PLAYBOOK

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

To address challenges associated with todays mission critical enterprise application deployments Brocade, in collaboration with Blue Coat, offers caching and WAN optimization solutions to suit a variety of customer configurations. This document provides high-level technical guidance for joint solution proposals that integrate Brocade ServerIron Application Delivery Controllers with Blue Coat ProxySG appliances.

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

CONTENTS
Introduction........................................................................................................................................................................................................................3 Caching Solutions.............................................................................................................................................................................................................4 Proxy (Explicit mode) Cache Switching................................................................................................................ 4 Transparent Cache Switching (TCS)...........................................................................................................................................................................7 Benefits of using the ServerIron with Blue Coat Proxy SGs in Explicit and Transparent Mode ....................... 9 Configurations................................................................................................................................................................................................................10 WAN Optimization Solutions.....................................................................................................................................................................................11 Standard Inline WAN Optimization .................................................................................................................... 11 Enhanced WAN Optimization ............................................................................................................................. 12 Benefits of using the ServerIron with Blue Coat Proxy SGs in Standard and Enhanced Mode ..................... 13 Configurations................................................................................................................................................................................................................14 Contacts............................................................................................................................................................................................................................16 Documentation Resources........................................................................................................................................................................................16

TABLES AND FIGURES

Figure 1 This shows explicit mode (simplified) .......................................................................................................... 4 Figure 2 This diagram shows the explicit mode design with full redundancy.......................................................... 6 Figure 3 Transparent Mode (Simplified)..................................................................................................................... 7 Figure 4 Transparent mode (Fully Redundant) .......................................................................................................... 8 Table 1 Transparent Mode (TCS) configuration on the ServerIron ......................................................................... 10 Table 2 Explicit Mode configuration on the ServerIron ........................................................................................... 10 Figure 5 This shows Standard Inline WAN Optimization (simplified)..................................................................... 11 Figure 6 This shows Enhanced WAN Optimization (simplified)............................................................................... 12 Table 3 Configuration on the ServerIron when using Standard WAN optimization ............................................... 14 Table 4 Configuration on the ServerIron when using Enhanced WAN optimization.............................................. 15

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 2 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

INTRODUCTION
The Brocade ServerIron family of Application Delivery Controllers intelligently balance user traffic to application servers for increased performance and ultimately an enhanced user experience. The ServerIron family offers enterprises and service providers highly resilient Server Load Balancing (SLB) with both stackable and high-port-density, chassis-based solutions. ServerIron provides optimization for application availability, performance, and securityand decreases application ownership costs. ServerIron addresses the following enterprise challenges: Meeting Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for business continuity Application, server, and network security Reducing capital and operational costs (CapEx and OpEx) for applications, servers, and networking

The Blue Coat ProxySG family of appliances delivers a scalable proxy platform architecture to protect Web traffic and accelerate the delivery of business applications. ProxySG is built on SGOS, a custom, object-based operating system, which enables flexible policy control over content, users, applications and protocols. With Blue Coat ProxySG appliances, you can: Manage various proxy requirements across a distributed enterprise Protect internal users and networks from spyware and other attacks Significantly reduce bandwidth with leading compression, byte caching, and object caching technologies Accelerate application performance for files, e-mail, Web, SSL, and rich media applications

This document provides a high-level technical description of configurations where a joint Brocade Blue Coat solution can be best applied. Readers should already be familiar with Brocade ServerIron and Blue Coat ProxySG products and have a general understanding of how they function in a typical network. For detailed deployment, installation and configuration procedures refer to the appropriate product documentation, and to the various technical guides associated with this Joint Solutions sales kit.

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 3 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

CACHING SOLUTIONS
Proxy (Explicit Mode) Cache Switching
Explicit Mode requires that the users Internet Explorer is pointed to the IP address of the cache server. With multiple cache servers, the ServerIron is configured with a Virtual IP (VIP) to represent a single point that provides the front end to multiple cache servers. Blue Coat ProxySG cache servers process web queries faster and more efficiently by temporarily storing details about repetitive web queries locally, reducing the number of external inquiries required to process a web query. By limiting the number of queries sent to remote web servers, the overall WAN access capacity required is lessened as is the overall operating cost for WAN access. Brocade ServerIron Application Delivery Controllers increase the reliability of explicit mode caching within a network by supporting redundant web cache server configurations known as web cache server groups, as well as supporting redundant paths to those server groups with the server backup option.

Figure 1 Explicit Mode (simplified)

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 4 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

In explicit mode, the users browser must be configured to use the proxy server. For Internet Explorer (IE), the following must be completed in the Tools Menu under Internet Options:

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 5 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

Figure 2 Explicit Mode (full redundancy)

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 6 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

TRANSPARENT CACHE SWITCHING (TCS)

Transparent Cache Switching (TCS) allows a ServerIron to detect and switch web traffic to a local cache server within the network. A single ServerIron (or a Hot Standby pair) can provide Transparent Cache Switching for up to 1024 web cache servers. Blue Coat ProxySG cache servers process web queries faster and more efficiently by temporarily storing details about repetitive web queries locally, reducing the number of external inquiries required to process a web query. By limiting the number of queries sent to remote web servers, the overall WAN access capacity required is lessened as is the overall operating cost for WAN access. Brocade ServerIrons increase the reliability of transparent caching within a network by supporting redundant web cache server configurations known as web cache server groups, as well as supporting redundant paths to those server groups with the server backup option. Note that there are no overall architectural differences between Explicit Mode and Transparent Mode, although one major difference can be seen on the client (user) PC and the ServerIron. In Explicit Mode the client is pointed to a Virtual IP (VIP) on the ServerIron, whereas in Transparent Mode the ServerIron intercepts the pre-determined traffic (usually determined by the port) without having to point the client to a specific VIP.

Figure 3 Transparent Mode (simplified)

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 7 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

Figure 4 Transparent Mode (full redundancy)

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 8 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

Benefits of using the ServerIron with Blue Coat Proxy SGs in Explicit and Transparent Mode
ServerIron provides several benefits in Explicit and Transparent Mode configurations: Load BalancingServerIron will distribute traffic to the ProxySG cache servers dependant on the balancing scheme used. Transparent Mode uses hashing and Explicit mode will use a predictor Proxy SG Health ChecksServerIron monitors the health of the ProxySG cache servers by performing health checks. If a ProxySG fails the ServerIron removes it from the Cache Group RedundancyIf a failure occurs on one of the cache servers, ServerIron will redirect the traffic to other available cache servers ScalabilityAs the load increases on the cache servers, additional cache servers can be added with no disruption to current traffic Ease of DeploymentServerIron creates a single point-of-entry for the cache servers whether Explicit or Transparent Mode is used SpoofingWith spoofing enabled on the ServerIron, the cache server spoofs the clients IP address instead of using its own IP address when accessing the real server

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 9 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

CONFIGURATIONS
Table 1 Transparent Mode (TCS) configuration on the ServerIron
context default server cache-name SG2 10.98.1.3 port http port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only server cache-name SG3 10.98.1.4 port http port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only server cache-name SG4 10.98.1.5 port http port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only server cache-group 1 hash-mask 255.255.255.255 0.0.0.255 filter-acl 101 cache-name SG2 cache-name SG3 cache-name SG4 ip acl-permit-udp-1024 ip l4-policy 1 cache tcp http global ip route 0.0.0.0 0.0.0.0 10.97.0.1 ! access-list 101 permit tcp any any Note that redundancy and routing configuration has not been added. These configuration parameters will be dependent on the customer implementation.

Table 2 Explicit Mode configuration on the ServerIron

context default server cache-name SG2 10.98.1.3 port http port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only server cache-name SG3 10.98.1.4 port http port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only server cache-name SG4 10.98.1.5 port http port http url "HEAD /" port http l4-check-only port ssl port ssl l4-check-only server cache-group 1 hash-mask 255.255.255.255 0.0.0.255 filter-acl 101 cache-name SG2 cache-name SG3 cache-name SG4 ! server virtual vs1 10.98.0.100 cache-enable ! ip acl-permit-udp-1024 ip l4-policy 1 cache tcp http global ip route 0.0.0.0 0.0.0.0 10.97.0.1 ! access-list 101 permit tcp any any Note that redundancy and routing configuration has not been added. These configuration parameters will be dependent on the customer implementation.

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 10 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

WAN OPTIMIZATION SOLUTIONS

Standard Inline WAN Optimization
Brocade ServerIron ADCs offer enterprises and service providers a highly resilient, server load balancing switch that provides both stackable and high port-density chassis-based solutions. ServerIron provides optimization for application availability, performance, and securityand decreases application ownership costs. To improve application performance for remote users, WAN optimization is required. WAN optimization increases bandwidth efficiency by reducing the amount of bandwidth required through data compression, byte caching and object caching technologies. The Standard Inline approach is to place the Blue Coat ProxySG inline between the edge router and the access switch on the client (remote user) side. On the Enterprise (Data Center/Corporate) side the ProxySG is placed between the edge router and the Brocade access switch which is also connected to the Brocade ServerIron. This allows the ServerIron to manage the traffic from remote users to the Server Farm.

Figure 5 Standard Inline WAN Optimization (simplified)

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 11 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

Enhanced WAN Optimization

Enhanced WAN Optimization provides bandwidth efficiency and application availability, performance, and security via the Blue Coat ProxySG and Brocade ServerIron respectively, but also allows for scalability and redundancy of the Blue Coat Proxy SG solution. To accomplish this, the ServerIron is configured to support TCS to the Blue Coat Proxy SG and VIPs to the server farm to manage the client traffic. In this configuration, inbound traffic is intercepted by the ServerIron dependant on the port (i.e.: HTTP port 80). The traffic is then sent to the cache group of ProxySGs. The ProxySGs decompress the traffic and forward it back to the ServerIron where the traffic bound to the server farm will be attached to the associated VIP address, where ServerIron will load balance the traffic to the servers in the server farm. This configuration provides the following benefits: ProxySGs can be inserted or removed as needed without affecting traffic Traffic bound for the ProxySGs is load-balanced using a hashing algorithm There is no dependency on Web Cache Communication Protocol (WCCP) to redirect traffic

Figure 6 Enhanced WAN Optimization (simplified)

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 12 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

Benefits of using the ServerIron with Blue Coat Proxy SGs in Standard and Enhanced Mode
ServerIron provides several benefits in Standard and Enhanced Mode configurations: Load BalancingServerIron will distribute the traffic to the ProxySGs using a hashing algorithm, and can also load balance the traffic to the server farm dependant on the predictor used Health ChecksServerIron monitors the health of ProxySGs and real servers found in the server farm. By performing health checks, if a ProxySG or a real server has failed, ServerIron removes it from the Cache Group or VIP respectively RedundancyIf a failure occurs on one of the Proxy SGs or real servers, ServerIron will redirect the traffic to other available ProxySGs or real servers respectively ScalabilityAs load increases on the Proxy SGs or real servers in the server farm, additional Proxy SGs or server farm servers can be added without disruption to the current traffic Ease of DeploymentServerIron creates a single point-of-entry for Proxy SGs and real servers

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 13 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

CONFIGURATIONS
Table 3 Configuration on the ServerIron when using Standard WAN Optimization
server backup ethe 3 0012.f27c.8540 vlan-id 999 server backup-preference 5 ! ! server no-fast-bringup server source-nat server source-nat-ip 192.168.1.50 255.255.255.0 0.0.0.0 port-range 1 server router-ports ethernet 4 ! context default ! server real r1 192.168.1.10 port http port http keepalive port http url "GET /default.aspx HTTP/1.1\r\nHOST: www.contoso.com\r\n\r\n" ! server real r2 192.168.1.11 port http port http keepalive port http url "GET /default.aspx HTTP/1.1\r\nHOST: www.contoso.com\r\n\r\n" ! server real r3 192.168.1.12 port http port http keepalive port http url "GET /default.aspx HTTP/1.1\r\nHOST: www.contoso.com\r\n\r\n" ! ! server virtual vip1 192.168.1.100 predictor least-conn port http bind http r1 http r2 http r3 http ! vlan 1 name DEFAULT-VLAN by port no spanning-tree ! vlan 999 by port untagged ethe 3 no spanning-tree ! aaa authentication web-server default local boot sys fl sec wsm boot sec no enable aaa console hostname SP1 ip address 192.168.1.253 255.255.255.0 ip default-gateway 192.168.1.1 telnet server username admin password ..... Note that routing was not implemented in this configuration, instead transparent or bridged mode (Layer 2) with redundancy was used. Routing can be used and is dependent on the customers requirements.

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 14 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

Table 4 Configuration on the ServerIron when using Enhanced WAN Optimization

server no-fast-bringup server source-nat server source-nat-ip 192.168.1.50 255.255.255.0 0.0.0.0 port-range 2 ! context default ! server real r1 192.168.1.10 port http port http keepalive port http url "GET /default.aspx HTTP/1.1\r\nHOST: spvip.sptest.foundry.com\r\n\r\n" ! server real r2 192.168.1.11 port http port http keepalive port http url "GET /default.aspx HTTP/1.1\r\nHOST: spvip.sptest.foundry.com\r\n\r\n" ! server real r3 192.168.1.12 port http port http keepalive port http url "GET /default.aspx HTTP/1.1\r\nHOST: spvip.sptest.foundry.com\r\n\r\n" ! server cache-name SG1 192.168.1.41 port http port http url "HEAD /" port http l4-check-only port ftp port 3035 port 3034 port 3036 ! server cache-name SG2 192.168.1.42 port http port http url "HEAD /" port http l4-check-only port ftp port 3035 port 3034 port 3036 ! server cache-name SG3 192.168.1.43 port http port http url "HEAD /" port http l4-check-only port ftp port 3035 port 3034 port 3036 ! server virtual vip1 192.168.1.100 predictor least-conn cache-enable port http port http spoofing bind http r1 http r2 http r3 http ! server cache-group 1 hash-mask 255.255.255.0 0.0.0.255 cache-name SG1 cache-name SG2 cache-name SG3 spoof-support vlan 1 name DEFAULT-VLAN by port ! vlan 100 by port untagged ethe 2/3 to 2/4 router-interface ve 100 ! aaa authentication web-server default local boot sys fl sec no enable aaa console hostname SP1 ip l4-policy 1 cache tcp http global telnet server username admin password ..... snmp-server ! router ospf area 10 redistribution connected ! interface ethernet 2/1 ip address 192.168.3.1 255.255.255.0 ip ospf area 10 ! interface ethernet 2/3 link-aggregate configure key 11500 link-aggregate active ! interface ethernet 2/4 link-aggregate configure key 11500 link-aggregate active ! interface ve 100 ip address 192.168.1.1 255.255.255.0 ip ospf area 10 ! End Note that routing configuration has been used. These configuration parameters will be dependent on the customer implementation.

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 15 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

CONTACTS
Contact adcinquries@brocade.com for further assistance.

DOCUMENTATION RESOURCES
Documentation for ServerIron GT-C Series, GT-E Series, 350, 350 Plus, 450, 450 Plus 850, 850 Plus, 10G, and 4G can be found under the product documentation page at http://www.foundrynet.com/services/documentation/index2.html ServerIron Hardware Installation Guide HTML or PDF (5.8 MB)
This guide provides an overview of the ServerIron GT-C series, GT-E Series, 350 Series, 350 Plus Series, 450 Series, 450 Plus Series, 850 Series, 850 Plus Series, 10G Series, and 4G Series. It includes hardware installation instructions and hardware specifications.

Server Load Balancing Guide HTML or PDF (4.5 MB)

This guide describes basic Server Load Balancing configurations for the ServerIron product family. It covers basic SLB features such as Server Load Balancing, Stateless Server Load Balancing, Health Checks, Layer 7 Content Switching, and High Availability

Advanced Server Load Balancing Guide HTML or PDF (2.6 MB)

This guide discusses Advanced Server Load Balancing concepts for the ServerIron product family. It covers features such as SIP Server Load Balancing, Transparent Cache Switching, IDS Server Load Balancing, HTTP Compression, and Total Content Analysis

Global Server Load Balancing Guide HTML or PDF (1.6 MB)

This guide explains how to achieve site level redundancy and data center site failure protection using the Global Server Load Balancing feature for ServerIron

Security Guide HTML or PDF (2.1 MB)

This guide describes Security features of ServerIron product family such as Secure Socket Layer (SSL) Acceleration, Web Application Firewall, Deep Packet Scan, Access Control List, and Network Address Translation

Administration Guide HTML or PDF (1.0)

This guide describes the configurations of administrative features used to manage the ServerIron product family

Switching and Routing Guide HTML or PDF (1.6 MB)

This guide describes switching and routing configurations for the ServerIron product family

ServerIron TrafficWorks Graphical User Interface HTML or PDF (2.8 MB)

This book provides details on the graphical user interface for ServerIron products.

ServerIron Firewall Load Balancing Guide HTML or PDF (1.5 MB)

This document provides configuration information for Firewall Load Balancing.

IronWare MIB Reference.

PDF (3.6 MB) This document contains the Simple Network Management Protocol (SNMP) Management Information Base (MIB) objects that are supported on devices (except for EdgeIron, AccessIron, and IronPoint).

Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview

Page 16 of 17

BROCADE - BLUE COAT JOINT SOLUTIONS

PLAYBOOK

2009 Brocade Communications Systems, Inc. All Rights Reserved. 06/09 GA-PB-00 Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, IronPoint, IronShield, IronView, IronWare, JetCore, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by Brocade. Brocade reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a Brocade sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government. Brocade ServerIron and Blue Coat ProxySG Joint Solutions Overview Page 17 of 17