1. Roger Gotthardsson Sr. Systems Engineer roger@bluecoat.com
Blue Coat Systems
Roger Gotthardsson
Sr. Systems Engineer

2. Agenda Company Corporate data Solutions Client Proxy Solution
Blue Coat Webfilter
SSL Proxy
Reverse Proxy
MACH5
Products
ProxySG, ProxyAV, Director, Reporter
K9, - Blue Coat Webfilter at home for free

3. Company

4. Integrated Solution for Acceleration & Security
About Blue Coat
Innovative leader in secure content & application delivery
500+ employees; $146M annual revenue run rate
25,000+ appliances shipped worldwide to more than 4,000 customers
#1 (37%) market leader in Secure Content & Application Delivery (IDC)
Founded in 1996 with a focus on Acceleration
Accelerating Web applications…making Internet applications faster
Innovative proxy caching appliance with object pipelining, adaptive content refresh
Expanded in 2002 to include Policy Control & Security
Rich policy framework integrated with performance engine for visibility and control of users, content and applications
Visibility: Who, what, where, when, how
Control: accelerate, deny, limit, scan, strip, transform…
Performance…
then Security…
#1 Proxy Appliance Vendor – 37% Market share
Customer Stories
Growing rapidly
Integrated Solution for Acceleration & Security

5. Integrated Solution for Acceleration & Security
About Blue Coat
Strategic Investments
March 1996 Scalable Software (HTTP and OS Kernel)
September 1999 Invertex (SSL Hardware Encryption)
June 2000 Springbank Networks (Hardware Design and Routing Protocols)
December 2000 Entera (Streaming and Content Distribution)
November 2003 Ositis (Virus scanning appliance)
2004 – Cerberian (Content filtering)
2006 – Permeo Technologies (SSL VPN & client security)
Performance…
then Security…
#1 Proxy Appliance Vendor – 37% Market share
Customer Stories
Growing rapidly
Integrated Solution for Acceleration & Security

6. Client Proxy Solution

7. Protocol optimization
Client Proxy
Byte Caching
Protocol detection
Logging
BW management
Authentication
Policy
Internet
Clients
Caching
Antivirus
Protocol optimization
URL-Filtering
Compression

8. Application proxy ? .mp3 .xxx Internet Streaming AOL-IM Yahoo-IM
HTTP & HTTPS
FTP
MSN-IM
Internet
MAPI
.mp3
.xxx ?
gral.se
CIFS
P2P
Telnet/Shell
DNS
TCP-Tunnel
SOCKS

9. How We Secure the Web   Intranet Web Server Public Web Server
Internal Network
Public Internet  
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.

10. Authentication Internet AD Directory Directory Directory Directory
NT, W2000 or W2003 DC
RADIUS
Server
Netegrity
SiteMinder
Policy
Substitution AD
Directory
Directory
Directory
Clients
Internet
LDAP
Client Certifficate
On box
Database
Oblix
Directory
X509/CA
List
Directory

11. How We Secure the Web     Intranet Web Server Public Web Server
Internal Network
Public Internet  
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy 

12. How We Secure the Web       Intranet Web Server
Public Web Server  
Internal Network
Public Internet  
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy  

13. Content Filtering
Organizations need to control what users are doing when accessing the internet to protect from legal liability and productivity risks
Blue Coat and our partners enable enterprise-class content filtering
Powerful granular user control using Blue Coat’s Policy Processing Engine
By user, group, destination IP and/or URL, time of day, site, category, lots more
Multiple logging and reporting options
Integrates with all authentication (LDAP, RADIUS, NTLM, AD, 2-factor, etc)
Coaching, warnings, etc.
High performance with integrated caching
Drop-in appliance for easy to deploy and manage
De-facto industry content filtering platform
Content filtering, on the other hand, is about controlling what types of web sites users can access, preventing them from accessing inappropriate content. For example, content security would enable you to turn off access to all JPEGs, thereby breaking many web pages, whereas content filtering would prevent users from accessing sites that host JPEGs that are inappropriate for a work environment, such as sports related sites.

14. Content filtering databases
Digital Arts
InterSafe
Optenet
IWF
WebWasher
Proventia
Smartfilter
Websense
SurfControl
Clients
Internet
BlueCoat
webfilter
Your lists
exceptions
DRTR

15. How We Secure the Web         Intranet Web Server
Public Web Server   
Internal Network
Public Internet  
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy 
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.  

16. HTTP Compression
ProxySG can support a mixed mode of HTTP compression operation
Original Content Server (OCS) or Core ProxySG can send either (de)compressed content to edge or core ProxySG using GZIP or Deflate algorithms
compressed
Core ProxySG
uncompressed
Edge ProxySG
compressed
uncompressed
compressed
uncompressed
Remote Office
HQ Office
compressed
uncompressed
compressed
uncompressed
ProxySG
Enterprise
Internet

17. Bandwidth Management (BWM)
OBJECTIVE
Classify, control and limit the amount of bandwidth used by a class of network traffic
BENEFITS
Protect performance of mission critical applications
SAP, ERP apps
Prevent bandwidth greedy applications from impacting other applications
P2P
Provision bandwidth for applications that require a per-session amount of bandwidth
Streaming
Balance necessary and important, bandwidth intensive, applications
HTTP, IM

18. How We Secure the Web           Intranet Web Server
Public Web Server   
Internal Network
Public Internet   
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy 
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network via HTTP, HTTPS and FTP is stripped or scanned by ProxyAV.   

19. Virus, Code & Script scanning
Other ICAP servers
Clients
Internet
Sophos
McAfee
ProxyAV
Kaspersky
Panda

20. ProxyAV Purpose-built appliances for speed
ProxySG & ProxyAV
Large Enterprise/Network Core
Scan once, serve many (cache benefit)
Internet
Internal Network
ProxyAV
ProxySG
Virus Scans HTTP, FTP with caching benefit
ProxySG Load Balances
Purpose-built appliances for speed
“Scan once, serve many” to increase performance
High-availability & load-balancing
Purpose built operating systems

21. How We Secure the Web             Intranet Web Server
Public Web Server   
Internal Network 
Public Internet   
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy 
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.    

22. BlueCoat Spyware Prevention Solution
Stops spyware installations
Detect drive-by installers
Blocks spyware websites
On-Proxy URL categorization
Scans for spyware signatures
High-performance Web AV
Detects suspect systems
Forward to cleansing agent
Internet
Internal
Network
ProxyAV
ProxySG
Blue Coat Gateway Anti-Spyware blocks spyware installations
ProxySG™ appliances provide policy controls that inspect, filter and block Web content associated with Spyware installation software and masked Web sites used to phish users.
Blue Coat Gateway Anti-Spyware scans for spyware signatures
High-performance ProxyAV™ Web anti-virus appliance scans Web traffic for known spyware signatures using proven third party anti-virus scanning engines. The ProxyAV is the only solution capable of virus scanning Web traffic with low latency, leveraging cache intelligence logic to optimize performance.
Blue Coat Gateway Anti-Spyware prevents spyware communications
Blue Coat blocks client communications to known spyware and adware sources. Reporting features combined with on-proxy URL filtering identify Spyware “calling home” activity on the network. Communication attempting to reach a spyware domain is immediately terminated by Blue Coat’s ProxySG. The ProxySG supports five leading on-proxy URL filtering databases, plus custom categories, overrides and exceptions to advise, coach and enforce users.
Blue Coat Gateway Anti-Spyware targets spyware infected systems for cleansing
Blue Coat’s custom logging and reporting features enable administrators to target suspect systems and trigger spyware clean-up. Blue Coat will interoperate with InterMute’s SpySubtract solution for targeted cleansing and removal of spyware agents from desktops.

23. How We Secure the Web               Intranet Web Server
Public Web Server   
Internal Network 
Public Internet    
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy  
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
IM Traffic Control: IM traffic is subjected to policies and is logged    

24. IM Control with Blue Coat ProxySG
Granular IM policy control
By enterprise, group or user level
Control by IM feature (IM only, chat, attachments, video, etc.), internal or external IM, time of day, etc.
Control IM options include deny connection, strip attachment, log chat (including attachment)
Key word actions include send alert to IT or manager, log, strip, send warning message to user
Drop-in appliance for easy to deploy and manage IM control
Content filtering, on the other hand, is about controlling what types of web sites users can access, preventing them from accessing inappropriate content. For example, content security would enable you to turn off access to all JPEGs, thereby breaking many web pages, whereas content filtering would prevent users from accessing sites that host JPEGs that are inappropriate for a work environment, such as sports related sites.

25. How We Secure the Web                
Intranet Web Server
Public Web Server   
Internal Network  
Public Internet    
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy  
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
IM Traffic Control: IM traffic is subjected to policies and is logged
Caching: Acceptable, clean content is stored in cache and delivered to requestor.     

26. Streaming acceleration
Microsoft Streaming & Native RTSP
Live Stream split, VOD Stream cache
Rich Streaming features, Unicast-Multicast
Scheduling live streaming from VOD
Enhancements
Store, Cache & distribute Video On Demand
Schedule VOD content to be played as Live Content
Convert between Multicast-Unicast
Authenticate Streaming users To NTLM, Ldap, RADIUS+Onbox

27. How We Secure the Web                  
Intranet Web Server
Public Web Server    
Internal Network  
Public Internet    
AAA: User logs onto network and is authenticated via NTLM, AD (Single-Sign-on), LDAP, Radius, Forms, local password.
Policy Processing Engine: All user web application requests are subjected to granular security policy
Content Filtering: Requests for content are controlled using content filtering based on granular policy  
Bandwidth management: Compression, Bandwidth management and Streaming media Caching and Splitting.
Web Virus scanning: Potentially harmful content entering network from web is stripped or scanned by ProxyAV.
Spyware: Prevention is better than a cure.
IM Traffic Control: IM traffic is subjected to policies and is logged
Caching: Acceptable, clean content is stored in cache and delivered to requestor.
Reporting: All browser, streaming, IM & virus activity, can be reported using Bluecoat's highly configurable reporter.      

28. Reporter

29. Blue Coat Webfilter

30. The Internet The internet today consists of 350 million webservers.
A large ammount of these conatain information you
don’t want in your organisation.
A cleaver solution would be to use Content Filtering.
BlueCoat now introduces Generation 3 of content
filtering, BlueCoat Webfilter.
350 Million

31. Generation 1 The first generation of content filters consisted of
static manually managed lists of popular pornographic
and unproductive websites. Very often retreived from
access logs, popular bad sites where banned.
The intended purpose was to save bandwidth and
warn users that inapropriate behaviour was logged.
People got together and distributed their lists in free
lists compatible with proxies such as Squid.
The distributed list where in the size of a million URL:s
1 Million
349 Million

32. Generation 2 Corporations relised they could make money of a list
and started to collect lists and logs from the web, manually
rating these in larger scale. More categories where added
to increase value. The systems started to collect URL:S
autmatically and download new lists periodicly. Some
of them even many times every day.
Special categories where added for static security threats
placed on known webservers, spyware phishing etc. Other
than bad sites where added such as Economy, business,
news etc. to present statistics of Internet usage.
15 Million
335 Million

33. Generation 2 Number of URL:s was in the numbers of 10-20 millions.
Hitrates in logsystems presented was in the numbers of
50-80%. Regular expression on URL:s and other tricks
sometimes gave a false picture of rating over 90%. But in
fact less than 5% of the Internet was covered.
15 Million
335 Million

34. Generation 3
The dynamics of internet and new security risks urged for a new way of categorizing the Internet, Dynamic rating of uncategorized websites can today rate most websites, the ones thats impossible to rate could be stripped down to present only html and images to reduce risk.
The static URL database are constantly updated like any Generation 2 filter. This database is cached in some systems (ProxySG) to increase performance.
The rest (95%) of the Internet is categorised using dynamic rating.
15 Million
335 Million

35. Dynamic Real Time Rating
DBR
Servers
Internet
44µs RS G2
DRTR
language 1
language 2
language 3
language 4
language 5
language n
Language detection
To background rating HR
DXD
RS= Rating server
DXD = ?
DRTR= Dynamic real time rating
DBR= Dynamic Background Rating
HR= human rating
Clients
Customer
BlueCoat
* The picture is simplified, all systems are redundant.

36. SSL Proxy

37. SSL Proxy: Policy Enforcement
Control web content, applications, and services…regardless of encryption
Block, allow, throttle, scan, accelerate, insert, strip, redirect, transform …
Apply the same policies to encrypted traffic as to normal traffic
Stops/controls rogue applications that take advantage of SSL
Protect the enterprise from SSL-borne threats
Stop spyware and secured phishing
SSL-secured webmail and extranets – virus transmissions
SSL-borne malicious and inappropriate content
Accelerate critical applications
Enables a variety of acceleration techniques (e.g., caching)
Apps
SSL
Policy
SSL
User
Internet
Internal Network

38. Blue Coat: Visibility and Context
Client-Proxy Connection
Server-Proxy Connection
Client
Proxy
Server
Algorithms I support.
Connection Request.
Algorithms I support.
Connection Request.
Use this algorithm.
Server’s digital certificate.
Verify certificate and extract (proxy’s) public key.
Let’s use this algorithm.
Emulated certificate.
Verify certificate and extract server’s public key.
Red checkmarks are key:
Examine user and connection – valid user? Valid app?
Examine server response – valid cert? Expected response?
Ongoing examination of user/app interaction to ensure compliance with policy (e.g., no threats, no inappropriate content)
Complete Authentication.
Complete Authentication.
Complete Authentication.
Complete Authentication.
Tunnel Established
Tunnel Established

39. Flexible Configurations
Trusted applications passed through
Sensitive, known, financial or health care
No cache, visibility
Awareness of network-level information only
Option 1
Can granularly proxy or tunnel…or partially proxy (i.e., check to ensure valid app, user, and cert., then passthrough/tunnel)
Warn user with splash screen – remind user of policy and offer chance to “opt-out” of transaction
Caching granularity – can cache no SSL, all SSL, or only certain objects (e.g., JPEGs/GIFs)
Administrative granularity – can log all, none, certain elements; can log off-box, securely
Fine-grained content security controls (over 500 different triggers and actions) include:
Trusted Domains
Rogue Categories
Active Content Categories
Drive-by Installers (.CAB, .OCX, .MSI)
Executable file types & executable MIMEs
Active Content & MIME Types
User Agents
Speeds up business processes
High-performance: over 400Mbps
Low-latency: 3-4msec
Control
Apps
Internet
User
SSL
TCP
TCP

40. Flexible Configurations
Initial checks performed
Valid user, valid application
Valid server cert
User/application traffic passed through after initial checks
No cache
Visibility and context of network-level info, certificates, user, and applications
Can warn user, remind of AUP, and offer opt-out
Option 2
Can granularly proxy or tunnel…or partially proxy (i.e., check to ensure valid app, user, and cert., then passthrough/tunnel)
Warn user with splash screen – remind user of policy and offer chance to “opt-out” of transaction
Caching granularity – can cache no SSL, all SSL, or only certain objects (e.g., JPEGs/GIFs)
Administrative granularity – can log all, none, certain elements; can log off-box, securely
Fine-grained content security controls (over 500 different triggers and actions) include:
Trusted Domains
Rogue Categories
Active Content Categories
Drive-by Installers (.CAB, .OCX, .MSI)
Executable file types & executable MIMEs
Active Content & MIME Types
User Agents
Speeds up business processes
High-performance: over 400Mbps
Low-latency: 3-4msec
Control
Apps
Internet
User
SSL
TCP
TCP

41. Flexible Configurations
Initial checks performed
Valid user, valid application
Valid server cert
User/application traffic proxied after initial checks
Full caching and logging options
Visibility and context of network-level info, certificates, user, applications, content, etc.
Full termination/proxy
Can warn user, remind of AUP, and offer opt-out
Option 3
Can granularly proxy or tunnel…or partially proxy (i.e., check to ensure valid app, user, and cert., then passthrough/tunnel)
Warn user with splash screen – remind user of policy and offer chance to “opt-out” of transaction
Caching granularity – can cache no SSL, all SSL, or only certain objects (e.g., JPEGs/GIFs)
Administrative granularity – can log all, none, certain elements; can log off-box, securely
Fine-grained content security controls (over 500 different triggers and actions) include:
Trusted Domains
Rogue Categories
Active Content Categories
Drive-by Installers (.CAB, .OCX, .MSI)
Executable file types & executable MIMEs
Active Content & MIME Types
User Agents
Speeds up business processes
High-performance: over 400Mbps
Low-latency: 3-4msec
Control
Apps
User
SSL
Internet
SSL
TCP
TCP

42. Reverse Proxy

43. Reverse Proxy Internet Policy Logging Authentication URL-rewrite
Clients
Servers AV
SSL/Certificate
Caching

44. Secure & Accelerate Web Applications
Reverse Proxy
PROTECTS Web Servers
Secure, object-based OS
Controls access to web apps
Web AV scanning
ACCELERATES Web Content
Intelligent caching
Compression and bandwidth mgt.
TCP & SSL offload
Web Servers
Users
ProxySG
Firewall
Internal Network
Public
Internet
Users
ProxySG provides scalable performance and security for web content and applications
Secure proxy architecture
High-performance, scalable content delivery
Optimized appliance for cost-effective, easy-to-manage reverse proxy solution
Visual Policy Manager for intuitive policy creation and management
Comprehensive logging and reporting for visibility
SIMPLIFIES Operations
Scalable, optimized appliance
Easy policy creation & management
Complete logging & reporting
Secure & Accelerate Web Applications

45. HTTPS Termination HTTPS Termination (Client  ProxySG)
Off-load secure website or portal
HTTPS Origination (ProxySG  Server)
Secure channel to content server for clients
Man-in-the-Middle (Termination & Origination)
Allows caching, policy and virus scanning
Secure credential acquisitions
SSL Hardware Acceleration Cards
800 RSA transactions per second per card
SSL v2.0, v3.0, and TLS v1 support
Off-load web application servers to improve performance
Popular with application front-ending web applications like OWA, Siebel and others, HTTPS Termination off-loads application web servers and provide hardware acceleration for SSL. Secure traffic can be configured between clients and ProxySG (termination) or from ProxySG to a content server (Origination). Using both options, ProxySGs is the middle-man providing caching, policy and virus scanning benefits to a secure tunnel between client and content server. Also, ProxySG uniquely provides secure credential acquisitions for users and administrators.

46. Example Scenarios for Reverse Proxy
Secure and Accelerate Public Websites
Improves content delivery with integrated caching
Services legitimate users while resisting DoS attacks
High-performance SSL
Secure Corporate Webmail
Securely isolates Web servers from direct Internet access
Proxy authentication for additional layer of protection
Plug-n-play SSL
Scanning Uploaded Files for Viruses
Simple integration with ProxyAV™
Real-time scanning of uploaded content
Protects Web infrastructure from malware
ProxySG for Reverse Proxy can be deployed for a number of different web applications. Universal across these deployments are the need for effective web server protection and efficient web content acceleration. The most common ProxySG for Reverse Proxy scenarios include the following:
1) Securing and Accelerating a Public Website
2) Securing Corporate Web
3) Optional Web Virus Scanning of uploaded files

47. Accelerate Applications – All Users – All Locations

48. Recipe for Branch Performance Problems
Server Consolidation
Increased application traffic +
Inefficient application protocols +
Highly distributed users +
Cost concerns + compliance = consolidation
Consolidated applications + long distances + protocols pushed past their limits = poor application performance
Poor performance is largely turns, but can also be bandwidth-related
Industry answer is to accelerate traffic, but…
Narrow bandwidth links + =
Poor Application Performance

49. Minimum for Application Acceleration
Optimize use of existing WAN bandwidth
Reduce latency associated with applications
Improve the efficiency of application protocols
Prioritize the applications that matter most
Re-use and compress data where possible
Accelerate File Sharing, , and browser-based enterprise applications
Complete Solution Requires More

50. Platform for Application Acceleration
Multiprotocol Accelerated Caching Hierarchy
Bandwidth
Management
Protocol
Optimization
Object
Caching
Byte
Caching
Compression
File Services (CIFS), Web (HTTP), Exchange (MAPI), Video/Streaming (RTSP, MMS), Secure Web (SSL)

51. New Requirement: SSL Acceleration
Nearly 50% of all corporate Web application traffic is SSL
70% of all mobile and teleworkers use SSL for secure application delivery
68% of Blue Coat customers depend on externally hosted Web applications
More and More SSL…
SSL Traffic
Internally
Hosted Apps
Externally
Hosted Apps
Source: Blue Coat Customer Surveys

52. New Requirement: Video Acceleration
Enterprise users becoming more distributed
Mobile, teleworker, and branch/ remote offices
Regulatory and cost drivers
Remote employee training becoming a necessity
Live (streaming) and on-demand video
Performance quality becoming a requirement
Network and application issues must be addressed
Control and acceleration of video is needed

53. Bandwidth Management Divide user and application traffic into classes
Sales Automation App Priority 1
Min 400Kb, Max 800Kb
Priority 2
Min 100Kb, Max 400Kb
File Services
Priority 3
Min 400Kb, Max 800Kb
General Web Surfing
Priority 4
Min 0Kb, Max 200Kb
Divide user and application traffic into classes
Guarantee min and/or max bandwidth for a class
Align traffic classes to business priorities

54. Protocol Optimization
Packet #1 request client -- server
Open a file
Packet #2 response server - client
Indicate FileID or error if not found
FID is used in subsequent packet for accessing the file
Packet #3 request client -- server
Read from a file
Packet #4 response server - client
Returns file data requested
A client can not request another read until it receives the first request. Thus, large documents could require lots of round trips, causing a ping-pong effect. This is effect has been termed as a chatty protocol.

55. Protocol Optimization
Packet #1 request client -- server
Open a file
Packet #2 response server - client
Indicate FileID or error if not found
FID is used in subsequent packet for accessing the file
Packet #3 request client -- server
Read from a file
Packet #4 response server - client
Returns file data requested
A client can not request another read until it receives the first request. Thus, large documents could require lots of round trips, causing a ping-pong effect. This is effect has been termed as a chatty protocol.
10-100X Faster
Includes CIFS, MAPI, HTTP, HTTPS, TCP

56. Object Caching Built on high-level applications and protocols
Streaming caches
CIFS cache
Advantages
Fastest response times
Offload work from servers (and networks)
Can be deployed asymmetrically
Limitations
Application-specific
All or nothing: No benefit if whole object not found or changed

57. Byte Caching Local History Cache Remote History Cache… …
Sequences are found in the local history cache
They are transmitted as small references over the WAN
The original stream is reconstructed using the remote history cache
Proxies keep a history of all bytes sent and received
[R1] [R2] [R3]
Used for WAN Link Optimization
Deploy ProxySGs on both ends of a WAN link
Eliminate repeated sequences of bytes sent over WAN
Drastically improve performance for bandwidth limited applications
Consistent end user response times
Controlled application bandwidth requirements
Key Benefits
Completely transparent to client and server
Exactly the same bytes are seen at both ends
Works on any TCP connection, no protocol or application knowledge required
Works with dynamic and changing data
Frequently updated files
Dynamic web applications
Most effective data transmission acceleration
Limitations
Byte Caching addresses bytes transferred
No server offload
No protocol optimization
No protection or control
Need application proxies for full performance management
Local LAN
WAN Link
Remote LAN

58. Compression COMPRESSION
COMPRESSION
Industry-standard gzip algorithm compresses all traffic
Removes predictable “white space” from content and objects being transmitted

59. MACH5 Techniques Work Together
Object Caching
Caches repeated, static app-level data; reduces BW and latency
Byte Caching
Caches any TCP application using similar/changed data; reduces BW
Compression
Reduces amount of data transmitted; saves BW
Bandwidth Management
Prioritize, limit, allocate, assign DiffServ – by user or application
Protocol Optimization
Remove inefficiencies, reduce latency

60. Object Caching
Object caches are built on higher level applications and protocols
HTTP/Web caching
Streaming caches
CIFS cache
Object cache advantages
Fastest response times
Offload work from servers
Can be deployed asymmetrically
Object cache disadvantages
Works with limited set of applications
Works on limited range of data inside applications
All or nothing: No benefit if whole object not found or changed

61. HTTP(S), FTP, Streaming, CIFS
Object vs. Byte Caching
Object Caching
Byte Cache
Proxy?
HTTP(S), FTP, Streaming, CIFS
Built on TCP
Protocol Optimization Integration X
Server Offload
Network Offload
Incremental Updates
No App Integration
End User Performance
Best
Good
Scope
Focused
Broad

62. Products

63. MACH5 Ships with Blue Coat SGOS 5
SG8000 Series
Headquarters
Corporate
SG800 Series
SG400 Series
Blue Coat provides you a range of proxy appliances to support smaller branch offices on up to the largest enterprise implementations.
Each is based on our custom operating system, SGOS, meaning the same comprehensive set of functionality for controlling Web communications is provided in each platform. And, each enables the granular policy enforcement demonstrated today along with wire speed performance with very little maintenance and virtually no patching.
Name drop: The entire country of Saudi Arabia is granted Internet access through our proxy appliances. [NOTE: Use Other customers that you are familiar with eg, CompUSA, US Air Force, etc]
SG200 Series
GA April 2006
Appliances start at US$1,995
Remote
Offices
Branch Office Enterprise Core

64. ProxyAV Appliances 2000-E Series 400-E Series Performance Corporate
Headquarters
2000-E Series
400-E Series
Remote
Offices
Connected Users
Up to 250 users
users
,000+ users
WAN Bandwidth
Sub 1.5Mbps
Bandwidth
1.5Mbps- 45Mbps
Bandwidth
150Mbps +
Bandwidth
Performance

65. 400-E1 One Model: 400-E1 RAM: 512 MB CPU: 1.26GHz PIII
Disk drive 40 GB IDE
Network Interfaces (2 on board) 10/100 Base-T Ethernet
19" Rack-mountable

66. Software Reporter (SW)
Advanced Java application to generate statistics from logs

67. Licenced products Licensed products Streaming
Real Networks, Microsoft, Quicktime
Instant Messaging
MSN, Yahoo, AOL
Optional Security (HW+SW bundle)
SSL termination/proxy

68. Licenced products Licensed products Content filtering
BlueCoat Webfilter
ICAP AV Scanner
ProxyAV (McAfee, Sophos, Panda, Kaspersky, Ahn Labs)

69. Ultimate Control Point for Communications
The Power of the Proxy
Web Security
Prevent spyware, malware & viruses
Stop DoS attacks
IE vulnerabilities, IM threats
Policy Control
Fine-grained policy for applications, protocols, content & users (allow, deny, transform, etc)
Granular, flexible logging
Authentication integration
Accelerated Applications
Multiprotocol Accelerated Caching Hierarchy
BW mgmt, compression, protocol optimization
Byte & object caching + +
Full Protocol Termination = Total Visibility & Context
(HTTP, SSL, IM, Streaming, P2P, SOCKS, FTP, CIFS, MAPI, Telnet, DNS)
Ultimate Control Point for Communications

70. Management

71. Management User Interface Scalable management Reporting tools
HTTP (HTTPS), web GUI Interface
Telnet (Cisco CLI)
SSH & Serial console
Java Policy interface
CPL, Policy Language
SNMP MIBII + Traps
Monitor network status and statistics
Reporting tools
BlueCoat Reporter
Scalable management
Centralized configuration management in Director

72. Reporting (example) 18.2 % Spyware (gator) 16.5 % Aftonbladet
9.5 % Ad’s (in top 40)
6.8 % https (encrypted)

77. System-wide Management and Control
Blue Coat Director
Centralized configuration of Blue Coat appliances – set up, policy, etc
Centralized monitoring – appliance health, application use, user experience
Blue Coat Reporter
Enterprise roll-up and analysis of application delivery information: appliances, application use, user experience
Both Director and Reporter are proven, with thousands of nodes under management…

78. Director configuration Management
Remotely and securely manage via GUI or CLI.
Work- station
Configuration Management
Policy Management
Disaster protection centrally Configuration Management
Monitor and control
Resource Management
Monitor network status and statistics
Profile Management
Backup configuration
Create overlays using GUI or CLI. Automate changes
License Management
Director
(2) Snapshot profile and save on Director
(3) Create and edit overlays using GUI or CLI.
“Profile” system
Configuration Management
Standardize configurations, provide disaster protection, centrally monitor and control
Policy Management
Distribute and synchronize web security and user policy
Resource Management
Conserve valuable resources with bandwidth policies and content positioning
Monitor network status and statistics
Quickly view statistics. Rapidly view/edit individual cache configurations. Common look and feel with browser console
Create profile.
Snapshot of good device configuration.
Strips nongeneric settings (IP, licenses, etc).
Customize by region with overlays.
Create overlays using GUI or CLI.
Create from scratch or copy from existing caches.
Distribute License Keys.
Real, WMT, Websense, SmartFilter, etc.
Import keys and automatically distribute with profiles.
Standardize Configurations.
Schedule overlays.
Schedule changes with advanced configurations.
Automate policy changes
Automate network changes
Quickly change individual settings via GUI.
Time-based management
Schedule any command or config change
Powerful CLI automation.
All configurations stored as CLI commands.
Create policies.
Create with Visual Policy Manager.
Distribute to groups of devices.
Schedule or manually distribute.
Centrally store policies and configurations.
Examples: Filter files, CPL, WCCP, PAC, ICP, RIP, etc.
Store and manage on Director or on distributed web servers.
Three types of snapshots.
Profile + overlay + advanced configuration
Automated snapshot with every profile distribution
Scheduled backups – tied to individual devices
Rollback/restore
Rollback to good snapshot upon discovery of problems
Script rollbacks if necessary
Control streaming impact
Set bandwidth policies by protocol.
By user, by group
Proactively preposition content
Schedule distribution of large files during off-peak hours.
Distribute both internal and external content.
Schedule all b/w policy changes.
Use overlays or advanced configurations; or
Set times within policies
(4) Push profiles and overlays to one or more systems
(1) Configure and test “profile” system
Production systems

79. Content Delivery Network
WWW
Servers 1
Publish content 4
Pull content from origin servers.
Director 2
Tell Director about new content
Content Owners
Edge Systems 3
Tell caches to update content
We focus on not only the networking side of the CDN, but also the publishing experience. Our goal is to reduce their pain. First, the content owner publishes his content. Second, the publishing system tells Director that new content exists. We offer a family of tools to automate that process, from a no-touch scenario to full integration with an SDK. Third, Director tells the caches to update content. It controls the CDN, but does not sit in the data path to add additional points of publishing and failure. Fourth, the caches pull content from origin servers using native protocols (HTTP, MMS over HTTP, etc.) You can scale your web farm without scaling out the Director platform. Fifth, the caches deliver the content.
Users 5
Deliver the content.

80. Director GUI

81. K9 – For free http://www.getk9.com/refer/Roger.Gotthardsson
If you want to protect your family with Content Filtering
Blue Coat is now giving it away, read more at:
Please send this link to anyone you want !!!!