ADN Evaluation Report

toughhawaiiΔίκτυα και Επικοινωνίες

26 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

88 εμφανίσεις





1






ADN Evaluation Report

Customer Name

Customer Logo


January 1, 2010



Submitted by: Company Name






Confidential

For Internal and Official Channel Partner Use Only


Copyright © 2009 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any mea
ns nor translated to any
electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to cha
nge without notice. Information contained in this
document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blu
e Coat, ProxySG, PacketShaper and
ProxyClient are registered trademarks of Blue C
oat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of
their respective owners.

Executive Summary

As organizations and employee
s become more distributed, the productivity
of users in branch
and remote
offices becomes increasingly important to the success of the business as a whole. WAN optimization will enable
fast, secure access to critical applications wherever users are working
: at headquarters, in branch offices, or
when traveling.

By deploying a Blue Coat WAN optimization solution the foundation of an Application Delivery Network (ADN)
will be in place enabling your organization to increase productivity and reduce costs. In an

ADN, Blue Coat
appliances are integrated into the network to provide visibility, acceleration, and control for all TCP (and UDP
streaming) traffic sent over the WAN, including Web (HTTP), secure Web (SSL), file sharing (CIFS), Microsoft
Outlook/Exchange (
MAPI), DNS, live and on
-
demand streaming (RTSP, MMS, streaming over HTTP) traffic, and
TCP
-
based applications.

The following are main objectives and common benefits from a Blue Coat ADN solution:



Delivers automatic
classification and visibility

of applicat
ion
s

running on the network



Prioritize
s

the applications
that are the most business critical

and provides Quality of Service (QoS)



Accelerate
s a
pplication
s

including file sharing, email,
enterprise and external web
-
based applications
including those using
HTTPS



Optimize
s

the use of existing WAN bandwidth



Improve
s

application response times and protocol efficiency



Reduce
s

data transfer over the WAN where/when possible



Stop
s

malware instead of accelerating
it



Provides per user or per group
policy control







3


Pr
oof of Concept Design


For the purpose of this PoC an inline deployment was chosen.

In
-
Path Acceleration Deployment

In an in
-
path deployment, the ProxySG appliance is physically inserted into the path of the clients and servers.
The in
-
path ProxySG inter
cepts the application traffic you want to optimize and bridges all other traffic.
Generally, Blue Coat recommends using a hardware bridge and pass
-
through card for in
-
path deployments. This
is because the hardware pass
-
through card has two interfaces that
pass traffic when there is no power, enabling
the ProxySG appliance to fail to a connected state without interrupting traffic.




















4


Required Information and tools for this
Proof of C
oncept


1)

1 x

ProxySG

at
Head Office


a.

IP Address


= ______________________

b.

Subnet Mask


= ______________________

c.

Default Gateway

= ______________________

d.

DNS



= ______________________


2)

1 x

ProxySG

at
Branch Office


a.

IP Address


= ______________________

b.

Subnet Mask


= _________
_____________

c.

Default Gateway

= ______________________

d.

DNS



= ______________________


3)

1 x

PacketShaper

at
Head Office


a.

IP Address


= ______________________

b.

Subnet Mask


= ______________________

c.

Default Gateway

= ______________________

d.

DNS



= ______________________


4)

1 x

PC for Testing

-

Server IP Address

= _____________________


5)

1 x

PC for Testing



Client
IP Address

= _____________________



6)

1 x

WAN Simulator or Router (Bandwidth Limit) to simulate WAN network
bandwidth and delay



[
Verify your configuration before starting
.
After you have
finished basic set up on

your acceleration nodes, you
should verify that traffic is being
monitored and
opt
imized as expected and that network connectivity is
uninterrupted.
You must also check licenses on both ProxySG and PacketShaper before you get started.
]







5


Timeframe of the Proof

of Concept


1)

M
ODULE
1

S
ETUP
:

N
ETWORK
A
SSESSMENT





(0.5

DAY
)

a.

Customer needs to help configure
the s
witch
or
r
outer to mirror traffic to PacketShaper for
network assessment

or to
install PacketShaper in
-
path of the network traffic flow

b.

The
monitored

traffic can be just few subnets or few departments so that the POC w
ill not
effect to the other users in customer network


2)

M
ODULE
2

S
ETUP
:


A
CCELERATION AND
O
PTIMIZATION



(0.5

DAY
)

a.

Install one ProxySG at
simulated Head office

and the other ProxySG at
simulated Branch
office

b.

Install and connect WAN Simulator or Router

c.

Set
speed of the WAN Simulator to 512Kbps or more and delay at 50
-
150 milliseconds

d.

Check and make sure that ADN connection is up running.


3)

M
ONITORING AND
C
OLLECTING REPORT AFT
ER
P
ACKET
S
HAPER RUN FOR
1
-
2

DAYS

(1

DAY
)

a.

Collecting Top 10 applications report and an
alysis

b.

Collecting Network Utilization report and analysis

c.

Collecting Network Efficiency report and analysis

d.

The full network assessment report will be drafted and provided on a week later.


4)

R
UN LIVE DEMONSTRATIO
N ON HOW
P
ROXY
SG

HELPS ACCELRELATE



(1

DAY
)

a.

Run the live demonstration of file transfer across simulated WAN link

b.

Capture and record the time usage in each cold run (no data in disk yet)

c.

Run the file transfer across simulated WAN link again

d.

Capture and record the time usage in each warm run (data se
rved from disk)

e.

Install the ProxyClient on testing (customer needs to provide one PC)

f.

Test Acceleration on ProxyClient

g.

Test malware filtering on ProxyClient


5)

M
ODULE
3

S
ETUP
:

P
ROXY
SG

FOR
SE
CURITY AND
P
OLICY
C
ONTROL


(1

DAY
)

a.

Check that ProxySG has “
Proxy
Edition License

and

“not MACH5 Edition License”

b.

Check BCWF Licenses

c.

Setup authentication integration with LDAP/AD/RADIUS/Local

d.

Install ProxyAV (if included in criteria) and check AV license

e.

Check Internet Connectivity and there is no firewall or IDS
device blocking access


6)

R
UN LIVE DEMONSTRATIO
N ON HOW
P
ROXY
SG

HELPS TO SECURE USER
S


(1

DAY
)

a.

Run the live demonstration following the lab criteria in MODULE 3

b.

Collect the result


7)

F
ULL REPORT WILL BE P
ROVIDED
1

WEEK AFTER THE
P
ROOF OF
C
ONCEPT







6


MODULE 1: N
etwork Assessment and Visibility

Before you can optimize application performance, you need an accurate picture of network traffic. Blue Coat
PacketShaper

automatically classifies and measures network applications, providing the insight of a probe but
with deeper, application
-
intelligent Layer 7 Plus visibility. In addition to delivering network and application
utilization and performance data, the Monitori
ng Module validates common protocols and tracks what happens
to each connection established by each application. Monitoring also breaks down traffic per application and per
site at a granular level, recording peak and average utilization rates, bytes trans
mitted, availability, utilization,
top talkers/listeners, network efficiency and much more. It also provides Quality of Service (QoS) provisioning
that helps you control traffic to ensure that latency
-
sensitive, customer
-
critical applications get the bandw
idth
they need to perform at their peak. With patented TCP rate control, the Shaping Module can automatically
enforce appropriate transfer rates for computers at the far end of the network to deliver true QoS.

VAR conducted a Network Performance Analysis over a one
-
week period at
CUSTOMER’s

branch office
. A multi
-
part analysis
was
conducted, including:

1.

Traffic Discovery and Analysis


Identifies and classifies applications running on the network

2.

Network Efficien
cy


Identifies percentage of network traffic devoted to packet retransmissions

3.

Bandwidth Utilization


Examines inbound and outbound link utilization to determine whether the
variability in link usage and to understand average capacity requirements

1.

Network Assessment with Auto
-
Discovery


[
Required Operation
:

1.

Enable Auto
-
Discovery by click on tab setup


basic


Traffic Discovery On

2.

Click “Monitor” and “Top Ten” tab to see statistic
]

1.1 Traffic Discovery Graph


Traffic Discovery is the process of i
dentifying the application and traffic types that are running over the wide
area link for this location. The objective for this analysis is to identify the 10 most active applications and reveal
the bandwidth usage for each application in bits
-
per
-
second
as well as the percentage of total bandwidth used
by each application for inbound and outbound traffic.

Top 10 Classes pie charts


Shows the relative portions of bandwidth allocated to the ten most active classes on
the network; displays each class's aver
age bandwidth usage in bits per second and its percentage of the total
bandwidth on the link
.




INBOUND





7





OUTBOUND



1.2 Network Utilization Graph


Network Utilization is designed to show a link’s average and peak bandwidth consumption in bits
-
per
-
second.
Average bandwidth alone does not tell the complete story. Averages, especially over long periods of time, can
be
misleading and lead to the false conclusion that ample capacity exists. However, reports on peak utilization
can reveal traffic that is hitting a capacity limit frequently. During these periods, there is contention for
bandwidth and performance suffers f
or those applications waiting in the queue, which are often business
-
critical
applications.

Bandwidth Utilization line graphs


Shows the links average and peak bandwidth usage in bits per second





Outbound:

HTTP is 52% of the
outbound traffic.


Inbound:

Streaming traffic is
over 56% of the
inbound traffic on the
WAN link





8


INBOUND





OUTBOUND




1.3 Network Efficiency Graph


The next thing to analyze is the number of retransmissions that gives us an
idea of packet loss across the
network, which can be the indicative of congestion or over
-
subscription. The percentages represented here
indicate that on average, 100% of the throughput is good which means that packets are not being retransmitted.
If ther
e is a decrease in percentage of throughput, it is due to network congestion and/or overflowing router
queues. Both can cause packet loss and timeouts, which force retransmissions and exacerbate the original
problem.

Network Efficiency line graphs


Shows

the percentage of bytes that are
not

retransmits.



Inbound:

Here we see peaks at
84M with
average
traffic around 63M

Outbound:

Outbound U
tilization
also generally
averages less than
7.5M with Peaks up
and over 28M.





9



INBOUND





OUTBOUND



SUMMARY

[Module 1
]

***below is sample summary after network assessment analysis

All applications analyzed during this project show very bursty

traffic, while Apple
-
iTunes, P2P, and web
browsing, consuming 95% of all bandwidth
,
monopolizing inbound traffic.
VAR

recommends that
CUSTOMER

apply policies to limit the amount of
r
ecreational traffic on the link and configure policies to guarantee m
ission
critical applications.

After applying only two policies we have gained o
ver 1M of bandwidth back for
CUSTOMER
.

***below is sample summary after network assessment analysis

All applications analyzed during this project show very bursty traffic, wh
ile Flashvideo, P2P, WinMedia and web
browsing, consuming 75% of all bandwidth, monopolizing inbound traffic.
VAR

recommends that
CUSTOMER

apply policies to limit the amount of Recreational traffic on the link and configure policies to guarantee mission
c
ritical applications.

After applying only two policies we have gained over 70M of bandwidth back for
CUSTOMER
.

Inbound:

Network Efficiency
measures dropped
packets across the link.
This graph helps for
trending and base lining
of the network.

Outbound:

We do see a few blips.
This will allow us to know
when and where to start
troubleshooting.





10


MODULE 2:

Acceleration
and Optimization

Blue Coat acceleration technology is a patent
-
pending combination of data reduction and application
acceleration techniques that provide measurable improvements in performance and reduction of bandwidth.
Whether at the edge of your network, or right in the heart of it, Blue Coat acceleration technology provides a
powerful toolkit to optimize performance
for distributed applications.

These technologies include:

Protocol Optimization

Improves the performance of protocols that are inefficient over the WAN by eliminating the impact of latency
native to their design. Blue Coat has been optimizing network proto
cols for over a decade, and offers multiple
improvements for TCP, CIFS, HTTP, HTTPS, MAPI and streaming video and IM protocols.

Byte Caching and Compression

Dictionary
-
based gigabyte caching combines high performance disk storage for large byte patterns wi
th
innovative indexing and referencing techniques to drastically reduce bandwidth from large, repetitive data
transmission. Inline compression reduces predictable patterns even on the first pass, making it an ideal
complement to byte caching technology.

As
ymmetric Pipelining and Object Caching for Web and SSL

Blue Coat’s pipelining parallelizes multiple connections within compound web pages, moving data and objects
much more quickly to the user. Object caching, with patented adaptive refresh, assures that t
he freshest
content is served immediately to the users


without the network wait. Blue Coat delivers this acceleration in an
asymmetric architecture, requiring only a single box at the branch to accelerate internal and external HTTP and
SSL traffic


with

no appliance required on the other side of the transaction.

Video Split Streaming, Object Caching & CDN

Large video files


whether static or streamed live


are difficult to deliver in distributed environments due to
large bandwidth requirements. Blue Co
at’s live split streaming takes a single stream from the WAN and splits it
into multiple streams at the remote site, enabling all employees to view live streams at the bandwidth cost of
just one stream. Video caching makes on
-
demand video instantly availab
le to employees, while CDN capabilities
enable you to pre
-

position content at non
-
peak times.

Recreational traffic control & SaaS Acceleration

Classify each external website access with Blue Coat WebFilter and our real time WebPulse service in order to
pr
ioritize business, minimize recreation and prevent malware infections. Unique internet caching capabilities let
you reduce bandwidth for allowed Web sites


and accelerates Software as a Service (SaaS) applications
important to your business. Note, Web fil
tering and WebPulse are only available with the ProxySG Proxy Edition.

Bandwidth Management





11


Prioritize network resources based not only on port or device, but on users, applications and content to more
accurately reflect your corporate policies on the network. Works by itself, or integrates with your infrastructure
QoS to provide application inte
lligence to the packet switching network.

Proxy Client

Proxy Client extends application delivery and acceleration to the desktop. Using the same technologies as the
ProxySG, including caching, compression and protocol optimization, the Proxy Client acceler
ates web and office
applications for roaming and small branch users. The ProxyClient delivers LAN
-
like user experience with a simple
and easy footprint for installation, configuration, deployment and ongoing maintenance.

As well as optimisation ProxyClient

has a real
-
time relationship to the Blue Coat WebPulse cloud service that
continuously analyzes web content in the background for hidden malware, this allows IT administrators to
enforce web content filtering polices to users when they are not connected t
he enterprise network. ProxyClient
is part of a larger "community watch" where each ProxyClient user requests benefits the entire community to
detect malware and rate web content.

2.1
Branch office
Acceleration

using ProxySG

WAN Optimization was performe
d using ProxySG a
ppliances

with
one at the datacenter and one at the branch
office

with both appliances deployed

inline
.

Overall results are shown in the graphs
below
. Detailed results for
each protocol tested are presented later in this section.







12



Th
e
pie chart below
shows the applications (TCP
-
based) that
were observed by the Proxy SG during the day of
testing. As you can see just over 50% of the traffic was HTTP or HTTPS.


2.1.1 FTP

Activity

File
Type

File
Size

1st

2nd

3rd

4th





13








(No
SG)

(Cold)

(Warm)

(Warm)

Copy file across WAN

.DOC













.XLS













.PPT













.
ZIP











After running for



days:

[T
RANSFER




BYTES
]


[R
EDUCTION




PERCENTS
]


[G
AIN





PERCENTS
]


2.1.2 CIFS

Activity

File
Type

File
Size

1st

2nd

3rd

4th







(No
SG)

(Cold)

(Warm)

(Warm)

Copy file across WAN

.DOC













.XLS













.PPT













.
ZIP











After running for



days:

[T
RANSFER




BYTES
]


[R
EDUCTION




PERCENTS
]


[G
AIN





PERCENTS
]


2.1.3 HTTP or HTTPS (Internal Server)

Activity

File
Type

File
Size

1st

2nd

3rd

4th







(No
SG)

(Cold)

(Warm)

(Warm)

Copy file across WAN

.DOC













.XLS













.PPT













.

ZIP











After running for



days:

[T
RANSFER




BYTES
]


[R
EDUCTION




PERCENTS
]


[G
AIN





PERCENTS
]





14


2.1.4 HTTP or HTTPS (External Server)

Activity

URL

1st

2nd

3rd

4th







(No
SG)

(Cold)

(Warm)

(Warm)

Browse Internet
Websites

www.yahoo.com











www.mrpalm.com











www.manager.co.th











www.cnn.com































After running for



days:

[T
RANSFER




BYTES
]


[R
EDUCTION




PERCENTS
]


[G
AIN





PERCENTS
]


2.1.5 MAPI

Activity

File
Type

File
Size

1st

2nd

3rd

4th







(No
SG)

(Cold)

(Warm)

(Warm)

Send email with

.DOC











Attachment from
branch

.XLS











office

.PPT













.

ZIP











After running for



days:

[T
RANSFER




BYTES
]


[R
EDUCTION




PERCENTS
]


[G
AIN





PERCENTS
]


MAPI (End Point Mapper) traffic during this testing is shown in the following graph.





15




Though CUSTOMER did
not indicate there was any IMAP traffic at this branch such traffic was discovered during
the network assessment. The graph below shows the IMAP traffic for the last day (9/29) and clearly indicates
significant bandwidth savings from intercepting this tra
ffic.







16


2.1.6 Streaming

Activity

URL

1st

2nd

3rd

4th







(No
SG)

(Cold)

(Warm)

(Warm)

Windows Media
Streaming










or Quicktime or Real










Player











































After running for



days:

[T
RANSFER




BYTES
]


[R
EDUCTION




PERCENTS
]


[G
AIN





PERCENTS
]


Please note that Blue Coat can provide a caching policy for YouTube and other flash
-
based video
streaming sites.
This version requires Proxy Edition license.

2.1.7 Other Application_________________

Activity

Description

1st

2nd

3rd

4th







(No
SG)

(Cold)

(Warm)

(Warm)





















































After running for



days:

[T
RANSFER




BYTES
]


[R
EDUCTION




PERCENTS
]


[G
AIN





PERCENTS
]


2.1.8 Other Application_________________

Activity

Description

1st

2nd

3rd

4th







(No
SG)

(Cold)

(Warm)

(Warm)




































17
























After running for



days:

[T
RANSFER




BYTES
]


[R
EDUCTION




PERCENTS
]


[G
AIN





PERCENTS
]


2.2 Proxy

Client Acceleration


As mobile technology efficiency has advanced, so has the ability for enterprises and other organizations to
mobilize their workforce and allow access to remote systems. Employees who are often in the field, at home, or
in small office, including those who
log into the corporate network through a Virtual Private

Network (VPN)
connection,

require the same performance that is achieved when in the corporate network environment.

Likewise, corporations seek to extend the same security, policy control, and trackin
g abilities that are available
in the corporate network. Blue Coat designed the ProxyClient solution to provide accelerated application
delivery and Web filtering in the following scenarios

For employees using laptops and who work from both the office and
the field. These users enjoy accelerated
performance while on the corporate network, but lose that performance when they must, from a remote
location, connect to the enterprise network using VPN.

In both
scenarios, the ProxyClient maintains user productivi
ty levels by providing enterprise
-
grade performance,
while also ensuring that the corporate Web usage policies are maintained
.



2.2.1 ProxyClient (Acceleration)

Activity

File
Type

File
Size

1st

2nd

3rd

4th







(No
SG)

(Cold)

(Warm)

(Warm)

Browse to
share folder

.DOC











over
WAN and copy
files

using CIFS

.XLS












.PPT













.
ZIP











After running for



days:

[T
RANSFER




BYTES
]


[R
EDUCTION




PERCENTS
]


[G
AIN





PERCENTS
]






18


2.2.2 ProxyClient (Malware Filtering)

Activity

URL

Successfully

Failed to





Blocked

Block

Browse pornography
site






Browse gambling site






Browse malware site






Browse
phishing site






**
**
*

For this ProxyClient (Malware Filtering) lab,
please test these sites before running the
demo
or POC in front of the customer. Please contact Blue Coat SE to get the latest
URLs to test from WebPulse Database.

SUMMARY

[Module 2]



T
OTAL CLIENT BYTES




BYTES

T
OTAL SERVER BYTES




BYTES

T
OTAL BYPASSED BYTES




BYTES

T
OTAL
R
EDUCTION




PERCENT

T
OTAL
G
AIN




M
ULTIPLIER



MODULE 3:
Security and

Policy Control

Blue
Coat
is the market leader in

secure web
gateway and consistently

positioned in the Leaders Quadrant by
Gartner
.
W
eb
-
based threats are increasing in number and severity. The consequences of becoming infected can
be
expensive

and cause significant damage to an organization’s revenue, employee productivity, reputation and

long
-
term survival. Organizations should adopt a multi
-
layered Web defense strategy that can protect their
users and networks from increasingly sophisticated threats. Key elements of this strategy include community
-
watch monitoring of Web traffic using a
cloud
-
based service, protection of remote clients, and real
-
time inputs
from Web gateways and clients for background analysis to detect malware, rate reputations and analyze Web
content.
Recent reports indicate that
80% of malware today
comes

from
well
-
kno
wn

or trusted

websites.



Activity

Success

Fail





Block restricted sites
-

BCWF or Custom Blocking List





Authentication using AD/LDAP/RADIUS









19


Limit access to one user one access,
stop

password sharing





Google Integration
-

Force Safe
s
earch

to always active





Content Control
-

test blocking .exe .cab .doc file type





Content Contro
l
-

test blocking file HTTP Hea
d or Mime Type





AV Scanning HTTP traffic using either Kaspersky, Sophos,
McAfee, or Panda





AV Scanning SSL traffic using either Kaspersky, Sophos,
McAfee, or Panda

(use Eicar files at
http://techlabs.bluecoat.com/
)


























































SUMMARY

[Module 3
]












20


SUMMARY

The Blue Coat Application
Delivery Network (ADN) infrastructure is designed to optimize and secure
the flow of information to users across the extended enterprise. The Application Delivery Network
provides you with the visibility to discover, classify and prioritize applications an
d user access
;

accelerate the delivery of internal, external and real
-
time applications
;

and protect users and
information from malicious applications and content. This provides you with the flexibility to quickly
align network investments with changing business requirements, enhance business productivity and
ensure proactive layers of defens
e.