4. 4 What Can PacketShaper Do? Discover All Application Traffic Resolve IssuesPre-empt Problems MonitorUser Experience Control and ProtectApplication Performance Application Visibility Application QoS TroubleshootPerformance Issues
5. 5 PacketShaper Deployment Option: Asymmetric in the Core BranchOffices Centralized Data and Applications Core PacketShaper WAN Data Center IntelligenceCenter PolicyCenter
6. 6 PacketShaper Deployment Option:Symmetric with Branch Deployment Public Web Servers Web Content andApplications Centralized Data andApplications Internet Customers and Partners Branch PacketShaper Core PacketShaper WAN BranchOffices Data Center Employees IntelligenceCenter Branch PacketShaper PolicyCenter
8. 8 What is Application Visibility? Identifies Applications for What They Really Are Recreational Streaming8% E-mail20% P2P12% InternetGaming5% FileTransfers9% Oracle7% Citrix5% Web Browsing28% 53% of bandwidth being used by recreational applications 14% of bandwidth is “business critical” TN32702% Other4%
9. 9 Application Visibility Discover All Application Traffic 600+ applications, good & bad, sub-classify within complex apps / HTTP Monitor User Experience Measure & alarm, SLA compliance, VoIP metrics, integrate with other tools Troubleshoot Performance Issues Isolate delays, connections, host and app performance, capture & analyze
10. 10 Discovery Maps traffic to its classification library Automatically builds a list of the applications running on your network Provides basis for PacketShaper Application QoS technology Starts collecting performance data Utilization Efficiency Response times
11. 11 Industry-Leading Application Identification Blue Coat PacketShaper Unique to Blue Coat Behavioral characteristics Multi-packet flow analysis and profiling Beyond address andport-based analysis Identifies evasive applications Encrypted Port-hopping Tunneled
12. 12 Classification Maps traffic to its classification library Automatically builds a list of the applications running on your network 600+ Application classes Sub-classify within complex apps / HTTP Good, bad and malicious traffic Current and next generation applications Plug-In Architecture Enables new application definitions without firmware upgrade
13. 13 Application QoS Technology: Application-specific Bandwidth Control Application Session Provisioning provides: Hierarchical subclassifications of apps Per call or per session differentiation Far richer classification than routers Layer 7 Plus differentiation Customer-critical over recreational apps Latency-sensitive over bandwidth-hungry apps TCP and UDP Rate Control Managed on a flow- by flow basis at application level Guaranteed delay bounds for IP telephony on converged networks
14. 14 Monitor and Troubleshoot Measure Utilization, response times, performance & SLAs – per application Isolate What (application), where (server or network), who (users), how (captures, histories) Diagnose and fix problems Identify protocols, link latency & other environmental variables Determine what optimization / will help
16. 16 What is Application QoS? Unacceptable ERP performance Insufficient bandwidth and congestion Unpredictable Voice qualityCrowded out by bandwidth hungry apps Uncontrolled recreational traffic Wasted bandwidth and impact on business- critical applications
17. 17 What is Application QoS? Powerful, Dynamic Application-aware Bandwidth Shaping Great ERP performanceProtected from apps and congestion Voice quality – 100% assured all-level QoS 100% control of recreational traffic No matter how much it tries to hide
18. 18 Application QoS Resolve application performance issues Pre-empt performance problems Control bandwidth, dynamically Apportion and ensure service levels for applications Control and protect applications Protect and optimize time-sensitive / real-time apps SLAs for voice, transactions, streams Restrict bandwidth impact of recreational traffic
19. 19 Application QoS Technology: Policies and Partitions Policy-based Application QoS definitions and partitions by: Application Site or server User or user group Beyond Standard QoS Apply policies to protect critical traffic Smooth disruptive, bandwidth-intensive traffic Contain recreational traffic Block malicious traffic Set priorities to protect business-critical apps Non-critical apps can use remaining bandwidth
20. 20 Application QoS Technology: Rate Control and Predictive Scheduler Manages congestion proactively Latency reduced Packets drops minimized Fewer retransmissions Improved application performance. Improve efficiency to increase throughput Without App QOS With App QOS
21. 21 Compare Router-based QoS Manage bandwidth passively and react to congestion and packet loss Use port-based application traffic classification Use various packet-based queuing methods that: Are not bi-directional – cannot control inbound traffic at the other edge Add delay to transaction time and latency Cannot provide per-flow guarantees Are only truly effective as part of a comprehensive control strategy Are managed on a per-router basis Big management overhead in distributed deployments
22. 22 Router-based QoS Compared toPacketShaper Inbound Rate Control Configured in all the branches and Data Center, router-based Queuing relies on the bulk transfers being throttled down after packet loss… Branch Offices A Data Center Bulk Data 512Kbps 1Mbps B 512Kbps Citrix C 512Kbps PacketShaper’s Patented Rate Control applied only in the Data Center slows down the Bulk traffic without packet loss and before queues can build Bulk Data
23. 23 Compare Packet Marking and MPLS Applies only to carriers core Provisioned WAN service, not the entire link No way of assigning preference at the last mile Biggest bottleneck is typically last mile Aggregate shaping only Treats all connection requests the same Lacks ability to assign limit to number of call requests Needs complementary technology to overcome deficiencies Application classification for accurate marking Packet rate, bandwidth and flow control
24. 24 Intelligent Marking for MPLS Networks Application <<<GRANULARITY>>> enable accurate marking of application traffic DiffServ, MPLS, TOS Bandwidth allocation VoIP Classes of Service 256 Kbps SAP 768 Kbps Email Best effort RemoteOffice MPLSBackbone
28. ProxySG Key Functionality WAN Optimization Secure Web Gateway WAN Optimization accelerates business applications Files, Email and Internal Bulk Traffic Business Web / SaaS Content Delivery Secure Web Gateway secures the network Protect from Malware Guard Employee Productivity Prevent Data Leaks Validate Trusts Additional Products ProxyClient satisfies the needs of the remote user PacketShaper provides Application Visibility and QoS
29. What Can ProxySG Do? Protect Against Malware AccelerateInternal Bulk Traffic GuardEmployee Productivity Control and OptimizeExternal Applications Secure Web Gateway WAN Optimization PreventInformation Leaks Manage and DeliverVideo and Content ValidateTrust
30. ProxySG in the Network Centralized Data andApplications Public Web Servers Web Content andApplications Internet Customers and Partners Internet Gateway /Content Filtering Reverse Proxy BranchProxySG WAN ConcentratorProxy Data Center BranchProxySG Employees Reporter Remote Workers Director BranchOffices ProxyClient 30
31. SWG Design Criteria Appliance/OS/TCP-stack/Cache designed for web object processing Maximize utilization, throughput, and reliability Reduce rack space required, green solution Web protocol/application coverage (legacy & new) Authentication, Authorization, Logging & Reporting Web content optimization & acceleration Latency = Closed Filter & block unwanted web content URL Filtering options, real-time analysis of new content Web object filtering & blocking via policy controls Scan, detect and block threats Anti-malware/virus scanning options with cache intelligence MMC filtering/strip/replace/block policy controls Data Loss Prevention & Open Integration Point DLP/ILP options, plus web content & method controls Secure-ICAP and ICAP
32. Proxy Design benefits:Ultimate Control Point Full Protocol Termination = Total Visibility & Context (HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS) Custom built Blue Coat SGOS Secure platform that provides maximum benefit for caching Industry proven object caching capability Policy architecture enables flexible user controls on applications Secure ICAP for added security features and integration with DLP vendors
35. ProxySG WAN Optimization Technologies Object Caching Get web, file and video content close to users again Byte Caching Store repetitive network traffic for dramatic acceleration Compression Inline reduction of data to reduce application bandwidth Protocol Optimization Align high-level protocols with network characteristics
36. Object Caching - Get web, file and video content close to users again Automatically determines the “right” data No legal or compliance risk like other solutions Simply the fastest, most compressed data transfer All applications, internal and external
37. Object Caching DATACENTER Internet Full File Cached Locally (proxy) No data sent across WAN Reduced traffic and bandwidth usage Better user experience Lower WAN costs WAN BRANCH 37
38. Byte Caching - Store repetitive network traffic for dramatic acceleration 110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100 110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100 110111110011100100100101110111111111111111111111111111111111111111100011110001110011000110000010011110000001101111010010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010101010100101000010100 110111110011100100100101110[REF#1]00011110001110011000110000010011110000001101111010010[REF#2]010101010100101000010100 Proxies Cache common patterns All files & applications over TCP Reduced traffic and bandwidth usage Better user experience Lower WAN costs 38
39. Compression - Inline reduction of data to reduce application bandwidth 110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010101100101100101010101010010101010101010100101000010100 110111110011100100100101110011001010111011001000011010011001110010000011110001110011000110000010011110000001101111010010000110110100101111100110100111011010011010011110010000000000001110010111001011011011010010010010101010010101010101101100101100010100 11011111001110010010010111001100101011101100100001001100111001000001111000111001100011 Industry-standard gzip algorithm Removes predictable “white space” Reduced traffic and bandwidth usage Better user experience Lower WAN costs 39
40. High-level protocols and network characteristics High-level protocols are “chatty” Microsoft file access, Web/HTTP, File Transfer (FTP), Exchange, Citrix, ERP, etc Network characteristics WAN latency, not cured by simply adding more bandwidth
41. Protocol Acceleration - Align high-level protocols with network characteristics Protocol Acceleration replaces chatty protocols with a WAN optimized alternative Local acknowledgement Larger windows Transparent
42. WAN Optimization Technologies Working Together Object Caching Caches repeated, static app-level data; reduces andwidth and latency Byte Caching Caches any TCP application using similar/changed data; reduces BW Compression Reduces amount of data transmitted; saves BW Protocol Optimization Remove inefficiencies, reduce latency
44. ProxySG Policy Control Control network resources by user, application or content Full protocol termination for visibility and context HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS Fine-grained policy for: Application Protocols Content Users (allow, deny, transform, etc) Authentication integration, for example Active Directory Granular, flexible logging
45. Comparing ProxySG Control with PacketShaper Application QoS ProxySG Control focused on: Policy for user behavior and content management Eliminates dangerous or inappropriate traffic [Terminated] Application traffic-specific bandwidth shaping Depth of understanding, Protects against negative impact on business and compliance PacketShaper Application QoS focused on: Application behavior and bandwidth management Contains disruptive traffic Sees and manages all applications and entire network link Breadth of understanding Protects and maintains SLAs for business traffic