Professional Documents
Culture Documents
BlueCoat Roger Gotthardsson
BlueCoat Roger Gotthardsson
Roger Gotthardsson
Sr. Systems Engineer
roger@bluecoat.com
Agenda
Company
Corporate data
Solutions
Client Proxy Solution
Blue Coat Webfilter
SSL Proxy
Reverse Proxy
MACH5
Products
ProxySG, ProxyAV, Director, Reporter
K9, - Blue Coat Webfilter at home for free
Company
Client Proxy
Byte Caching
Authentication
Logging
Protocol
detection
BW
management
Policy
Clients
Internet
Caching
Antivirus
Protocol
optimization
URL-Filtering
Compression
Application proxy
Streaming
Yahoo-IM
AOL-IM
FTP
MSN-IM
Internet
MAPI
CIFS
.mp3
.xxx
P2P
Telnet/Shell
gral.se
DNS
TCP-Tunnel
SOCKS
Public
Web
Server
Public Internet
Authentication
NT, W2000 or
W2003 DC
RADIUS
Server
Netegrity
SiteMinder
Policy
Substitution
AD
Directory
Directory
Directory
Clients
Internet
LDAP
Client
Certifficate
On box
Database
Oblix
Directory
X509/CA
List
Directory
Public
Web
Server
NTLM, AD (Single-Sign-on),
LDAP, Radius, Forms, local
password.
Policy Processing Engine:
All user web application
requests are subjected to
granular security policy
Public Internet
NTLM, AD (Single-Sign-on),
LDAP, Radius, Forms, local
password.
Policy Processing Engine:
All user web application
requests are subjected to
granular security policy
Content Filtering: Requests
for content are controlled
using content filtering based
on granular policy
Public
Web
Server
Public Internet
Content Filtering
Organizations need to control what users are doing when
accessing the internet to protect from legal liability and productivity
risks
Blue Coat and our partners enable
enterprise-class content filtering
Powerful granular user control using
Blue Coats Policy Processing Engine
By user, group, destination IP and/or URL,
time of day, site, category, lots more
Digital Arts
Smartfilter
InterSafe
Websense
Clients
Optenet
SurfControl
IWF
Proventia
Internet
Your lists
exceptions
BlueCoat
webfilter
DRTR
Public Internet
NTLM, AD (Single-Sign-on),
LDAP, Radius, Forms, local
password.
Policy Processing Engine:
All user web application
requests are subjected to
granular security policy
Content Filtering: Requests
for content are controlled
using content filtering based
on granular policy
Public
Web
Server
HTTP Compression
ProxySG can support a mixed mode of HTTP compression operation
Original Content Server (OCS) or Core ProxySG can send either (de)compressed content to
edge or core ProxySG using GZIP or Deflate algorithms
Core ProxySG
compressed
compressed
compressed
Edge ProxySG
uncompressed
uncompressed
Remote Office
compressed
ProxySG
uncompressed
HQ Office
compressed
uncompressed
Enterprise
uncompressed
Internet
BENEFITS
Public Internet
NTLM, AD (Single-Sign-on),
LDAP, Radius, Forms, local
password.
Policy Processing Engine:
All user web application
requests are subjected to
granular security policy
Content Filtering: Requests
for content are controlled
using content filtering based
on granular policy
Public
Web
Server
Virus scanning:
Web
Potentially harmful content
entering network via HTTP,
HTTPS and FTP
is stripped or scanned
by ProxyAV.
Clients
Internet
Sophos
McAfee
Kaspersky
Panda
ProxyAV
ProxyAV
ProxySG & ProxyAV
- Large Enterprise/Network Core
- Scan once, serve many (cache benefit)
Internet
ProxySG
Internal
Network
Public Internet
NTLM, AD (Single-Sign-on),
LDAP, Radius, Forms, local
password.
Policy Processing Engine:
All user web application
requests are subjected to
granular security policy
Content Filtering: Requests
for content are controlled
using content filtering based
on granular policy
Public
Web
Server
Virus scanning:
Web
Potentially harmful content
entering network from web
is stripped or scanned
by ProxyAV.
Prevention is better
Spyware:
than a cure.
Internet
ProxySG
High-performance Web AV
Internal
Network
ProxyAV
Public Internet
NTLM, AD (Single-Sign-on),
LDAP, Radius, Forms, local
password.
Policy Processing Engine:
All user web application
requests are subjected to
granular security policy
Content Filtering: Requests
for content are controlled
using content filtering based
on granular policy
Public
Web
Server
Virus scanning:
Web
Potentially harmful content
entering network from web
is stripped or scanned
by ProxyAV.
Prevention is better
Spyware:
than a cure.
NTLM, AD (Single-Sign-on),
LDAP, Radius, Forms, local
password.
Policy Processing Engine:
All user web application
requests are subjected to
granular security policy
Content Filtering: Requests
for content are controlled
using content filtering based
on granular policy
Public Internet
Public
Web
Server
Virus scanning:
Web
Potentially harmful content
entering network from web
is stripped or scanned
by ProxyAV.
Prevention is better
Spyware:
than a cure.
Streaming acceleration
Streaming
Enhancements
Store, Cache & distribute
Video On Demand
Schedule VOD content to
be played as Live Content
Convert between Multicast-Unicast
Authenticate Streaming users
To NTLM, Ldap, RADIUS+Onbox
Internal
Network
NTLM, AD (Single-Sign-on),
LDAP, Radius, Forms, local
password.
Policy Processing Engine:
All user web application
requests are subjected to
granular security policy
Content Filtering: Requests
for content are controlled
using content filtering based
on granular policy
Public Internet
Public
Web
Server
Virus scanning:
Web
Potentially harmful content
entering network from web
is stripped or scanned
by ProxyAV.
Prevention is better
Spyware:
than a cure.
Intranet
Web
Server
Reporter
The Internet
The internet today consists of 350 million webservers.
A large ammount of these conatain information you
dont want in your organisation.
A cleaver solution would be to use Content Filtering.
BlueCoat now introduces Generation 3 of content
filtering, BlueCoat Webfilter.
350 Million
Generation 1
The first generation of content filters consisted of
static manually managed lists of popular pornographic
and unproductive websites. Very often retreived from
access logs, popular bad sites where banned.
1 Million
349 Million
Generation 2
Corporations relised they could make money of a list
and started to collect lists and logs from the web, manually
rating these in larger scale. More categories where added
to increase value. The systems started to collect URL:S
autmatically and download new lists periodicly. Some
of them even many times every day.
15 Million
Generation 2
Number of URL:s was in the numbers of 10-20 millions.
Hitrates in logsystems presented was in the numbers of
50-80%. Regular expression on URL:s and other tricks
sometimes gave a false picture of rating over 90%. But in
fact less than 5% of the Internet was covered.
15 Million
335 Million
Generation 3
The dynamics of internet and new security risks
urged for a new way of categorizing the Internet,
Dynamic rating of uncategorized websites can today
rate most websites, the ones thats impossible to rate
could be stripped down to present only html and
images to reduce risk.
15 Million
Internet
Servers
44s
language 1
language 2
language 3
language 4
language 5
language n
DRTR
Clients
Customer
DXD
BlueCoat
To background rating
G2
Language detection
RS
DBR
HR
SSL Proxy
Apps
SSL
Policy
SSL
User
Internet
Internal
Network
Server-Proxy Connection
Proxy
Algorithms I support.
Connection Request.
Server
Algorithms I support.
Connection Request.
Verify certificate
and extract (proxys)
public key.
Lets use
this algorithm.
Emulated certificate.
Complete
Authentication.
Complete
Authentication.
Tunnel Established
Verify certificate
and extract servers
public key.
Complete
Authentication.
Complete
Authentication.
Tunnel Established
Flexible Configurations
Trusted applications passed through
Sensitive, known, financial or health care
No cache, visibility
Option 1
Awareness of network-level
information only
Control
Apps
User
SSL
Internet
TCP
TCP
Flexible Configurations
Initial checks performed
Valid user, valid application
Valid server cert
Option 2
Control
User
SSL
Internet
TCP
TCP
Flexible Configurations
Initial checks performed
Valid user, valid application
Valid server cert
Option 3
Full termination/proxy
Control
Apps
User
Internet
SSL
SSL
TCP
TCP
Reverse Proxy
Reverse Proxy
Logging
Policy
Authentication
URL-rewrite
Internet
Clients
Servers
AV
SSL/Certificate
Caching
Reverse Proxy
PROTECTS Web Servers
Secure, object-based OS
Controls access to web apps
Web AV scanning
Intelligent caching
Compression and bandwidth mgt.
TCP & SSL offload
Web
Servers
ProxySG
Firewall
Internal
Network
Users
Public
Internet
Users
SIMPLIFIES Operations
Scalable, optimized appliance
Easy policy creation & management
Complete logging & reporting
HTTPS Termination
HTTPS Termination (Client ProxySG)
Off-load secure website or portal
Bandwidth
Protocol
Management Optimization
Object
Caching
Byte
Caching
Compression
SSL Traffic
Internally
Hosted Apps
Performance quality
becoming a requirement
Network and application issues must
be addressed
Control and acceleration of video
is needed
Bandwidth Management
Sales Automation App
Priority 1
Min 400Kb, Max 800Kb
E-Mail
Priority 2
Min 100Kb, Max 400Kb
File Services
Priority 3
Min 400Kb, Max 800Kb
Protocol Optimization
Protocol Optimization
10-100X Faster
Includes CIFS, MAPI, HTTP, HTTPS, TCP
Object Caching
Built on high-level applications and protocols
HTTP/Web caching
Streaming caches
CIFS cache
Advantages
Fastest response times
Offload work from servers (and networks)
Can be deployed asymmetrically
Limitations
Application-specific
All or nothing: No benefit if whole object not found or
changed
Byte Caching
Local History Cache
..11011111001110011...111001111001
..11011111001110011...111001111001
Sequences are
100101011101100100001101001100111
100101011101100100001101001100111
They are
The
original
001000001111000111001100011000001
001000001111000111001100011000001
found in the local
001111000000110111101001000011011 Proxies keep
001111000000110111101001000011011
transmitted
as
stream
is
history
cache
0001011111001010101011100110100111a history of all
0001011111001010101011100110100111
small
reconstructed
010011110010000000000001110010111
010011110010000000000001110010111
001011011011010010101100101100111 bytes sent
references over
using the 001011011011010010101100101100111
10001111111111000000000
10001111111111000000000
and received
the WAN
11011111001110010010010111001
10010101110110010000110100110
01110010000011110001110011000
11000001001111000000110111101
00100001101101001011111001101
00111011010011010011110010000
00000000111001011100101101101
1010010101100101100
Local LAN
remote history
cache
[R1]0010010[R2]1001011111
00110100111011010011[R3]
WAN Link
11011111001110010010010111001
10010101110110010000110100110
01110010000011110001110011000
11000001001111000000110111101
00100001101101001011111001101
00111011010011010011110010000
00000000111001011100101101101
1010010101100101100
Remote LAN
Compression
110111110011100100100
110111110011100100100
101110011001010111011
101110011001010111011
001000011010011001110
001000011010011001110
010000011110001110011
010000011110001110011
000110000010011110000
000110000010011110000
001101111010010000110 1101111100111001001001011100110010101110110010000 001101111010010000110
110100101111100110100 10011001110010000011110001110011000110000010011
110100101111100110100
111011010011010011110
111011010011010011110
010000000000001110010
010000000000001110010
111001011011011010010
111001011011011010010
101100101100010100100
101100101100010100100
101010101010100010111
101010101010100010111
COMPRESSION
Byte Caching
Compression
Bandwidth Management
Protocol Optimization
Object Caching
Object caches are built on higher level applications and
protocols
HTTP/Web caching
Streaming caches
CIFS cache
Proxy?
Object Caching
Byte Cache
HTTP(S), FTP,
Streaming, CIFS
Built on TCP
Server Offload
Network Offload
Incremental Updates
No App Integration
Scope
Best
Good
Focused
Broad
Products
SG8000 Series
SG800 Series
Remote
Offices
SG400 Series
SG200 Series
GA April 2006
Branch Office
Enterprise Core
ProxyAV Appliances
Corporate
Headquarters
2000-E Series
400-E Series
Remote
Offices
Connected
Users
Up to 250 users
100-2000 users
WAN
Bandwidth
Sub 1.5Mbps
Bandwidth
1.5Mbps- 45Mbps
Bandwidth
150Mbps +
Bandwidth
Performance
400-E1
One Model: 400-E1
RAM: 512 MB
CPU: 1.26GHz PIII
Disk drive 40 GB IDE
Network Interfaces (2 on board) 10/100 BaseT Ethernet
19" Rack-mountable
Software
Reporter (SW)
Licenced products
Licensed products
Streaming
Real Networks, Microsoft, Quicktime
Instant Messaging
MSN, Yahoo, AOL
Optional Security (HW+SW bundle)
SSL termination/proxy
Licenced products
Licensed products
Content filtering
BlueCoat Webfilter
ICAP AV Scanner
ProxyAV (McAfee, Sophos, Panda, Kaspersky, Ahn Labs)
Policy Control
Accelerated Applications
Multiprotocol
Accelerated Caching
Hierarchy
BW mgmt, compression,
protocol optimization
Byte & object caching
Management
Management
User Interface
HTTP (HTTPS), web GUI Interface
Telnet (Cisco CLI)
SSH & Serial console
Java Policy interface
CPL, Policy Language
SNMP MIBII + Traps
Monitor network status and statistics
Reporting tools
BlueCoat Reporter
Scalable management
Centralized configuration management in Director
Reporting (example)
18.2 %
16.5 %
9.5 %
6.8 %
Spyware (gator)
Aftonbladet
Ads (in top 40)
https (encrypted)
Workstation
Configuration Management
Policy Management
Director
(2) Snapshot profile
and save on
Director
Profile system
Resource Management
Monitor network
status and statistics
Profile Management
Backup configuration
Create overlays using GUI
or CLI. Automate changes
License Management
Production systems
Publish
content
WWW
Servers
Pull content
from origin
servers.
Content
Owners
Edge
Systems
Director
Tell Director
about new
content
Tell caches to
update content
Users
Deliver the
content.
Director GUI
K9 For free
http://www.getk9.com/refer/Roger.Gotthardsson
Please send this link to anyone you want !!!!