SaaS Integration for Software Cloud
|
|
- Quentin Turner
- 8 years ago
- Views:
Transcription
1 2010 IEEE 3rd International Conference on Cloud Computing SaaS Integration for Software Cloud Feng Liu, Weiping Guo, Zhi Qiang Zhao, Wu Chou Avaya Labs Research, Avaya Inc. {fliu1,wguo,zqzhao, wuchou, Abstract Software as a Service (SaaS) has been adopted in a fast pace for applications and services on software clouds. However, the success of SaaS in software cloud cannot obscure the integration challenges faced by developers and enterprise infrastructure IT. Among those challenges, firewall/nat traversal and security issues often pose a serious bottleneck as enterprises may not be entirely comfortable running mission critical applications outside the corporate firewall. On the other hand, SaaS applications in the cloud need to access enterprise onpremise applications for data exchange and on-premises services. The current approaches through opening special pin-holes on firewall or using dedicated VPNs have encountered a number of limitations and drawbacks. This paper presents a Proxy-based firewall/nat traversal solution for SaaS integration (PASS). It allows SaaS applications to integrate with on-premise applications without firewall reconfiguration, while maintaining the security of on-premise applications. In addition, this approach is platform and application independent, making the SaaS integration seamless. Moreover, PASS is consistent with the enterprise web browsing infrastructure, and it requires little or no change to enterprise firewall/nat configurations. In this paper we present the architecture of PASS and address SaaS integration challenges in software cloud, such as security/firewall, performance, and scalability. Experimental study based on our implemented system shows that the proposed approach of PASS is promising to resolve firewall/nat traversal for SaaS integration with on-premise services. 1. Introduction Software as a Service (SaaS) is defined in [1] as a software application delivery model, where a software vendor deploys and hosts software applications in a multitenant (cloud) platform for its customers to operate the application over the Internet as services. In recent years, SaaS has emerged as a new paradigm for software delivery in software cloud, attracting more and more interest from both industry and academia. Comparing with conventional software, SaaS has some unique features. Instead of being installed on premise, SaaS applications are usually hosted at the service provider s network, delivered as web applications, and serve as services for multiple tenants. This on-demand and multi-tenant service delivery model is well suited for software cloud, as it does not require the deployment of a large infrastructure at the client's location. On the other hand, SaaS applications can be deployed in a cloud computing environment and accessed through Internet by web browsers. Therefore it eliminates or drastically reduces the upfront commitment of resources. As a consequence, SaaS applications can be deployed with minimal effort and be available in a very short time to a large group of users, and therefore, it makes SaaS model quite attractive to enterprises. In addition, SaaS employs a single-instance, multitenant architecture, allowing multiple customers to share resources without disrupting each other. This centralized hosted service approach makes deploying patches and application upgrades transparent to users. Another important feature of SaaS is the embrace of web services and service oriented architecture (SOA), a fully accepted architectural approach in the industry. Many SaaS platforms expose the applications data and functionalities through the web service interface. This not only allows clients to query/update SaaS applications data programmatically, but also provides a standard mechanism to integrate SaaS applications in the software cloud with enterprise SOA infrastructure. With the rapid adoption of SaaS, there is a growing demand for enterprises to integrate their SaaS applications with their in-house backend applications (database, ERP, etc.), and this is due to the following facts. First, different customers have different business requirements for its application, but SaaS applications can only provide limited flexibility for customer configuration. Therefore much of the functionality has to be realized outside the SaaS applications. An example is embedding click-to-call feature into the customer relationship management (CRM) applications. While a general CRM application may fit very well with SaaS and be hosted in a software cloud, the call control can only be realized by a separate application (e.g. a PBX) because of its complexity. In this case, a hybrid approach that allows CRM applications to access /10 $ IEEE DOI /CLOUD
2 call control services implemented outside SaaS would easily solve this problem. However, for security or legal reasons, some sensitive data or business rules must be kept and stored internally, and accessed by the SaaS application only when needed. In addition, business processes are very complicated, and usually require working across multiple applications and services. In above cases, a single SaaS application or services in a software cloud can not meet all the business requirements by its own. To meet the business needs while taking advantage of SaaS and SaaS based services in the software cloud, a business application solution should integrate both on-premise and the SaaS applications. The adoption of web services and SOA by both SaaS vendors and enterprises has significantly simplified the integration process. However, integrating SaaS applications with on-premise applications can still face serious challenges when it comes to cross enterprise networks and domains. This is because enterprise networks are typically protected by network address translation (NAT) devices and strictly configured firewalls. Usually NAT/firewalls are configured to block all the incoming packets initiated from the public (external) network and open only a limited number of ports for outgoing ones. As a result, all requests sent to on-premise applications from SaaS applications in a publically reachable software cloud will be blocked by the enterprise NAT/firewall. In this paper, we review the current solutions in Section 2. We study their limitations, and point out some of them may not be feasible for SaaS. We propose a Proxy-based firewall/nat traversal solution for SaaS integration (PASS) that enables the on-premise services to be consumed by SaaS applications in a software cloud environment without exposing it to the public Internet. Moreover, the proposed PASS solution requires no or minimal firewall reconfigurations and well suited to support the dynamic nature of services-on-demand in SaaS. The rest of this paper is organized as follows. Section 2 reviews and discusses some related work in this area. SaaS integration challenge in software cloud is further analyzed in Section 3. The architecture of PASS is introduced in Section 4. Section 5 addresses some issues of PASS for firewall/nat traversal. Experimental results are presented in Section 6, and we conclude the findings of this paper in Section Related work The firewall/nat traversal issue in general has been studied for a long time, and the Internet Engineering Task Force (IETF) is one of the organizations heavily involved in this. Many standards and proposals have been proposed [2][3][4][5]. However, most of works are targeted for voice over IP (VoIP) scenarios, and not on web services and SaaS, which are very different from the case of VoIP. The most widely adopted approach to solve firewall/nat traversal problem is to expose the onpremise applications to public networks and software clouds. This is usually achieved by changing the network firewall configuration to allow the incoming traffic from SaaS applications to pass through, or by deploying a reverse proxy in the DMZ to route the traffic to the internal applications. Since enterprise security architecture can be very sophisticated, such an approach usually involves significant amount of work, and it can become exorbitant as the number of services and applications grows. In addition, the current IT infrastructure does not support the dynamic nature of SaaS applications that are critically needed for software cloud. This is because new services will be added or deleted at an on-demand basis. On the other hand, some enterprises may not have the infrastructure and dedicated IT skills to manage the large amount of integration demands from SaaS applications and developers. Requiring these enterprises to implement and support such integration will eventually drive them away from adopting SaaS solutions. From customers perspective, SaaS applications are usually extensions of their existing internal on-premises business applications, and the way to integrate with SaaS applications should be the same as that to integrate with any other on-premise applications. Exposing such onpremise applications to external networks will not only be unnecessary, but also introduce security risks.. Virtual private network (VPN) is another solution to address the issue in cloud computing. A CloudNet is proposed in [14] to integrate on-premise applications with cloud applications. The projects VIOLIN [15] and Virtuoso [16] also address the similar issue. Those solutions focus on the Infrastructure as a Service (IaaS) case, e.g. EC2. However, unlike IaaS, where the user has full control of the virtual machine, SaaS users don t have the access to the machine. Furthermore, they usually share the same running SaaS application instance with other tenants. It would be extremely difficult if not impossible for SaaS vendors to deploy and maintain multiple different VPN endpoints in this scenario. A two-way web services router gateway (TARGET) is proposed for two-way web service interaction crossing enterprise domain and firewall [7]. With TARGET, web service clients and web service servers can interact with each other bi-directionally, even if they are in disparate networks, with different network infrastructure and different NAT/firewall configurations. However, it has some limitations, as it requires applications to be aware of the existence of TARGET, and to support WS-Addressing standard. In addition, TARGET requires the manipulation of the WSDL files of the services, which makes it difficult 403
3 to deploy. It may not scale to large SaaS or software cloud deployment as it requires each application to install a client in order to access or to be accessed by other applications. Microsoft s AppFabric Service Bus is another solution to provide secure connection between the enterprise and the cloud [17]. It is very similar to TARGET as both utilize an intermediary for relay. However, it is a platform dependent solution. 3. SaaS integration and firewall/nat traversal Web services have become a widely adopted interface for service integration in SaaS. SaaS applications usually expose their data, metadata, services, and other functions through web services, so that they can be discovered, queried, and updated by on-premise applications. In addition, web services are often provided as a mechanism to invoke the services which are outside the SaaS applications [13] or reside in different service cloud. This integration of SaaS and software cloud can be broken down into the following three categories. 1) The SaaS application is a component of the whole business process. In this case, the core business application, which runs within the enterprise network, queries and updates data stored in the SaaS application. 2) The SaaS application is the business process engine. In this case, most of business logic is executed in the SaaS application, and it queries on-premise applications for data or services. The click-to-call application is one such example. 3) The combination of the above two scenarios. In this case, SaaS applications obtain enterprise data, business rules or other services from on-premise applications and systems, where on-premise applications query SaaS applications for data. Fig. 1 illustrates how the enterprise firewall/nat affects the integration of SaaS and software cloud with onpremise applications. SaaS applications are hosted on SaaS platform that can be accessed from Internet. Onpremise applications run within the corporate network and are behind the corporate firewall/nat. The firewall/nat prevents SaaS applications from accessing on-premise applications in two aspects. First, the location (or the URL) of the on-premise application is only valid inside the enterprise network, and it is not routable in public networks. Secondly, the firewall is usually configured to allow only the outbound traffic while block all the incoming traffic. Consequently, requests sent by SaaS applications from the external cloud to the on-premise application, will be stopped at firewall. For the first category of integration, as the web services are initiated from on-premise applications to SaaS applications hosted outside of the firewall/nat, it is usually allowed by the firewall policy, and the integration can be done directly. For the rest two categories, firewall/nat will block all the web service requests sent from SaaS applications, and the integration cannot be achieved unless some special means are taken. Figure 1. Requests from SaaS application are blocked One alternative to the second category is to change the integration pattern to avoid direct accessing on-premise applications from SaaS applications. Instead, we can let the on-premise application to push the data to SaaS applications at a regular interval or whenever the data changes. As all the web services are initiated from inside and on-premise in this case, this will be allowed by the firewall/nat. The obvious problem of this approach is that it is not scalable as pushing data can be computationally and network intensive when data changes frequently especially if mass data is transferred. In addition, it is not suitable for SaaS applications that require accessing on-premise services on an ad-hoc basis, as described in above mentioned click-to-call example. It also cannot handle the case where SaaS applications need to synchronize data with on-premise applications in real time. As large amount of internal enterprise data may end up being pushed outside of enterprise boundaries, security and online data storage can become serious roadblocks. Based on the analysis above, a firewall/nat traversal solution for SaaS integration has to: 1) resolve the internal URL and map it into a routable address; 2) support the inbound web service requests from particular SaaS applications; 3) be transparent to SaaS applications; and 4) require no or minimum change to firewall/nat configuration without compromising enterprise network security. 4. PASS In this section, we present a Proxy-bAsed firewall/nat traversal Solution for SaaS (PASS) integration based on the analysis in Section Proxy-based approach A PASS system consists of two types of components: PASS Server (PS) and PASS Agent (PA). In a typical deployment scenario as shown in Fig. 2, a PS is usually deployed in a public network, such as in the DMZ zone of 404
4 the SaaS provider. Each customer deploys a PA inside its own enterprise network, near on-premise applications. receive data from the tunnel and process accordingly before sending it to the service dispatcher. Figure 2. PASS deployment Some key concepts and modules of PASS are described as follows. A secure broker architecture for firewall traversal. PASS employs PS to relay the communication between the SaaS platform and the on-premise applications. The communication between PA and PS is through a secured tunnel initiated from inside the enterprise network to the outside, so that most of firewalls do not block this outgoing traffic. Once this special secure tunnel is established, SaaS applications can send requests to enterprise applications through the tunnel. A special router for NAT traversal. Instead of routing the message sent from SaaS application directly to the destination (which is not routable), the special router re-directs the message into the corresponding tunnel. Once the request is forwarded to the inside the enterprise network, it becomes routable. Proxy-based approach making it transparent to SaaS applications. The PASS is exposed as an HTTP(S) proxy to SaaS applications. To send requests to the destination through PASS, SaaS application only needs to configure its HTTP (S) client to use PASS as its outbound proxy. No change is needed for on-premise applications as long as it provides a web or web service interface PASS Agent PASS Agent is the client side component of the PASS system. From the perspective of on-premise applications, PA acts like a reverse proxy which routes requests to onpremise applications. However, unlike a regular reverse proxy, PA is installed inside the enterprise network, and only receives requests from PS. A communication channel must be established between PA and PS prior to any data exchange. Figure 3 shows the logic architecture of a PA. Tunnel module. This module is responsible for establishing the tunnel with PS and keeping the tunnel alive. The tunnel negotiation is accomplished via SSL over TCP. Once the tunnel is setup, the tunnel module can Figure 3. PASS Agent Architecture Service dispatcher: The service dispatcher is a special reverse proxy which receives messages only from the tunnel module. The difference is that it doesn t need to do any reverse address mapping. Once upon receipt of a message, it examines the original service destination (URL) from the header, and queries the registered service database by the service URL. If a matched service is found, it forwards the request to the on-premise application in the same local network. Note that the service dispatcher only serves registered services that the enterprise intends to expose to SaaS applications. Requests to other applications, which are not registered, will be denied. In fact, a request to unregistered service will never reach the PA as it will be dropped by the PS at the DMZ. Even if the PS forwards unregistered service requests to the PA, the request will be rejected by service dispatcher. This protects on-premise applications from unsolicited requests. Registration module. In order for a SaaS application to access an on-premise service, the enterprise administrator registers the accessible on-premise services to the PASS. The registration module provides a web interface for administrators to perform this task ondemand. The registered service will be added to PA s database as direct service. Meanwhile, this module also synchronizes the service registration with the PASS server. For security purpose, during the synchronization, the PA must present its certificate to PS over HTTPS for authentication PASS server The PASS server is the intermediary to bridge the communication from SaaS applications to enterprise onpremise applications. Its architecture is illustrated by Figure
5 Tunnel server. The tunnel server authenticates and manages tunneling with multiple PASS agents. It usually listens on firewall-friendly port (for example, port 443) established during tunnel creation. For every established tunnel, PS assigns an ID for its identification. Once the tunnel is established, it can be used by the PS to forward service requests to PA. Figure 4. PASS Server Architecture Proxy module. This module handles HTTP(S) protocols and provides a standard web proxy interface for SaaS applications in the software cloud, such as using default proxy port It receives the outbound requests from SaaS applications and hands them over to the routing engine. The access to the proxy module is strictly controlled such that only the traffic from SaaS applications is allowed. Routing engine. This is a core component in a PASS server (PS). PS maintains a dynamic routing table with service URL and channel ID pair as its entry. Upon receipt of service request, the engine will look up its routing table by the service URL, and find the next hop address which is a tunnel ID in this case. The routing engine then forwards the request to a TA through the corresponding tunnel. For no-matched service request, the routing engine will reject it immediately. Therefore, requests to unregistered services will be stopped at the PASS server. Registration server. The registration server provides two interfaces. One is a secured web interface through which administrators can manage PASS agents and services. The other interface is for PA s registration module to synchronize services. This interface is different from a general web interface in that it requires client s certificate by which PASS agents are authenticated. The registered service and agents will be stored in a database. In the actual implementation, a run-time copy is pushed to the routing engine for performance enhancement Work flow Deployment of PASS is easy, as it is consistent with the current web access infrastructure. On the software cloud side, the SaaS application should be configured to use PS as the outbound proxy in order to send requests to on-premise applications. There are some common practices on how to configure this, such as setting JVM parameters or via configuration files. However, the preferred configuration setting should be per-request based. This is due to the following considerations. (1) SaaS server usually is one running instance serving multiple tenants where each tenant can come from different organization or enterprise. A global setting could advertently affect other tenants or applications and therefore, it must be constrained. (2) even for the same tenant, different applications may have different requirements on how to send outbound messages. Therefore, the proxy setting should be restricted to be local and specific to a particular tenant s application in SaaS and software cloud environment. On the customer side, an on-premise service needs to be registered on PASS to make it available to SaaS applications. The general process would consist of the following steps: (1) PA initiates and establishes a tunnel channel with PS. (2) Following the successful channel setup, the administrator of PA register a service to PS. (3) Once the service is registered both on PA and PS, the SaaS application can invoke this service through the PASS in the following manner: a. SaaS application sends the request to PS which acts as a web proxy, e.g. using via proxy setting in the HTTP (S) client. b. The PS routes the SaaS application s request by looking up its service registration database against the requested service URL. If a match is found and the tunnel to the corresponding PA is active, PS forwards the request to PA over the existing tunnel. c. Upon receiving the data from the tunnel, the tunnel module in PA verifies the integrity of data, and sends it to the service dispatcher. d. The service dispatcher of PA checks whether the requested service is registered locally or not. If registered, it forwards the request to the service host; otherwise, the request will be dropped. e. After receiving the service response from the on-premises application server, PA sends it back through the same path to the SaaS application. 406
6 5. Analysis and Discussion In this section, we discuss how PASS addresses the firewall/nat traversal issues and security concerns in addition to other challenges for SaaS and software cloud integration Security Security is one of the main concerns that an enterprise may not be willing to expose its services to the outside cloud. PASS is designed to address this requirement and lower the cost and overhead of a seamless integration. In particular, service access security is addressed and enhanced in PASS at multiple levels based on a secure broker architecture that is consistent with the infrastructure of web. Transport level security in PASS. Strict security mechanisms are used during its connection establishment. First, the hand-shake is accomplished via TLS over TCP to secure communication between PA and PS. Secondly, mutual authentication is enforced, in which not only the PS authenticate the PA that intends to establish connection, but the PA is required to check and verify the PS identification. A secure tunnel between a PA to a PS can be established only if both authentications succeed. Thirdly, a certificate-based authentication is implemented in PASS. The PA s identification is embedded in its certificate. During the negotiation, PA must present its certificate to PS, so that PS can extract the ID from the certificate and authenticate the PA. The same rule also applies when PA authenticates PS. The data within the tunnel is encrypted and signed to guarantee the integrity and the hop-to-hop security of the data. Message level security. PASS supports both HTTP and HTTPS based message. When HTTPS is used, the PASS will guarantee its end-to-end security characteristic between the service requester (SaaS application) and the service provider (on-premises application server). The application data is never touched or decrypted by the PASS components, as the HTTPS session is established end-to-end directly between the SaaS application and the on-premise application. Service level security. Since the on-premise services are not directly exposed to the internet, firewall/nat will block any attempt to access them from outside. The only path to access the service is through PS. PS allows only authenticated and authorized PASS agent to establish a tunnel with it, thus further enhances the security. PS is deployed as a standard server in SaaS provider s network, and thus all the security measures can be taken to guard against general attacks. In addition, access to the proxy interface of PS is also controlled that only SaaS applications can use it as their outbound proxy. PA is unlikely to be attacked as it is located inside the enterprise network and behind the enterprise firewall/nat. As a result, in-house applications accessible through PASS are protected Performance Performance and system throughput are key factors for a solution such as PASS, as scalability and latency issues are often the bottlenecks in SaaS integration. To improve the throughput, we implemented a thread pool at both tunnel and proxy level. Upon system startup, a certain number of worker threads are created and ready for serving. After a connection session is terminated, the used thread will be returned to the pool for later usage. In addition, a connection pool is implemented between a PASS agent and on-premises application servers. Multiple communication channels can be established based on the actual configuration Scalability The scalability issue in PASS is addressed from two aspects. First a single PS can be used by different SaaS applications to send out requests to different on-premise applications. Only one PASS agent is needed to serve multiple applications in the same enterprise network domain. Second aspect is the tunnel multiplexing. One tunnel can enclose multiple data flows, which allows multiple applications to share a single tunnel Web and web service support As web service is the most adopted interface for SaaS integration and HTTP(S) are commonly used for web service invocation, the support for HTTP(S) becomes a must. PASS is capable of fully supporting both protocols of HTTP and HTTPS. Moreover, its proxy-based and decoupled architecture allows extension for new protocol Dynamic service management One issue of opening pinholes on firewall for SaaS integration is that the firewall rules have to be re-written and re-implemented for new services. PASS resolves this problem by dynamic service management. A service can be added and removed on-demand, and no change is required for SaaS application and on-premise systems, nor the firewall/nat. Any change will be applied to PASS and take into effect immediately without restarting servers. 407
7 6. Experimental results A PASS system has been implemented using C/C++/java based on the architecture described in section 4. Experiments were conducted to evaluate the performance of the PASS system with regard to processing time and throughput. It is compared with the case where a reverse proxy is deployed for integration, as it is a populous approach used in SaaS integration despite the deficiencies Performance comparison Fig. 6 depicts the performance of PASS with regard to the average round-trip time (RTT) vs. the number of simultaneous requests Experimental tests in lab environment Testing environment and experiments setup The lab setup is shown in Fig. 5. The test client, PS, PA, the reverse proxy, and the test server were all set on the same subnet of the Gigabit Ethernet LAN. All were equipped with Gigabit Ethernet cards and running Linux CentOS 5. In this environment, the network latency can be ignored, so that we can focus on the system performance and overhead. In the test of both cases, the test client acted as the SaaS application, and the test server simulated an onpremise application. Apache JMeter [10] was used as the test tool and Apache HTTD [11] was installed and configured as the reverse proxy. Figure 6. RTT comparison In this experiment, the test client sent requests to the test server, and we calculated the average round trip time over all requests. The test was repeated multiple times by spawning different number of threads on the same test client. Compared to the reverse proxy setting, one more component (e.g. PA) is deployed in the PASS case. Therefore, the overall RTT in PASS was longer than the reverse proxy case. Under light system load (for example, below 75 threads), the difference between PASS and reverse proxy was below 30 ms (~30%). When the system was heavily loaded, the gap increased slightly. Figure 5. Test configuration In the PASS test case, JMeter was configured to use PS as its web proxy to send requests to the test server via HTTPS. In the reverse proxy case, JMeter was set to send requests to the reverse proxy via HTTPS, and then the request is forwarded to the test server over HTTP. The hardware specifications are listed as follows. PA and PS: Intel P4 CPU (3.0GHz), 2GB RAM. Test Server: Intel Xeon CPU (3.4GHz), 2GB RAM. Test client: Intel P4 CPU (2.0GHz), 2GB RAM. Reverse Proxy Server: Intel P4 CPU (3.0GHz), 2GB RAM. Figure 7. Throughput comparison Throughput comparison The throughput comparison is shown in Figure 7. The throughput is relatively flat with the increase of the number of threads. Note that the absolute value may not 408
8 be very useful in this case as the page size is approximately 8KByte. We are more interested in the difference between PASS and the reverse proxy under the same testing setting System performance using real data In this experiment, we evaluate the PASS performance using real world data. A PASS system was deployed at the data center. A web service server was deployed within the data center which could be accessed directly via PASS. Two PAs were deployed in two different networks (Verizon FiOS and Optimum Online respectively). The two test clients sent requests to the test server through the different PAs, and the average RTT was calculated. For comparison, a separate test was conducted in which the test client sent requests directly to the test server without going through PASS. As shown in Table 1, PASS has an average overhead of 60~80ms, depending on the type of the network. Verizon FiOS Optimum Online Direct Access PASS Overhead Table 1. RTT direct access vs. PASS 7. Conclusion This paper presents a proxy-based firewall/nat traversal solution for SaaS integration for software cloud. Comparing with the existing approaches, this solution requires no or minimum configuration change on firewall or NAT. It employs a specialized secure tunnel to address firewall issue, and uses s special routing table that maps the service destination with the corresponding tunnel, thus it avoids the NAT issue. In addition to the seamless integration and usability, PASS provides an improved solution and framework to many critical SaaS integration challenges, such as security issues, scalability, multitenancy, management, and performance. We implemented and tested a working system based on PASS architecture. The experimental study shows that PASS solution is feasible and advantageous for SaaS integration in Software cloud. [3] Traversal Using Relays around NAT (TURN), [4] Interactive Connectivity Establishment (ICE), [5] Requirements from SIP (Session Initiation Protocol) Session Border, [6] BizTalk Connectivity Services [7] Feng Liu, Gesen Wang, Wu Chou, Li Li, TARGET: Two-way Web Service Router Gateway, Proc. IEEE International Conference on Web Services, July [8] Gianpaolo Carraro, Fred Chong, Software as a Service (SaaS): An Enterprise Perspective, Microsoft, October 2006 [9] Joseph Ottinger, Software as a Service Integration via Mule, [10]Apache JMeter, [11]Apache HTTD, [12]Apache Tomcat, [13] _API [14]T. Wood, P. Shenoy, A. Gerber, K. Ramarkrishnan, J. Merwe, The case for enterprise-ready virtual private clouds. Workshop on Hot Topics in Cloud Computing (HotCloud'09), June 2009 [15]P.Ruth,J.Rhee,D.Xu,R.Kennell,andS. Goasguen. Autonomic live adaptation of virtual computational environments in a multi-domain infrastructure. In ICAC 06: Proceedings of the 2006 IEEE International Conference on Autonomic Computing, Washington, DC, USA, [16]A. Sundararaj and P. Dinda. Towards virtual networks for virtual machine grid computing. In VM 04: Proceedings of the 3rd conference on Virtual Machine Research And Technology Symposium, [17] 8. Reference [1] Software & Information Industry Association, Backgrounder: Software as a Service", February 2001 [2] Session Traversal Utilities for (NAT) (STUN),
LifeSize Transit Deployment Guide June 2011
LifeSize Transit Deployment Guide June 2011 LifeSize Tranist Server LifeSize Transit Client LifeSize Transit Deployment Guide 2 Firewall and NAT Traversal with LifeSize Transit Firewalls and Network Address
More informationAn Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons
TRAVERSING FIREWALLS AND NATS WITH VOICE AND VIDEO OVER IP An Examination of the Firewall/NAT Problem, Traversal Methods, and Their Pros and Cons Traversing Firewalls and NATs With Voice and Video Over
More informationSIP Trunking Configuration with
SIP Trunking Configuration with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper End-to-End Solutions Team Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL
More informationIntroduction to Mobile Access Gateway Installation
Introduction to Mobile Access Gateway Installation This document describes the installation process for the Mobile Access Gateway (MAG), which is an enterprise integration component that provides a secure
More informationRemoteApp Publishing on AWS
RemoteApp Publishing on AWS WWW.CORPINFO.COM Kevin Epstein & Stephen Garden Santa Monica, California November 2014 TABLE OF CONTENTS TABLE OF CONTENTS... 2 ABSTRACT... 3 INTRODUCTION... 3 WHAT WE LL COVER...
More informationPAVING THE PATH TO THE ELIMINATION OF THE TRADITIONAL DMZ
PAVING THE PATH TO THE ELIMINATION A RSACCESS WHITE PAPER 1 The Traditional Role of DMZ 2 The Challenges of today s DMZ deployments 2.1 Ensuring the Security of Application and Data Located in the DMZ
More informationChapter 11 Cloud Application Development
Chapter 11 Cloud Application Development Contents Motivation. Connecting clients to instances through firewalls. Chapter 10 2 Motivation Some of the questions of interest to application developers: How
More informationSIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University
SIP: NAT and FIREWALL TRAVERSAL Amit Bir Singh Department of Electrical Engineering George Washington University ABSTRACT The growth of market for real-time IP communications is a big wave prevalent in
More informationDevelopment of Software As a Service Based GIS Cloud for Academic Institutes. Singh, Pushpraj 1 and Gupta, R. D. 2
Development of Software As a Service Based GIS Cloud for Academic Institutes Singh, Pushpraj 1 and Gupta, R. D. 2 1 Student, M. Tech. (GIS & Remote Sensing); GIS Cell; Motilal Nehru National Institute
More informationApplication Note. Onsight Connect Network Requirements V6.1
Application Note Onsight Connect Network Requirements V6.1 1 ONSIGHT CONNECT SERVICE NETWORK REQUIREMENTS... 3 1.1 Onsight Connect Overview... 3 1.2 Onsight Connect Servers... 4 Onsight Connect Network
More informationArchitecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference
Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise
More informationNEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis
More informationFirewalls and VPNs. Principles of Information Security, 5th Edition 1
Firewalls and VPNs Principles of Information Security, 5th Edition 1 Learning Objectives Upon completion of this material, you should be able to: Understand firewall technology and the various approaches
More informationMINIMUM NETWORK REQUIREMENTS 1. REQUIREMENTS SUMMARY... 1
Table of Contents 1. REQUIREMENTS SUMMARY... 1 2. REQUIREMENTS DETAIL... 2 2.1 DHCP SERVER... 2 2.2 DNS SERVER... 2 2.3 FIREWALLS... 3 2.4 NETWORK ADDRESS TRANSLATION... 4 2.5 APPLICATION LAYER GATEWAY...
More informationCoIP (Cloud over IP): The Future of Hybrid Networking
CoIP (Cloud over IP): The Future of Hybrid Networking An overlay virtual network that connects, protects and shields enterprise applications deployed across cloud ecosystems The Cloud is Now a Critical
More informationTroubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual
Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics
More informationNetwork Convergence and the NAT/Firewall Problems
Network Convergence and the NAT/Firewall Problems Victor Paulsamy Zapex Technologies, Inc. Mountain View, CA 94043 Samir Chatterjee School of Information Science Claremont Graduate University Claremont,
More informationWhite Paper. Traversing Firewalls with Video over IP: Issues and Solutions
Traversing Firewalls with Video over IP: Issues and Solutions V Table of Contents Introduction Role of a Firewall Deployment Issues Relating to IP Video and Firewall Traversal The VCON SecureConnect Solution
More informationLecture 02b Cloud Computing II
Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,
More informationTechnical White Paper
Instant APN Technical White Paper Introduction AccessMyLan Instant APN is a hosted service that provides access to a company network via an Access Point Name (APN) on the AT&T mobile network. Any device
More informationSIP Trunking with Microsoft Office Communication Server 2007 R2
SIP Trunking with Microsoft Office Communication Server 2007 R2 A Dell Technical White Paper By Farrukh Noman Dell Product Group - Enterprise THIS WHITE PAPER IS FOR INFORMATIONAL PURPOSES ONLY, AND MAY
More informationIntroduction to the Mobile Access Gateway
Introduction to the Mobile Access Gateway This document provides an overview of the AirWatch Mobile Access Gateway (MAG) architecture and security and explains how to enable MAG functionality in the AirWatch
More informationSecuring SIP Trunks APPLICATION NOTE. www.sipera.com
APPLICATION NOTE Securing SIP Trunks SIP Trunks are offered by Internet Telephony Service Providers (ITSPs) to connect an enterprise s IP PBX to the traditional Public Switched Telephone Network (PSTN)
More informationWeb Application Hosting Cloud Architecture
Web Application Hosting Cloud Architecture Executive Overview This paper describes vendor neutral best practices for hosting web applications using cloud computing. The architectural elements described
More informationIP Ports and Protocols used by H.323 Devices
IP Ports and Protocols used by H.323 Devices Overview: The purpose of this paper is to explain in greater detail the IP Ports and Protocols used by H.323 devices during Video Conferences. This is essential
More informationLoad Balancing 101: Firewall Sandwiches
F5 White Paper Load Balancing 101: Firewall Sandwiches There are many advantages to deploying firewalls, in particular, behind Application Delivery Controllers. This white paper will show how you can implement
More informationNETWORK ACCESS CONTROL AND CLOUD SECURITY. Tran Song Dat Phuc SeoulTech 2015
NETWORK ACCESS CONTROL AND CLOUD SECURITY Tran Song Dat Phuc SeoulTech 2015 Table of Contents Network Access Control (NAC) Network Access Enforcement Methods Extensible Authentication Protocol IEEE 802.1X
More informationWhat is the Barracuda SSL VPN Server Agent?
The standard communication model for outgoing calls is for the appliance to simply make a direct connection to the destination host. This paradigm does not suit all business needs. The Barracuda SSL VPN
More informationCisco AnyConnect Secure Mobility Solution Guide
Cisco AnyConnect Secure Mobility Solution Guide This document contains the following information: Cisco AnyConnect Secure Mobility Overview, page 1 Understanding How AnyConnect Secure Mobility Works, page
More informationREQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER
NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.1.0.XXX Requirements and Implementation Guide (Rev 4-10209) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER Nefsis Training Series
More informationWeb Request Routing. Technical Brief. What s the best option for your web security deployment?
Web Request Routing and Redirection What s the best option for your web security deployment? Choosing the right method for redirecting traffic to your secure web gateway is absolutely essential to maximize
More informationApplication Note - Using Tenor behind a Firewall/NAT
Application Note - Using Tenor behind a Firewall/NAT Introduction This document has been created to assist Quintum Technology customers who wish to install equipment behind a firewall and NAT (Network
More informationFirewalls P+S Linux Router & Firewall 2013
Firewalls P+S Linux Router & Firewall 2013 Firewall Techniques What is a firewall? A firewall is a hardware or software device which is configured to permit, deny, or proxy data through a computer network
More informationBlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: 10.1.1. Security Note
BlackBerry Enterprise Service 10 Secure Work Space for ios and Android Version: 10.1.1 Security Note Published: 2013-06-21 SWD-20130621110651069 Contents 1 About this guide...4 2 What is BlackBerry Enterprise
More informationApplication Note. Onsight Connect Network Requirements v6.3
Application Note Onsight Connect Network Requirements v6.3 APPLICATION NOTE... 1 ONSIGHT CONNECT NETWORK REQUIREMENTS V6.3... 1 1 ONSIGHT CONNECT SERVICE NETWORK REQUIREMENTS... 3 1.1 Onsight Connect Overview...
More informationChapter 2 TOPOLOGY SELECTION. SYS-ED/ Computer Education Techniques, Inc.
Chapter 2 TOPOLOGY SELECTION SYS-ED/ Computer Education Techniques, Inc. Objectives You will learn: Topology selection criteria. Perform a comparison of topology selection criteria. WebSphere component
More informationNetworking Topology For Your System
This chapter describes the different networking topologies supported for this product, including the advantages and disadvantages of each. Select the one that best meets your needs and your network deployment.
More informationVegaStream Information Note Considerations for a VoIP installation
VegaStream Information Note Considerations for a VoIP installation To get the best out of a VoIP system, there are a number of items that need to be considered before and during installation. This document
More informationIntroduction to the EIS Guide
Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment
More informationWhy Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs
Why Choose Integrated VPN/Firewall Solutions over Stand-alone VPNs P/N 500205 July 2000 Check Point Software Technologies Ltd. In this Document: Introduction Page 1 Integrated VPN/firewall Page 2 placed
More informationSIP Security Controllers. Product Overview
SIP Security Controllers Product Overview Document Version: V1.1 Date: October 2008 1. Introduction UM Labs have developed a range of perimeter security gateways for VoIP and other applications running
More informationNetwork Connection Considerations for Microsoft Response Point 1.0 Service Pack 2
Network Connection Considerations for Microsoft Response Point 1.0 Service Pack 2 Updated: February 2009 Microsoft Response Point is a small-business phone solution that is designed to be easy to use and
More informationApplication Note. Onsight TeamLink And Firewall Detect v6.3
Application Note Onsight And Firewall Detect v6.3 1 ONSIGHT TEAMLINK HTTPS TUNNELING SERVER... 3 1.1 Encapsulation... 3 1.2 Firewall Detect... 3 1.2.1 Firewall Detect Test Server Options:... 5 1.2.2 Firewall
More informationDMZ Network Visibility with Wireshark June 15, 2010
DMZ Network Visibility with Wireshark June 15, 2010 Ashok Desai Senior Network Specialist Intel Information Technology SHARKFEST 10 Stanford University June 14-17, 2010 Outline Presentation Objective DMZ
More informationSOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.
SOLUTION GUIDE Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management. North America Radware Inc. 575 Corporate Dr Suite 205 Mahwah, NJ 07430
More informationCisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture
Reference Architecture Cisco Hybrid Cloud Solution: Deploy an E-Business Application with Cisco Intercloud Fabric for Business Reference Architecture 2015 Cisco and/or its affiliates. All rights reserved.
More information83-10-41 Types of Firewalls E. Eugene Schultz Payoff
83-10-41 Types of Firewalls E. Eugene Schultz Payoff Firewalls are an excellent security mechanism to protect networks from intruders, and they can establish a relatively secure barrier between a system
More informationSecurity Technology: Firewalls and VPNs
Security Technology: Firewalls and VPNs 1 Learning Objectives Understand firewall technology and the various approaches to firewall implementation Identify the various approaches to remote and dial-up
More informationApplication Note. Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0
Application Note Firewall Requirements for the Onsight Mobile Collaboration System and Hosted Librestream SIP Service v5.0 1 FIREWALL REQUIREMENTS FOR ONSIGHT MOBILE VIDEO COLLABORATION SYSTEM AND HOSTED
More informationCom.X Router/Firewall Module. Use Cases. White Paper. Version 1.0, 21 May 2014. 2014 Far South Networks
Com.X Router/Firewall Module Use Cases White Paper Version 1.0, 21 May 2014 2014 Far South Networks Document History Version Date Description of Changes 1.0 2014/05/21 Preliminary 2014 Far South Networks
More informationBroadCloud PBX Customer Minimum Requirements
BroadCloud PBX Customer Minimum Requirements Service Guide Version 2.0 1009 Pruitt Road The Woodlands, TX 77380 Tel +1 281.465.3320 WWW.BROADSOFT.COM BroadCloud PBX Customer Minimum Requirements Service
More informationathenahealth Interface Connectivity SSH Implementation Guide
athenahealth Interface Connectivity SSH Implementation Guide 1. OVERVIEW... 2 2. INTERFACE LOGICAL SCHEMATIC... 3 3. INTERFACE PHYSICAL SCHEMATIC... 4 4. SECURE SHELL... 5 5. NETWORK CONFIGURATION... 6
More informationNetwork Considerations for IP Video
Network Considerations for IP Video H.323 is an ITU standard for transmitting voice and video using Internet Protocol (IP). It differs from many other typical IP based applications in that it is a real-time
More informationSECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX
White Paper SECURE, ENTERPRISE FILE SYNC AND SHARE WITH EMC SYNCPLICITY UTILIZING EMC ISILON, EMC ATMOS, AND EMC VNX Abstract This white paper explains the benefits to the extended enterprise of the on-
More informationFirewall Architecture
NEXTEP Broadband White Paper Firewall Architecture Understanding the purpose of a firewall when connecting to ADSL network services. A Nextep Broadband White Paper June 2001 Firewall Architecture WHAT
More informationINTRODUCTION TO FIREWALL SECURITY
INTRODUCTION TO FIREWALL SECURITY SESSION 1 Agenda Introduction to Firewalls Types of Firewalls Modes and Deployments Key Features in a Firewall Emerging Trends 2 Printed in USA. What Is a Firewall DMZ
More informationIndustrial Network Security and Connectivity. Tunneling Process Data Securely Through Firewalls. A Solution To OPC - DCOM Connectivity
Industrial Network Security and Connectivity Tunneling Process Data Securely Through Firewalls A Solution To OPC - DCOM Connectivity Manufacturing companies have invested billions of dollars in industrial
More informationDirectAccess in Windows 7 and Windows Server 2008 R2. Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team
DirectAccess in Windows 7 and Windows Server 2008 R2 Aydin Aslaner Senior Support Escalation Engineer Microsoft MEA Networking Team 0 Introduction to DirectAccess Increasingly, people envision a world
More informationSE 4C03 Winter 2005 Firewall Design Principles. By: Kirk Crane
SE 4C03 Winter 2005 Firewall Design Principles By: Kirk Crane Firewall Design Principles By: Kirk Crane 9810533 Introduction Every network has a security policy that will specify what traffic is allowed
More informationDATA SECURITY 1/12. Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0
DATA SECURITY 1/12 Copyright Nokia Corporation 2002. All rights reserved. Ver. 1.0 Contents 1. INTRODUCTION... 3 2. REMOTE ACCESS ARCHITECTURES... 3 2.1 DIAL-UP MODEM ACCESS... 3 2.2 SECURE INTERNET ACCESS
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationVirtualization, SDN and NFV
Virtualization, SDN and NFV HOW DO THEY FIT TOGETHER? Traditional networks lack the flexibility to keep pace with dynamic computing and storage needs of today s data centers. In order to implement changes,
More informationSSL Inspection Step-by-Step Guide. June 6, 2016
SSL Inspection Step-by-Step Guide June 6, 2016 Key Drivers for Inspecting Outbound SSL Traffic Eliminate blind spots of SSL encrypted communication to/from the enterprise Maintaining information s communication
More informationConnecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP
Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP Connecting MPLS Voice VPNs Enabling the secure interconnection of Inter-Enterprise VoIP Executive Summary: MPLS Virtual
More informationApplication Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0
Avaya Solution & Interoperability Test Lab Application Notes for Avaya IP Office 7.0 Integration with Skype Connect R2.0 Issue 1.0 Abstract These Application Notes describe the steps to configure an Avaya
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationDirect or Transparent Proxy?
Direct or Transparent Proxy? Choose the right configuration for your gateway. Table of Contents Direct Proxy...3 Transparent Proxy...4 Other Considerations: Managing authentication made easier.....4 SSL
More informationBarracuda Link Balancer
Barracuda Networks Technical Documentation Barracuda Link Balancer Administrator s Guide Version 2.2 RECLAIM YOUR NETWORK Copyright Notice Copyright 2004-2011, Barracuda Networks www.barracuda.com v2.2-110503-01-0503
More informationIP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online
1 IP PBX SD Card Slot FXO Ports PBX LAN port PBX WAN port FXO Ports LED, RED means online 2 Connect the IP PBX to Your LAN Internet PSTN Router Ethernet Switch FXO Ports 3 Access the PBX s WEB GUI The
More informationHosting more than one FortiOS instance on. VLANs. 1. Network topology
Hosting more than one FortiOS instance on a single FortiGate unit using VDOMs and VLANs 1. Network topology Use Virtual domains (VDOMs) to divide the FortiGate unit into two or more virtual instances of
More informationBlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide
BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9
More informationCisco Integrated Services Routers Performance Overview
Integrated Services Routers Performance Overview What You Will Learn The Integrated Services Routers Generation 2 (ISR G2) provide a robust platform for delivering WAN services, unified communications,
More informationDNA. White Paper. DNA White paper Version: 1.08 Release Date: 1 st July, 2015 Expiry Date: 31 st December, 2015. Ian Silvester DNA Manager.
DNA White Paper Prepared by Ian Silvester DNA Manager Danwood Group Service Noble House Whisby Road Lincoln LN6 3DG Email: dna@danwood.com Website: www.danwood.com\dna BI portal: https:\\biportal.danwood.com
More informationPolycom. RealPresence Ready Firewall Traversal Tips
Polycom RealPresence Ready Firewall Traversal Tips Firewall Traversal Summary In order for your system to communicate with end points in other sites or with your customers the network firewall in all you
More informationVMware vcloud Air. Enterprise IT Hybrid Data Center TECHNICAL MARKETING DOCUMENTATION
TECHNICAL MARKETING DOCUMENTATION October 2014 Table of Contents Purpose and Overview.... 3 1.1 Background............................................................... 3 1.2 Target Audience...........................................................
More informationDeploying in a Distributed Environment
Deploying in a Distributed Environment Distributed enterprise networks have many remote locations, ranging from dozens to thousands of small offices. Typically, between 5 and 50 employees work at each
More informationWINDOWS AZURE NETWORKING
WINDOWS AZURE NETWORKING The easiest way to connect to Windows Azure applications and data is through an ordinary Internet connection. But this simple solution isn t always the best approach. Windows Azure
More informationGuideline for setting up a functional VPN
Guideline for setting up a functional VPN Why do I want a VPN? VPN by definition creates a private, trusted network across an untrusted medium. It allows you to connect offices and people from around the
More informationAlfresco Enterprise on AWS: Reference Architecture
Alfresco Enterprise on AWS: Reference Architecture October 2013 (Please consult http://aws.amazon.com/whitepapers/ for the latest version of this paper) Page 1 of 13 Abstract Amazon Web Services (AWS)
More informationVMware vcloud Air Networking Guide
vcloud Air This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition. To check for more recent editions of this document,
More informationEarthLink Business SIP Trunking. NEC SV8300 IP PBX Customer Configuration Guide
EarthLink Business SIP Trunking NEC SV8300 IP PBX Customer Configuration Guide Publication History First Release: Version 1.0 May 18, 2012 CHANGE HISTORY Version Date Change Details Changed By 1.0 5/18/2012
More informationDeploying F5 with Microsoft Active Directory Federation Services
F5 Deployment Guide Deploying F5 with Microsoft Active Directory Federation Services This F5 deployment guide provides detailed information on how to deploy Microsoft Active Directory Federation Services
More informationNETASQ MIGRATING FROM V8 TO V9
UTM Firewall version 9 NETASQ MIGRATING FROM V8 TO V9 Document version: 1.1 Reference: naentno_migration-v8-to-v9 INTRODUCTION 3 Upgrading on a production site... 3 Compatibility... 3 Requirements... 4
More informationSecurity Design. thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/
Security Design thm@informatik.uni-rostock.de http://wwwiuk.informatik.uni-rostock.de/ Content Security Design Analysing Design Requirements Resource Separation a Security Zones VLANs Tuning Load Balancing
More informationNAT Traversal for VoIP. Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University
NAT Traversal for VoIP Ai-Chun Pang Graduate Institute of Networking and Multimedia Dept. of Comp. Sci. and Info. Engr. National Taiwan University 1 What is NAT NAT - Network Address Translation RFC 3022
More informationA host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.
A firewall is a software- or hardware-based network security system that allows or denies network traffic according to a set of rules. Firewalls can be categorized by their location on the network: A network-based
More informationmsuite5 & mdesign Installation Prerequisites
CommonTime Limited msuite5 & mdesign Installation Prerequisites Administration considerations prior to installing msuite5 and mdesign. 7/7/2011 Version 2.4 Overview... 1 msuite version... 1 SQL credentials...
More informationFirewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA
Firewalls Securing Networks Chapter 3 Part 1 of 4 CA M S Mehta, FCA 1 Firewalls Learning Objectives Task Statements 1.3 Recognise function of Telecommunications and Network security including firewalls,..
More informationVXLAN: Scaling Data Center Capacity. White Paper
VXLAN: Scaling Data Center Capacity White Paper Virtual Extensible LAN (VXLAN) Overview This document provides an overview of how VXLAN works. It also provides criteria to help determine when and where
More informationMonitoring Hybrid Cloud Applications in VMware vcloud Air
Monitoring Hybrid Cloud Applications in ware vcloud Air ware vcenter Hyperic and ware vcenter Operations Manager Installation and Administration Guide for Hybrid Cloud Monitoring TECHNICAL WHITE PAPER
More informationConfiguration Guide. BlackBerry Enterprise Service 12. Version 12.0
Configuration Guide BlackBerry Enterprise Service 12 Version 12.0 Published: 2014-12-19 SWD-20141219132902639 Contents Introduction... 7 About this guide...7 What is BES12?...7 Key features of BES12...
More informationNEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service
NEWT Managed PBX A Secure VoIP Architecture Providing Carrier Grade Service This document describes the benefits of the NEWT Digital PBX solution with respect to features, hardware partners, architecture,
More informationPerformance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU
Performance Analysis of IPv4 v/s IPv6 in Virtual Environment Using UBUNTU Savita Shiwani Computer Science,Gyan Vihar University, Rajasthan, India G.N. Purohit AIM & ACT, Banasthali University, Banasthali,
More informationInstallation and configuration guide
Installation and Configuration Guide Installation and configuration guide Adding X-Username support to Forward and Reverse Proxy TMG Servers Published: December 2010 Applies to: Winfrasoft X-Username for
More informationCopyright 2014 Oracle and/or its affiliates. All rights reserved.
Management Overview, Architecture and Deployment Akanksha Sheoran Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More information2. Are explicit proxy connections also affected by the ARM config?
Achieving rapid success with WCCP and Web Security Gateway October 2011 Webinar Q/A 1. What if you are already using WCCP for Cisco waas on the same routers that you need to use WCCP for websense? Using
More informationSynology QuickConnect
Synology QuickConnect Based on DSM 5.2 Synology Inc. Table of Contents Chapter 1: Introduction What is QuickConnect?... 3 Chapter 2: How QuickConnect Works Overview... 4 QuickConnect Connectivity Test...
More informationSECURING SAP NETWEAVER DEPLOYMENTS WITH SAFE-T RSACCESS
SECURING NETWEAVER DEPLOYMENTS A RSACCESS WHITE PAPER SECURING NETWEAVER DEPLOYMENTS 1 Introduction 2 NetWeaver Deployments 3 Safe-T RSAccess Overview 4 Securing NetWeaver Deployments with Safe-T RSAccess
More informationRelease the full potential of your Cisco Call Manager with Ingate Systems
Release the full potential of your Cisco Call Manager with Ingate Systems -Save cost with flexible connection to Service Providers. -Save mobile costs, give VoIP mobility to your workforce. -Setup an effective
More informationSecuring Virtual Applications and Servers
White Paper Securing Virtual Applications and Servers Overview Security concerns are the most often cited obstacle to application virtualization and adoption of cloud-computing models. Merely replicating
More information