Agenda. APSolute Application Front End Solution: AppDirector & AppXcel for Application Delivery Optimization. Key Trends & Challenges

1

APSolute Application Front End

Solution:

AppDirector & AppXcel for

Application Delivery Optimization

2

Agenda

z

Current Trends & Key Challenges in Application

Delivery

z

Radware integrated application delivery

z

Inside Application Delivery (AppDirector & AppXcel)

-

APSolute Availability

-

APSolute Performance

-

APSolute Security

z

Managing Application Delivery

z

Success Stories

z

Competitive Analysis

z

Summary

3

Key Trends & Challenges

4

Trend: Everything is Becoming Web Enabled

z Business-critical applications are migrating from Client/Server to Web architectures

-

Worldwide, ubiquitous access to critical applications

-

No need for dedicated client side software

-

Reduced initial deployment costs, ongoing support, & maintenance costs

-

Consistent with data center consolidation initiatives z Data centers consolidation

-

"We're finding that organizations want to pull more and more of their persistent data back into the data centre". "Whether the reason is Sarbanes-Oxley or the need to reduce operating overhead,they want as little as possible in the branch office."

5

z Survey of 264 IT Managers/Directors by Ziff-Davis

z 92% experienced combination of security, response and/or reliability challenges

Industry view of Challenges

6

Real Life Examples

“Application failures & incomplete transactions

translate into downtime & lost business of up to

3.6%

of annual income

”

Infonetics Research, January 2005

7 REGIONAL OFFICE BRANCH OFFICE FireWall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway Router

Application Availability Challenges

• Multiple failure points

• For transaction completion the entire path must be available Extending the reach of Business Apps beyond the LAN

to the WAN: remote users, branch locations, partners… Through 2010, the distance data must travel to meet new business processes will grow faster than Moore's law (0.8

probability) Gartner Oct 05 8

REGIONAL OFFICE BRANCH OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway Router

Application Performance Challenges

• “Chatty” protocols over lengthy transaction paths ÎLatency • No application awareness ÎNo prioritization

• Multimedia-rich content ÎIncreased bandwidth requirements

Rolling out Web-based Apps over the WAN and implementing the Server-less Branch

Through year-end 2007, more than 50 percent of newly designed business processes will suffer from end-user performance problems

9 REGIONAL OFFICE BRANCH OFFICE Firewall Web, Email, CRM ERP HEADQUARTERS Antivirus Gateway Router

Application Security Challenges

Web-enabled applications are easy to access and hence more vulnerable to security threats

• Security threats may originate internally, externally or flow from branches

• Securing the network with a firewall is not enough. We need to secure the applications from worms, application level exploits and DoS attacks

• “75% of the hacks are the application level”. (Gartner) 10

APSolute Application Optimization

11

APS

olute Application Delivery – CRM

REGIONAL OFFICE BRANCH OFFICE FW-VPN Security Gateways Web, Email, CRM, ERP HEADQUARTERS Routers

Business need: ensure fast responses and secure operation

Customer service query

Availability: Apply CRM & database specific health checks

Performance: select best performing server, maintain session persistency with both CRM and database server, assign QoS & compress text heavy replies

Security: Secure application from CRM & database exploits, protect from DoS attacks

12

APS

olute Application Delivery - VoIP

SIP Proxy AppDirector Location Service SIP Registrar VoIP Session VoIP request Business need: ensure real time delivery of VoIP services

Availability: Monitor status of SIP elements (Proxy, Registrar, etc.)

Performance: Maintain session persistency, Ensure real-time QoS

Security: secure from SIP exploits and DoS attacks

13

Inside

Application Delivery

14 Application Front-End

Complete Application Delivery Solution

Application Security Application

Access

15

APSolute Application Front-End Solution

Application Front-End Application Security Application Access 16

APSolute Application Front-End Solution

17

AppDirector

Intelligent application delivery controller uses

advanced Layer 4-7 policies and granular

application intelligence for end-to-end

application-smart optimization of traffic

Intelligent Application Delivery Controller

18

AppXcel

End-to-end application-smart performance

acceleration and server offloading of web\SSL

based applications for all types of clients

(desktops, PDAs, smart-phones)

Application Accelerator

19

APSolute Availability

20

What Does Availability Mean?

z

Business Need

– Business continuity; transaction

completion

z

Network Requirement

– fault tolerance,

redundancy, automatic failure bypassing

z

User Demand

– Anytime, anywhere accessibility to

applications needed to get the job done

21

How do we ensure availability?

Health Monitoring

Failure Bypassing

Local & Global Traffic Redirection

Redundancy

Disaster Recovery

22 URL Check SQL Check AppXcel Access Router AppDirector

Advanced Health Monitoring

z Comprehensive set of predefined application specific health checks (HTTP, SMTP, FTP, BEA, Oracle, MySQL, MS exchange, etc.)

z Ensure complete transaction path availability z Real time failure bypassing

AppDirector

SSL content verification

Intelligent monitoring of diverse applications such as VoIP, streaming media, Citrix, FIX, secure LDAP, etc…

Web servers Database servers 23 Toronto AppDirector AppDirector AppDirector AppDirector Amsterdam San Francisco Berlin

Health Check Passed

Health Check Failed

Health Check Passed

Global Business Continuity

z Multi-layered fault tolerance:

-

Server, application, device and site redundancy

Health Check Passed

24

Availability Benefits

•

Ensured application delivery

•

Business continuity

25

APSolute Performance

26

What is Performance

z

Business Need

– Drive productivity, extract greater

value from IT infrastructure

z

Network Requirement

– Optimize local & global

servers’ usage, off load intensive CPU operations to

a purpose built device, align bandwidth usage with

business priorities, compress heavy graphics & text

z

User Demand

– Fast, responsive applications

27

Assuring Performance

Local & Global Traffic management

Network proximity

Bandwidth management

Connection pooling

SSL offloading

Caching

Image compression

Web Compression

Application acceleration

28

29

Granular Application Smart Redirection

Multi-lingual content provider with content suitable for mobile users and PC users

z Facilitate content providers with greater flexibility in performing content (layer 7) switching

z Better browsing experience

– End-users are directed to desired content quickly, efficiently and with less mouse clicks

Server 1 -M obile us e rs -P C user s site.com French English French English Language=

French User type=Mobile

30

•

Applicable for all application types

•

No need to run any software on server

•

Fully customizable - Support any user-defined

parameters

√

No New Sessions

√

slow response

z

Proactive diversion of traffic from overloaded or slow

resources

LB example – Response Time Optimization

31

Persistency Example: Cookie-Insert

WEB 3 WEB 2 WEB 2 WEB 1 WEB 4 WEB 3 www.site.com www.site.com WEB 1 _{WEB 4}

Ensures fluent application operation

32

Global Performance Optimization

z

Most accurate site selection algorithms:

-

Site availability

-

Site real time load

-

User-site proximity (Patented)

z

Widest set of transparent traffic redirection methods:

-

DNS redirection

-

HTTP redirection

-

RTSP redirection (unique)

-

Triangulation (Patented)

-

Client NAT

33

Hong Kong AppDirector

NYC AppDirector Tokyo London 200m_s 400ms 300ms 100ms

z Exclusive traffic redirection based on accurate patented proximityand performance measurements (latency & hops) between the end user and the available sites

z Ensures best site selection for fastest global response time to end users

z Global capabilities inherent in solution

AppDirector AppDirector

Global Traffic Management

34 AppDirector AppXcel CRM Servers ERP Servers Mail Servers CRM Servers ERP Servers AppDirector AppXcel

Data Center 1 Data Center 2

Mail Servers

zTransparent redirection to best performing site with widest set of

redirection methods

zFastest global transaction processing through patentednetwork

proximity

zContinuous delivery of services even in case of element,

application, server or even site failure

Business Continuity - Example

35

Bandwidth Management

36

Automatic application discoveryfor 70+ enterprise applications provides full visibility of bandwidth consuming applications

37

Set Your Priorities Right

z

Streamline business operation by aligning

bandwidth usage with business priorities

z

Ensure response time of time-sensitive (interactive)

applications

z

Granular Enforcement Mechanisms

-

Control Application bandwidth (CBQ, WRR,RED)

-

Control individual users’ traffic

z Overall Bandwidth, bandwidth per session, # of sessions

eMail

CRM

VoIP

eMail

Limit Application

Bandwidth

Ensure Application QoS / SLA

38

AppXcel:

Application Acceleration Capabilities

39 AppDirector AppXcel Router Client Web Front end Servers

SSL acceleration Web compression

Application Acceleration

z Optimize servers’ operation by offloading CPU intensive tasks z Compensate for WAN latency

TCP Multiplexing TCP Optimization Image compression Caching 40 AppDirector AppXcel

Load balancing decision

HTTPS

Load balancing decision

HTTP servers H T T_P H T_T P_S HTTP H_T T_P HTTPS HTTP

SSL Acceleration

z Offload SSL encryption decryption to purpose built hardware device

z AppXcel performance numbers:

-

300 -16,000 TPS

41

zCompression reduces the average page size by 50% for all GZip enabled browsers

zAccelerate response time by a factor of 2

zCached content is stored compressed; No CPU overhead

zOptional hardware compression card

51% 44.1K 90K 7K 50K 43% 52K 91K 18K 36K 63% 28.8K 77.8K 16K 49K 34% 107.1K 161.1K 0 63K Ratio Page size (after compression) Total page size Total JPEG size HTML file size (Kbytes)

HTTP Compression

42

Reduce file size by a

factor of 10

Unique Image Compression

z

Accelerate response time by a factor of 10

43

TCP Optimization - Examples

Streamlining communication over low capacity/high

packet loss medium

:

•

TCP reorder

: reorder packets sent from mobile

handset to avoid end-user retransmission

１ ２ ３ ６ ５ ４ ７ １ ２ ３ ４ ６ ５ ７

•

Configurable Packet Size

: limit the packet

size that is sent to end users’ handsets

AppXcel 44 HTTP Response over Regular TCP Compressed HTTP Response over WTCP HTTP Request over Regular TCP Router Mobile User switch GGSN GGSN CID AppXcel Mobile User Web Server HTTP Request over WTCP Internet Wireless Network

Mobile Network Acceleration

z Seamless integration into any mobile carrier environment

-

Transparent interception of HTTP traffic

z Accelerate e-2-e response time z Reduce over-the-air application bandwidth

45

Performance Benefits

•

Accelerated application delivery to

anyone anywhere

•

Ensure timely delivery of real time

applications

•

Aligned bandwidth utilization with

business priorities

•

Guarantee optimal business

application performance

•

Extract greater value from your IT

infrastructure

46

APSolute Integrated Security

47

What is Security

z

Business Need

– Ensure business continuity even

under attack, secure intellectual property

z

Network Requirement

– Protect network resources

from DoS attacks, protect critical applications from

exploits, protect end users from worm’s infections

z

User Demand

– Secure access without

performance penalty

48

Intrusion prevention

DoS & DDOS protection

SSL Traffic Inspection

Protocol Anomaly detection

49

Unique

Integrated

Intrusion Prevention

& DOS Protection

50

Integrated Intrusion Prevention

Intrusion Prevention

securing applications &

users against over 1,500 attacks:

- Viruses

- Worms

- Spyware

- Trojans

- Anti-Scanning

51

Real-Time DoS/SYN Protection

1) DoS Shield – protection from all known

DoS /DDoS attacks

2) Bandwidth Management to shape traffic,

block ‘unknown’ attacks

& manage

infrastructure load capacities

3) SYN Cookies Against ALL SYN Floods

handling millions of concurrent connections

while forwarding legitimate traffic

52 AppDirector Access Router HTTP servers AppXcel HTTPS Application Security detects attack Session is dropped H_T T_P S H T_T P

Securing Encrypted Transaction

z

Real-time protection from SSL based attacks without

compromising performance

53

Centralized Security Management

Connect

&

Protect Set-up

of ALL Security Attack Services:

Intrusions, DoS, SYN Floods, Anomalies & Anti-Scanning

54

Centralized Security Reporting

Monitorall malicious activity, across the network, in real-time Customize reports, for executive to bit-level analysis & forensics Geographical map– displays Top Sources

55

Security Updates Service

z

Real time update

•

24/7 operational SoC in IL and US

z

Security Zone

-

Security Alerts

-

Weekly Updates

-

Emergency Updates

-

Security Resources 56

First to Protect!

Feb. 5, 2005 Feb. 5, 2005 Sober O April 18, 2005 (April 14, 2005) May 3, 2005

The Microsoft Exchange X-LINK2STATE remote Heap Overflow

May 5, 2005 May 4, 2005 Mydoom BO May 8, 2005 (April 14, 2005) May 14, 2005

Microsoft Message Queuing QMDeleteObject remote buffer overflow May 30, 2005 May 29, 2005 Mytob CG August 15, 2005 (August 9, 2005)

Remote Desktop Protocol remote denial of service

April 15, 2005 (April 12, 2005)

April 18, 2005

Microsoft Windows IP Options remote Denial of Service

August 18, 2005 August 19, 2005 Zotob family Radware protection issued (Publicly disclosed) 1stsample detected Exploit / Vulnerability

More Emergency updates that Radware was the first to issue in 2004:

MS JPEG Vulnerability: September 29, 2004, Mydoom-S: August 16, 2004, Bagle-AQ: August 10, 2004,

Mydoom-M:July 26, 2004, Bagle-AG:July 21, 2004 , Bagle-AB:July 16, 2004, AgoBot: May 17, 2004,

57

Security Benefits

•

Protecting business application from

emerging worms and viruses

•

Mitigating DoS attacks for non-stop

business operation

•

Securing intellectual properties and

valuable assets

•

Ensuring application delivery even

under attack

58

Support of New Applications:

Examples

59

FTPS – Secure File Transactions

z

Enables seamless migration from expensive

dedicated links to an open, cost effective and yet

secure communication

z

Elevates system integration complexities

-

No modification in the application infrastructure

-

No CPU overhead

FTP traffic

(

private line)

FTPS

FTP traffic

FTPS

AppXcel 60

FTPS – Customer Quotes

z

“This marks the beginning of a new era of secured

communications with DTCC that provides access to

new market opportunities

.”

z

“We have created history today with the first

successful access by a customer to our system over

the Internet, utilizing Secure FTP. … have

successfully installed a new infrastructure and proxy

server appliance environment that

satisfactorily

meets all security requirements

and maintains

transparency to external customers.”

z

Mark Cucarese, Director at DTCC

DTCC (Depository Trust Clearing Corporation) is one of the largest clearing houses in the world, all US major banks clear their transactions with DTCC

61

Delivering VoIP

62

SIP User Agent ([email protected])

SIP Proxy

SIP User Agent (caller, [email protected]) SIP Proxy INVITE SIP Network SIP Registrar Location Service REGISTER Redirection Server

Audio / Video Data

Simple SIP Scenario

63

Optimized VoIP Delivery

z Ensure Persistency of SIP requests, for reliable connection initiation & termination

z Classify and forward request to relevant service farm

z Ensure continuous availability of all services

z Protect from DoS attacks & SIP exploits

SIP Registrars Farm

SIP Proxies

SIP: Register

SIP: Invite

64

Delivering VoIP Services

z Web.De is the largest

web service provider in Germany with more than 5M users

z WEB.DE is offering services such hosting, free mail accounts, etc.

z Today Web.De is also offering VoIP services for more than 250,000 users

z AppDirector provides load balancing, health monitoring and session persistency for 6 SIP servers

z AppDirector enables web.de to guarantee high reliability of its VoIP services

z The session persistency enables accurate billing based on the session duration

65

z

8 Defense Pro installed

in German major cities

z

Worms/Virus filtering

z

DOS Protection

z

Configware insite

reporting capabilities

DeutscheTelekom and Radware partner to protect VOIP call centers

Protecting VoIP Servers

66

Application Delivery

Management

67

Top N Protocols Graph

• View

brake-down of top

protocols in

the network

• Monitor

misuse of

network BW

by

unauthorized

applications

68

User Management

• Assign different configuration rights for AppDirector management users • Configuration

rights per User Group

69

z

User Management

-

Verify that only privileged users can access the device

-

Each user can only manage the part of the configuration he is responsible for

-

Reduce the chances of device miss-configuration

-

Allows dividing AppDirector according to Application/Service

z

Configuration Auditing

-

Complete visibility of device configuration modifications

-

Track user’s configuration actions on devices

User Management Benefits

70

Allows to see element Operation Mode (main, backup) Allows to view the logical

configuration of a device (e.g. SF->Farm->Logical Server)

Allows to locate an element in the map

Allows to search for elements in the tree

Allows to see element Operation Mode (main, backup)

71

Customer Success

72

Largest and only global

shareholder registry

Radware enables:

- Continuous availability

- Multi-Gigabit speed

processing

- Complete security of all

online transactions

Computershare Online Financial Services Go Global with Radware

73

Consorzio Triveneto is an enterprise that collaborates in the development of Point of Sale (POS) management, electronic commerce, corporate banking and informative services for risk analysis

Radware enables: - Continuous availability - SSL processing and online banking acceleration - Complete application security of all online transactions

e-Banking Assurance for Consorzio Triveneto with Radware

Banking Customer Success

74

4,800 stores located in 50 states and 70 countries.

Radware Enables: -Uninterrupted user access - Optimized delivery of CRM and ERP applications - Accelerate application response times through compression, SSL offloading

-Ensure service levels for mission critical transactions

Radware drives Ace Hardware web applications across 4,800 stores

Online Services Customer Success

75

Summary

76

Tangible Business Value Proposition

Availability Performance Security

• GuaranteeBusiness Continuity • Ensure Transaction

Completion • Extract greater

value from your IT infrastructure • IncreaseAssets ROI • Alignapplications with business priorities • Adaptnetwork behavior to meet application needs • Optimizeapplication usage • Accelerate applications & transactions delivery • Conduct business under attack • Enhancesecurity without performance penalty • Manageable centralized intrusion prevention Maximum 3 months ROI based on cost !

Up to 5 x application performance levels !

Peace of mind worth a fortune !

77

Application Front-End

Complete Application Delivery Solution

Application Security Application

Access

78