Server Farm Security Solutions
Servers and applications resident in a data center are the most critical information technology assets of any organization. Attacks from malicious users and machines could cripple the servers and applications, and cause significant service downtime. In the worst scenario, these attacks may compromise sensitive application data and user information. Most attacks abuse legitimate access granted to applications through a traditional firewall, and are difficult to detect and prevent. Servers have always been ill equipped to defend themselves from high-speed attacks that abuse standard protocols and Web transactions. Additionally, server OS is not operationally easy to update based on fast-evolving threats. A second layer of defense inside the firewalls and in front of the server farm is necessary to proactively defeat high-speed attacks against applications. Foundry's ServerIron solution offers a reliable last line of defense in front of the server farm with its hardware-based high-performance security feature suite, which includes the industry's only multi-gigabit wire-speed DoS and DDoS protection. It provides Layer 2 through Layer 7 protection against most common network and application level threats. With built-in application-specific intelligence, the ServerIron security solution is able to detect and prevent the most sophisticated exploits using Web and other application transactions.
Overview
Pervasive network connectivity brings the benefits of increased productivity, profits and cost savings. It offers internal and external users access to applications and services instantaneously anytime and anywhere in the world over the network. With the great benefits of always-on network connectivity, however, comes the security threat from malicious and unauthorized users trying to cripple the network and the applications. DoS attacks are still the most common security threat to applications, and are the most difficult to defeat. Even today's advanced firewall technology may not be sufficient to protect server farms and applications from high-speed DoS attacks, and in many service provider environments, firewalls are not an option.
Foundry's intelligent ServerIron Layer 4-7 switches are industry leaders in security and performance, and meet the security needs of the most demanding organizations in the world. The switches support a wide variety of intelligent security features, and combine these security features with high-end performance to act as a reliable last-line-of-defense for the server farms in financial networks.
The SYN-Guard feature helps defeat most Denial of Service (DoS) and Distributed DoS (DDoS) attacks that take advantage of the TCP connection handshake mechanisms. The switches shield "real" servers completely from any TCP connection requests until the connection is successfully completed with the three-way handshake. The Layer 4-7 switch forwards the connections to the real servers only after the connection is legitimately established. The servers never see any partially established connections, which are timed-out by the Layer 4-7 switch. SYN-Guard also avoids the use of session table for pending connections and conserves the resources to support legitimate clients.
The ServerIron security solution also features a comprehensive suite of application rate controls on the user and server side to prevent abuse and attacks using legitimate connections and application transactions. The switches act as traffic cops and limit the load from individual users and to individual servers to prevent overloading servers and slowing application performance. Highly-intelligent layer 7 inspection and filtering capabilities embedded in the ServerIron TrafficWorks OS help network and application managers prevent sensitive data and information theft while protecting against service downtime.
Related Products
Foundry's application switching solutions are available on a range of ServerIron products purpose-built with ASIC-based and network-centric architecture to deliver highest availability, performance and scalability when deployed in business-critical application infrastructures. The ServerIron family of products feature the high-intelligent TrafficWorks OS to deliver a full range of application switching solutions cusotmizable to the customer environment.
Literature
Applications
- Server Load Balancing
- Transparent Cache Switching
- Firewall Load Balancing
- Global Server Load Balancing
Solutions Guides
- Application Delivery Solutions Guide (PDF 1.3M)
Case Studies
Research & Test Reports
- Current Analysis Report: ServerIron 4G Models (PDF 102K)
- Tolly Report: ServerIron 450 Application Switch (PDF 338K)
White Papers & Application Notes
General
- Application Delivery Solutions for Enterprise Service-Oriented Architecture (PDF 368K)
- Leveraging the Advantages of a Multi-vendor Network Strategy (PDF 181K)
Load Balancing
- Server Load Balancing in Today's Web-enabled Enterprises (PDF 229K)
- Global Server Load Balancing (PDF 145K)
- Firewall Load Balancing (PDF 82K)
Content Switching
- ServerIron SIP & VoIP Application Switching (PDF 823K)
- Offloading Server Connection Management Using ServerIron (PDF 163K)
- Foundry ServerIron FIXSWITCH™ (PDF 276K)
- XML Switching on ServerIron (PDF 217K)
Security
- Fighting Spam @ the Network Using Foundry ServerIron SPAM-Def (PDF 202K)
- Emerging Approaches to Fighting Spam @ the Network (PDF 128K)
Application Support
- Deploying SAP NetWeaver Infrastructure with Foundry Network ServerIron (PDF 618K)
- Microsoft Office Communications Server 2007 - Load Balancing with Foundry Networks ServerIron Platform (PDF 709K)
- OracleAS Infrastructure with ServerIron Hardware Load Balancer (PDF 483K)
- Microsoft Live Communications Server 2005 Load Balancing With Foundry Networks ServerIron Platform (PDF 92K)
Related Links
In The News
- Podcast: How to get Sub-millisecond Application Performance
- Podcast: The Five Requirements Of Application Delivery Switches
- Foundry Networks Delivers Enhanced SSL Security With FIPS 140-2 Certified Encryption In ServerIron Advanced Application Delivery Switch
- Foundry Networks' ServerIron Honored With SearchNetworking.com 2008 Product Leadership Award
- Foundry Networks Enhances Usability And Eases Manageability For The ServerIron Family Of Application Delivery Switches
- CitiStreet Selects Foundry Networks' ServerIron Application Delivery Switches
- Foundry Networks Announces Application Delivery Switches Offer Efficient Load Balancing For Microsoft Office Communications Server 2007