BLUECOAT PRODUCTS REVERSE PROXY
網頁安全閘道
–反向代理
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
2
客戶會遇到的問題!?
Web伺服器的擴充性
Web 伺服器的控管
 太多的Server難以整合
 太多及突發性的資料流
 SSL 資料處理過於緩慢
 串流(Streaming)的可擴充性
 服務過於分散處理
 Complex user passwords for
multiple services
 檔案上傳時可能夾帶惡意攻擊程式
 保護Windows伺服器直接暴露於
Internet
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
3
為什麼要使用REVERSE PROXY?
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
4
為什麼要使用REVERSE PROXY?
增加Web Server的可擴充性
加強Web Server的控管
 加速資料傳輸的能力
 隱藏原來的Web Server
 接管SSL負載
 提供Single SignOn
 強大的管理能力
 對於上傳的資料作病毒掃瞄
 更大的網路頻寬
 防止惡意攻擊
 強大的擴充能力
 簡化使用及管理
 減低資訊人員的負荷-服務更強大及
更簡單化
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
5
SOLUTION: WEB APPLICATION REVERSE
PROXY
PROTECTS Web Servers
ACCELERATES Web Content
• Secure, object-based OS
• Controls access to web apps
• Web AV scanning
• Intelligent caching
• Compression and bandwidth mgt.
• SSL offload
Web Servers
Users
Proxy
Internal
Network
Public
Internet
Firewall
Firewall
SIMPLIFIES Operations
• Scalable, optimized appliance
• Easy policy creation & management
• Complete logging & reporting
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
6
1.PROTECT WEB SERVERS
 Features a purpose-built, secure operating
system (SGOS)
 Isolates web servers from direct access
 Enables fine-grained control of users
– Robust authentication: NTLM, LDAP,
RADIUS, local passwords, certificates,
sequence realms
– Intuitive policy creation and management:
Visual Policy Manager (VPM)
 Optional ProxyAV™ provides real-time
scanning of uploaded files
 Supports “plug-and-play” SSL services
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
7
2.ACCELERATE WEB CONTENT
 Proven proxy architecture with optimized
TCP stack
– Patented acceleration technologies
 Intelligent cache optimizes web server
performance
– Serves 60-90% of web content directly to
users
 Built-in HTTP compression increases
performance and minimizes bandwidth
 SSL services include hardware-accelerated
key negotiation, encryption, and decryption
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
8
3.SIMPLIFY OPERATIONS
 “Set and forget” appliance
– No need to install applications
– No need to ensure hardware compatibility
– No need to upload and support OS patches
 VPM for comprehensive policy rule creation
and management
 Scalable solution efficiently increases
capacity of each existing web server
 Comprehensive logging and reporting
 Modular, expandable solution
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
9
SECURING AND ACCELERATING A
WEBSITE
3
2
Users
1
Internal
Network
Public
Internet
Firewall
Web Farm
1
2
3
4
Firewall
ProxySG
4
User attempts to connect to e-mail web server via HTTP(S).
ProxySG checks internal cache for requested content.
If requested content is not available in cache, ProxySG retrieves content from web server.
ProxySG immediately stores requested content in cache and delivers accelerated content to user.
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
10
SCANNING UPLOADED FILES FOR
VIRUSES
Authentication Server
(LDAP, NTLM, etc.)
ProxySG
Users
5
Internal
Network
Public
Internet
Firewall
ICAP+
STOP
7
Firewall
6
E-mail Web Server
CAS
DMZ
5
6
7
Authorized user attempts to upload infected file.
CAS conducts real-time threat scan of file.
CAS immediately sends “File infected” alert to ProxySG. ProxySG forwards notification to
client and prevents user from uploading file to Web server.
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
11
SECURING CORPORATE WEBMAIL
Authentication Server
(LDAP, NTLM, etc.)
3
Users
1
2
Internal
Network
Public
Internet
Firewall
E-mail Web Server
Firewall
ProxySG
4
DMZ
1
2
3
4
User attempts to connect to e-mail web server via HTTPS.
ProxySG connects to authentication server via HTTP(S).
Authenticated user checked against policy in ProxySG.
ProxySG securely delivers accelerated content to authenticated authorized user.
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
14
使用BLUECOAT 的原因
 相較於傳統的PC Server Bluecoat提升更高的效能 (數倍的效能提升）
 使用Thin OS, 為高速傳輸而設計!
 更簡易及強大的管理介面
• Appliance design means no configuration or complex
management
• 提供強的的GUI管理介面
 更有彈性及擴充性
 比市面上一般作業系統更為安全
• SGOS –安全的作業系統
• 不需要安裝任何應用程式或修補軟體
• 專門的 TCP/IP stack
• 防止DOS攻擊!
• 可檢查HTTPS的資料流。
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
15
REVERSE PROXY的應用
 入口網站 (Yahoo, Google,PChome等）
 企業應用 (Email服務，B2B, B2C等）
 線上遊戲
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
16
THE CASE
FOR
REVERSE
PROXY
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
18
– ECOMMERCE BOOST
After
•
•
•
•
•
BlueCoat
Installed
Revenue
Escalating traffic required
full scale upgrade
• - Firewalls and servers
were nearing capacity
Transactions doubled
92% of requests served
by BlueCoat
Firewalls and servers
focus on transactions
End user response times
improved
Cut costs
BlueCoat created
“instantaneous” ROI
Time
Expenses
Before
Time
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
19
TCG (REVERSE PROXY)
Service over 100 Web sites
Internet
L4 Switch
Web Server farm
BC Reporter
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
20
PIXNET (REVERSE PROXY)
Internet
Web Server farm
BC Reporter
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
21
BANDWIDTH GAIN
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
22
EFFICIENCY
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
23
REVERSE PROXY 客戶
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
24
ProxySG APAC References
2
Financial
Health & Pharmaceuticals
Energy, Oil & Gas
Manufacturing/Industrial
Consumer & Retail
Government
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
25
THANKS
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
26