Intelligent Application Switching 1 Radware Affidabilità, Prestazioni, Sicurezza Alberto Prandini...
-
Upload
blake-cannon -
Category
Documents
-
view
225 -
download
0
Transcript of Intelligent Application Switching 1 Radware Affidabilità, Prestazioni, Sicurezza Alberto Prandini...
1
Intelligent Application Switching
RadwareAffidabilità, Prestazioni, Sicurezza
Alberto Prandini
Channel Sales Manager
Radware Italia
Claudio Vettoretto
Product Manager COMPUTERLINKS
2
Intelligent Application Switching
3
Intelligent Application Switching
Networked Applications Are The Core Enabler for Enterprise Operation
Our Vision
4
Intelligent Application Switching
Our Mission
To ensure: full availability, maximum performance and complete security of our customers mission critical applications, end-to-end across the enterprise.
5
Intelligent Application Switching
Mission Critical ApplicationsREGIONAL OFFICE
BRANCH OFFICE
FirewallWeb, Email, CRM ERP
HEADQUARTERS
Antivirus Gateway
Router
• Enterprise business depends on mission critical applications
• ERP, CRM, e-mail & operational databases become web based
• Applications are used by employees, suppliers, partners and customers
Client
Criticalapplications
6
Intelligent Application Switching
End-To-End Availability ChallengesREGIONAL OFFICE
BRANCH OFFICE
FireWallWeb, Email, CRM ERP
HEADQUARTERS
Antivirus Gateway
Router
• Multiple failure points
• End-to-end path is critical for application
7
Intelligent Application Switching
End To End Performance ChallengesREGIONAL OFFICE
BRANCH OFFICE
FirewallWeb, Email, CRM ERP
HEADQUARTERS
Antivirus Gateway
Router
• Multiple performance bottlenecks
• No application awareness or prioritization
• Slow application response time to clients
8
Intelligent Application Switching
End-To-End Security ChallengesREGIONAL OFFICE
BRANCH OFFICE
FirewallWeb, Email, CRM ERP
HEADQUARTERS
Antivirus Gateway
Router
• Security threats may originate internally, externally or flow from branches
• Application availability is at risk from application level attacks such as worms, viruses and DoS
9
Intelligent Application Switching
Radware Addresses Industry Trends
Growth in Mission Critical Applications
Convergence of IP & Web
Enterprise Wide Deployment Application Threats Are Exploding
Need for Availability, Performance, Security
Network must be Application Aware
Availability, Performance, Security required at the branch
High Performance Solution for Intrusion Prevention
10
Intelligent Application Switching
Radware Meets Challenges
Radware Intelligent Application Switching (IAS) enables the Availability, Performance & Security of networked applications across the enterprise.Radware Provides Availability, Performance & Security for Mission Critical Applications
11
Intelligent Application Switching
End-to-end Application AssuranceREGIONAL OFFICE
BRANCH OFFICE
Firewalls
Antivirus Gateway
Web, Email, CRM, ERP
HEADQUARTERS
Routers
100%Availability
Maximum Performance
AbsoluteSecurity
15
Intelligent Application Switching
Application Aware Services
Radware Solution Architecture
End to End Hardware platforms
Configware Insite
SynApps™
H/W Platform by Throughput
CommonSoftware
Architecture
Unified End-to-end Management
16
Intelligent Application Switching
WSD CertainT100
FireProof CID
LinkProof LP-Branch
DefensePro
End-to-End Application Switching
Applications
Security
Connectivity
introducingradware
17
Intelligent Application Switching
Solutions
18
Intelligent Application Switching
Applications
WSD CertainT100
Corporate users
ERP, CRM, Mail
19
Intelligent Application Switching
Radware Market LeadershipWhy Radware
March 2004: Gartner Places Radware in the Leader Quadrant in Web-enabled Application Delivery Magic Quadrant
The Magic Quadrant is copyrighted 2004 by Gartner, Inc. and is reused with permission. The Magic Quadrant is a graphical representation of a marketplace at and for a specific time period. It depicts Gartner's analysis of how certain vendors measure against criteria for that marketplace, as defined by Gartner. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors placed in the "Leaders" quadrant. The Magic Quadrant is intended solely as a research tool, and is not meant to be a specific guide to action. Gartner disclaims all warranties, express or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Gartner defines Leaders as performing well today, having a clear vision of market direction and actively building competencies to sustain their leadership position in the market.
20
Intelligent Application Switching
DEFENCE PRO Application
SecuritySwitch
21
Intelligent Application Switching
Connect & Protect Applications
The majority of security threats are at the application level (Worms, Viruses, Intrusions, DoS) targeting networked applications:
Growing reliance on distributed / web applications
Attacks flow across firewalls without inspection
Explosive growth in number of attacks
Increasing severity & cost of attacks
The Need
22
Intelligent Application Switching
DefensePro
DefensePro Isolates, Blocks & Prevents Attacks for Immediate, High Capacity Application Security
23
Intelligent Application Switching
• 3 Gbps deep packet inspection
• Blocking of viruses, worms, trojans & malicious signatures
• Anti-scanning
• Bi-directional scanning
• Over 1,400 common & Radware attack signatures
• Automatic Security Attack Filter Updates
Immediate Blocking of Intrusions
24
Intelligent Application Switching
• Multi-Gigabit Denial of Service Detection & Blocking
• Traffic anomaly detection by baseline monitoring
• Advanced sampling mechanism
• Advanced Syn flood protection using Syn-cookies
• Blocking up to 1 Million Syns / 500Mbps attack while forwarding legitimate traffic
Features& Benefits Denial of Service Protection
25
Intelligent Application Switching
Dynamic Traffic Shaping
• Dynamic traffic shaping to ensure continuity of mission critical applications, even when under attack
• End-to-end bandwidth management & QoS to guarantee Service Level Agreements & accelerate application performance
• Eliminate security threats of P2P traffic
"Adding more bandwidth may only improve the response of non-essential applications. It does not guarantee that the bandwidth will be available to the applications that need it most,““Traffic Management: Optimizing the Enterprise Network for Maximum Business Value," Yankee Group,
October 03
27
Intelligent Application Switching
introducingDefensePro
• Inline Solution
• Highest Port density
• StringMatch ASIC Hardware for 1000X Inspection Acceleration
Industry 1st Security Switch
28
Intelligent Application Switching
Security Update ServiceintroducingDefensePro
Subscriber service for continuous attack filter updates protecting against existing & emergent threats.
29
Intelligent Application Switching
Enterprise Application Security
UsersRouter
Servers
L2/3 Switch
Floor1
Floor 2
Floor 3
DefensePro
Real time protection of ALL LAN segments & applications
Cleaning all incoming / outgoing traffic
Isolation of attack impact on distributed critical applications
No patch management
Applications
30
Intelligent Application Switching
Unified Security Reporting
32
Intelligent Application Switching
Security Activation
33
Intelligent Application Switching
Multiple Security Vulnerabilities
Multiple Failure Points (Availability Challenge) Response Time Decreases with addition of security toolsNo Performance Scalability
TheChallenge
LAN Anti-Spam
IDS
FireWallAnti-VirusURL Filter
OverloadFailure
34
Intelligent Application Switching
Typical Security Redundancy Solution
TheChallenge
LAN
URL FilterAnti-Spam
IDS
Anti-Virus
• Limited to proprietary redundancy by tool• No ability to add new security tools • No performance scalability• Complex management
Firewall
IDS
FirewallAnti-Spam URL Filter Anti-Virus
35
Intelligent Application Switching
Switched Based Security Architecture Solution
Firewall
Anti-Spam URL Filter Anti-Virus
Anti-Spam
Firewall
IDS
IDS
LAN
URL Filter Anti-Virus
36
Intelligent Application SwitchingConnectivity
LOW PRICE MULTIHOMING I VANTAGGI
..drastica riduzione dei costi di linea… alta affidabilità
...scalabilità e flessibilità… controllo completo dell`utilizzo delle linee
…gestione della banda…aumento della sicurezza…controllo e reportistica
37
Intelligent Application Switching
Tipicamente le società scelgono soluzioni di connettività dati basate su collegamenti dedicati (ex. MPLS, CDN, Frame Relay) o Broadband (ex. HDSL, ADSL).
Quando viene scelto un collegamento dedicato, si deve giungere ad un compromesso fra una linea molto costosa ed una linea di bassa qualità.
Quando viene invece scelto un collegamento a consumo, volumi di traffico inattesi possono portare a spese esorbitanti e non controllate. Questo è anche conseguenza dello scarso livello di controllo che un utente ha sul traffico generato.
Inoltre, indipendetemente dalla scelta di connettività fatta, nella maggior parte dei casi i collegamenti sono single link non ridondati.
Il risultato è che le spese di connettività risultano essere elevate, le linee non forniscono sempre la qualità desiderata, gli utenti hanno limitato controllo del traffico e nel tempo si evidenziano problematiche impreviste (ad es. interruzioni nel servizio) che diventano causa di costi aggiuntivi e perdite della produttività.
Il problema ....
38
Intelligent Application Switching
La situazione attuale: cosa si verifica....
La connessioneè sempre lenta
Cosa sta Succedendo?
.. Questo film è fantastico! Lo scarico
subito
Quanto costa!!!Ho preso un virus?
Flat xDSL Line
100% Full5% Bw
90% Bw Sicurezza !
La fattura!!!
Costo connettività singolo Link (es HDSL 2 Mbits:
18.000€)
39
Intelligent Application Switching
Ho perso L`affare!
Questa non ci voleva
Finalmente un pò di tranquillità
.. con tutti gli investimenti
fatti!Internet !&%?
La criticità maggiore: no High Availability
Costi del Downtime-Business persi-Produttività-Ripristino-Immagine
40
Intelligent Application Switching
Ah! La connessione è veloce!
Ora posso stareveramentetranquillo
Sigh ... questa sera
vado al cinema
Vieni .. ti spiegola Mia strategiaImpossibile.
Funziona!
50% bw
No limit Bw
5% bw
50% bw
HDSL a consumo
FlatADSL Line
La soluzione: gestire l’utilizzo di + link !!!
Costo complessivo: DOPPIO Link (es HDSL 2 Mbits con 10 GB traffico/mese +
ADSL 640/128 Flat + Radware LinkProof Branch SynApps
14.533€ per il primo anno, 7.193€ i successivi )
RadwareLinkproof
41
Intelligent Application Switching
Soluzione per le Intranet
Headquarter Local Network
Remote Office 1
Remote Office 2
LinkProof Branch + VPN Support
LinkProof Branch + VPN Support
SP 1
SP 2
Migration to xDSL connections
R.O.I. Medio1 ANNO !!
42
Intelligent Application Switching
Unmatched benefits
- End-to-End High availability: 24x7 non stop service- Mix & match all type of connections: best flexibility and scalability- Full management of the bandwidth: set the appropriate priorities- Secure connectivity at application layer: increased the protection -Transparent migration: no need to stop the operations- Cost reduction: to be able to use low cost connections, no need to use dedicated firewalls in the branch offices and use of low cost routers- Best Return of Investment
43
Intelligent Application Switching
Summary
44
Intelligent Application Switching
Join Radware Leadership
Cisco
Nortel
Others
Radware
Growing Market Share
End to end solutions Recognized Leadership
Positive Financial Traction
Availability Performance Security
45
Intelligent Application Switching
Radware is the only vendor that offers:
Integrated Solution Architecture