14
When used in WAN optimization, the ProxySG is used similarly to a regular proxy, and works as follows:
The client makes a request for a service, which is intercepted on the network by the branch proxy.1
If the request is allowed according to the proxy’s policy, the proxy re-issues the request to the source server on the user’s behalf.2
Once the decision to encrypt is made and the SSL handshake begins, the proxy completes the handshake on the client side and the 3
server side. There are then two separate tunnels, one on each end of the branch proxy, with the branch proxy in the middle bridging
the connection. Ideally, this is transparent to both parties.
Additionally, the connection between the branch proxy and the server goes through another proxy (the concentrator proxy). The 4
branch proxy and concentrator proxy co-operate to apply WAN optimization techniques to the SSL traffic for improving performance
and response time. The connection between the branch and concentrator proxies is secure.
Since a full HTTPS Proxy runs at the branch, the object cache is co-located with the branch user; many other vendors deploy
a cache located far from the user – in the data center – which means each user’s request is forced to traverse the WAN link,
contributing to network congestion.
Web Server Acceleration – HTTPS Reverse Proxy
Blue Coat Systems has designed the ProxySG series specifically to accelerate and scale high traffic websites. By adding SSL
processing, the ProxySG offloads the origin server from the delivery of secure objects and the managing and processing of SSL
sessions. As such, they offer several key capabilities not available in single-function SSL devices from other vendors:
Not only manages and processes SSL sessions, but also caches and rapidly delivers the objects on a secure page without taxing >-
server resources. Single-function devices only offload SSL processing; the web server must still perform object delivery.
Establishes a secure channel from the appliance to the server for transferring customer-specific data. All other page objects are >-
served directly from the appliance.
Can be deployed within a content distribution network, removed from the server infrastructure and close to users. The ProxySG can >-
serve content rapidly from the network edge, while passing encrypted data to the primary server farm over a secure SSL session.
Is configured transparently in the network – not inline – eliminating reliability concerns and additional latencies.>-
Optionally, ProxyAV can be deployed for malware detection when content is being uploaded to a web server. Outlook Web Access >-
(OWA) for web-based email is a good example. Utilize ProxySG to reverse proxy the server to improve performance and provide SSL
offloading, while using ProxyAV to detect malware in uploaded content.
Optionally, DLP (data loss prevention) checks can be applied to web application server content being requested outbound to clients, >-
utilizing authentication to assist in content controls per user or group.
Technology Primer: Secure Sockets Layer (SSL)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Kommentare zu diesen Handbüchern