Transcript
X-SERIES
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
1
INTRODUCING THE X-SERIES
X-Series creates a “Network in a Box” Network Processor Modules (NPM) • Application Processor Modules (APM) • Control Processing Modules (CPM) •
IPS
FW L2
LB
LB
LB
LB
Internet
L2
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
2
ARCHITECTURE REDUNDANCY X60 / X80-S
No Single Point of Failure
Backplane trace redundancy
NPM (Network) redundancy
CPM (Control) redundancy APM (Application) redundancy
Fan redundancy Power redundancy
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
3
NETWORK PROCESSING MODULE (NPM) Provides Switching Fabric for Data Plane • Switching fabric connects all NPMS and APMs • 9600 series provides 10 to 40Gb/s per module
• 8600 series provides 5 to 10Gb/s per module • Up to 140Gbps of non-blocking backplane
Flexible Physical Network Interfaces •Multiple configurations available from 10xGbE to 16x10GbE •All ports are hot-pluggable, standard SFP, SFP+, XFP form factor
Distributes Traffic Efficiently and Intelligently • Scales by distributing traffic across APMs and processing cores NPM 9650
• Automatically redistributes load around failed resources
Consolidates Network Infrastructure • Virtualizes switches, load balancers, patch & power cords • Eliminates common network devices found in security infrastructure
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
4
APPLICATION PROCESSING MODULE (APM) Hosts Applications • Responsible
for running the security application(s)
• Can be pooled into a “Virtual Application Processor Group” (VAP Group) • Dynamically provisioned - no local configuration
Scales Performance • Multiple APMs in a VAP Group share load to scale performance • APM 8650: 4 Core and 8 Core configurations, up to 16Gb RAM • APM 9600:12 Core configuration, up to 24Gb RAM
Maintain Defense in Depth • Layer multiple VAP Groups with different security applications APM-9600
• NPM’s network virtualization provides connectivity between layers
Provides Application Redundancy • VAPs can run on any APM • APMs can be re-provisioned on-the-fly • Un-provisioned APMs automatically assume warm-standby role Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
5
CONTROL PROCESSING MODULE (CPM)
System Management • Provides out of band management of chassis through dedicated backplane and management ports.
• Centralized configuration for all elements in the system
Provision Applications Easily • Define VAP groups and install applications centrally
• Automatically provisions the right resources for the application • Hosts a dedicated file system for each Application Processor
Health Monitoring CPM-9600
• Continuously checks health and collects statistics on of all modules
(available through SNMP or web interface) • Dynamically provisions new resources to replace failed resources
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
6
SELF-HEALING WITH HOT-STANDBY
Original Configuration The Stand-by APM 4 Firewall APMs One Firewall APM 3 IDS APMs automatically takes the experiences a problem 1 Stand-by APM
Firewall APM’s profile.
No more emergency wake-up calls at 3AM to replace appliances.
Single Box HA: “5 nines” Dual Box HA: “7 nines”
Firewalls IDS Stand-by
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
7
SELF-HEALING VIA PRIORITIZATION
Original TheFirewall firewall APM VAP One Configuration automatically experiencestakes a 4 Firewall APMs one of the IPS 4problem IPS APMs APM’s based on priority
“Automate self-healing to fit your business”
Firewalls (Prio. 1) IPS (Prio. 2)
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
8
MEET THE ISVS
“Consolidate best-in-class applications within one platform, in serial or in parallell”
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
9
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
10
Copyright © 2013 Blue Coat Systems Inc. All Rights Reserved.
11
