Intelligent Application Switching 1 Radware Affidabilità, Prestazioni, Sicurezza Alberto Prandini...

1

Intelligent Application Switching

RadwareAffidabilità, Prestazioni, Sicurezza

Alberto Prandini

Channel Sales Manager

Radware Italia

Claudio Vettoretto

Product Manager COMPUTERLINKS

[email protected]

2


3


Networked Applications Are The Core Enabler for Enterprise Operation

Our Vision

4


Our Mission

To ensure: full availability, maximum performance and complete security of our customers mission critical applications, end-to-end across the enterprise.

5


Mission Critical ApplicationsREGIONAL OFFICE

BRANCH OFFICE

FirewallWeb, Email, CRM ERP

HEADQUARTERS

Antivirus Gateway

Router

• Enterprise business depends on mission critical applications

• ERP, CRM, e-mail & operational databases become web based

• Applications are used by employees, suppliers, partners and customers

Client

Criticalapplications

6


End-To-End Availability ChallengesREGIONAL OFFICE

BRANCH OFFICE

FireWallWeb, Email, CRM ERP

HEADQUARTERS

Antivirus Gateway

Router

• Multiple failure points

• End-to-end path is critical for application

7


End To End Performance ChallengesREGIONAL OFFICE

BRANCH OFFICE


HEADQUARTERS

Antivirus Gateway

Router

• Multiple performance bottlenecks

• No application awareness or prioritization

• Slow application response time to clients

8


End-To-End Security ChallengesREGIONAL OFFICE

BRANCH OFFICE


HEADQUARTERS

Antivirus Gateway

Router

• Security threats may originate internally, externally or flow from branches

• Application availability is at risk from application level attacks such as worms, viruses and DoS

9


Radware Addresses Industry Trends

Growth in Mission Critical Applications

Convergence of IP & Web

Enterprise Wide Deployment Application Threats Are Exploding

Need for Availability, Performance, Security

Network must be Application Aware

Availability, Performance, Security required at the branch

High Performance Solution for Intrusion Prevention

10


Radware Meets Challenges

Radware Intelligent Application Switching (IAS) enables the Availability, Performance & Security of networked applications across the enterprise.Radware Provides Availability, Performance & Security for Mission Critical Applications

11


End-to-end Application AssuranceREGIONAL OFFICE

BRANCH OFFICE

Firewalls

Antivirus Gateway

Web, Email, CRM, ERP

HEADQUARTERS

Routers

100%Availability

Maximum Performance

AbsoluteSecurity

15


Application Aware Services

Radware Solution Architecture

End to End Hardware platforms

Configware Insite

SynApps™

H/W Platform by Throughput

CommonSoftware

Architecture

Unified End-to-end Management

16


WSD CertainT100

FireProof CID

LinkProof LP-Branch

DefensePro

End-to-End Application Switching

Applications

Security

Connectivity

introducingradware

17


Solutions

18


Applications

WSD CertainT100

Corporate users

ERP, CRM, Mail

19


Radware Market LeadershipWhy Radware

March 2004: Gartner Places Radware in the Leader Quadrant in Web-enabled Application Delivery Magic Quadrant

The Magic Quadrant is copyrighted 2004 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

Gartner defines Leaders as performing well today, having a clear vision of market direction and actively building competencies to sustain their leadership position in the market.

20


DEFENCE PRO Application

SecuritySwitch

21


Connect & Protect Applications

The majority of security threats are at the application level (Worms, Viruses, Intrusions, DoS) targeting networked applications:

Growing reliance on distributed / web applications

Attacks flow across firewalls without inspection

Explosive growth in number of attacks

Increasing severity & cost of attacks

The Need

22


DefensePro

DefensePro Isolates, Blocks & Prevents Attacks for Immediate, High Capacity Application Security

23


• 3 Gbps deep packet inspection

• Blocking of viruses, worms, trojans & malicious signatures

• Anti-scanning

• Bi-directional scanning

• Over 1,400 common & Radware attack signatures

• Automatic Security Attack Filter Updates

Immediate Blocking of Intrusions

24


• Multi-Gigabit Denial of Service Detection & Blocking

• Traffic anomaly detection by baseline monitoring

• Advanced sampling mechanism

• Advanced Syn flood protection using Syn-cookies

• Blocking up to 1 Million Syns / 500Mbps attack while forwarding legitimate traffic

Features& Benefits Denial of Service Protection

25


Dynamic Traffic Shaping

• Dynamic traffic shaping to ensure continuity of mission critical applications, even when under attack

• End-to-end bandwidth management & QoS to guarantee Service Level Agreements & accelerate application performance

• Eliminate security threats of P2P traffic

"Adding more bandwidth may only improve the response of non-essential applications. It does not guarantee that the bandwidth will be available to the applications that need it most,““Traffic Management: Optimizing the Enterprise Network for Maximum Business Value," Yankee Group,

October 03

27


introducingDefensePro

• Inline Solution

• Highest Port density

• StringMatch ASIC Hardware for 1000X Inspection Acceleration

Industry 1st Security Switch

28


Security Update ServiceintroducingDefensePro

Subscriber service for continuous attack filter updates protecting against existing & emergent threats.

29


Enterprise Application Security

UsersRouter

Servers

L2/3 Switch

Floor1

Floor 2

Floor 3

DefensePro

Real time protection of ALL LAN segments & applications

Cleaning all incoming / outgoing traffic

Isolation of attack impact on distributed critical applications

No patch management

Applications

30


Unified Security Reporting

32


Security Activation

33


Multiple Security Vulnerabilities

Multiple Failure Points (Availability Challenge) Response Time Decreases with addition of security toolsNo Performance Scalability

TheChallenge

LAN Anti-Spam

IDS

FireWallAnti-VirusURL Filter

OverloadFailure

34


Typical Security Redundancy Solution

TheChallenge

LAN

URL FilterAnti-Spam

IDS

Anti-Virus

• Limited to proprietary redundancy by tool• No ability to add new security tools • No performance scalability• Complex management

Firewall

IDS

FirewallAnti-Spam URL Filter Anti-Virus

35


Switched Based Security Architecture Solution

Firewall

Anti-Spam URL Filter Anti-Virus

Anti-Spam

Firewall

IDS

IDS

LAN

URL Filter Anti-Virus

36

Intelligent Application SwitchingConnectivity

LOW PRICE MULTIHOMING I VANTAGGI

..drastica riduzione dei costi di linea… alta affidabilità

...scalabilità e flessibilità… controllo completo dell`utilizzo delle linee

…gestione della banda…aumento della sicurezza…controllo e reportistica

37


Tipicamente le società scelgono soluzioni di connettività dati basate su collegamenti dedicati (ex. MPLS, CDN, Frame Relay) o Broadband (ex. HDSL, ADSL).

Quando viene scelto un collegamento dedicato, si deve giungere ad un compromesso fra una linea molto costosa ed una linea di bassa qualità.

Quando viene invece scelto un collegamento a consumo, volumi di traffico inattesi possono portare a spese esorbitanti e non controllate. Questo è anche conseguenza dello scarso livello di controllo che un utente ha sul traffico generato.

Inoltre, indipendetemente dalla scelta di connettività fatta, nella maggior parte dei casi i collegamenti sono single link non ridondati.

Il risultato è che le spese di connettività risultano essere elevate, le linee non forniscono sempre la qualità desiderata, gli utenti hanno limitato controllo del traffico e nel tempo si evidenziano problematiche impreviste (ad es. interruzioni nel servizio) che diventano causa di costi aggiuntivi e perdite della produttività.

Il problema ....

38


La situazione attuale: cosa si verifica....

La connessioneè sempre lenta

Cosa sta Succedendo?

.. Questo film è fantastico! Lo scarico

subito

Quanto costa!!!Ho preso un virus?

Flat xDSL Line

100% Full5% Bw

90% Bw Sicurezza !

La fattura!!!

Costo connettività singolo Link (es HDSL 2 Mbits:

18.000€)

39


Ho perso L`affare!

Questa non ci voleva

Finalmente un pò di tranquillità

.. con tutti gli investimenti

fatti!Internet !&%?

La criticità maggiore: no High Availability

Costi del Downtime-Business persi-Produttività-Ripristino-Immagine

40


Ah! La connessione è veloce!

Ora posso stareveramentetranquillo

Sigh ... questa sera

vado al cinema

Vieni .. ti spiegola Mia strategiaImpossibile.

Funziona!

50% bw

No limit Bw

5% bw

50% bw

HDSL a consumo

FlatADSL Line

La soluzione: gestire l’utilizzo di + link !!!

Costo complessivo: DOPPIO Link (es HDSL 2 Mbits con 10 GB traffico/mese +

ADSL 640/128 Flat + Radware LinkProof Branch SynApps

14.533€ per il primo anno, 7.193€ i successivi )

RadwareLinkproof

41


Soluzione per le Intranet

Headquarter Local Network

Remote Office 1

Remote Office 2

LinkProof Branch + VPN Support

LinkProof Branch + VPN Support

SP 1

SP 2

Migration to xDSL connections

R.O.I. Medio1 ANNO !!

42


Unmatched benefits

- End-to-End High availability: 24x7 non stop service- Mix & match all type of connections: best flexibility and scalability- Full management of the bandwidth: set the appropriate priorities- Secure connectivity at application layer: increased the protection -Transparent migration: no need to stop the operations- Cost reduction: to be able to use low cost connections, no need to use dedicated firewalls in the branch offices and use of low cost routers- Best Return of Investment

43


Summary

44


Join Radware Leadership

Cisco

Nortel

Others

Radware

Growing Market Share

End to end solutions Recognized Leadership

Positive Financial Traction

Availability Performance Security

45


Radware is the only vendor that offers:

Integrated Solution Architecture

Intelligent Application Switching 1 Radware Affidabilità, Prestazioni, Sicurezza Alberto Prandini...

Documents

Transcript of Intelligent Application Switching 1 Radware Affidabilità, Prestazioni, Sicurezza Alberto Prandini...