Secure channel to content server for clients
• Man-in-the-Middle (Termination & Origination)– Allows caching, policy and virus scanning
• Secure credential acquisitions• SSL Hardware Acceleration Cards
– 800 RSA transactions per second per card– SSL v2.0, v3.0, and TLS v1 support
• Off-load web application servers to improve performance
Example Scenarios for Reverse Proxy
• Secure and Accelerate Public Websites– Improves content delivery with integrated caching
– Services legitimate users while resisting DoS attacks
– High-performance SSL
• Secure Corporate Webmail– Securely isolates Web servers from direct Internet
access
– Proxy authentication for additional layer of protection
– Plug-n-play SSL
• Scanning Uploaded Files for Viruses – Simple integration with ProxyAV™
– Real-time scanning of uploaded content
– Protects Web infrastructure from malware
Accelerate Applications – All Users – All Locations
Recipe for Branch Performance Problems
Server Consolidation
Increased application traffic+
Narrow bandwidth links+
Highly distributed users+
Inefficient application protocols+
== Poor Application PerformancePoor Application Performance
Complete Solution Requires MoreComplete Solution Requires More
Minimum for Application Acceleration
Optimize use of existing WAN bandwidth
Reduce latency associated with applications
Improve the efficiency of application protocols
Prioritize the applications that matter most
Re-use and compress data where possible
Accelerate File Sharing, Email, and browser-based enterprise applications
Platform for Application Acceleration
Multiprotocol Accelerated Caching Hierarchy
BandwidthManagement
ProtocolOptimization
ObjectCaching
ByteCaching Compression
File Services (CIFS), Web (HTTP), Exchange (MAPI), File Services (CIFS), Web (HTTP), Exchange (MAPI), Video/Streaming (RTSP, MMS), Secure Web (SSL)Video/Streaming (RTSP, MMS), Secure Web (SSL)
Source: Blue Coat Customer Surveys
New Requirement: SSL Acceleration
• Nearly 50% of all corporate Web application traffic is SSL
• 70% of all mobile and teleworkers use SSL for secure application delivery
• 68% of Blue Coat customers depend on externally hosted Web applications
SS
L T
raffi
c
InternallyHosted Apps
ExternallyHosted Apps
More and More SSL…
New Requirement: Video Acceleration
• Enterprise users becoming more distributed– Mobile, teleworker, and branch/
remote offices
– Regulatory and cost drivers
• Remote employee training becoming a necessity– Live (streaming) and on-demand video
• Performance quality becoming a requirement– Network and application issues must be
addressed
– Control and acceleration of video is needed
Bandwidth Management
• Divide user and application traffic into classes
• Guarantee min and/or max bandwidth for a class
• Align traffic classes to business priorities
Sales Automation App Priority 1
Min 400Kb, Max 800Kb
File Services Priority 3
Min 400Kb, Max 800Kb
E-Mail Priority 2Min 100Kb, Max 400Kb
General Web Surfing Priority 4Min 0Kb, Max 200Kb
Protocol Optimization
Protocol Optimization
10-100X Faster10-100X Faster Includes CIFS, MAPI, HTTP, HTTPS, TCPIncludes CIFS, MAPI, HTTP, HTTPS, TCP
Object Caching
• Built on high-level applications and protocols– HTTP/Web caching
– Streaming caches
– CIFS cache
• Advantages– Fastest response times
– Offload work from servers (and networks)
– Can be deployed asymmetrically
• Limitations– Application-specific
– All or nothing: No benefit if whole object not found or changed
Byte Caching
…..11011111001110011...111001111001100101011101100100001101001100111001000001111000111001100011000001001111000000110111101001000011011000101111100101010101110011010011101001111001000000000000111001011100101101101101001010110010110011110001111111111000000000
…..11011111001110011...111001111001100101011101100100001101001100111001000001111000111001100011000001001111000000110111101001000011011000101111100101010101110011010011101001111001000000000000111001011100101101101101001010110010110011110001111111111000000000
110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100
[R1]0010010[R2]100101111100110100111011010011[R3]
110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100
Local History Cache Remote History Cache
Sequences are found in the local
history cache
Sequences are found in the local
history cache
They are transmitted as
small references over
the WAN
They are transmitted as
small references over
the WAN
The original stream is
reconstructed using the
remote history cache
The original stream is
reconstructed using the
remote history cache
Local LAN Remote LANWAN Link
Proxies keep a history of all
bytes sent and received
Proxies keep a history of all
bytes sent and received
Compression
110111110011100100100101110011001010111011001000010011001110010000011110001110011000110000010011
110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100010100100101010101010100010111
COMPRESSIONCOMPRESSION
110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100010100100101010101010100010111
• Industry-standard gzip algorithm compresses all traffic
• Removes predictable “white space” from content and objects being transmitted
MACH5 Techniques Work Together
Object Caching• Caches repeated, static app-level data; reduces BW and latency
Byte Caching• Caches any TCP application using
similar/changed data; reduces BWCompression
• Reduces amount of data transmitted; saves BW
Bandwidth Management• Prioritize, limit, allocate, assign DiffServ – by user
or application
Protocol Optimization• Remove inefficiencies, reduce latency
Object Caching
• Object caches are built on higher level applications and protocols– HTTP/Web caching– Streaming caches– CIFS cache
• Object cache advantages– Fastest response times– Offload work from servers– Can be deployed asymmetrically
• Object cache disadvantages– Works with limited set of applications– Works on limited range of data inside applications– All or nothing: No benefit if whole object not found or changed
Object vs. Byte Caching
Object Caching Byte Cache
Proxy?HTTP(S), FTP,
Streaming, CIFS Built on TCP
Protocol Optimization Integration X
Server Offload X
Network Offload X X
Incremental Updates X
No App Integration X
End User Performance Best Good
Scope Focused Broad
Products
MACH5 Ships with Blue Coat SGOS 5
SG400 Series
SG800 Series
SG8000 Series
Rem
ote
Off
ice
sC
orpo
rate
Hea
dqua
rte
rs
SG200 Series • GA April 2006
• Appliances start at US$1,995
Branch Office Enterprise CoreBranch Office Enterprise Core
ProxyAV Appliances
400-E Series
Performance
Remote Offices
Up to 250 users 100-2000 users 1000 -50,000+ users
WAN Bandwidth
ConnectedUsers
Sub 1.5Mbps Bandwidth
1.5Mbps- 45MbpsBandwidth
150Mbps +Bandwidth
Corporate Headquarters
2000-E Series
400-E1
• One Model: 400-E1
• RAM: 512 MB
• CPU: 1.26GHz PIII
• Disk drive 40 GB IDE
• Network Interfaces (2 on board) 10/100 Base-T Ethernet
• 19" Rack-mountable
Software
Reporter (SW)Reporter (SW) Advanced Java application to generate statistics from logsAdvanced Java application to generate statistics from logs
Licenced products
Licensed productsLicensed products StreamingStreaming
Real Networks, Real Networks, Microsoft, Microsoft, QuicktimeQuicktime Instant MessagingInstant Messaging
MSN, Yahoo, AOLMSN, Yahoo, AOL Optional Security (HW+SW bundle)Optional Security (HW+SW bundle)
SSL termination/proxySSL termination/proxy
Licenced products
Licensed productsLicensed products Content filteringContent filtering
BlueCoat WebfilterBlueCoat Webfilter ICAP AV ScannerICAP AV Scanner
ProxyAV (McAfee, Sophos, Panda, Kaspersky, Ahn Labs)ProxyAV (McAfee, Sophos, Panda, Kaspersky, Ahn Labs)
Full Protocol Termination = Total Visibility & Context(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)
Policy Control• Fine-grained policy for applications,
protocols, content & users (allow, deny, transform, etc)
• Granular, flexible logging• Authentication integration
The Power of the Proxy
+ +
Ultimate Control Point for CommunicationsUltimate Control Point for Communications
Web Security• Prevent spyware,
malware & viruses• Stop DoS attacks• IE vulnerabilities,
IM threats
Accelerated Applications• Multiprotocol
Accelerated Caching Hierarchy
• BW mgmt, compression, protocol optimization
• Byte & object caching
Management
• User Interface– HTTP (HTTPS), web GUI Interface
– Telnet (Cisco CLI)
– SSH & Serial console
– Java Policy interface
– CPL, Policy Language
– SNMP MIBII + Traps
– Monitor network status and statistics
• Reporting tools– BlueCoat Reporter
• Scalable management– Centralized configuration management in Director
Management
Reporting (example)Reporting (example)
18.2 % Spyware (gator)16.5 % Aftonbladet9.5 % Ad’s (in top 40)6.8 % https (encrypted)
System-wide Management and Control
• Blue Coat Director– Centralized configuration of Blue Coat
appliances – set up, policy, etc
– Centralized monitoring – appliance health, application use, user experience
• Blue Coat Reporter– Enterprise roll-up and analysis of application
delivery information: appliances, application use, user experience
Both Director and Reporter are proven, with Both Director and Reporter are proven, with thousands of nodes under managementthousands of nodes under management……
Director configuration Management
Director
(1) Configure and test “profile” system
(2) Snapshot profile and save on Director
(4) Push profiles and overlays to one or more systems
“Profile” system
Production systems
(3) Create and edit overlays using GUI or CLI.
Work-station
Remotely and securely manage via GUI or CLI. • Configuration Management
• Policy Management
• Disaster protection centrally Configuration Management
• Monitor and control
• Resource Management
• Monitor network status and statistics
• Profile Management
• Backup configuration
• Create overlays using GUI or CLI. Automate changes
• License Management
Content Delivery Network
WWWServers
1 Publish content
Content Owners
Users
5 Deliver the content.
4 Pull content from origin
servers.
Director
2 Tell Directorabout new
content
EdgeSystems
3 Tell caches to update content
Director GUI
K9 – For free
If you want to protect your family with Content FilteringBlue Coat is now giving it away, read more at:
http://www.getk9.com/refer/Roger.Gotthardsson
Please send this link to anyone you want !!!!