BLUECOAT Blue Coat Certified WAN Acceleration Administrator

advertisement
BLUECOAT
Blue Coat Certified WAN Acceleration Administrator.
Code: ACBE-BLC-BCWAP
Days: 2
Course Description:
The Blue Coat Certified WAN Acceleration Professional (BCWAP) Course is intended for IT
network professionals who wish to master the advanced WAN optimization features of
application acceleration available with the Blue Coat ProxySG. After completing this course,
you will understand:
 How to configure advanced features in an Application Delivery Network (ADN)
 Different ADN Connection types and how can you secure your ADN
 VLAN and QoS support in the ProxySG
 Advanced features in CIFS proxy and how to troubleshoot issues
 How routers interact with web caches using WCCP and how ProxySG supports it
Chapter Summaries
Chapter 1: ADN Connection Types
Blue Coat implementation of an Application Delivery Network (ADN) requires two-sided
deployments, with a ProxySG® performing byte caching and acceleration techniques at each
end of the WAN link. This chapter provides conceptual information regarding various
deployments that employ WAN optimization. The various types of ADN connection tunnels —
explicit, translucent, and transparent — are discussed in detail.
Chapter 2: Secure ADN
This chapter describes the concepts behind Secure ADN and how it is used. It explains how
and why it is advantageous to the user to implement a secure ADN. This feature gives
customers the ability to enable SSL security for all ADN tunnel connections and routing
connections, regardless of what traffic is being accelerated or tunneled by the ADN. Topics
include secure tunnels, admission control, possible configurations, and secure AND for SSL
traffic.
Chapter 3: Device Authentication
This chapter describes device authentication and how it is used on the ProxySG. Device
authentication allows devices to identify one another, creating more secure communication
and interaction. Device authentication helps to secure the network and the various protocols
involved in them. This chapter also discusses the processes involved in certificate signing,
obtaining an appliance certificate, and the authorization procedure involved.
Chapter 4: ADN Load Balancing
Load balancing is a method of spreading work over multiple devices. This is useful because
it allows a network to deal with loss from latency. When a network is slow because too many
users are trying to use the same application, productivity goes down. With load balancing
enabled, client requests are redirected to other routes, preventing this latency. User requests
take another path, relieving the load that would usually handled by only one device and
allowing that client request to reach the origin content server more quickly.
Chapter 5: Advanced ADN Concepts
The core of the chapter is a discussion of dynamic dictionary sizing. This chapter provides
the information necessary to better understand why this is an important property of the
ProxySG and how it is implemented so effectively on the appliance. Information is included
about other ADN concepts such as stream management, managing encrypted traffic, and
adaptive compression.
Chapter 6: ADN Troubleshooting
This chapter details how to define symptoms, identify problems, and implement solutions in
generic AND troubleshooting scenarios. There are many causes that can compromise ADN
performance, including failed network connections, firewall session timers, routing loops,
unadvertised subnets, and VPN tunnel fragmentation. This chapter also talks about the
utilities an administrator can use to troubleshoot an ADN.
Chapter 7: Services — Advanced Topics
This chapter describes TCP tunneling and how to use it in an edge-core deployment. TCP
tunneling can be combined with byte caching and data compression to reduce bandwidth
and increase performance. It is useful for detecting peer-to-peer connections going over
open ports on the firewall.
Chapter 8: SSL Proxy
This chapter provides an introduction to the Blue Coat SSL proxy. HTTPS, which is HTTP
over SSL, offers secure communication between a client and a server. Unfortunately,
malicious internal users and Web sites can retrieve or distribute inappropriate content over
HTTPS. This chapter discusses how the SSL proxy overcomes these security challenges.
Chapter 9: CIFS — Advanced Topics
ADNs using ProxySG appliances allow IT organizations to secure and accelerate the delivery
of business applications for all users across the distributed enterprise — including those in or
near Internet gateways, branch offices, data centers, and even individual endpoints. As an
integral part of the ADN WAN optimization framework, CIFS protocol optimization can be
implemented across the network to improve user performance while reducing costs.
Chapter 10: CIFS Troubleshooting
This chapter details how to define symptoms, identify problems, and implement solutions in
generic CIFS troubleshooting scenarios. A single user operation (for example, opening a file)
can result in multiple CIFS transactions. Therefore, it is necessary to establish context in the
trace to identify user operations and drill into the specific transactions that might be an issue.
Common troubleshooting scenarios include system integration problems, CIFS
misconfiguration, network connectivity issues, oplock not granted to user for concurrent
access, and enabled SMB signing.
Chapter 11: Authentication
This chapter details how the ProxySG handles user authentication. The ProxySG supports a
wide, and constantly growing, number of authentication realms. This chapter focuses on the
most commonly used realms — IWA and NTLM — and introduces sequence authentication,
the method for searching multiple realms for a specific user’s credentials.
Chapter 12: Authentication Using LDAP
This chapter describes how the ProxySG supports the use of external LDAP database
servers to authenticate and authorize users on a per-group or per-attribute basis. Topics
include the tree structure of an LDAP database, how an LDAP realm is created on the
ProxySG, and how the ProxySG performs LDAP authentication.
Chapter 13: Creating Notifications and Exceptions
This chapter outlines how administrators can create custom Web pages to inform network
users about the organization’s acceptable user policy. Notifying users why they cannot
access a resource can boost their productivity and reduce the number of unnecessary calls
to the organization’s help desk.
Chapter 14: Access Logging
This chapter explains what access logs are, how they are used, and describes the various
access logging features on the ProxySG. It also provides an overview of access logging and
explains some common log file terminology.
Chapter 15: WAN Optimization Features
IT managers work to achieve a complex goal: increasing efficiency, providing better control
and security, and minimizing costs. Organizations can reach that goal by taking advantage of
Application Delivery Networks. The chapter provides an overview of the key elements of how
ADNs support WAN optimization: bandwidth management, protocol optimization, object
caching, byte caching, and compression.
Chapter 16: Service and Support
This chapter provides a high-level overview of the support options that are available to Blue
Coat customers worldwide. It outlines the different levels and types of service, including
online access to open, review, and comment on technical support cases.
Appendix A: Deployment Planning
Planning and designing the most efficient deployment is the most important decision you
have to make, second only to the one of actually buying the ProxySG. This appendix gives
detailed information about different kinds of ProxySG deployments.
Appendix B: Introduction to IPv6
This appendix is a brief overview of introductory, high-level IPv6 concepts. Managing the
conversion from IPv4 to IPv6 poses challenges for IT organizations, especially because
existing IPv4 devices and applications must continue to function during the conversion.
Beginning with version 5.5 of the SGOS™ operating system, the ProxySG supports IPv6 in
secure Web gateway deployments, and introduction of additional IPv6 capabilities is planned
for future releases.
Appendix C: Conditional Probability
Modern content-filtering technology, as well as spam e-mail detection, relies on some
fundamental theorems of statistical analysis. This appendix discusses, at a very high level,
the Bayes Theorem, which enables you to determine the probability of a future event based
on knowledge that a different event already occurred.
Download