How to Control Web Applications and Content Using PacketShaper

Over the years, Computer Networks have taken a new form. Applications and content are more web-centric than ever before, making the Internet a very important component of enterprise infrastructure. This obviously poses two challenges:

  • How to manage application performance on a global network where no one is in charge, and
  • How to distinguish valuable content from recreational or malicious content when all Web traffic looks the same.

With the integration of the WebPulse technology, Blue Coat’s real-time URL categorization service, Blue Coat PacketShaper is about the only solution that controls today’s Web-heavy network traffic by the applications that generate it and by the Web-based content it may contain. This allows network managers to speed the applications and content categories they prefer while suppressing undesirable applications and content.

The Ultimate Objective

The objective of any network is to reliably deliver the applications and content that its administrators see as important to the business of the network. This is easy to say, but increasingly difficult to achieve. As more applications and content move to the Web, network managers need tools to ensure the performance of Web-based applications that they value, such as salesforce.com and WebEx.

Altogether, the impact of permissible but less important traffic, such as streaming video and sports, must never compromise more important business-centric traffic. Furthermore, undesirable applications such as malware and P2P, and Web content that presents legal risks or violates an organization’s policies, should never be allowed to thrive unchecked. And if that doesn’t sound difficult enough, remember that tens of thousands of new Web pages are created and modified every hour, requiring real-time awareness rather than after-the-fact updates.

The Task

With Blue Coat PacketShaper, which is an Application Performance Management solution, network managers can assign bandwidth and priority on an application-by- application basis. In this way, it’s simple to guarantee the performance of important applications, even during periods of network contention. With billions of Web pages online and more added every day, how can you make sure that your network knows the difference between good content and bad? One approach to managing Web content is to add a security solution such as Blue Coat ProxySG, which can be used to set policies that allow, warn, or deny. This is the best way to block undesirable content categories like Violence/Hate or Illegal Drugs from the network, but what about categories like Entertainment, Social Networking, and News? There are legitimate reasons to allow access to this sort of content, but how do you contain its impact on bandwidth use and productivity?

The Blue Coat Solution

Identifying and Measuring Web Traffic by Content Category

Blue Coat’s latest innovation is the integration of the Web content awareness of WebPulse with the granular control capabilities of PacketShaper. This feature appeared first in Blue Coat PacketShaper 8.6 software, the Classify by URL Category feature sub-classifies Web traffic based on its content category. Every time a URL request passes through the PacketShaper, local cache is checked to see if that URL has already been categorized. If so, it classifies the Web traffic based on its content category and applies any configured policy. If the URL is new the PacketShaper queries the WebPulse service, leveraging its 70 million users who generate over 8 billion ratings per day. WebPulse responds with the content category (typically in less than a second), and PacketShaper controls the Web traffic accordingly.

Protecting Preferred Content

Since PacketShaper knows the content categories of Web traffic, you can configure PacketShaper to give preferential treatment to categories of traffic. Preferred categories might include content related to work, such as Online Meetings and Software Downloads, or content for which response time can be important, such as Auctions and Financial Services.

Containing Permissible Content

Many categories of Web content are neither good nor bad: instead, they should be managed based on their impact on other network traffic and on behavioral factors such as productivity. Streaming media is a good example. To contain the impact of streaming media, you can apply a policy that restricts it to a specified amount of bandwidth or to a percentage of the WAN link. Because PacketShaper gets Web content categories from WebPulse in real time, new Web content is managed by your existing policies.

Suppressing Undesirable Content

You can configure PacketShaper to block undesirable content categories since unfortunately; the Web contains content that may be unsuitable for the workplace, such as gambling and pornography, or spyware and phishing. PacketShaper
is especially effective as a tool to audit existing security solutions. If your security appliance is configured to block content related to illegal drugs, and PacketShaper also detects and blocks this content category, you know that your current systems haven’t kept up with cloud-based services such as WebPulse. In addition PacketShaper can also control the performance and impact of allowed web categories.

Managing Mixed Content

For sites like Facebook, where content such as status updates may be permissible but other content, such as games, should be contained, unlike simpler URL filters that ascribe only one category to a Web page, WebPulse returns up to four categories for each URL! For example, a request for Farmville, a popular Facebook game, returns two categories: Social Networking and Games. You can configure PacketShaper to allow Social Networking traffic without restrictions, but squeeze Games to a 10kbps trickle.

Summary

Web traffic is diverse, and can’t be effectively managed without considering both applications and content. PacketShaper leverages the real-time WebPulse service to classify the tens of millions of Websites and billions of URLs into 80 logical categories. This means that you can manage similar content collectively, rather than app-by-app or site-by-site. With PacketShaper’s real-time content awareness, policies created today will apply to similar content created tomorrow, with no downloads or updates required. This makes PacketShaper an ideal tool for controlling the performance of Web -based applications and content.