Applying user-specific WAN controls

Let's face it: There's a corporate hierarchy, and some end users are more important than others. That's why sometimes it's not enough to give priority to certain applications. IT departments need more granular ways to provide user-level performance guarantees.

With that in mind, Blue Coat Systems recently added features to its ProxySG appliances that let IT staff determine acceleration or prioritization of traffic based on an individual, or the group to which an individual belongs.

By verifying a network user’s identify, IT can grant or limit access to certain applications, determine network priority and bandwidth, and apply other permissions or controls, Blue Coat says. For example, a company might want to ensure that its salespeople have high priority -- and strong WAN performance -- when accessing the company’s CRM system, since salespeople use the application for revenue-generating activities.

"ProxySG appliances know each user, which is something unique in the WAN optimization market and enables access and acceleration decisions based on individual users and applications," said Bethany Mayer, Blue Coat’s senior vice president of worldwide marketing, in a statement.

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Let's face it: There's a corporate hierarchy, and some end users are more important than others. That's why sometimes it's not enough to give priority to certain applications. IT departments need more granular ways to provide user-level performance guarantees.

With that in mind, Blue Coat Systems recently added features to its ProxySG appliances that let IT staff determine acceleration or prioritization of traffic based on an individual, or the group to which an individual belongs.

By verifying a network user’s identify, IT can grant or limit access to certain applications, determine network priority and bandwidth, and apply other permissions or controls, Blue Coat says. For example, a company might want to ensure that its salespeople have high priority -- and strong WAN performance -- when accessing the company’s CRM system, since salespeople use the application for revenue-generating activities.

"ProxySG appliances know each user, which is something unique in the WAN optimization market and enables access and acceleration decisions based on individual users and applications," said Bethany Mayer, Blue Coat’s senior vice president of worldwide marketing, in a statement.

Tying access privileges to application acceleration strategies makes a lot of sense. Enterprises have gone to great lengths to secure and control application usage using directories and identity management technologies (compare products). Why not extend that foundation to WAN controls?

Blue Coat’s ProxySG devices are hybrid appliances that combine security features (to protect against viruses and spyware, for example) with URL filtering, bandwidth management, and application acceleration capabilities. For identity-based controls, the ProxySG appliances work with enterprises’ existing authentication systems, including Active Directory, NT LAN Manager, RADIUS, LDAP, Digital X.509 certificates, Novell eDirectory, Oracle COREid, RSA SecurID tokens, CA eTrust Siteminder and many others.

The newly added authentication features are built into the latest release of Blue Coat’s ProxySG operating system software, SGOS 5.2, which is available to customers with current maintenance contracts at no charge. The new capabilities include “permit authentication error,” a management feature that lets administrators grant full or partial access to network resources, even if a user hasn’t been successfully authenticated because of invalid or out-of-date credentials. This way someone having login difficulty can communicate with a help desk, for example, Blue Coat says.

Another new feature is guest authentication, which lets administrators grant a user access to the network on a limited basis and assign various authentication and authorization attributes, including the ability to track the user’s Internet activity.

A new set of user management features gives administrators control over users logged into the network, including the ability to view all active users, and the ability to limit the number of logins for a particular computer or IP address. In addition, an administrator can provide a logout URL for users to manually logout, set limits for login times and require re-authentication after a certain length of time.