You are on page 1of 4

Internet Gateway: Fast, Secure, Scalable Internet Access

Any solution to these challenges should offer the


following capabilities:
High reliability
Authentication/access control
Native support for all transport types (web,
streaming media, Java, FTP, NNTP, etc.)
Content filtering
Virus scanning
Usage reporting

An Internet gateway proxy is a key component for


access controls, security, caching, filtering, and
reporting. NetApp Internet proxy gateway
technologies combine with firewalls and other
networking equipment to allow you to:
Improve user (e.g., employee, student) & IT
productivity with faster, filtered, more reliable
web access
Increase network security
Scale Internet access
At the lowest Total Cost of Ownership (TCO)
Reduce bandwidth costs
Reduce legal liability
Easily manage user access
Reduce administration and support costs

How NetApp Enhances Internet


Gateway Performance
The NetApp proxy server solutions address all of
these issues.

Internet Gateway Description

Before allowing a user to access the Internet,


organizations want to ensure that that particular user
has rights to do so. The NetCache proxy server
integrated Access Control Lists (ACLs) and interface
with authentication servers and user databases allows
for such control, with the benefits of single sign-on.
This authentication and access controls can be
managed seamlessly. NetCache supports all major
authentication methods, including NTLM, Kerberos
for Windows 2000, Radius, and LDAP.

The points at which an organizations internal


network connects to the Internet are commonly called
Internet gateways. An organization may have one or
many of these gateways to the Internet, depending on
size, geography, and user requirements. Each
gateway must be sized and configured to deliver
Internet content, including web pages, to the right
users, at an acceptable speed, while keeping the
internal network secure from viruses and other
concerns.

Leveraging these ACLs, organizations can add


content filtering lists to NetCache. Content filtering
prevents user access to inappropriate and
unproductive Internet content, in accordance with the
organizations Internet usage policies. Software
available with NetCache allows filtering by URLs in
categories such as hate, gambling, pornography, and
more.

Internet Gateway Operational


Challenges
Traditionally, organizations that want to scale access
to the Internet needed to buy more bandwidth. In
addition, as more users receive Internet access, the
potential for viruses to enter the network, and for
users to access inappropriate content, both increase.
Finally, as gateway costs increase, IT organizations
often need tracking tools in order to charge individual
divisions for infrastructure usage.

With access granted, multiple users often request


content from the same websites. This creates
redundant traffic through the Internet gateway. With
NetCache deployed at the gateway:
When the first user requests a web page,
NetCache will retrieve the page, serve it, and
store a copy of it
When later users request the same page,
NetCache will serve it to them provided ACL
requirements are met.
This reduces the traffic on the Internet gateway,
translating directly into cost savings for the
corporation, and faster web access times.

Deploying proxy caching servers can solve these


challenges. However products must be highly
reliable as Internet access is a vital capability for
many people to do their jobs. Less reliable products
reduce user productivity and increase IT workload.
Many NetApp customers previously used softwarebased proxy servers, and have stated that their main
reason for replacing them was unreliability.

With web based viruses are an increasing concern for


organizations it is not sufficient to simply serve

Page 1

Internet Gateway: Fast, Secure, Scalable Internet Access


For a current list of partners, their status, and key
contacts, visit www.netapp.com or contact NetApp
Content Delivery marketing.

content organizations want to check this for viruses.


Virus scanning software examines each web object as
it is requested, strips any viruses, then notifies
NetCache that the object is now safe to serve to users.
Later requests for that same content will be served
directly from NetCache, since the NetCache now
knows that its cached copy is virus-free.
Finally usage reporting based on NetCache logs
allows administrators to analyze traffic load patterns,
and estimate future infrastructure requirements.
ContentReporter software works seamlessly with
NetCache logs, even allowing usage reporting across
large deployments to be done from a single central
console.

Internet

Selected Internet Gateway


Customers
Customer
Ford

Industry
Automotive

HypoVereinsbank
AG
Merrill Lynch
(Canada)

Financial
Services

Motorola

Technology

Infineon

Semiconductors
Education

Toledo Public
Schools
BNP Paribas

Financial
Services

Financial
Services

Solution
NetCache - Scale Internet access
- Replaced Software Proxy Servers
Integrated content filtering
NetCache - Scale Internet access
- Replaced Netscape Proxy Servers
Webwasher (ICAP) filter content
NetCache - Scale Internet access
- Replaced Software Proxy Servers
ContentReporter Usage reporting
NetCache - Scale Internet access
Integrated content filtering
NetCache - Scale Internet access
Integrated content filtering
NetCache - Scale Internet access
Integrated content filtering
NetCache - Scale Internet access
Integrated content filtering

Firewall
Internet
Gateway

NetApp has deployed NetCache with integrated


content filtering software for over 200 customers.
NetCache
Content Filtering
Virus Scanning
ContentReporter

Summary of Internet Gateway


Business Benefits

User DB

Corporate
Internet
Users

In summary, the components of the NetApp


Internet gateway solution include:
NetCache: Scalable proxy server appliance that
integrates with an organizations control schema,
and also stores and delivers web and streaming
content to speed access and reduce bandwidth
usage; proven appliance reliability of over
99.99%,
Content filtering software: Smartfilter,
Webwasher, and others; integrated on NetCache
or via the ICAP protocol,
Virus scanning software: via ICAP protocol,
ContentReporter: Central content usage
console; gathers & charts usage information.

Page 2

Upgrade / scale / replace existing proxy servers


with low maintenance, high performance and
secure appliances
Improve user & IT productivity by providing
fast, reliable, filtered web access
Reduce costs
Bandwidth
Liability
Administration
Support
Protect the internal network
Implement & enforce Internet usage policies
Provide the foundation for future cost-saving and
performance-enhancing initiatives
Business Application Acceleration (ERP,
CRM, etc.)
e-Learning
Streaming video

Network Appliance Confidential


Internet Gateway / Internet Access Sales Guide
Written: September 14, 2001 by Chris Stewart
Last Updated: 4/26/02 by Edward Sharp

Internet Gateway: Fast, Filtered, Scalable Internet Access


Identifying Opportunities

Qualifying questions based on these needs:

Do you provide Web access to your users (e.g.,


employees, students)?

Do you use software based proxy servers


(Netscape/MSFT)? Any performance or reliability
issues?
How satisfied are you and your users with your
current Internet access speed and reliability?
Do you have a simple way to allow managed /
controlled access to the Internet without having to
log in multiple times?
How important is it to your organization to filter
inappropriate content? Are your HR or Legal
departments concerned about this? How much
bandwidth and employee time is spent on
inappropriate browsing? Are you required to
provide filtered Internet access to students?
How do you prevent web-based denial-of-service
attacks and virus intrusion? Were you hit by the
Nimda or Code Red viruses?

Do you want to allow users controlled access to


streaming content on the Web?
How significant is the demand from your users to
be able to access streaming media content from
the public Internet?
Does Web browsing, particularly streaming
events, clog up your Internet gateway? How
about your WAN links to branch offices?
How much bandwidth do you use for Internet
access (HTTP, FTP, streaming)? Have you
considered adding bandwidth? Would you be
interested in a less expensive solution?
Would you like to be able to set a limit to the
amount of bandwidth that streaming consumes?
Do you need to monitor web usage to be able to
charge departments for usage, or to help you plan
for upgrades?
Are your WAN costs significant? Have you
considered deploying an ECDN to distribute
content to branch office LANs for local delivery?
NetCache also helps there.

NetApp has been extremely successful in Internet


Gateway deployments, providing more scalable,
secure and reliable user access at Eli Lilly, Ford, Mesa
School Districts, Oracle, Prudential, Renault, Toledo
Public School and more. We have been successful
because only Netapp:
Supports all major user authentication methods,
including NTLM, LDAP, Radius, Kerberos
(Windows 2000), plus on-box Access Control List
(ACL) functionality.
Provides a robust on-box Access Control List
(ACL) functionality
Has an appliance hardened against network
attacks
Provides bandwidth controls to limit the amount
of traffic each protocol consumes
Supports all data types: HTTP, streaming (all
formats, live & on-demand), e-Business
application content, FTP, NNTP
Offers a complete solution for content delivery,
filtering, virus scanning, and usage reporting.

Th
is p
Do ag
no e fo
tg
rN
ive
etA
thi
p
sp pS
age ale
to s Us
aC eO
ust
nly
om
er

Any organization that gives its internal users


access to the Internet needs NetApps Internet
gateway solutions. Organizations with Internet
access will be looking for ways to solve these
challenges:
They have software proxy servers (from Netscape,
Microsoft, etc) that are slow and crash often; they
would like replace them with something more
reliable (nearly all of our large customers have
done this Ford, Merrill, etc.)
They need single sign-on authentication for users
accessing the Internet
Need to scale access as their user base grows
They need to make Internet access more reliable
Users complain when access fails
The IT group spends a lot of time fixing
Internet access issues
They need to speed up Internet access, but dont
want to spend more on bandwidth
They see an immediate or upcoming need to
support streaming media
They have a mandate to keep viruses like Code
Red and Nimda off their network
They have a mandate to prevent users from
accessing pornography, hate, gambling, etc.
They need to track usage by department so that
they can bill those departments for their IT usage

Key Decision Makers


WAN manager
Proxy server administrator
Network manager or administrator
Telecom manager
Security manager
HR manager (for filtering and reporting)
School district network administrator

Page 3

Network Appliance Confidential


Internet Gateway / Internet Access Sales Guide
Written: September 14, 2001 by Chris Stewart
Last Updated: 4/26/02 by Edward Sharp

Internet Gateway: Fast, Filtered, Scalable Internet Access


Sizing Guide per location

Growth of Internet Access Market

NetApp proxy server is an important component in an


entire solution sale for Internet gateways. As a
solution provider, bring together all the elements of a
solution, including firewalls (and VPNs, intrusion
detection), networking equipment (routers &
switches), filtering and virus scanning solutions, log
analysis, and the consulting and design to integrate a
complete Internet gateway.

Enterprise Internet Access


(Employees - Millions)
300

250
51
200

Users
Connectivity
< 500
Up to T1
500
Multiple T1s
2000
2000
Partial T3
5000
5000
T3
20000
20000 +
T3 +
Internal gateways back to
head office / main data
centers

Solution
Low end (e.g., C1105)
2-4 * Low end (e.g., C1105)

87
150
18

Mid range (e.g., C3100)

100

Th
is p
Do ag
no e fo
tg
rN
ive
etA
thi
p
sp pS
age ale
to s Us
aC eO
ust
nly
om
er

Gateway to Internet from


head office / main data
centers

Name
Lee Duggs

Chris Stewart

122

50

61

2+ * High end (e.g., C6100)


Add
WCCP enable Router, or L4
switch
Filtering subscription
Add to above
Filtering subscription
ContentReporter
Firewalls
Routers & Switches
Virus Scanning server
VPNs
Intrusion detection
Security Audit

2000

North America

Title & responsibility


Manager, Business Dev

Security partners

Internet Proxy
Solutions
Manager, CDBU
Enterprise Marketing

Tools &Events

2003

Europe

Asia Pacific

ource: Dataquest; IDC estimates 272 M in 2003 vs. 260 M by Dataquest

For Additional Information

58

2-4 * Mid range (e.g., C3100)

Contacts
408-822-3816

eld@netapp.com
408-822-3575

http://www.netapp.com/solutions/internet_access.
html
http://www.netapp.com/tech_library/3158.html
http://www.netapp.com/tech_library/netcachedeployment-guide.html
http://www.netapp.com/case_studies/toledo.html
http://www.netapp.com/case_studies/saisd.html
http://www.netapp.com/case_studies/hypovereins.
html
http://www.netapp.com/case_studies/merrill.html

Page 4