Domain: riverbed.com
Stories and comments across the archive that link to riverbed.com.
Comments · 11
-
Undetectable Heartbleed bug?
"The security flaw in the Chrome browser emerges just as the world is confronting the frightening prospect of an undetectable bug known as Heartbleed, that makes millions of passwords vulnerable to being stolen".
'It is being widely reported in the popular press as well as many technical sites that a Heartbleed exploitation "leaves behind no trace"`. That of course is not true.
SSL Server Test -
Aspera and Friends
You you always use a UDP solution such as Aspera. Fast transfer speeds, bandwidth management and they have a specific AWS implimentation.
Other options to look at include Smartjog, whose new Bolt product looks quite interesting, Riverbed's Steelhead product, Filecatalyst and Signiant.
There are many solutions around now to deal with large file transfers for both small and large business. Most of them use UDP instead of TCP/IP, with Checksums to ensure all data is reliable delivered. Even with just 1Mbps upload speeds, something like one of the above named products will be advantageous. I've worked in the media industry for a number of years, and this type of thing is being used in Film and Television all the time. Of course, there are still tapes being shipped around, but in emerging markets, such as Russia for instance, the file transfer really beats a tape being stuck in customs for weeks or months.
-
Re:HTTPS versus HTTP Cacheing
However, recently, I was looking at Riverbed Steelhead, which claims to be able to cache SSL-encrypted data.
In order to transparently cache an https page, they require that you install a certificate corresponding to the proxy device on each computer that is using it as a proxy. This can be done with a GPO, or a custom app, or even a bit of social engineering (IE: A broadcast message company-wide: When you see this screen, click "Yes", it's for your own good. Trust us)
Then what happens is that the proxy acts as a middle man, encrypting the connection between itself and the origin, and encrypting the connection between itself and the destination,
(ie: PC < - > Proxy < - > Web Server) and neither side knows that it's not talking to the other directly. -
Re:HTTPS versus HTTP Cacheing
Any negative interactions?
I hope that HTTPS can cache like HTTP does.
Running end-to-end encryption would certainly prevent proxies from stashing away frequently accessed objects.
Your web browser can cache the data in its own cache, but you are correct in guessing that a proxy cannot transparently cache the data.
However, recently, I was looking at Riverbed Steelhead, which claims to be able to cache SSL-encrypted data. I'm guessing it would work similar to a replay attack -- you don't know what the data means, but you still know what its encrypted form looks like, so you can still cache it. Might be worth a look.
-
Re:No Good Solution
Sort of. Add in a bit of gzip for TCP/UDP, and top with some TCP handshake optimization.
For the info straight from the marketing department see http://www.riverbed.com/technology/data_streamlining/, http://www.riverbed.com/technology/trans_streamlining/ and http://www.riverbed.com/technology/app_streamlining/. -
Re:No Good Solution
Sort of. Add in a bit of gzip for TCP/UDP, and top with some TCP handshake optimization.
For the info straight from the marketing department see http://www.riverbed.com/technology/data_streamlining/, http://www.riverbed.com/technology/trans_streamlining/ and http://www.riverbed.com/technology/app_streamlining/. -
Re:No Good Solution
Sort of. Add in a bit of gzip for TCP/UDP, and top with some TCP handshake optimization.
For the info straight from the marketing department see http://www.riverbed.com/technology/data_streamlining/, http://www.riverbed.com/technology/trans_streamlining/ and http://www.riverbed.com/technology/app_streamlining/. -
Riverbed Steelhead
http://www.riverbed.com/products/appliances/
or something similar; I mention Riverbed because it is what we use. Good luck. -
Riverbed
Check out a company called Riverbed, http://www.riverbed.com/ they have a WAN optimization appliance called Steelhead that solves the exact problem you are describing. I won't turn this post into a sales pitch -- read their website, call them up and ask for a demo, then decide for yourself. I would insist on a proof of concept or pilot implementation before making an enterprise wide committment.
-
You can also use the bandwidth smarter
Have a look at a Riverbed Steelhead http://www.riverbed.com/. They do some good things with regards to TCP acceleration as well as application level acceleration. I've got some, and on a long haul connection (64Kb ISDN over 3000km) it effectively doubled my bandwidth and halved the latencies (paying for the units in about 18 months).
While profiling your activity is a good idea, and you can make some educated guesses when you expand the bandwidth, it's worth giving a bit of thought to a more creative use of the bandwidth you have.
These things (by the way) also run Linux - so you can trust them to work. -
protocol-level acceleration
Riverbed makes an appliance that may be suitable.
Basically, it's an appliance that sits between your WAN connection and the rest of your network. It understands most protocols that send bulk data over the network, and does transparent caching such that the clients on your network don't notice anything (except improved speed), and the server on the other end still thinks it's sending the data.
I saw a demo at a CUUG meeting, it was quite impressive.