In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.
This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.
Riverbed's technique is straightforward. All WAN optimizers work the same way--they proxy TCP connections between the client and the server. There are actually three TCP connections: One between the client and the local appliance; one between the appliances; and one between the remote appliance and the server. This is nearly always transparent to the user and the network. SSL is an end-to-end security protocol, so proxying breaks SSL. Riverbed calls its technology "Split Termination." Companies must export their servers public/private key pairs to the Steelhead appliance in the data center. When an SSL client initiates an SSL connection, the Steelhead appliance within the data center completes the SSL negotiation and pushes the session key to the remote Steelhead appliance. That lets the remote Steelhead communicate securely with the client. The two Steelhead appliances do their WAN optimization magic before sending the traffic over SSL between them, and the datacenter Steelhead appliance creates an SSL session with the target server. This is a split reverse proxy. Bluecoat has similar functionality, in addition to a forward proxy. Rather than having to move keys from the server to the WAN optimization appliance with a forward proxy, Blue Coat's system generates a digital certificate and distributes it to your WAN optimization appliances, and the appliance certificate or the CA certificate must be distributed to the clients. That lets the Bluecoat products optimize any SSL application. The trade-off is that with Riverbed you must move your private keys into each core appliance that will be accelerating SSL for each supported Web server. Any application that you don't own, like a hosted application, will present a problem if the private key can't be moved. Given that few companyies are actually storing their private keys in hardened storage anyway, moving the keys may not be much of a security risk. By comparison, with Bluecoat, your server's private keys remain where they are, but you have to distribute a CA certificate or the appliances certificate to your clients' browsers. In the end, the security of the system is essentially the same with each approach, but from a management perspective, there might be advantages in only generating a new root CA on the proxy and distributing it to the clients if the old one is compromised, versus generating new private keys on all the servers and distributing them to the proxy. It really depends on the usage scenario as to which will be the best choice.
Mike Fratto NWC Technology Editor
Riverbed Technology this week launched a new version of its application-acceleration technology that it says can be used to optimize SSL (Secure Sockets Layer) traffic without interfering with existing enterprise trust models.
Riverbed's RiOS (Riverbed Optimization System) 4.0 is the latest version of the underlying optimization technology running in the vendor's Steelhead optimization appliances. The software accelerates SSL-encrypted traffic without forcing certificates or private keys to be distributed to the edge, thus dodging potential key-management problems, Riverbed officials said.
Network Computing encourages readers to engage
in spirited, healthy debate, including taking us to task.
However, Network Computing moderates all comments posted to our site,
and reserves the right to modify or remove any content that it determines to be derogatory,
offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM.
Network Computing further reserves the right to disable the profile of any commenter participating
in said activities.
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:
