a10 thunder series application delivery controller (adc) · adc services for millions of customers...

©A10 Networks, Inc.

A10 Thunder Series Application Delivery Controller (ADC)Overview

2©A10 Networks, Inc.

Thunder ADC Solutions to Enhance Your Business

Acceleration

Provide fast and responsive services

Competitive advantage

Drive down CAPEX and OPEX

Availability

Scale Web and key infrastructure

Reduce downtime Ensure business

continuity

Security

Protect against advanced and emerging attacks

Protect brand and guard against revenue loss

Meet required compliance standards

Solutions


Application availability– To maintain uptime – SLB, GSLB, high-availability (HA),

Health-checks, more…

Application acceleration– For equipment consolidation and

faster user experience – Caching, compression, network

optimization, more…

Application security services – For brand and asset protection while

enhancing your existing security – FWLB, WAF, SSL services, more…

Enterprise Data Center

A10 ADC

Web App DNS Other App

Security:DDoS MitigationWAFDAFAAM

Acceleration:SSL OffloadTCP ReuseRAM CachingCompression

Availability:GSLB

High-availabilityHealth-checks

Backup Data Center


Scaling security devices and encrypted communications– SSL Intercept: Eliminate encryption blind

spot and scale security appliances– FWLB and SSL offload, more…

Defend against emergingDDoS attacks – Network and application protection

Selectively apply dynamicsecurity chains– Traffic steering and advanced

ADC services

DMZ Security Solutions

Firewall Load BalancingDDoS MitigationWAFDAFAAMTraffic SteeringaFleX ScriptingSSL Offload

A10 ADC

Data Center

FirewallsIDS/IPSDLPOther

Firewall Load BalancingSSL Intercept

A10 ADC

Internal Users


Optimized network efficiency and services– Traffic steering and service chaining

Enhanced service availability– Load balancing for Web, caches,

Diameter, SIP, IPv4/IPv6 more…

Service Provider Solutions

Service Provider Networks


Solving Customers’ Critical Business Challenges

Reducing costs by consolidating legacy appliancesA10 ADCs enable consolidation of racks of legacy load balancers for operational efficiency and ease of management.

ADC services for millions of customers Improved reliability over legacy Cisco ACE load balancers while keeping costs down.

Powering multiple internal and external servicesMulti-tenancy consolidates internal applications and external web servers ADC environment, reducing OPEX and CAPEX.

Data center efficiency with large traffic volumesBest value to sustain very high traffic volume with the least capital and operational expense, and all required features.


Microsoft– Exchange and Lync certified, tested integrations include

SharePoint, IIS & more…

Oracle– Deployment guides for Application Server, E-business Suite,

PeopleSoft Enterprise, Oracle Siebel CRM, WebLogic

SAP– Reliability, security & performance certified for Business

Objects Explorer (BOE), SAP Netweaver Portal & SAP CRM

VMware– VMready certified, VMware View

Other – Blackboard, Apache & more…

Enhancing Key Applications

Application Availability


Application Availability

Highly available applications and data centers

High performance server load balancing: Scaling capacity for peak loads

High availability: For uninterrupted operation

Health-checks: Complete application fault detection

Global server load balancing (GSLB): Intelligence for global operations


Large capacity to handle high traffic volumes in 1RU– Up to 150 Gbps throughput– 5 M new sessions/sec– 256 M concurrent sessions

Benefits:– Optimized for maximum performance

with ACOS– Hardware offload – All-inclusive performance on

hardware appliances

Performance and SLB: Scaling Capacity for Peak Loads

A10 ADC

Data Center

ACOS performanceNo restrictionsHardwareoffload


Eliminates the ADC as a point of failure Benefits:

– Sub-second failover– Active-standby, active-active or N+1 options– Stateful failover to preserve sessions

High Availability: For Uninterrupted Operation

A10 ADC

Data Center


Ensures servers are able to handle users as intended Benefits:

– Users always receive the optimal experience

– Ensures all components needed are functioning

– Network, application (HTTP, DNS, more…) or database health-checks

Health-checks: Complete Application Fault Detection

A10 ADC

Unreachable Componentdown

e.g. database

Trafficdirected to

active server


Provides multi-data center resiliency Benefits:

– Enables disaster recovery on failure or active-active data centers

– Optimizes users to the best performingdata center (e.g. response time,geo-location, more…)

– Ensures user’s Web experience is the fastest

GSLB: Intelligence for Global Operations

A10 ADC

Data Center

Geo Site

Application Acceleration


Application Acceleration

TCP Optimization: Improve application performance

RAM Caching: Faster page loads equal more revenue

SSL Acceleration: Secure applications

Compression: Optimize any bandwidth level

Application acceleration for a faster user experience and optimized utilizationTechnology for Application Acceleration


Reduces TCP connection management overhead – TCP reuse (multiplexing) to offload server

connection setup and tear down

Benefits:– Increases overall server capacity– Reduction in connections– Improved response times less

required servers

Details:– Server TCP stack offload – Persistent connection to servers

TCP Optimization: Improve Application Performance

A10 ADC

Data Center

Many TCPConnections

Reduced TCP Connections


Offloads compute intensive SSL traffic – Hardware security processor assist

Benefits:– Eliminates high SSL CPU overhead

from servers– Servers support many more transactions

per second– Simpler certificate management

Details:– 4096-, 2048-, and 1024-bit keys– 2x key size = 3x to 7x drop in legacy

SLBs capacity

SSL Acceleration: Secure Applications

A10 ADC

Data Center

Secured HTTPS

UnsecuredHTTP


RAM Cached objects served from the Thunder ADC– Eliminates repetitive fetches for frequently

requested objects

Benefits:– Faster response to the end user– Reduce connections and server requests– Reduce servers due to offloaded traffic

Details:– Static or dynamic support– Extensive object type support

RAM Caching: Faster Page Loads Equal More Revenue

A10 ADC

Data Center

Repeated Requests Served From Cache


Reduces transmission size for HTTP – Smaller payload to transfer to the end user

Benefits:– Optimize traffic for international, mobile,

legacy devices, etc.– Faster delivery to end-user– Offloads Web server CPU cycles

Details:– Gzip & deflate encoding support– Hardware or software options

Compression: Optimize Any Bandwidth Level

A10 ADC

Data Center

Compressed Traffic

Uncompressed Traffic

Application Security


Application Security

Web application firewall (WAF): Eliminate common Web attacks

SSL intercept: Eliminate the outbound SSL blind spot

Application access management (AAM): Add authentication seamlessly

DNS application firewall (DAF): Protect critical infrastructure

DDoS protection: Multi-vector edge protection

Enhance existing security infrastructure, and protect against the latest threats


Benefit:– Protect web applications– Ensure against code vulnerabilities and assist

PCI-DSS/HIPAA compliancy– Prevent damage to intellectual property,

data and applications

Advantage:– Fully integrated/designed for ACOS– No license; single device solution– Scalable and high performance

WAF: Eliminate Common Web Attacks


Benefit:– User authentication required for resource access– Enhanced protection and server efficiency– Authentication offload

Advantage:– Supports popular authentication services/stores– No adjustment to web servers or infrastructure– Seamless integration

AAM: Add Authentication Seamlessly

Access RequestAuthenticationChallenge

AuthenticationRequest

AuthenticationSuccessAccess

Granted

AAM


Benefit:– Eliminate encryption blind spot to inspect

encrypted traffic, including malware and advance persistent threats (APTs)

Advantage: – Optimized decryption with dedicated security

processors for CPU intensive 2048-bit keys– Offloads firewalls that can’t scale

SSL decryption– Freedom to work with any traffic

inspection/mitigation device

SSL Intercept: Eliminate the Outbound SSL Blind Spot

Other

DLPUTM

IDS

Server

A10 ADC

A10 ADC

encrypted

decrypted

encrypted

Inspection/Protection

Client

16

2

5

3

4


Benefit:– Uninterrupted DNS services– Protects vulnerable infrastructure– Ensures infrastructure cannot be a

weapon against a 3rd party

Advantage:– Blocks non-DNS traffic (up to 70%)– Surge protection– Full DNS command set (aFleX

and built-in)– Redirection for “honey pots”

DAF: Protect Critical Infrastructure

Malicious and Invalid Non-DNS Traffic on Port 53

“Zombies”Infected Clients

Generating Requests

Regular Clients Perform as Expected

Optional Maliciousand Invalid Traffic

Redirection

DNS Infrastructure

Denied

Surge Protection

Allowed

Result = Reduced and OptimizedCPU Usage


Benefits:– Large-scale DDoS protection– Advanced protection features– Predictable operations

Advantage:– Full DDoS defense covers network and

application attacks– Hardware DDoS protection for common attacks– SYN flood protection to 200 M per second

DDoS Protection: Multi-vector Edge Protection

SYN FloodRate LimitingConnection LimitingSlow L7 AttacksGeographic ControlInfrastructure ProtectionDDoSDDoSMore…L7 aFleX Control

Thunder Management


Comprehensive management options for operational simplicity and reduced management cost– CLI and GUI: Ease of Use and Management– aFleX: Comprehensive DPI and traffic management– aXAPI scripting: Customizable management options for integration– aGalaxy: Centralized and automated operations for lower TCO– 3rd party integrations: SDN and Cloud orchestration integration– Other management options: Application delivery partitions and layer 3 virtualization (ADP/L3V) Virtual chassis system (aVCS)

Comprehensive Management Options


GUI (Graphical User Interface)– Fewer screens and steps for tasks– Intuitive and easy to use

CLI (Command Line Interface)– Industry standard CLI, familiar interface– Easy to use, comprehensive help

GUI and CLI: Ease of Use and Management


Deep packet inspection and scripting technology Benefits

– Adjust traffic and L7 data as needed– Fix or optimize applications– Complete traffic control

aFleX: Comprehensive DPI and Traffic ManagementExample: Automatically displays a Web page based on the user’s language, using the language set in the user’s browser.

English

SpanishJapaneseChinese


Integrate into 3rd-Party Applications– Reporting– Centralized configuration management– Provisioning

Custom Management Solutions– Integrated into homegrown apps versus

using the A10 CLI or GUI

Interactive Infrastructure– Applications can issue triggers to change

traffic management behavior based on external events

aXAPI: Customizable Management Options for Integration

Authentication request, containing Thunder admin username and password.

If authentication is successful, Thunder replies with a session ID and status 200 - ok

Configuration or monitoring request, containing the session ID

Next configuration or monitoring request, containing the session ID

Third-party application sends session close request or allows session to time out.

If session ID is Valid, and session has not timed out or been closed, Thunder performs the requested action and replies with status 200 - OK

Thunder performs requested action, if session ID is valid and session has not timed out or been closed

Third-party Application aXAPI


A central network management system for all A10 devices Benefits:

– Automate repetitive tasks and eliminate human error

– Centralized control of events and configuration

– Faster operation for reduced OPEX

aGalaxy: Centralized/Automated Operations for Lower TCO


Achieve automation, operational agility, and reduced TCO SDN integration

– Overlay & fabric integration– VXLAN and NVGRE– IBM SDN-VE, Cisco APIC, VMware NSX

Cloud orchestration integration– Policy integration with Cloud orchestration platforms– aGalaxy, Microsoft SCVMM, VMware vCloud

Director, OpenStack

3rd-Party Integrations: SDN/Cloud Orchestration Integration


ADP and L3V Multi-tenancy– Multi-tenancy for consolidation– Separate admin look and feel,

overlapping IP addresses– Up to 128 partitions 1000+ L3V partitions

aVCS clustering – Single point of management– Scale up to 8 units in a cluster– Scale to 1.2 Tbps in a cluster

Other Management Options: ADP/L3V and aVCS

Product Portfolio, ACOS and ADC Form Factors


Thunder ADC

Richfeatures

Flexible deployment

Smartdesign

Server load balancing and application delivery

Acceleration Security (WAF, SI,

DAF, DDoS, more…)

Broad array of form factors– Virtual– Physical– Hybrid

For on premise or cloud deployments

Designed foroptimal performance

Delivering maximum uptime

Green, data center friendly design

Enabling Highly Available, Accelerated and Secure Applications


ACOS: Best-in-Class Performance Scalability

Shared Memory Architecture

1 2 N

Flexible Traffic Accelerator

Switching and Routing

Efficient & Accurate Memory

Architecture

64-Bit Multi-CoreOptimized

OptimizedFlow Distribution

CPU1

CPU2

CPU3

CPUN Compression

SSL


Thunder ADC Hardware AppliancesPr

ice

Performance

Thunder 930 ADC

5 Gbps (L4&L7)200k L4 CPS

1 M RPS (HTTP)

Thunder 1030S ADC


2M RPS (HTTP)SSL Processor

Thunder 3030S ADC


3M RPS (HTTP) SSL Processor

Thunder 4430(S) ADC

38 Gbps (L4&L7)2.7M L4 CPS

11M RPS (HTTP)

Thunder 5430S ADC

77/75 Gbps (L4/L7)2.8M L4 CPS

17M RPS (HTTP)SSL ProcessorHardware FTA

Thunder 5430(S)-11 ADC

79/78 Gbps (L4/L7)3.7M L4 CPS


Thunder 5630 ADC

79/78 Gbps (L4/L7)6M L4 CPS

32.5M RPS (HTTP)SSL ProcessorHardware FTA

Thunder 6430(S) ADC

150/145 Gbps (L4/L7)5.3M L4 CPS


Thunder 6630 ADC

150/145 Gbps (L4/L7)7.1M L4 CPS



vThunder Software Appliances

Lab Edition

Entry Level/Lab 200 Mbps

Entry Level/Lab1 Gbps

High-performance4 Gbps

High-performance 8 Gbps

vThunder (Perpetual Licensing) 200 Mbps to 8 Gbps VMware, KVM, Hyper-V & Xen

hypervisors Dynamic provisioning, faster roll out Scale up or down on-demand

Pric

e

Performance


Other vThunder Appliances and Flexible Billing Options

vThunder Pay-as-You-Go Licensing

Elastic & adaptive “Pay-as-you-Go” metering Automated licensing For IaaS providers only

License per Month

Rent (RBM) Utility (UBM)

License per Byte

vThunder for AWS

10 Mbps to 1 Gbps licensing 1 click provisioning of 64-bit Amazon

Machine Image (AMI) EC2 or VPC environments No feature limitations; licensed by

bandwidth BYOL perpetual license or hourly based

license


Why HVA?– Hardware acceleration– Deploy instances on demand– Consolidation– Strong hypervisor-based isolation

Advantage:– Hardware performance, virtual flexibility– OpenStack management – SR-IOV support for network and SSL

acceleration– No performance or feature licenses

Thunder Hybrid Virtual Appliance (HVA)

Pric

e

Performance

Thunder 3030S HVA8 instances,

35 Gbps

Thunder 3530S HVA40 instances,

100 Gbps

Summary


Thunder Buzz

“Provides substantial value…very high performance platforms, but only 1RU in size…”

Mark Fabbi, Gartner | Source: NetworkWorld

“…provide value and efficient networking to our customers.”

Jeff Doyle, Vice President of Engineering, TorreyPoint

“…simplify our IT environment…to meet and exceed service level agreements for all of our users.”

George Hamin, Director eBusiness & Information Systems for Subaru Canada, Inc.


Provides a better application experience, while optimizing your environment Provides essential application delivery features

– Availability– Acceleration– Security

Broad array of high performance Thunder form factors– Physical, hybrid, virtual and cloud

Summary – Thunder ADCs for Today’s Application Concerns


Visit www.a10networks.com– 30 days, 5 Mbps limit– Full features– For VMware, Hyper-V, KVM and Xen

vThunder Free Trial – Try Today

THANK YOUwww.a10networks.com

a10 thunder series application delivery controller (adc) · adc services for millions of customers...

Documents