Barracuda Load Balancer ADC BT 240

1. Barracuda Load Balancer ADC • BT 240

2. Market Overview

3. Market Requirements • Horizontally scale application server • Extend life of existing application farm • Protect against application layer attacks • Need to rapidly deploy application

4. Introducing the Barracuda Load Balancer ADC Control Acceleration Availability Security

5. Features and Benefits

6. Health Check Load Balancing Scheduling Availability Features Persistency GSLB

7. Load Balancing

8. Common Applications Deployed • Internet sites / Intranet Sites • Hosted applications • Other IP services

9. Real Server Monitoring • Server Monitoring • Last Resort Server • Application Layer Health Check 9

10. Load Balancing Algorithms • How traffic is divided among servers • Default Scheduling Policy • Adaptive Schedule Methods

11. Default Scheduling Policies • Round Robin / Weighted Round Robin • Least Requests 100 80

12. Adaptive Scheduling Policy • Automatically assigns weights based on • CPU being utilized on the server • Terminal Session

13. Global Server Load Balancing (GSLB) • Direct traffic to multiple data centers using DNS resolution • User can be directed to a data center site based on • Health Checks between two sites • Redundant GSLBs possible

14. Persistency • What is Persistency ? • Different methods of doing Persistency

15. GLBS and DNS

16. Instant SSL Content Rules / L7 Routing Web Translation Application Control

17. Content Based Rules • Layer 7 Rules to route traffic to different server based on headers • Examples Dynamic pages Graphics bn.com/php/* Documents • Send application traffic to database servers • Send requests for images to another server • Send requests for documents to another server bn.com/images/* bn.com/docs/*

18. Content Rewrite • Instant SSL • Web Translation

19. Compression Caching SSL Offloading Application Acceleration

20. HTTP Caching and Compression • Caching • Compression

21. SSL Encryption and Decryption HTTP SSL HTTP SSL

22. Network Security

23. Network Security Capabilities • Layer 4 Firewall • Configure layer 4 ACL’s based on IP, Ports and Protocols. • Network Address Translation • Ability to configure a Source NAT rule for the backend servers to communicate outbound. • VLAN • Supports 802.1Q Vlan port trunking • Routes • Configure static routes on the box

24. Geo Location Based ACL’s • Allow requests only from certain Geographic location • Block requests based on a Geographic location

25. Link Bonding • Link Bonding : Ability to bond multiple links Round Robin Active- Backup Dynamic Link Aggregation

26. Application Security

27. Layer 7 Web Application Firewall Inbound inspection (protect against layer 7 attacks) Outbound inspection (protect against data theft)

28. Deep Packet Inspection Data Theft Protection IP Address TCP port HTTP header Cookie URL Form data Inspect Application Layer Data Traditional Firewalls focus here Web Application Firewalls start here User AV Protection Data Theft Protection Credit Cards, SSN, Sensitive Information SQL injection Cross site scripting Buffer overflow Web worms Cookie Poisoning Session Hijacking Forceful browsing Parameter tampering Denial of service (DoS) Distributed DoS SYN flood Ping of death TCP session hijacking Packet fragmentation Web Apps

29. OWASP Top 10 Attacks • Protection Against OWASP Top 10 Attacks • A1: Injection • A2: Cross-Site Scripting (XSS) • A3: Broken Authentication and Session Management • A4: Insecure Direct Object References • A5: Cross-Site Request Forgery (CSRF) • A6: Security Misconfiguration • A7: Insecure Cryptographic Storage • A8: Failure to Restrict URL Access • A9: Insufficient Transport Layer Protection • A10: Unvalidated Redirects and Forwards

30. Distributed Denial Of Service Attacks • Bandwidth Based DDOS • Geo-IP based protection • Resource based DDOS • Slow Loris and Pyloris A low bandwidth attack tool that focuses the attack on resource than bandwidth

31. Medium Template-Based Security Low Default Security Plug & Play Deployment & Management Level of Customization High Custom & Positive Security

32. Manageability

33. High Availability • Active-Passive Pair • Manual or automatic failback

34. Online Demonstrations

35. Demo site • http://demo.barracuda.com • Open to the public

36. Vital Demonstration Pages Security Network Security Network Firewall NAT’s Application Security Security Policy Advance security Internal patterns • Availability Status Services Server Health • Acceleration Caching and Compression GSLB • Control Content Based Routing Web Address Translation

37. Sizing and Product Selection

38. Model Comparison By Capacity • Optional Networking Modules Available on 640 and 840

39. Virtual Appliances Available

40. Feature Differences • All Models • Layer 4 Load Balancing • Barracuda Load Balancer ADC 340 and higher • High Availability • VLAN • Layer 7 Load Balancing • SSL offloading • Content based routing

41. Feature Differences • Barracuda Load Balancer ADC 440 and higher • Programming Interface/API • Global Server Load Balancing • HTTP Compression • Content Caching • Barracuda Load Balancer ADC 640 and higher • Application Security Subscription • Multi port option & optional networking modules

42. Frequently Asked Questions

43. F.A.Q • Does the Barracuda Load Balancer ADC balance traffic load across WAN links? • No. The Load Balancer balances traffic sent to servers. • The Barracuda Link Balancer balances traffic across links.

44. F.A.Q. • Can’t I just use DNS to load balance my applications? • DNS does not provide health checking or failure detection • DNS only provides round-robin scheduling policy Inefficient for most applications • DNS does not necessarily provide user session persistence

45. F.A.Q. • Can I load balance SSL traffic with persistence without having to decrypt it on the Barracuda Load Balancer ADC? • Yes • It is not necessary to decrypt packets when load balancing SSL traffic. SSL Offloading is possible but not mandatory • Layer 4 IP persistence can be used Layer 7 Cookie, HTTP Header or URL based persistence is not possible without decryption • *Functionality lost Deep packet inspection on HTTPS traffic cannot be accomplished without decrypting the traffic.

46. F.A.Q. • How does the Barracuda Load Balancer ADC handle Layer 7 persistence (cookies)? • If an application creates its own cookie, specify the cookie name in the Load Balancer configuration All traffic with cookie will be directed to the same server • If a cookie does not already exist, the Barracuda Load Balancer creates and inserts a unique cookie for a new client When the client returns cookie in responses, the Load Balancer will direct all these responses to the same server

47. F.A.Q • Can the Application Security module do a Deep packet inspection for SMTP traffic and protecting against Spams. • No, the Application Security Modules does a deep packet inspection on web traffic (HTTP / HTTPS) and FTP traffic. For protection against SPAM on your SMTP server you will required a Barracuda Spam and Virus Firewall.

48. F.A.Q • Can the Application security module protect my SOAP application ? • No, the XML Firewall currently is not available in the Application Subscription modules. Barracuda does have a Web Application Firewall that has a XML Firewall built in.

49. More information • Web site • http://www.barracuda.com/loadbalancer Customer case studies White papers Demo walk through Documentation • Demo page • http://adc.barracuda.com

50. Next Steps • Take the BT240 test • Listen in upcoming demo • Introduce the products to Resellers/ VAR’s Make Your Quota!