Chapter 3: Feature-Specific Upgrade Behavior

Authentication

Two new realms—policy substitution and Oblix COREid—have been added in SGOS 4.x.

COREid Realm—The ProxySG can be configured to consult an Oblix COREid (formerly known as Oblix NetPoint) Access Server for authentication and session management decisions. This requires that a COREid realm be configured on the ProxySG and policy written to use that realm for authentication.

Policy Substitution Realm—A Policy Substitution realm provides a mechanism for identifying and authorizing users based on information in the request. The realm uses information in the request and about the client to identify the user. The realm is configured to construct user identity information by using policy substitutions. See Table 3.2 on page 15 for useful substitutions added in support of this feature.

In addition, RADIUS realms now support one-time passwords, and Netegrity realms now allow you to enable or disable client IP validation.

Upgrade Behavior

COREid and Policy Substitution realms: These new realms have no upgrade issues. On a downgrade, the realms will not be recognized and could cause policy compilation to fail if they are referenced by policy.

Netegrity: On an upgrade, the new realm option for client IP validation is added to existing realms with the default value of enabled so that the behavior remains as it was. On a downgrade, the value is ignored and all SiteMinder realms do client IP validation.

Administrator Actions

You must upgrade to the latest version of the Blue Coat Authorization and Authentication Agent (BCAAA) before you can use the new COREid realm.

Documentation References

Chapter 9, “Using Authentication Services,” in the Blue Coat ProxySG Configuration and Management Guide

Bandwidth Management

Bandwidth management allows you to classify, control, and, if required, limit the amount of bandwidth used by different classes of network traffic flowing into or out of the ProxySG. Network resource sharing (or link sharing) is done using a bandwidth-management hierarchy where multiple traffic classes share available bandwidth in a controlled manner.

Bandwidth management provides the following features:

Guarantees that certain traffic classes receive a specified minimum amount of available bandwidth.

Limits certain traffic classes to a specified maximum amount of bandwidth.

Prioritizes certain traffic classes to determine which classes have priority over available bandwidth.

17

Page 17
Image 17
Blue Coat Systems SGOS 4.x manual Authentication, Bandwidth Management, Administrator Actions

SGOS 4.x specifications

Blue Coat Systems SGOS 4.x is a robust operating system designed for the Blue Coat ProxySG series of appliances, which serve as content filtering and web security solutions. The SGOS (Secure Gateway Operating System) is crafted to enhance network performance while providing extensive security and policy enforcement capabilities. This article delves into the numerous features, technologies, and characteristics that define SGOS 4.x, making it an essential tool for organizations looking to fortify their web traffic management and security.

One of the standout features of SGOS 4.x is its advanced web filtering capabilities. The system employs a comprehensive URL categorization database that allows organizations to enforce content policies effectively. By categorizing millions of web pages, SGOS enables users to block or allow access to specific sites based on their content category, ensuring a safe browsing experience for employees and preventing access to harmful or non-work-related content.

Another notable technological characteristic of SGOS 4.x is its accelerated SSL decryption. As encrypted traffic continues to dominate the web, it becomes increasingly important for organizations to inspect this traffic for potential threats. SGOS 4.x offers robust SSL decryption capabilities that allow organizations to analyze encrypted traffic while maintaining the confidentiality and integrity of the data being transmitted. This attribute not only strengthens security but also aids in compliance with regulatory requirements.

SGOS 4.x is also equipped with exceptional caching and content delivery features. By caching frequently accessed content, the system reduces load times and optimizes bandwidth usage. This caching mechanism is enhanced by predefined policies that dictate how content is stored and retrieved, significantly improving user experience while reducing operational costs.

Furthermore, SGOS 4.x supports advanced reporting and analytics features. The integrated reporting tools provide administrators with insights into web usage patterns, bandwidth consumption, and security incidents. These insights facilitate informed decision-making and allow organizations to refine their web usage policies based on actual user behavior and threat landscape analysis.

In terms of scalability, SGOS 4.x is engineered to support a wide range of deployment scenarios, from small businesses to large enterprises. The architecture is designed to efficiently handle varying volumes of traffic without compromising performance or security, making it a flexible solution for diverse organizational needs.

Overall, Blue Coat Systems SGOS 4.x presents a powerful platform for web security and traffic management. With its advanced filtering, SSL decryption, caching, and analytics capabilities, SGOS 4.x remains a vital solution for organizations aiming to enhance their security posture and improve operational efficiency in an increasingly complex web environment.