SlideShare uma empresa Scribd logo
1 de 20
CensorNet Ltd
An introduction to ISP filtering



Presented by:
Firstname Lastname
Job Title
Email: first.last@censornet.com
Tel: 1234567890
Company Overview
CensorNet v1.0 released
as open source
                          CensorNet open
                                            02/07 CensorNet                                11/09 Development of
                          source protects
                                            Professional launched                          Cloud CensorNet started
                          over 1million end
                          users                                 11/07 CensorNet
                                                                shortlisted for BETT
                                                                                                    CensorNet launches
                                                                Award
                                                                                                    MailSafe, e-mail
                                                                                                    SaaS security




                            07/05
                            CensorNet Ltd      CensorNet
                            incorporated       launches VMWare                                                       CensorNet
                                                                                2008
                                               Certified product                                                     joins the
                                                                                CensorNet Ltd
                                                                                                  08/10 CensorNet    ICAP Forum   • Mobile filtering solution
                                                                                joins the IWF
                                                                                                  achieves BECTA
                                                                                                  accreditation                   • Cloud Service for
                                                       CensorNet Pro achieves                                                     MSP/ISP
                                                       Checkmark Premium
                                                       from West Coast Labs
Customer Segmentation


                        Business   Education   Government
ISP filtering
Challenges
    Traditional filtering proxy servers may not scale well

    Web access is real time ∴ performance critical

    Large data flows must be handled

    High availability is mandatory

    Integrate with often complex existing infrastructure
Our solution – “CensorNet ICAP Server”
    Integrates easily with existing ICAP enabled equipment

    Provides technology components to rapidly build a bespoke
    web filtering service

    High speed and reliability – designed specifically for examining
    content

    Based on open standards – ICAP Forum.org

    Wrap-around consultancy service for planning and deployment
Key benefits
    Scalable architecture

    Highly optimised proprietary ICAP Server (64-bit)
         Pipelining for early responses
         Dynamically sized thread pools
         Zero-copy policy on data buffers
         Minimal inter-thread locking
         Highly optimised DFSA protocol grammar parsers

    Supports 3rd party URL classification engines

    RESTful API for integration with existing portal

    Low total cost of ownership
Example deployments
     CensorNet builds bespoke web filtering
 platforms that meet the exact requirements of
                 its customers.
Simple ISP deployment with ICAP environment
Complex ISP deployment
Redirected traffic – no ICAP infrastructure (ISP)
Redirected traffic – no ICAP infrastructure (ISP,
blade and HA)
Hot Spot Nework Deployment
Managed Services Platform (MSP)
Why ICAP (Internet Content Adaptation) ?
     Open Standards – compliant with 3rd party proxy/cache/router
    devices

     Designed specifically to solve this type of problem

     Scalable – multiple ICAP servers to service requests & responses
    from multiple caches/proxies/routers

    More efficient than HTTP proxying

    Preserves source IP (transparent)

    Special “Preview” and “204 responses” designed to reduced
    traffic/bandwidth requirements
Performance expectations
     Each ICAP Server instance with 1 CPU core can handle up to
    10,000 persistent connections*

     If squid/tproxy servers are required to simulate ICAP Client, each
    squid proxy can handle up to 4,000 persistent connections per CPU
    core*

     URL categorisation ~ 50,000 transactions per second on 2.5GHz
    x64 core



                    * Dependent on policy complexity
ICAP Server Components
     ICAP Server
         Policy engine & manager
         “Whitelist” management
         Source IP / Username via RADIUS cached lookup
         Local URL database cache
         Policy scheduler
     URL database and real-time lookups
     Management
         SSH
         XML Configuration
         Web User Interface (Q1, 2011)
Content Classification
 144 URL categories
 Multiple language support
 Embedded URL scanning
 Up to 5 categories per URL
 “In the cloud” rating of new URLs
 100+ multi-lingual analysts 24x7
 “Nocats” typically classified in 20 minutes
Deployment options

      Bare metal servers
      Virtual servers (VMware ESX/i)
      Blade system
      3rd party load balancers (CISCO)
Thank you
Any questions?

Mais conteúdo relacionado

Mais procurados

DNA Intelligent WAN Campus Day
DNA Intelligent WAN Campus DayDNA Intelligent WAN Campus Day
DNA Intelligent WAN Campus DayCisco Canada
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network EvolutionCisco Canada
 
Openstack 101 by Jason Kalai
Openstack 101 by Jason KalaiOpenstack 101 by Jason Kalai
Openstack 101 by Jason KalaiMyNOG
 
Reducing Cost with DNA Automation
Reducing Cost with DNA AutomationReducing Cost with DNA Automation
Reducing Cost with DNA AutomationCisco Canada
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANRobb Boyd
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityRobb Boyd
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkRobb Boyd
 
Using a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkUsing a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkNetpluz Asia Pte Ltd
 
Wireless Branch Office Network Architecture
Wireless Branch Office Network ArchitectureWireless Branch Office Network Architecture
Wireless Branch Office Network ArchitectureCisco Mobility
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionCisco Canada
 
Cisco Prime infrastructure 3.0
Cisco Prime infrastructure 3.0 Cisco Prime infrastructure 3.0
Cisco Prime infrastructure 3.0 solarisyougood
 
Business Case for Cisco Intelligent WAN
Business Case for Cisco Intelligent WANBusiness Case for Cisco Intelligent WAN
Business Case for Cisco Intelligent WANCisco Service Provider
 
AnyConnect Gateway by Eyeball Networks
AnyConnect Gateway by Eyeball NetworksAnyConnect Gateway by Eyeball Networks
AnyConnect Gateway by Eyeball NetworksEyeball Networks
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the FutureCisco Security
 
Ocs F5 Bigip Bestpractices
Ocs F5 Bigip BestpracticesOcs F5 Bigip Bestpractices
Ocs F5 Bigip BestpracticesThiago Gutierri
 
Velocloud introduction for wakamonog
Velocloud introduction for wakamonogVelocloud introduction for wakamonog
Velocloud introduction for wakamonogakira suzuki
 
Aerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive Networks
 

Mais procurados (20)

DNA Intelligent WAN Campus Day
DNA Intelligent WAN Campus DayDNA Intelligent WAN Campus Day
DNA Intelligent WAN Campus Day
 
The Data Center Network Evolution
The Data Center Network EvolutionThe Data Center Network Evolution
The Data Center Network Evolution
 
Openstack 101 by Jason Kalai
Openstack 101 by Jason KalaiOpenstack 101 by Jason Kalai
Openstack 101 by Jason Kalai
 
Reducing Cost with DNA Automation
Reducing Cost with DNA AutomationReducing Cost with DNA Automation
Reducing Cost with DNA Automation
 
TechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WANTechWiseTV Workshop: Cisco SD-WAN
TechWiseTV Workshop: Cisco SD-WAN
 
TechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN SecurityTechWiseTV Workshop: SD-WAN Security
TechWiseTV Workshop: SD-WAN Security
 
Cisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your NetworkCisco Network Insider: Three Ways to Secure your Network
Cisco Network Insider: Three Ways to Secure your Network
 
Using a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business networkUsing a secured, cloud-delivered SD-WAN to transform your business network
Using a secured, cloud-delivered SD-WAN to transform your business network
 
Preparing Your Network for 802.11ac Wave 2
Preparing Your Network for 802.11ac Wave 2Preparing Your Network for 802.11ac Wave 2
Preparing Your Network for 802.11ac Wave 2
 
Wireless Branch Office Network Architecture
Wireless Branch Office Network ArchitectureWireless Branch Office Network Architecture
Wireless Branch Office Network Architecture
 
Understanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN SolutionUnderstanding Cisco Next Generation SD-WAN Solution
Understanding Cisco Next Generation SD-WAN Solution
 
Cisco Prime infrastructure 3.0
Cisco Prime infrastructure 3.0 Cisco Prime infrastructure 3.0
Cisco Prime infrastructure 3.0
 
Business Case for Cisco Intelligent WAN
Business Case for Cisco Intelligent WANBusiness Case for Cisco Intelligent WAN
Business Case for Cisco Intelligent WAN
 
AnyConnect Gateway by Eyeball Networks
AnyConnect Gateway by Eyeball NetworksAnyConnect Gateway by Eyeball Networks
AnyConnect Gateway by Eyeball Networks
 
Data Center Security Now and into the Future
Data Center Security Now and into the FutureData Center Security Now and into the Future
Data Center Security Now and into the Future
 
Presentation NetScaler SD-WAN - David Gallo
Presentation NetScaler SD-WAN - David GalloPresentation NetScaler SD-WAN - David Gallo
Presentation NetScaler SD-WAN - David Gallo
 
Ocs F5 Bigip Bestpractices
Ocs F5 Bigip BestpracticesOcs F5 Bigip Bestpractices
Ocs F5 Bigip Bestpractices
 
Velocloud introduction for wakamonog
Velocloud introduction for wakamonogVelocloud introduction for wakamonog
Velocloud introduction for wakamonog
 
Aerohive BR100 Branch Router
Aerohive BR100 Branch RouterAerohive BR100 Branch Router
Aerohive BR100 Branch Router
 
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?Citrix NetScaler SD-WAN - What’s New, What’s Hot?
Citrix NetScaler SD-WAN - What’s New, What’s Hot?
 

Semelhante a CensorNet ISP Filtering

Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidMyNOG
 
Geospatial Community Cloud Vision
Geospatial Community Cloud VisionGeospatial Community Cloud Vision
Geospatial Community Cloud VisionDaneyon Hansen
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network ServiceLew Tucker
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...SSA KPI
 
Shared Services and the Cloud at Cheltenham Borough Council
Shared Services and the Cloud at Cheltenham Borough CouncilShared Services and the Cloud at Cheltenham Borough Council
Shared Services and the Cloud at Cheltenham Borough CouncilHuddleHQ
 
Rebaca DPI and PCRF Expertie Overview
Rebaca DPI and PCRF Expertie OverviewRebaca DPI and PCRF Expertie Overview
Rebaca DPI and PCRF Expertie OverviewArshad Mahmood
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerLew Tucker
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioMichelle Holley
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1changcai
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services PlatformDavid Chou
 
Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Ericsson Labs
 
Resource Oriented Architecture in Wireless Sensor Network
Resource Oriented Architecture in Wireless Sensor NetworkResource Oriented Architecture in Wireless Sensor Network
Resource Oriented Architecture in Wireless Sensor NetworkThomas Pham
 
CloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackCloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackbuildacloud
 
Self Care Solution for Microsoft Mediaroom
Self Care Solution for Microsoft MediaroomSelf Care Solution for Microsoft Mediaroom
Self Care Solution for Microsoft MediaroomBalaji TS
 
Nfd18 anuta-networks
Nfd18 anuta-networksNfd18 anuta-networks
Nfd18 anuta-networksKiran Sirupa
 
Rebaca Technologies Corporate Overview
Rebaca Technologies Corporate OverviewRebaca Technologies Corporate Overview
Rebaca Technologies Corporate OverviewAvishek Gupta
 
Rebaca Technologies Corporate Overview
Rebaca Technologies Corporate OverviewRebaca Technologies Corporate Overview
Rebaca Technologies Corporate OverviewAvishek Gupta
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrailnvirters
 
Banv meetup 04162014
Banv meetup 04162014Banv meetup 04162014
Banv meetup 04162014ozkan01
 

Semelhante a CensorNet ISP Filtering (20)

Service Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay KidService Provider Architectures for Tomorrow by Chow Khay Kid
Service Provider Architectures for Tomorrow by Chow Khay Kid
 
Geospatial Community Cloud Vision
Geospatial Community Cloud VisionGeospatial Community Cloud Vision
Geospatial Community Cloud Vision
 
OpenStack Quantum Network Service
OpenStack Quantum Network ServiceOpenStack Quantum Network Service
OpenStack Quantum Network Service
 
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
Problems of Contemporary Communication Companies. Ways and Tools for Solving ...
 
Shared Services and the Cloud at Cheltenham Borough Council
Shared Services and the Cloud at Cheltenham Borough CouncilShared Services and the Cloud at Cheltenham Borough Council
Shared Services and the Cloud at Cheltenham Borough Council
 
Rebaca DPI and PCRF Expertie Overview
Rebaca DPI and PCRF Expertie OverviewRebaca DPI and PCRF Expertie Overview
Rebaca DPI and PCRF Expertie Overview
 
OpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew TuckerOpenStack and the Transformation of the Data Center - Lew Tucker
OpenStack and the Transformation of the Data Center - Lew Tucker
 
Service Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with IstioService Mesh on Kubernetes with Istio
Service Mesh on Kubernetes with Istio
 
Cisco Presentation 1
Cisco Presentation 1Cisco Presentation 1
Cisco Presentation 1
 
Azure Services Platform
Azure Services PlatformAzure Services Platform
Azure Services Platform
 
Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop Over the Air 2011 Security Workshop
Over the Air 2011 Security Workshop
 
Resource Oriented Architecture in Wireless Sensor Network
Resource Oriented Architecture in Wireless Sensor NetworkResource Oriented Architecture in Wireless Sensor Network
Resource Oriented Architecture in Wireless Sensor Network
 
CloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stackCloudStack Collaboration Conference 12; Refactoring cloud stack
CloudStack Collaboration Conference 12; Refactoring cloud stack
 
Self Care Solution for Microsoft Mediaroom
Self Care Solution for Microsoft MediaroomSelf Care Solution for Microsoft Mediaroom
Self Care Solution for Microsoft Mediaroom
 
Nfd18 anuta-networks
Nfd18 anuta-networksNfd18 anuta-networks
Nfd18 anuta-networks
 
Rebaca Technologies Corporate Overview
Rebaca Technologies Corporate OverviewRebaca Technologies Corporate Overview
Rebaca Technologies Corporate Overview
 
Rebaca Technologies Corporate Overview
Rebaca Technologies Corporate OverviewRebaca Technologies Corporate Overview
Rebaca Technologies Corporate Overview
 
Banv meetup-contrail
Banv meetup-contrailBanv meetup-contrail
Banv meetup-contrail
 
TFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott SneddonTFI2014 Session I - State of SDN - Scott Sneddon
TFI2014 Session I - State of SDN - Scott Sneddon
 
Banv meetup 04162014
Banv meetup 04162014Banv meetup 04162014
Banv meetup 04162014
 

CensorNet ISP Filtering

  • 1. CensorNet Ltd An introduction to ISP filtering Presented by: Firstname Lastname Job Title Email: first.last@censornet.com Tel: 1234567890
  • 2. Company Overview CensorNet v1.0 released as open source CensorNet open 02/07 CensorNet 11/09 Development of source protects Professional launched Cloud CensorNet started over 1million end users 11/07 CensorNet shortlisted for BETT CensorNet launches Award MailSafe, e-mail SaaS security 07/05 CensorNet Ltd CensorNet incorporated launches VMWare CensorNet 2008 Certified product joins the CensorNet Ltd 08/10 CensorNet ICAP Forum • Mobile filtering solution joins the IWF achieves BECTA accreditation • Cloud Service for CensorNet Pro achieves MSP/ISP Checkmark Premium from West Coast Labs
  • 3. Customer Segmentation Business Education Government
  • 5. Challenges Traditional filtering proxy servers may not scale well Web access is real time ∴ performance critical Large data flows must be handled High availability is mandatory Integrate with often complex existing infrastructure
  • 6. Our solution – “CensorNet ICAP Server” Integrates easily with existing ICAP enabled equipment Provides technology components to rapidly build a bespoke web filtering service High speed and reliability – designed specifically for examining content Based on open standards – ICAP Forum.org Wrap-around consultancy service for planning and deployment
  • 7. Key benefits Scalable architecture Highly optimised proprietary ICAP Server (64-bit)  Pipelining for early responses  Dynamically sized thread pools  Zero-copy policy on data buffers  Minimal inter-thread locking  Highly optimised DFSA protocol grammar parsers Supports 3rd party URL classification engines RESTful API for integration with existing portal Low total cost of ownership
  • 8. Example deployments CensorNet builds bespoke web filtering platforms that meet the exact requirements of its customers.
  • 9. Simple ISP deployment with ICAP environment
  • 11. Redirected traffic – no ICAP infrastructure (ISP)
  • 12. Redirected traffic – no ICAP infrastructure (ISP, blade and HA)
  • 13. Hot Spot Nework Deployment
  • 15. Why ICAP (Internet Content Adaptation) ?  Open Standards – compliant with 3rd party proxy/cache/router devices  Designed specifically to solve this type of problem  Scalable – multiple ICAP servers to service requests & responses from multiple caches/proxies/routers More efficient than HTTP proxying Preserves source IP (transparent) Special “Preview” and “204 responses” designed to reduced traffic/bandwidth requirements
  • 16. Performance expectations  Each ICAP Server instance with 1 CPU core can handle up to 10,000 persistent connections*  If squid/tproxy servers are required to simulate ICAP Client, each squid proxy can handle up to 4,000 persistent connections per CPU core*  URL categorisation ~ 50,000 transactions per second on 2.5GHz x64 core * Dependent on policy complexity
  • 17. ICAP Server Components  ICAP Server  Policy engine & manager  “Whitelist” management  Source IP / Username via RADIUS cached lookup  Local URL database cache  Policy scheduler  URL database and real-time lookups  Management  SSH  XML Configuration  Web User Interface (Q1, 2011)
  • 18. Content Classification  144 URL categories  Multiple language support  Embedded URL scanning  Up to 5 categories per URL  “In the cloud” rating of new URLs  100+ multi-lingual analysts 24x7  “Nocats” typically classified in 20 minutes
  • 19. Deployment options  Bare metal servers  Virtual servers (VMware ESX/i)  Blade system  3rd party load balancers (CISCO)