2. Application Delivery Trends
The Deepest Visibility
AGENDA
With The Most Powerful Control
PacketShaper in Action
2
3. The Web is the Platform
Business Apps Moving to Web:
ERP, Sales Automation, HR, Online Meetings
In the Middle:
Email, Chat, Browsing, Networking, Video
Recreational Web Content Exploding:
Games, Peer to Peer, Adult
4. Creating a New Set of Challenges
Web Applications and Content:
Range from Inappropriate to Important
They all look the same
Potential for Performance Problems
Defy traditional classifications
5. Only PacketShaper Can Address
Distinguishes at the application layer
Finds masquerading applications
Understands the merged Web-
based world
Instantly sees new applications &
content
Sub-classifies as necessary
6. Competition Falls Short
Most solutions stuck at Port/Protocol
Chasing Individual Applications doesn’t scale
The Gap is Widening
PacketShaper + WebPulse makes the difference
Web Awareness Today
Billions
PacketShaper
Millions Competition
Yesterday
Thousands
Hundreds
Time
7. The Deepest Visibility
Latest in a History of Innovation
Classify by URL Category
Detailed Metrics and Tools
Non-Intrusive Security Assessments
8. Latest in a History of Innovation
2000 2002 2004 2006 2008 2010 2012
IM
AIM 20th IM 30th IM
Peer-2-Peer
Napster 20th P2P 80th P2P
Application Sub-
Classification
Citrix SSL Oracle VoIP ADN VMware 70th Sub-
HTTP FTP Microsoft Classification
Techniques
VLAN, DSCP MPLS LEM L7 Pattern Group URL Category
9. Classify by URL Category WebPulse
Leverages WebPulse Community
70 Million Users, 8B+ Ratings per day
Manage 80 Categories across 50 Languages
• Returns Up to 4 Categories per URL
Dynamically Maintained and Updated without Upgrades
• Categorizes newly created content in real time
WebPulse
PacketShaper
10. Classify by URL Category
WebPulse
Category
Web Server
Request
Request
Content
1. PacketShaper Sees Request
2. Checks Local Cache
3. Queries WebPulse Cloud
4. Retrieves Category
5. Applies Policy
11. Response Time Metrics
Transaction Delay
End-user experience
Network & Server Delay
Thresholds for SLA
Alert, Alarm, Integrate
12. Real-time Voice & Video Metrics
Key Metrics
• Call Volume
• Latency
• Jitter
• Loss
Quality Metrics
• Mean Opinion Score (MOS)
• rFactor
13. Troubleshooting Diagnostic
Host Analysis – Real time host/IP address view (below)
TCP Health – Connection state (good, aborted, refused, ignored)
PacketCapture – Targeted Capture TCPDump format
Synthetic Transactions – HTTP/S, FTP, SMTP, Echo & Custom
14. VoIP & Video Conferencing
Industry Leadership Enabling Voice & Video
Deployments
Assess, provision & monitor
Track key metrics: latency, jitter, loss, MOS, rFactor
Assure per call quality
Advanced Voice & Video Classification:
Auto-discovery by codec
Auto-discovery by device type
Both high priority?
16. The Most Powerful Control
Organized to Scale
Power Control Techniques
Integrated Compression
Centrally Managed
17. Very Granular When Required
Sub-classify Web 2.0 Applications
Example: Manage by Facebook Content
> 1600 Categorized Apps in > 40 Categories
Set policy by what users are doing on Facebook
Prioritize
Contain
Squeeze
Block
18. Powerful Control
Patented Rate Control
• Guarantee per flow bandwidth
• TCP and UDP Guarantee Voice
Application Prioritization
• Bandwidth to important apps first Protect ERP
Aggregate Partitions
• Limit total usage
• Raw bandwidth or percents Control recreation
• Optionally burstable
19. Integrated Compression
Real Time Compression
• RAM Only - Low latency Symmetric Compression
• Application specific
• Any IP app (RTP, UDP, etc)
2x-4x Capacity Gain
• Increase WAN pipe
• Fit more calls, sessions
ProxySG for Caching!
• Object caching
• Byte caching
• CDN
• Protocol acceleration
19
21. The PacketShaper in Action
Dashboard Overview
Real-time Monitoring
Historical Reporting
One-click Control
Instantly See the Impact
21
22. Dashboard Overview
And Flash
Video at: 55%
Auto-discover All
Applications
Updated in Real-time
Spot Abnormal
See Surge in
Utilization Behavior
23. Real-Time Monitoring
Graph Multiple Apps in
Real-time
Determine How They
Impact Each Other
Note: Symantec AV Gather More Detailed
Updates Commenced Information
24. Fast & Easy Historical Reporting
Research if Problems
are Persistent or New
Toggle Between Hour,
Day, Week, Month
Response Times, Efficiency,
Health, Retransmits, etc.
Analyze Additional
Metrics
25. Powerful One-Click Policy-Based Control
Simultaneously Apply
Policies to Multiple Apps
Contain Flash & Other
Problem Apps
Easily Set Application -
Limit 5 Applications based MPLS Markings
to 400 Kbps
26. Instantly See the Impact
Control Starts Instantly
Unparalleled Precision
Real-time Reporting
Shows Impacts
Traffic Immediately
Capped at 400 Kbps
27. Summary – PacketShaper Delivers
Applications Are Moving to the Web
PacketShaper has the Deepest Visibility
And the Most Powerful Control
To Ensure Critical Application
Performance
Notas do Editor
It’s no secret that applications are moving to the Web, but I’m not sure that most people really understand the scope or the implications of this shift. We actually go a step further and say that the Web is the Platform. HTTP andSSL often now make up 50-75% of traffic of total traffic, up from maybe 25% just a few years ago.We all know that critical business applications are web-enabled and more and more offered across the Internet as a Software as a Service. <click>And you may also understand thatrecreational traffic is exploding.<click>What most people haven’t really thought about is the line between, which is also exploding. This is that blurry area of things like web-based e-mail, chat, web browsing and even video. A few years ago you could assume that this traffic is not that important and could be ignored, but more and more this traffic has business value as well. At the very least, user productivity is impacted if these applications aren’t performing well.
This shift is causing a new set of issues because the Web traffic ranges for the inappropriate and even malicious, all the way to the critical business systems that are required to effectively run the organization.The problem is that for most systems all of this traffic looks alike. Everything just shows up as HTTP and SSL, leaving open the distinct possibility that the less important traffic will crowd out the business critical traffic causing significant performance problems. Traditional classification technologies that just look at port or even protocol can’t distinguish the traffic. Even solutions that create “applications” based on domains can’t keep up and aren’t sufficient to really understand the applications being used.
Now, the PacketShaper is taking a quantum leap that really addresses this new set of issues. The PacketShaper is the only solution that understands that application and content are intrinsically linked in this Web-based world that we live in today. PacketShaper’s new Classify by URL Category functionality understands and categorizes the entire Web. It works by leveraging the WebPulse community of over 70 million users, which categorizes URLs in real time into 1 to 4 of the 80 categories that are available. WebPulse makes over 8 billion ratings a day making it the largest community in the world by an order of magnitude.One of the great aspects of having WebPulse do the work to categorize the traffic is that it is constantly updating itself as new applications and content come onto the Web. Because the updates happen dynamically in the cloud, the PacketShaper gets to take advantage of categorizing the new content without ever having to upgrade the PacketShaper itself.This instant awareness allows customers to set a policy today to manage the next big thing before it is even invented.
And nobody else can do this. Most competitive solutions are still stuck reporting on port or protocol. Those that do try to keep up by manually classifying new URLs can’t possible hope to keep up with the growth of the Web. And a side effect of their approach is that their reporting is a simplistic dump of URL accesses. This isn’t providing real value to a customer. They are behind and the gap is widening.The combination of PacketShaper and the Web Pulse cloud will be a huge competitive advantage for Blue Coat and our partners.
As I mentioned, the first area I’ll highlight is the PacketShaper’s history of innovation. Just as an example, let’s start with IM. Originally, a single application – AOL instant messaging was what everyone used. We saw the trend and were the first to classify the AIM traffic. <click>Over time though, many more IM applications emerged and we have always been there to classify them. Today, we classify over 30 IM applications and sub-applications. <click>Similarly, we saw the P2P trend very early and were the first to classify Napster. At the time, that was the only P2P application. Over time, many variants emerged and we continued to stay on top of them and now classify over 80 P2P applications and sub-applications. The same analogy can be extended to many other application categories as well.<click>Beyond just base application classification, we also recognized very early the importance of understanding the sub-components of the applications. For instance, SAP over Citrix was much more critical and time sensitive than printing over Citrix. Over time, we added the ability to sub-classify over 70 applications including SSL, Oracle, the Microsoft protocols, Blue Coat optimized ADN traffic and many more. <click>Finally, the PacketShaper has always led in the techniques available to find applications. We’ve always classified by IP and port, but over time, we’ve also added the ability to classify by VLAN, DSCP, & MPLS. More recently in 8.4, we added the ability for user defined Layer 7 applications and most recently in 8.5 we added the ability to classify by group. We’ll talk a bit more about that later. <click>Now, we are about to move into the next truly innovative classification technique, which is classify by URL category… <click>
Network/ADN Assessments are a common way to get started for enterprises.Blue Coat recommends first assessing what’s causing the problem in the first place rather than jumping to conclusions
An important category of metrics is response time measurement, and this is where we can begin to map the performance of applications in terms of what the user is actually experiencing. So we can tell again at a glance, when an application is performing to spec. We can measure network delay. We can measure server delay. We can establish thresholds so that if one of those delay maxima or minima is reached, we can provide a means of alarming the network group on that event.
And as many of our customers roll out Voice over IP or IP telephony on a converged network, we also provide a comprehensive range of Voice over IP specific metrics. And this can be from call volume, down to network characteristics that affect the quality of voice, such as loss, latency and jitter, all the way down to Voice over IP or voice specific metrics, such as a Mean Opinions Score or the RFactor. Now all of that can be combined to present a realistic view of the quality of voice. Voice quality is key and often the hardest thing to assure, so we can use those metrics as a means of determining, measuring, reporting and alarming the actual quality of voice over our network.
And when things aren’t going well, it is important to have the tools to diagnose why they aren’t performing. PacketShaper provides a wealth of tools to diagnose the root cause of issues. This includes features such as Host Analysis, which will quickly give you the top users by bandwidth consumption, flows, or the always popular because it indicates serious issues, failed flows. Once you see the top users you can drill down to what specifically they are doing, and then from there, who else is doing the same thing. Very powerful point-and-click workflows to quickly isolate the cause of the problems.TCP Health is also key to understand how the entire network is functioning as well as the individual applications. It breaks down total connections, aborts – which are usually indicative of performance issue where a user got bored and hit refresh or left the page, refuses – which are usually because the server is overloaded or configured not to accept connections on that port, and ignores – which, more often than not, are scanning hosts or viruses that are searching for more targets.In addition, the PacketShaper can also take packet traces that feed into standard systems and generate synthetic transactions to show performance characteristics throughout the day, even if no real traffic is occurring for that applications.
And finally, let’s talk about the VoIP and Video classification enhancements. The PacketShaper has been a powerful tool used by many customers rolling out voice over IP. PacketShapers can assess network readiness for VoIP implementation. The PacketShaper can monitor call including tracking latency, jitter, loss, MOS or Mean Opinion Score, and rFactor, which is another call quality standard algorithm.<click>New in 8.5 is the ability to classify voice and video over Microsoft OCS and Live Meeting. <click>And the ability to auto-discover VoIP by device types. This is yet another reason application intelligence and the ability to sub-classify is important. Take for example a Cisco VoIP phone and Google Talk. They may use the same underlying protocols and even the same CODEC – which PacketShaper can already auto-discover by CODEC – but that doesn’t mean that a customer wants to monitor and manage Cisco VOIP the same as Google Talk. With the new capability to auto-discover by device type, the PacketShaper will automatically separate them allowing customers to monitor and manage them separately.
One truly compelling capability that the Classify by URL Category feature set enables is the ability for the PacketShaper to easily drop into a new environment and perform security assessments. Unlike a traditional Proxy, which is more difficult to configure, requiring either routing changes or client changes, the PacketShaper can either just get dropped in line as a transparent bridge, or even configured off of a span port and not be in the path of data at all. Once you install the Shaper, it will start to identify things getting through the network that may not be wanted or allowed on the network. For instance, specific security threats like phishing, spyware and botnets, and other concerns like suspicious sites and hacking. Additionally, you could see traffic that may be legal, compliance or HR risks like adult content, gambling, violence, etc. The Security Assessment is a great opportunity to highlight gaps in their current security or compliance solutions. In general, we would recommend that the ProxySG is the preferred solution to address these concerns, because it has been designed as a security device, understands users and groups, and feeds into Reporter to provide user access reporting.
Then, on the complete other end of the spectrum, there are times when you want to get very granular. The PacketShaper lets you drill down in ways that nothing else can.For example, you can sub-classify Web 2.0 applications by a main category and then into the applications that are also hitting other categories. This example shows Facebook broken down by specific activities that people are doing on Facebook. While all of these are on Facebook, you may want to prioritize some pieces high like Business, contain recreational pieces like Personals, squeeze things like video to persuade people to stop watching them at work, and even block some things like Games. Farmville is a great example of something that employees could both waste their entire day playing and at the same time suck up significant amounts of bandwidth that may impact more important work related activities.
This next example really illustrates one of the earlier points, which is why sub-classification is so important. <click>Let’s take the scenario where a new user logs onto their VMware View VDI session and downloads their desktop. This could potentially impact other users in the same office who are using a VDI session next to them. It’s another case where one type of traffic could impact another type of traffic within the same application.<click>Blue Coat solves that problem with the new ability to sub-classify VMware View VDI traffic by the configuration & login operations, offline desktop downloads, and the VDI remote desktop stream.<click>With this granular application intelligence, you can protect that remote desktop stream from the desktop download traffic – or any other bulky traffic that would cause a poor user experience.
The PacketShaper also has effective RAM-Based compression. This intelligent compression can compress any IP application and does it without introducing noticeable latency. Typically, customers get 2-4 times increase in capacity, or 50-75% bandwidth savings. This number varies significantly based on the traffic mix. Certain applications that are already encrypted or compressed will result in any savings and others that are highly repetitive could achieve 95+% savings.And remember, the PacketShaper isn’t the primary WAN Optimization solution as it doesn’t do other critical features such as caching, content distribution and protocol specific optimizations such as CIFS, MAPI and HTTP. The ProxySG is the product if WAN Opt features are the primary requirements.
The PacketShaper also has effective RAM-Based compression. This intelligent compression can compress any IP application and does it without introducing noticeable latency. Typically, customers get 2-4 times increase in capacity, or 50-75% bandwidth savings. This number varies significantly based on the traffic mix. Certain applications that are already encrypted or compressed will result in any savings and others that are highly repetitive could achieve 95+% savings.And remember, the PacketShaper isn’t the primary WAN Optimization solution as it doesn’t do other critical features such as caching, content distribution and protocol specific optimizations such as CIFS, MAPI and HTTP. The ProxySG is the product if WAN Opt features are the primary requirements.
Now let’s go through a specific example to see Application Accountability in action. Start by logging in and seeing the new dashboard that quickly lets you see what is going into and out of the network. <click>The graphs are updated in real-time showing changes as they are happening. <click>You look at this and see that Flash Video is taking up 55% of the bandwidth.
Switch into real-time graphic and choose several top apps to see what they are doing at the moment. It’s easy to sort by the largest peaks the 1 minute average or the current utilization of applications to see which applications might be of interest.<click>You can see exactly how a rise in one application utilization might cause a drop in another. <click>Looking more closely at the situation, you notice that a Symantec Antivirus update has just kicked off and is the largest bandwidth consumer.
From there, you might want to see if this particular problem is persistent over time or just happening for the first time. <click>You can quickly toggle between hour, day, week, month, or a custom time period.<click>And you quickly analyze more than a dozen reports showing critical information like response times, efficiency, TCP health, retransmissions and more.Truly a wealth of application level information available at the click of a button.
After researching the applications in question, you decide you need to take control. You can simultaneously apply policies to multiple applications. This includes rate, priority, discard, and ignore policies, as well as aggregate partitions.<click>This makes it easy to contain Flash and any other problem applications.<click>You can also set DSCP markings for MPLS networks.<click>Back to our example, we decided to apply a 400 Kbps to 5 application classes at once.
And then switch back to the real-time graphing – which remembers what you are looking at – and see that control took place instantly.<click>Not only was it immediate, it is controlled with an unparalleled level of precision. Other products don’t show this level of detail, because they can’t match PacketShaper’s ability to immediately and accurately apply controls.<click>And most importantly you can see whether the policy you applied is impacting all of the applications in the ways that you desired.