Optimize Enterprise Application Availability, Security and Responsiveness
|
|
- Tabitha Horton
- 8 years ago
- Views:
Transcription
1 WHITE PAPER Optimize Enterprise Application Availability, Security and Responsiveness Replace Forefront Threat Management Gateways with A10 Networks Application Delivery Controllers
2 Table of Contents Executive Summary... 3 Replacing TMG... 3 A10 ADC Appliances: Secure and Optimize Microsoft Applications... 4 Forward and Reverse Proxy with Authentication... 4 Multifactor Authentication... 4 Application Security... 5 A10 Optimizes Microsoft Application Servers... 6 A10 Networks vs. TMG Key Feature Comparison... 7 Conclusion... 8 About A10 Networks... 9 Disclaimer This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not limited to fitness for a particular use and noninfringement. A10 Networks has made reasonable efforts to verify that the information contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided as-is. The product specifications and features described in this publication are based on the latest information available; however, specifications are subject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current information regarding its products or services. A10 Networks products and services are subject to A10 Networks standard terms and conditions. 2
3 Executive Summary Microsoft s now discontinued Forefront Threat Management Gateway 2010 (TMG) is a security and performance enhancement solution for SMB and enterprise users. A standard security product to protect and provide secure access to web content and applications, this gateway is widely used to safeguard applications via reverse proxy, SSL termination, Network Address Translation (NAT), application-layer protection and content filtering. It optimizes applications through web application acceleration, web caching, TCP connection reuse and server load balancing. Microsoft no longer offers TMG or its previous incarnation, Internet Security and Acceleration (ISA) Server, having announced its end-of sale 1. At the same time, the advancement of application delivery controllers (ADCs) has subsumed and expanded upon many of the capabilities and use cases for TMG. A10 Networks recommends A10 Networks Thunder ADC line of Application Delivery Controllers as a superior substitute for TMG deployments. Thunder ADC offers a cost-effective and all-in-one solution that goes far beyond TMG in maximizing server availability, accelerating response times and reducing required network pipe utilization. Thunder virtual and purpose-built hardware appliances offer an extensive array of security and optimization features that surpass TMG and are available in a variety of performance levels and form factors for any environment. With TMG at end-of-sale, administrators managing networks, applications and security will need to turn to newer, more modern solutions. Replacing TMG As a secure web gateway, TMG has principally been used to provide multiple levels of security to various Microsoft applications including Exchange, SharePoint and Lync as well as offerings from other software vendors. TMG protects these Internet-facing application servers from web-based threats and helps create a needed demarcation point between the Internet and internal data center operations. TMG is composed of four fully integrated elements for simplified management: Forefront TMG Server, TMG web protection service, Management Server and Management Console. Together, these offer multiple layers of security to protect internal servers and other corporate assets from malicious attack. TMG can be flexibly deployed as a virtual machine on industry standard servers or by various third parties as a hardened appliance. The choice depends on cost and performance requirements. The benefits derived from installing TMG include: Application-layer protection to application servers Data leakage prevention via content filtering Application response times improvement Peripheral security for controlled data center access Principal Microsoft TMG capabilities include: Authentication By providing authentication within the servers themselves, applications can be protected from unwanted access. Authentication is a process to identify a client that attempts to access a secure domain. TMG provides authentication support for the backend servers. Proxy Forward and reverse proxy features secure published applications in Internet-facing deployments, in part by providing network separation between remote clients and internal network servers. TMG s forward proxy capabilities include content filtering to provide more control over access to public content and to manage SSLbased traffic. TMG as a reverse proxy is deployed in front of the web and application servers to process client requests for content and support application firewall and other security techniques. URL Filtering URL filtering secures application servers by controlling client access. Sites that are known to be malicious or contain inappropriate content are blocked to protect the organization. TMG groups URLs into dozens of categories, including those based on security, productivity and liability. HTTPS Inspection To decode and inspect SSL encrypted sessions, TMG provides a software-based encrypt/ decrypt feature with HTTPS scanning. This feature allows the needed visibility into traffic flows to ensure that applications are protected during secure communications. Logging and reporting tools aide in determining if web access is compliant with the organization s policies. Routing and Remote Access TMG Secure Web Gateways provide Internet gateway, NAT server and routing functionality. They can be deployed as a basic router, as they offer static L2/L3 networking protocols to determine routes. TMG can also be deployed as an explicit HTTP proxy to control access to hosts based on lists of allowed traffic clients and hosts. In addition, the TMG can function as an NAT server that can remap one IP address space to another
4 Anti-Malware TMG has integrated an anti-malware engine to scan outbound web traffic such as attachments and files and block viruses and other malware. By placing the solution at the edge, internal servers without proper host-based protection can be secured. User experience is enhanced as partial content may be sent as inspection takes place and progress notifications via status HTML pages are provided. Optimization With the increase in web-based and mobile applications, the importance to accelerate and optimize enterprise applications is a critical requirement. Providing these features will enhance the user experience, productivity and security policy compliance. TMG has limited optimization features for applications such as Lync, SharePoint and Exchange. Deploying TMG will enhance these Microsoft applications with basic TCP features, health monitor options, caching and load balancing. A10 ADC Appliances: Secure and Optimize Microsoft Applications Application delivery controllers provide the most practical alternative to TMG installations. These solutions not only offer the critical security and optimization features of TMG but they go far beyond these security gateways. Whether the requirement is to expand upon security, authentication, server availability or application acceleration, A10 ADCs represent a quantum jump in feature set, performance, deployment flexibility and cost effectiveness. A10 ADCs accelerate, optimize and secure your mission critical applications. A10 Networks Thunder ADC line of Application Delivery Controllers offer a robust solution that ensures high performance throughput, the necessary robust feature set and high scalability to support the requirements of an enterprise network. A10 offers security features such as reverse and forward proxy, Web Application Firewall (WAF), authentication, DNS firewall and more. Consequently, these solutions offer an excellent replacement because of the all-inclusive licensing, security, acceleration, scalability, authentication, optimization and DDoS protection features. This comprehensive set of ADC solutions can be deployed on a single physical, virtual or hybrid appliance and is able to run any and all features simultaneously with no limits. Forward and Reverse Proxy with Authentication Installing an application delivery controller enabled with reverse proxy and pre-authentication at the network perimeter provides network isolation from external sources. Only authenticated and authorized clients are granted access to the internal network and the organization s resources. This reverse proxy terminates client connections at the perimeter, and once authenticated and authorized, a proxy connection to the internal network is set up. A10 ADCs advance upon TMG by allowing central control over all applications and other resources; administrators can configure and manage access to each and every server from one management interface. This central control point allows applications to be deployed with a consistent corporate security policy by one authorized administrator. A10 supports authentication of users from a wide variety of resources, including Active Directory, LDAP, RADIUS, Kerberos, OCSP and SAML. In order to be a viable replacement for TMG, however, the ADC has to be more than just a reverse proxy. A10 ADCs offer a superlative mix of security to manage increasing web attacks, and include the most common features found in TMG: Forward proxy Thunder ADC provides both TCP and HTTP forward proxy support. It proxies HTTP and provides web content filtering and caching services. Thunder ADC forward proxies also include authentication and authorization to provide more control over access to public content. URL filtering and reputation list Controls access to websites or web applications based on the categories and risks associated with the intended URLs. Application switching (URL and host support) Redirects client requests based on the specific server or a pool of web servers based on the client attributes. This feature provides application intelligence and strengthens server applications. Multifactor Authentication Typically, applications only natively support a basic level of authentication. Yet given the proliferation of remote user device types and an expanded group of those requiring access, authentication methods are constantly evolving in complexity. Remote access solutions leveraging dynamic multifactor authentication are becoming common. TMG supports a variety of authentication methods, including RSA SecurID and client-side certificates. A10 solutions support the following authentication schemes: 4
5 Logon Portal for client (HTTP basic, form-based) Authentication Server (LDAP, RADIUS, OSCP, SAML) Authentication Relay (RSA SecurID, client-side certificates, HTTP Basic, Kerberos) A10 also supports advanced dynamic authentication. Now, Microsoft applications such as ActiveSync, Outlook Web Access and Outlook Anywhere can be published on the same socket (IP address/port) while using different authentication methods for each. A10 solutions obtain user attributes such as assigned mailbox database, device IDs and group memberships from Active Directory; in turn, these characteristics are used to dynamically apply policies on a very granular basis for superior security from mobile and other Bring Your Own Device (BYOD) access devices. Application Security With today s shortened development cycle times and the strong demand for new applications, validation and checks for vulnerabilities may be incomplete. Such application weaknesses are not addressed by lower layer network firewalls or Intrusion Prevention Systems (IPS). What s needed is a firewall that inspects and secures traffic at Layer 7 to provide protection to the applications themselves; malicious traffic such as form field tampering, cross-site scripting, cookie poisoning and many more attack vectors must be blocked. TMG only provides signature-based inspection that blocks known attacks while day zero attacks are left undefended. To protect against an array of these unknown attacks that target application vulnerabilities, A10 provides a Web Application Firewall that can filter inbound HTTP requests. This is a critical task to protect the network infrastructure against the increasing problem of malware and vulnerabilities. To simplify deployment with Microsoft applications, this WAF is initially placed in a training mode to learn the normal and expected behavior of the applications. Once the training period is complete, it can be placed in protection mode to isolate and block traffic that does not comply with normal usage. Protections include: Cross-site request forgery (CSRF)prevention SQL injection check XSS (cross-site scripting, cookie/url/query/post args checking for JavaScript) Buffer overflow check URL white/black listing (up to 8 million individual host addresses and up to 64,000 subnet addresses) Bad bots protection Credit card, Social Security Number (SSN), sensitive content check Form field consistency check Field formats check Volumetric Distributed Denial of Service (DDoS) attacks, particularly at L7, are increasingly common. TMG has some basic support built-in; however, it does not provide the advanced protection or the performance required. A10 ADC appliances, many with hardware assisted DDoS processing, provide enhanced protection against these malicious assaults. A10 ADCs come equipped with IP anomaly filters to drop packets that contain common DDoS attack signatures. This feature comes standard in all the A10 ADC form factors: virtual, physical, hybrid and cloud-based offerings. Security protection features include: Frag Drops all IP fragments, which can be used to attack hosts running IP stacks that have known vulnerabilities in their fragment reassembly code IP-option Drops all packets that contain any IP options Land-attack Drops spoofed SYN packets containing the same IP address as the source and destination, which can be used to launch an IP land attack Ping-of-death Drops all jumbo IP packets, known as ping of death packets System-wide Policy-Based Server Load Balancing (PBSLB) IP anomaly filters, which include: -- Invalid HTTP or SSL payload -- Out of sequence packet -- Zero-length TCP window Access control lists (ACLs) permit and deny based on address and protocol information in the packets with support for standard and extended IPv4 and IPv6 addresses. 5
6 A10 Optimizes Microsoft Application Servers When deploying a secure web gateway such as TMG, the impact on the network infrastructure must be evaluated. The multiple functional modules result in substantial processing and degrade server availability, overall scalability and ultimately the performance of the network. The result is reduced capacity of various critical Microsoft applications such as SharePoint and Exchange. As TMG is server-based, it does not have the inherent power of a built-for-purpose ADC appliance. This means TMG servers with their basic load-balancing methods and limited ability to scale are typically installed in an array with an external physical load balancer. This adds needless complexity, capital expenditures and lengthened design-in time. Utilizing a single A10 ADC appliance provides the essential functionality of TMG, yet ensures the level of performance required while obviating the need for load balancers and other point solutions. Replacing TMG with A10 ADC solutions provides the scalability, availability and security demanded, while permitting throughput from 1 Gbps to over 1 Tbps. A10 appliances streamline the network topology and optimize the Microsoft application server farm. A10 ADCs offers a cost-effective and all-in-one solution that goes far beyond TMG in maximizing server availability, accelerating response times and reducing required network pipe utilization. A10 features include: Load balancing The most common use of a reverse proxy appliance is to provide load balancing to web applications. The A10 ADC provides a comprehensive list of load balancing algorithms to suit any type of application deployment. The load-balancing feature can be applied with a Microsoft application such as Microsoft Exchange, Lync or SharePoint, and it can be configured based on customer load-balancing requirements. Caching To optimize web content in today s networks, A10 caches web content on the ADC device to enhance website performance for clients. A10 ADCs can support up to 24 GB of HTTP/S objects, which reduces the number of connections needed between the A10 ADC and the server. HTTP compression This feature reduces the needed bandwidth and results in a faster download of application content by enabling ultra-high-speed compression and decompression of HTTP/HTTPS requests and responses. TCP connection reuse This feature is commonly deployed on web-based applications which can accelerate and optimize the data center infrastructure. It enhances the user web experience by reducing the number of TCP connection setups required; persistence is such that existing connections can be used for future TCP requests. SSL acceleration This offloads SSL processing from application servers. A10 ADCs have built-in security hardware to process SSL encode/decode SSL traffic with up to 4096-bit SSL certificates. In addition, A10 ADCs also provide STARTTLS support to enable secure traffic to and from Simple Mail Transfer Protocol (SMTP) servers by encrypting mail traffic to and from clients. Multi-tenancy This enables the configuration of up to 40 independent instances of Thunder ADC and Carrier Grade Networking (CGN) on one Thunder hybrid virtual appliance (HVA) platform. This provides the ability to load many instances of TMG functionality onto one appliance. Each instance is afforded its own dedicated portion of computing, memory, SSL and I/O resources and can be uniquely tuned to the exact needs of particular users, applications or servers. 6
7 This table shows the many ways A10 ADCs support key TMG features and add expanded capabilities. A10 Networks vs. TMG Key Feature Comparison Feature Microsoft TMG Thunder ADC Reverse proxy Standard connection termination Full support, including customizable HTTP-aware connection termination, redirection and TCP multiplexing for server offload Forward proxy Load balancing and Layer 7 content switching TMG firewalls can forward web proxy requests Basic L4 load balancing with basic round robin Configurable web proxy and caching server with explicit HTTP proxy support Multiple L4/L7 load-balancing algorithms, including least connections, weighted round robin and more Over 18+ load-balancing algorithm options available Global Server Load Balancing (GSLB) None Full support DNS-based and IPbased Route Health Injection(RHI) High availability and failover Complex, requires 3 nodes Active/active, active/passive, VRRP-A, GSLB Server health monitoring Limited to 3 basic methods: HTTP Get, Ping and TCP connections Methods include basic multiple L2-4 connectivity checks and advanced customizable validations of server and backend database functionality Session persistence Source IP or cookie only Multiple options, including hashing, SSL session ID, cookiebased, source/destination IP Authentication Application acceleration Scalability HTTPS inspection and SSL capacity Basic, forms-based, integrated and certificates Multifactor: client certificates, RSA SecurID, RADIUS Basic compression and static caching Cluster up to 6 TMG modules with Windows-based software (aimed at smaller and medium enterprises) Policy based; software only with minimal bulk throughput and TPS Numerous, including HTTP basic, forms-based, LDAP, RADIUS, OSCP, SAML Multifactor: Client certificates, RSA SecurID, RADIUS High capacity compression, static and dynamic caching and TCP optimization Purpose-built 1U appliances with up to 150 Gbps A10 Networks avcs Virtual Chassis System cluster up to 8 appliances for over 1 Tbps HVA with up to 40 independent instances Up to 1,023 application delivery partitions per one unit Policy-based; hardware-based processing with over 40 Gbps and 1.5M SSL TPS (2048-bit certificates) IPv6 No support Complete support for IPv6 and all IPv4/6 translations Simultaneous support for ADC and CGN instances on the same HVA platform 7
8 Feature Microsoft TMG Thunder ADC DDoS protection Basic DDoS High performance DDoS with up to 200M SYN packets/sec Multiple DDoS and protocol anomaly protection methods Reporting and monitoring None; third-party add-ons needed On-appliance reporting tools with drilldowns, customization and filtering to monitor usage and trends Firewall Negative security model with signature base ICSA certified WAF for protection against dozens of day-zero app attacks No signature base needed Automatically learns expected server behavior DNS application firewall Not available DNS Application Firewall that shields DNS servers from attacks, including buffer overflow, malformed requests and DoS IP-based connection rate limiting and concurrent connection controls Web-based authentication Basic only Provided through the Application Access Management (AAM) module; HTTP-basic and formbased Routing Basic only Static and dynamic routing Simplified application policy configuration Data leakage protection Conclusion Multi-step process Categorization and time-based blocking Templates with built-in auto policy configurations Data leakage protection methods, including customized fields, credit card and SSN masking URL classification filtering Microsoft Forefront TMG has been a worthy secure web gateway. It has been relied upon by users around the globe and included a broad feature set encompassing security and application optimization. Now that it is at end-of-sale, administrators managing networks, applications and security will need to turn to newer, more modern solutions. A10 Networks Thunder ADC provides not only the key attributes of TMG secure web gateways but offer advanced functionality that goes far beyond those capabilities. These include such things as advanced L7 application firewall, sophisticated load balancing and content switching to ensure application availability, and multiple application acceleration methods to speed content to remote clients. A10 also provides smart templates and detailed guides to expedite deployment of A10 ADCs with Microsoft applications. 8
9 About A10 Networks A10 Networks is a leader in application networking, providing a range of high-performance application networking solutions that help organizations ensure that their data center applications and networks remain highly available, accelerated and secure. Founded in 2004, A10 Networks is based in San Jose, California, and serves customers globally with offices worldwide. For more information, visit: Corporate Headquarters A10 Networks, Inc 3 West Plumeria Ave. San Jose, CA USA Tel: Fax: Part Number: A10-WP EN-01 Nov 2014 Worldwide Offices North America sales@a10networks.com Europe emea_sales@a10networks.com South America latam_sales@a10networks.com Japan jinfo@a10networks.com China china_sales@a10networks.com Taiwan taiwan@a10networks.com Korea korea@a10networks.com Hong Kong HongKong@a10networks.com South Asia SouthAsia@a10networks.com Australia/New Zealand anz_sales@a10networks.com 2014 A10 Networks, Inc. All rights reserved. A10 Networks, the A10 Networks logo, A10 Thunder, Thunder, vthunder, acloud, ACOS, and agalaxy are trademarks or registered trademarks of A10 Networks, Inc. in the United States and in other countries. All other trademarks are property of their respective owners. A10 Networks assumes no responsibility for any inaccuracies in this document. A10 Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. To learn more about the A10 Thunder Application Service Gateways and how it can enhance your business, contact A10 Networks at: or call to talk to an A10 sales representative. 9
Load Balancing Security Gateways WHITE PAPER
Load Balancing Security Gateways WHITE PAPER Table of Contents Acceleration and Optimization... 4 High Performance DDoS Protection... 4 Web Application Firewall... 5 DNS Application Firewall... 5 SSL Insight...
More informationPost-TMG: Securely Delivering Microsoft Applications
Post-TMG: Securely Delivering Microsoft Applications Microsoft Forefront Threat Management Gateway customers need an alternative to secure their Internet-facing Microsoft applications. F5 BIG-IP Application
More informationHealthcare Security and HIPAA Compliance with A10
WHITE PAPER Healthcare Security and HIPAA Compliance with A10 Contents Moving Medicine to the Cloud: the HIPAA Challenge...3 HIPAA History and Standards...3 HIPAA Compliance and the A10 Solution...4 164.308
More informationVALIDATING DDoS THREAT PROTECTION
VALIDATING DDoS THREAT PROTECTION Ensure your DDoS Solution Works in Real-World Conditions WHITE PAPER Executive Summary This white paper is for security and networking professionals who are looking to
More informationNetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway
NetScaler: A comprehensive replacement for Microsoft Forefront Threat Management Gateway 2 Microsoft s Forefront Threat Management Gateway (TMG) is a network security and protection solution for enterprise
More informationWhite Paper A10 Thunder and AX Series Load Balancing Security Gateways
White Paper A10 Thunder and AX Series Load Balancing Security Gateways June 2013 WP_LB FW 062013 Disclaimer This document does not create any express or implied warranty about A10 Networks or about its
More informationAvoid Microsoft Lync Deployment Pitfalls with A10 Thunder ADC
WHITE PAPER Avoid Microsoft Lync Deployment Pitfalls with A10 Thunder ADC Table of Contents Introduction...3 Executive Summary...3 High Availability...3 Advanced Load Balancing...4 Global Server Load Balancing...4
More informationAPPLICATION ACCESS MANAGEMENT (AAM) Augment, Offload and Consolidate Access Control
SOLUTION BRIEF APPLICATION ACCESS MANAGEMENT (AAM) Augment, Offload and Consolidate Access Control Challenge: Organizations must allow external clients access to web portals, sensitive internal resources
More informationPCI DSS and the A10 Solution
WHITE PAPER PCI DSS and the A10 Solution How Cloud Service Providers Can Achieve PCI Compliance with A10 Thunder ADC and vthunder Table of Contents The Challenge of PCI Compliance... 3 Overview of PCI
More informationSAML 2.0 SSO Deployment with Okta
SAML 2.0 SSO Deployment with Okta Simplify Network Authentication by Using Thunder ADC as an Authentication Proxy DEPLOYMENT GUIDE Table of Contents Overview...3 The A10 Networks SAML 2.0 SSO Deployment
More informationAAM Kerberos Relay Integration with SharePoint
DEPLOYMENT GUIDE AAM Kerberos Relay Integration with SharePoint How to Deploy A10 Thunder ADC s AAM Feature in a SharePoint Environment Using Kerberos Relay Authentication Table of Contents Overview...3
More informationA10 Thunder and AX Series
WHITE PAPER A10 Thunder and AX Series Evolution of ADCs: The A10 Advantage over Legacy Load Balancers Table of Contents A10 Thunder ADC: Application Delivery Evolved... 3 Business Challenges Solved by
More informationVMware View 5.0 and Horizon View 6.0 DEPLOYMENT GUIDE
VMware View 5.0 and Horizon View 6.0 DEPLOYMENT GUIDE Table of Contents 1 Introduction... 2 2 ACOS Deployment for VMware View... 2 3 Lab Presentation... 2 4 Configuration... 3 4.1 VMware View Administration
More informationThunder Series for SAP BusinessObjects (BOE)
DEPLOYMENT GUIDE Thunder Series for SAP BusinessObjects (BOE) Table of Contents Introduction... 2 Deployment Guide Prerequisites... 2 Application Specific Deployment Notes... 2 Accessing the Thunder Series
More informationF5 and Microsoft Exchange Security Solutions
F5 PARTNERSHIP SOLUTION GUIDE F5 and Microsoft Exchange Security Solutions Deploying a service-oriented perimeter for Microsoft Exchange WHAT'S INSIDE Pre-Authentication Mobile Device Security Web Application
More informationA10 ADC Return On Investment
WHITE PAPER A10 ADC Return On Investment Table of Contents Introduction...3 Streamline Operations to Maximize Efficiencies...3 Server Offload Is the Key...3 SSL Acceleration...4 TCP Optimization...5 RAM
More informationSetting Up a Kerberos Relay for the Microsoft Exchange 2013 Server DEPLOYMENT GUIDE
Setting Up a Kerberos Relay for the Microsoft Exchange 2013 Server DEPLOYMENT GUIDE Disclaimer This document does not create any express or implied warranty about A10 Networks or about its products or
More informationThunder ADC for Epic Systems
DEPLOYMENT GUIDE Thunder ADC for Epic Systems Table of Contents Introduction... 2 Deployment Guide Overview... 2 Deployment Guide Prerequisites... 2 Accessing the Thunder Series ADC... 2 Architecture Overview...
More informationThe Application Delivery Controller Understanding Next-Generation Load Balancing Appliances
White Paper Overview To accelerate response times for end users and provide a high performance, highly secure and scalable foundation for Web applications and rich internet content, application networking
More informationThunder Series for SAP Customer Relationship Management (CRM)
DEPLOYMENT GUIDE Thunder Series for SAP Customer Relationship Management (CRM) Table of Contents Introduction...2 Deployment Guide Prerequisites...2 Application Specific Deployment Notes...2 Accessing
More informationAdvanced Core Operating System (ACOS): Experience the Performance
WHITE PAPER Advanced Core Operating System (ACOS): Experience the Performance Table of Contents Trends Affecting Application Networking...3 The Era of Multicore...3 Multicore System Design Challenges...3
More informationDEPLOYMENT GUIDE. SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity
DEPLOYMENT GUIDE SAML 2.0 Single Sign-on (SSO) Deployment Guide with Ping Identity Table of Contents SAML Overview...3 Integration Topology...3 Deployment Requirements...4 Configuration Steps...4 Step
More informationDeploying F5 to Replace Microsoft TMG or ISA Server
Deploying F5 to Replace Microsoft TMG or ISA Server Welcome to the F5 deployment guide for configuring the BIG-IP system as a forward and reverse proxy, enabling you to remove or relocate gateway security
More informationREAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL
REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL AWF Series Web application firewalls provide industry-leading Web application attack protection, ensuring continuity
More informationWhite Paper A10 Thunder and AX Series Application Delivery Controllers and the A10 Advantage
White Paper A10 Thunder and AX Series Application Delivery Controllers and the A10 Advantage June 2013 WP_ADC 062013 Disclaimer This document does not create any express or implied warranty about A10 Networks
More informationWHITE PAPER. Enhancing Application Delivery and Load Balancing on Amazon Web Services with Brocade Virtual Traffic Manager
WHITE PAPER Enhancing Application Delivery and Load Balancing on Amazon Web Services with Brocade Virtual Traffic Manager ALREADY USING AMAZON ELASTIC LOAD BALANCER? As an abstracted service, Amazon ELB
More informationLoad Balancing for Microsoft Office Communication Server 2007 Release 2
Load Balancing for Microsoft Office Communication Server 2007 Release 2 A Dell and F5 Networks Technical White Paper End-to-End Solutions Team Dell Product Group Enterprise Dell/F5 Partner Team F5 Networks
More informationData Sheet. VLD 500 A Series Viaedge Load Director. VLD 500 A Series: VIAEDGE Load Director
Data Sheet VLD 500 A Series Viaedge Load Director VLD 500 A Series: VIAEDGE Load Director VLD : VIAEDGE Load Director Key Advantages: Server Load Balancing for TCP/UDP based protocols. Server load balancing
More informationA Layperson s Guide To DoS Attacks
A Layperson s Guide To DoS Attacks A Rackspace Whitepaper A Layperson s Guide to DoS Attacks Cover Table of Contents 1. Introduction 2 2. Background on DoS and DDoS Attacks 3 3. Types of DoS Attacks 4
More informationZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
More informationA10 Networks LBaaS Driver for Thunder and AX Series Appliances
DEPLOYMENT GUIDE A10 Networks LBaaS Driver for Thunder and AX Series Appliances Table of Contents Introduction... 2 Implementation... 2 Network Architecture... 3 SNATED... 3 VLAN... 3 Installation steps...
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationSSL Insight Certificate Installation Guide
SSL Insight Certificate Installation Guide For A10 Thunder Application Delivery Controllers DEPLOYMENT GUIDE Table of Contents Introduction...3 Generating a CA Certificate...3 Exporting a Certificate from
More informationMicrosoft Exchange 2016 DEPLOYMENT GUIDE
Microsoft Exchange 2016 DEPLOYMENT GUIDE Table of Contents Introduction...3 Deployment Prerequisites...3 Accessing the Thunder ADC Device...3 Architecture Overview...3 Validating Exchange 2016 Configuration...4
More informationAPPLICATION DELIVERY
RIVERBED DELIVERY THE FIRST DELIVERY CONTROLLER (ADC) DESIGNED FOR ANY CLOUD OR Greater flexibility VIRTUALIZED ENVIRONMENT GARTNER MAGIC QUADRANT RECOGNITION We re a Visionary in the 2012 Magic Quadrant
More informationDeployment Guide AX Series with Citrix XenApp 6.5
Deployment Guide AX Series with Citrix XenApp 6.5 DG_XenApp_052012.1 TABLE OF CONTENTS 1 Introduction... 4 1 Deployment Guide Overview... 4 2 Deployment Guide Prerequisites... 4 3 Accessing the AX Series
More informationDeployment Guide. AX Series with Microsoft Office SharePoint Server
Deployment Guide AX Series with Microsoft Office SharePoint Server Table of Contents DEPLOYMENT GUIDE AX Series with Microsoft Office SharePoint Server Introduction... 1 Prerequisites & Assumptions...
More informationSecurity Overview and Cisco ACE Replacement
Security Days Geneva 2015 Security Overview and Cisco ACE Replacement March, 2014 Tobias Kull tobias.kull@eb-qual.ch A10 Corporate Introduction Headquarters in San Jose 800+ Employees Offices in 32 countries
More informationWEB APPLICATION FIREWALLS: DO WE NEED THEM?
DISTRIBUTING EMERGING TECHNOLOGIES, REGION-WIDE WEB APPLICATION FIREWALLS: DO WE NEED THEM? SHAIKH SURMED Sr. Solutions Engineer info@fvc.com www.fvc.com HAVE YOU BEEN HACKED????? WHAT IS THE PROBLEM?
More informationAPV9650. Application Delivery Controller
APV9650 D a t a S h e e t Application Delivery Controller Array Networks APV Series of Application Delivery Controllers optimizes the availability, user experience, performance, security and scalability
More informationMove over, TMG! Replacing TMG with Sophos UTM
Move over, TMG! Replacing TMG with Sophos UTM Christoph Litzbach, Pre-Sales Engineer NSG 39 Key Features of TMG HTTP Antivirus/spyware URL Filtering HTTPS forward inspection Web Caching Role based access
More informationWhite paper. Keys to SAP application acceleration: advances in delivery systems.
White paper Keys to SAP application acceleration: advances in delivery systems. Table of contents The challenges of fast SAP application delivery...3 Solving the acceleration challenge: why traditional
More informationCisco ACE 4710 Application Control Engine
Data Sheet Cisco ACE 4710 Application Control Engine Product Overview The Cisco ACE 4710 Application Control Engine (Figure 1) belongs to the Cisco ACE family of application switches, used to increase
More informationCOORDINATED THREAT CONTROL
APPLICATION NOTE COORDINATED THREAT CONTROL Interoperability of Juniper Networks IDP Series Intrusion Detection and Prevention Appliances and SA Series SSL VPN Appliances Copyright 2010, Juniper Networks,
More informationMicrosoft Exchange 2013 DEPLOYMENT GUIDE
Microsoft Exchange 2013 DEPLOYMENT GUIDE Table of Contents Introduction... 2 Deployment Guide Prerequisites... 2 Deployment Notes and Updates... 2 Exchange Server Roles... 2 Accessing the Thunder ADC Device...
More informationConfiguring and Implementing A10
IMPLEMENTATION GUIDE Configuring and Implementing A10 Networks Load Balancing Solution with Juniper s SSL VPN Appliances Although Juniper Networks has attempted to provide accurate information in this
More informationDeployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365
Deployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365 DG_ADFS20_120907.1 TABLE OF CONTENTS 1 Overview... 4 2 Deployment Guide Overview... 4 3 Deployment Guide Prerequisites...
More informationAchieve Single Sign-on (SSO) for Microsoft ADFS
DEPLOYMENT GUIDE Achieve Single Sign-on (SSO) for Microsoft ADFS Leverage A10 Thunder ADC Application Access Manager (AAM) Table of Contents Overview...3 SAML Overview...3 Integration Topology...4 Deployment
More informationCS5008: Internet Computing
CS5008: Internet Computing Lecture 22: Internet Security A. O Riordan, 2009, latest revision 2015 Internet Security When a computer connects to the Internet and begins communicating with others, it is
More informationFilling the Threat Management Gateway Void with F5
Filling the Threat Management Gateway Void with F5 With the discontinuation of Microsoft Forefront Threat Management Gateway, enterprises need to find a replacement. F5 Secure Web Gateway Services offer
More informationNetwork Configuration/Bandwidth Planning Scope
Network Configuration/Bandwidth Planning Scope Workshop Focus and Objective Workshop Focus Drive key planning considerations for Office 365 domain and domain name service (DNS) records configuration Network
More informationManage the unexpected
Manage the unexpected Navigate risks and thrive Today s business world is threatened by a multitude of online security risks. But many organizations simply do not have the resources or expertise to combat
More informationZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy
ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy OVERVIEW The global communication and the continuous growth of services provided through the Internet or local infrastructure require to
More informationThe Application Front End Understanding Next-Generation Load Balancing Appliances
White Paper Overview To accelerate download times for end users and provide a high performance, highly secure foundation for Web-enabled content and applications, networking functions need to be streamlined.
More informationDeployment Guide MobileIron Sentry
Deployment Guide MobileIron Sentry DG_MIS_052013.1 TABLE OF CONTENTS 1 Introduction... 3 2 Deployment Guide Overview... 3 3 Deployment Guide Prerequisites... 3 4 Accessing the AX Series Load Balancer...
More informationRadware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic
TESTING & INTEGRATION GROUP SOLUTION GUIDE Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic Contents INTRODUCTION... 2 RADWARE APPDIRECTOR...
More informationReverse Proxy for Trusted Web Environments > White Paper
> White Paper ProxySG for Reverse Proxy Web-based solutions are being implemented for nearly every aspect of business operations, and increasingly for trusted environments with mission-critical business
More informationSecurity+ Guide to Network Security Fundamentals, Fourth Edition. Chapter 6 Network Security
Security+ Guide to Network Security Fundamentals, Fourth Edition Chapter 6 Network Security Objectives List the different types of network security devices and explain how they can be used Define network
More informationMarket Application Delivery Networking. Products ADC, WAN Optimization, Secure Access
Company snapshot Founded 2000 Headquarters Milpitas, CA, USA Employees 400+ Market Application Delivery Networking Products ADC, WAN Optimization, Secure Access Segments Enterprise, Service Provider, Public
More informationContent-ID. Content-ID URLS THREATS DATA
Content-ID DATA CC # SSN Files THREATS Vulnerability Exploits Viruses Spyware Content-ID URLS Web Filtering Content-ID combines a real-time threat prevention engine with a comprehensive URL database and
More informationProtecting Microsoft Internet Information Services Web Servers with ISA Server 2004
Protecting Microsoft Internet Information Services Web Servers with ISA Server 2004 White Paper Published: June 2004 For the latest information, please see http://www.microsoft.com/isaserver/ Contents
More informationSharePoint Performance Optimization
White Paper AX Series SharePoint Performance Optimization September 2011 WP_SharePoint_091511.1 TABLE OF CONTENTS 1 Introduction... 2 2 Executive Overview... 2 3 SSL Offload... 4 4 Connection Reuse...
More informationAppDirector Load balancing IBM Websphere and AppXcel
TESTING & INTEGRATION GROUP SOLUTION GUIDE AppDirector Load balancing IBM Websphere and AppXcel INTRODUCTION...2 RADWARE APPDIRECTOR...3 RADWARE APPXCEL...3 IBM WEBSPHERE...4 SOLUTION DETAILS...4 HOW IT
More informationProtecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall
Protecting against DoS/DDoS Attacks with FortiWeb Web Application Firewall A FORTINET WHITE PAPER www.fortinet.com Introduction Denial of Service attacks are rapidly becoming a popular attack vector used
More informationSecurity F5 SECURITY SOLUTION GUIDE
F5 SECURITY SOLUTION GUIDE Security Protect your data center and application services, improve user access, optimize performance, and reduce management complexity. 1 WHAT'S INSIDE Data Center Firewall
More informationHow to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG)
How to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG) Introduction Understanding Forefront Threat Management Gateway (TMG) Network Topology Understanding Forefront Threat Management
More informationSiteCelerate white paper
SiteCelerate white paper Arahe Solutions SITECELERATE OVERVIEW As enterprises increases their investment in Web applications, Portal and websites and as usage of these applications increase, performance
More informationCompTIA Security+ (Exam SY0-410)
CompTIA Security+ (Exam SY0-410) Length: Location: Language(s): Audience(s): Level: Vendor: Type: Delivery Method: 5 Days 182, Broadway, Newmarket, Auckland English, Entry Level IT Professionals Intermediate
More informationPeak Hosting, founded in 2001, provides comprehensive ITas-a-service
Cloud Service and Managed Hosting Provider Delivers Customer Value with High-performance Multi-tenant Application Delivery web properties in the world. Peak Hosting, founded in 2001, provides comprehensive
More informationMicrosoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE
Microsoft Office Communications Server 2007 & Coyote Point Equalizer DEPLOYMENT GUIDE Table of Contents Unified Communications Application Delivery...2 General Requirements...6 Equalizer Configuration...7
More informationImperva s Response to Information Supplement to PCI DSS Requirement Section 6.6
Imperva Technical Brief Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6 The PCI Security Standards Council s (PCI SSC) recent issuance of an Information Supplement piece
More informationAPV x600 Series. Application Delivery Controller APV1600, APV2600, APV4600, APV5600, APV6600, APV8600, APV9600
APV x600 Series D a t a S h e e t Application Delivery Controller APV1600, APV2600, APV4600, APV5600, APV6600, APV8600, APV9600 Array Networks APV Series of Application Delivery Controllers optimizes the
More informationWeb Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com
Web Application Security Radovan Gibala Senior Field Systems Engineer F5 Networks r.gibala@f5.com Security s Gaping Hole 64% of the 10 million security incidents tracked targeted port 80. Information Week
More informationDeliver Secure and Accelerated Remote Access to Applications
DATASHEET What s Inside: 1 Key Benefits 2 Scalability to Meet Future IT Demands 2 Streamlined Access Management 5 Improved User Experience and Productivity 6 Superior Security 6 Accelerated Application
More informationBrocade Virtual Traffic Manager and Microsoft Skype for Business 2015 Deployment Guide
January 2016 Brocade Virtual Traffic Manager and Microsoft Skype for Business 2015 Deployment Guide 2016 Brocade Communications Systems, Inc. All Rights Reserved. Brocade, Brocade Assurance, the B-wing
More informationPCI DSS and the A10 Solution
White Paper A10 Thunder Series PCI DSS and the A10 Solution For cloud service providers, A10 s Thunder Series & AX Series appliances and SoftAX are the first step towards PCI compliance, allowing you to
More informationBarracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper
Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper Securing Web Applications As hackers moved from attacking the network to attacking the deployed applications, a category
More informationKEMP LoadMaster. Enabling Hybrid Cloud Solutions in Microsoft Azure
KEMP LoadMaster Enabling Hybrid Cloud Solutions in Microsoft Azure Introduction An increasing number of organizations are moving from traditional on-premises datacenter architecture to a public cloud platform
More informationBuilding a Systems Infrastructure to Support e- Business
Building a Systems Infrastructure to Support e- Business NO WARRANTIES OF ANY NATURE ARE EXTENDED BY THE DOCUMENT. Any product and related material disclosed herein are only furnished pursuant and subject
More informationFirewall and UTM Solutions Guide
Firewall and UTM Solutions Guide Telephone: 0845 230 2940 e-mail: info@lsasystems.com Web: www.lsasystems.com Why do I need a Firewall? You re not the Government, Microsoft or the BBC, so why would hackers
More informationENQUIRY NO.NIE/PS/2014-15 DATE: 02/09/2014
NATIONAL INSTITUTE OF EPIDEMIOLOGY (INDIAN COUNCIL OF MEDICAL RESEARCH) (AN AUTONOMOUS UNIT UNDER GOVT. OF INDIA MINISTRY OF HEALTH & FAMILY WELFARE) T.N.H.B., AYAPAKKAM, (AMBATTUR), CHENNAI - 600 077
More informationANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239
ANNEXURE TO TENDER NO. MRPU/IGCAR/COMP/5239 Check Point Firewall Software and Management Software I. Description of the Item Up gradation, installation and commissioning of Checkpoint security gateway
More informationFortiWeb for ISP. Web Application Firewall. Copyright Fortinet Inc. All rights reserved.
FortiWeb for ISP Web Application Firewall Copyright Fortinet Inc. All rights reserved. Agenda Introduction to FortiWeb Highlights Main Features Additional FortiWEB Services for the ISP FortiWeb Family
More informationContent-ID. Content-ID enables customers to apply policies to inspect and control content traversing the network.
Content-ID Content-ID enables customers to apply policies to inspect and control content traversing the network. Malware & Vulnerability Research 0-day Malware and Exploits from WildFire Industry Collaboration
More informationBrocade Virtual Traffic Manager and Microsoft IIS Deployment Guide
September 2015 Brocade Virtual Traffic Manager and Microsoft IIS Deployment Guide 2015 Brocade Communications Systems, Inc. All Rights Reserved. ADX, Brocade, Brocade Assurance, the B-wing symbol, DCX,
More informationClavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication
Feature Brief Policy-Based Server Load Balancing March 2007 Clavister SSP Security Service Platform firewall VPN termination intrusion prevention anti-virus content filtering traffic shaping authentication
More informationGetting More Performance and Efficiency in the Application Delivery Network
SOLUTION BRIEF Intel Xeon Processor E5-2600 v2 Product Family Intel Solid-State Drives (Intel SSD) F5* Networks Delivery Controllers (ADCs) Networking and Communications Getting More Performance and Efficiency
More informationLeveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management
Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management Identify, Monitor and Manage All SSL Certificates Present Datasheet: Leveraging Symantec CIC and A10 Thunder ADC The information
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationWhat s New in ISA Server 2004 ISA Server 2004 contains a fullfeatured,
Microsoft Internet Security and Acceleration (ISA) Server 2004 is the advanced application-layer inspection firewall, VPN, and Web cache solution that enables enterprise customers to maximize existing
More informationDeployment Guide. AX Series with Microsoft Exchange Server
Deployment Guide AX Series with Microsoft Exchange Server DEPLOYMENT GUIDE AX Series with Microsoft Exchange Server Table of Contents Introduction... 1 Prerequisites & Assumptions...1 Configuring AX for
More informationArray Networks & Microsoft Exchange Server 2010
Array Networks & Microsoft Exchange Server 2010 Array Networks Enables Highly Optimized Microsoft Exchange Server 2010 Services Microsoft Exchange Server is the industry leading messaging platform for
More informationHow To Secure An Rsa Authentication Agent
RSA Authentication Agents Security Best Practices Guide Version 3 Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com. Trademarks RSA,
More informationBasic & Advanced Administration for Citrix NetScaler 9.2
Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios
More informationWhat's New in Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500 and Cisco 7600 Series Software Release 2.1.0
What's New in Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500 and Cisco 7600 Series Software Release 2.1.0 PB458841 Product Overview The Cisco ACE Application Control Engine Module
More informationThunder ADC for SAP Business Suite DEPLOYMENT GUIDE
Thunder ADC for SAP Business Suite DEPLOYMENT GUIDE Table of Contents Introduction...3 Deployment Guide Prerequisites...3 Application Specific Deployment Notes...3 Accessing the Thunder ADC Load Balancer...4
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More information