BLUECOAT Blue Coat Certified WAN Acceleration Administrator. Code: ACBE-BLC-BCWAP Days: 2 Course Description: The Blue Coat Certified WAN Acceleration Professional (BCWAP) Course is intended for IT network professionals who wish to master the advanced WAN optimization features of application acceleration available with the Blue Coat ProxySG. After completing this course, you will understand: How to configure advanced features in an Application Delivery Network (ADN) Different ADN Connection types and how can you secure your ADN VLAN and QoS support in the ProxySG Advanced features in CIFS proxy and how to troubleshoot issues How routers interact with web caches using WCCP and how ProxySG supports it Chapter Summaries Chapter 1: ADN Connection Types Blue Coat implementation of an Application Delivery Network (ADN) requires two-sided deployments, with a ProxySG® performing byte caching and acceleration techniques at each end of the WAN link. This chapter provides conceptual information regarding various deployments that employ WAN optimization. The various types of ADN connection tunnels — explicit, translucent, and transparent — are discussed in detail. Chapter 2: Secure ADN This chapter describes the concepts behind Secure ADN and how it is used. It explains how and why it is advantageous to the user to implement a secure ADN. This feature gives customers the ability to enable SSL security for all ADN tunnel connections and routing connections, regardless of what traffic is being accelerated or tunneled by the ADN. Topics include secure tunnels, admission control, possible configurations, and secure AND for SSL traffic. Chapter 3: Device Authentication This chapter describes device authentication and how it is used on the ProxySG. Device authentication allows devices to identify one another, creating more secure communication and interaction. Device authentication helps to secure the network and the various protocols involved in them. This chapter also discusses the processes involved in certificate signing, obtaining an appliance certificate, and the authorization procedure involved. Chapter 4: ADN Load Balancing Load balancing is a method of spreading work over multiple devices. This is useful because it allows a network to deal with loss from latency. When a network is slow because too many users are trying to use the same application, productivity goes down. With load balancing enabled, client requests are redirected to other routes, preventing this latency. User requests take another path, relieving the load that would usually handled by only one device and allowing that client request to reach the origin content server more quickly. Chapter 5: Advanced ADN Concepts The core of the chapter is a discussion of dynamic dictionary sizing. This chapter provides the information necessary to better understand why this is an important property of the ProxySG and how it is implemented so effectively on the appliance. Information is included about other ADN concepts such as stream management, managing encrypted traffic, and adaptive compression. Chapter 6: ADN Troubleshooting This chapter details how to define symptoms, identify problems, and implement solutions in generic AND troubleshooting scenarios. There are many causes that can compromise ADN performance, including failed network connections, firewall session timers, routing loops, unadvertised subnets, and VPN tunnel fragmentation. This chapter also talks about the utilities an administrator can use to troubleshoot an ADN. Chapter 7: Services — Advanced Topics This chapter describes TCP tunneling and how to use it in an edge-core deployment. TCP tunneling can be combined with byte caching and data compression to reduce bandwidth and increase performance. It is useful for detecting peer-to-peer connections going over open ports on the firewall. Chapter 8: SSL Proxy This chapter provides an introduction to the Blue Coat SSL proxy. HTTPS, which is HTTP over SSL, offers secure communication between a client and a server. Unfortunately, malicious internal users and Web sites can retrieve or distribute inappropriate content over HTTPS. This chapter discusses how the SSL proxy overcomes these security challenges. Chapter 9: CIFS — Advanced Topics ADNs using ProxySG appliances allow IT organizations to secure and accelerate the delivery of business applications for all users across the distributed enterprise — including those in or near Internet gateways, branch offices, data centers, and even individual endpoints. As an integral part of the ADN WAN optimization framework, CIFS protocol optimization can be implemented across the network to improve user performance while reducing costs. Chapter 10: CIFS Troubleshooting This chapter details how to define symptoms, identify problems, and implement solutions in generic CIFS troubleshooting scenarios. A single user operation (for example, opening a file) can result in multiple CIFS transactions. Therefore, it is necessary to establish context in the trace to identify user operations and drill into the specific transactions that might be an issue. Common troubleshooting scenarios include system integration problems, CIFS misconfiguration, network connectivity issues, oplock not granted to user for concurrent access, and enabled SMB signing. Chapter 11: Authentication This chapter details how the ProxySG handles user authentication. The ProxySG supports a wide, and constantly growing, number of authentication realms. This chapter focuses on the most commonly used realms — IWA and NTLM — and introduces sequence authentication, the method for searching multiple realms for a specific user’s credentials. Chapter 12: Authentication Using LDAP This chapter describes how the ProxySG supports the use of external LDAP database servers to authenticate and authorize users on a per-group or per-attribute basis. Topics include the tree structure of an LDAP database, how an LDAP realm is created on the ProxySG, and how the ProxySG performs LDAP authentication. Chapter 13: Creating Notifications and Exceptions This chapter outlines how administrators can create custom Web pages to inform network users about the organization’s acceptable user policy. Notifying users why they cannot access a resource can boost their productivity and reduce the number of unnecessary calls to the organization’s help desk. Chapter 14: Access Logging This chapter explains what access logs are, how they are used, and describes the various access logging features on the ProxySG. It also provides an overview of access logging and explains some common log file terminology. Chapter 15: WAN Optimization Features IT managers work to achieve a complex goal: increasing efficiency, providing better control and security, and minimizing costs. Organizations can reach that goal by taking advantage of Application Delivery Networks. The chapter provides an overview of the key elements of how ADNs support WAN optimization: bandwidth management, protocol optimization, object caching, byte caching, and compression. Chapter 16: Service and Support This chapter provides a high-level overview of the support options that are available to Blue Coat customers worldwide. It outlines the different levels and types of service, including online access to open, review, and comment on technical support cases. Appendix A: Deployment Planning Planning and designing the most efficient deployment is the most important decision you have to make, second only to the one of actually buying the ProxySG. This appendix gives detailed information about different kinds of ProxySG deployments. Appendix B: Introduction to IPv6 This appendix is a brief overview of introductory, high-level IPv6 concepts. Managing the conversion from IPv4 to IPv6 poses challenges for IT organizations, especially because existing IPv4 devices and applications must continue to function during the conversion. Beginning with version 5.5 of the SGOS™ operating system, the ProxySG supports IPv6 in secure Web gateway deployments, and introduction of additional IPv6 capabilities is planned for future releases. Appendix C: Conditional Probability Modern content-filtering technology, as well as spam e-mail detection, relies on some fundamental theorems of statistical analysis. This appendix discusses, at a very high level, the Bayes Theorem, which enables you to determine the probability of a future event based on knowledge that a different event already occurred.