A10 Security Solutions and Cisco ACE - eb-Qual · ©A10 Networks, Inc. Security Overview and Cisco...
Transcript of A10 Security Solutions and Cisco ACE - eb-Qual · ©A10 Networks, Inc. Security Overview and Cisco...
©A10 Networks, Inc.
Security Overview and Cisco ACE Replacement
March, 2014
Florian Hartmann, Senior Systems Engineer DACH
2 ©A10 Networks, Inc.
A10 Corporate Introduction
54.7M
$91.5M
$120M
$142M
$186M
1,000+
2,000+
4000+
Q4' 11 Q4' 12 Today
CUSTOMER GROWTH
COMPANY GROWTH
Headquarters in San Jose
800+ Employees Offices in 32 countries Customers in 65 countries
3 ©A10 Networks, Inc.
A10 Product Portfolio Overview
Dedicated
Network
Managed
Hosting Cloud IaaS IT Delivery Models
Application Networking Platform
Performance
Scalability
Extensibility
Flexibility
CGN TPS
ADC
ACOS Platform
Product Lines
ADC – Application Acceleration & Security
CGN – IPv4 Extension / IPv6 Migration
TPS – Network Perimeter DDoS Security Carrier Grade
Networking
Application Delivery Controller
Threat Protection System
4 ©A10 Networks, Inc.
3400+ Customers in 65 Countries
Web Giants Enterprises Service Providers
3 of Top 4 U.S. WIRELESS CARRIERS
7 of Top 10 U.S. CABLE PROVIDERS
Top 3 WIRELESS CARRIERS IN JAPAN
6 ©A10 Networks, Inc.
ACOS Platform: Scaling Application Networking with Moore’s Law
Extremely Efficient Network Pre-Processing*:
Hardware-Assisted L2-4 Pre-Processing
Optimized Hardware-Assisted Flow Distribution
Hardware-Assisted Security Functions
* Hardware Assist Features Available on Most Thunder Appliances
Highly Scalable Application-Layer Processing:
Scalable Symmetric Multi-Processing
Unique Shared Memory Architecture
Linear Growth in Scale via Parallel Processing
Low-Value Services:
Forwarding, Segmentation
High-Value Services: Optimization, Availability, Security
Application
OSI Reference Model
Presentation
Session
Transport
Network
Data Link
Physical
MAC: f4:f9:51:f0:d5:9d
IP: 192.168.1.1
MAC: f4:f9:51:f0:d5:9d
IP: 192.168.1.1
Shared Memory Architecture
1 2 3 N
Flexible Traffic Accelerator
Switching and Routing
7 ©A10 Networks, Inc.
ADC
aGalaxy
ACOS: Platform for Application Service Gateway Portfolio
Policy Mgmt
Software
Product
Lines
Platform OS
& Services
Form Factors
CGN TPS
aXAPI
ACOS – Advanced Core Operating System
Security DDoS | SSL | WAF | AAM | DAF Optimization
& Acceleration IPv6 | SLB | SSL | GSLB | TCP Opt | NAT
ThunderTM & AX Series
Appliances Virtual Chassis
(aVCS )
vThunder Perpetual License
Dedicated Data Centers
Thunder HVA
Appliances Application Delivery Partitions (ADPs)
Multi-Tenant Data Centers
Dedicated
Network
aFleX aCloud Services Architecture (SDN & Cloud Integration)
aCloud™
IT Delivery
Models Managed
Hosting Cloud IaaS
vThunder Pay-as-you-Go
License
9 ©A10 Networks, Inc.
Application availability
– To maintain uptime
– SLB, GSLB, high-availability (HA), Health-checks, more…
Application acceleration
– For equipment consolidation and faster user experience
– Caching, compression, network optimization, more…
Application security services
– For brand and asset protection while enhancing your existing security
– FWLB, WAF, SSL services, more…
Enterprise Data Center
Acceleration:
SSL Offload
TCP Reuse
RAM Caching
Compression
A10 ADC
Web App DNS Other App
Security:
DDoS Mitigation
WAF
DAF
AAM
Availability:
GSLB
High-availability
Health-checks
Backup Data Center
10 ©A10 Networks, Inc.
Scaling security devices and encrypted communications
– SSL Insight: Eliminate encryption blind spot and scale security appliances
– FWLB and SSL offload, more…
Defend against emerging DDoS attacks
– Network and application protection
Selectively apply dynamic security chains
– Traffic steering and advanced ADC services
DMZ Security Solutions
Firewall Load Balancing
DDoS Mitigation
WAF
DAF
AAM
Traffic Steering
aFleX Scripting
SSL Offload
A10 ADC
Data Center
Firewalls
IDS/IPS
DLP
Other
Firewall Load Balancing
SSL Insight A10 ADC
Internal Users
11 ©A10 Networks, Inc.
A10 Security Alliance Partner Categories
SSL Inspection and Load Balancing
Certificate Management
Authentication
Intelligence
Advanced Detection and Analysis
Programmatic Security Control
16 ©A10 Networks, Inc.
Easy transition features – CLI/GUI
Graphical User Interface (GUI)
Fewer screens and steps for tasks
Intuitive and easy to use
Rest-based API
JSON format
Many integrations and SDKs available
Command Line Interface (CLI)
Industry standard (Cisco-like CLI)
Easy to use, comprehensive help
ACOS Version 2.7.x
17 ©A10 Networks, Inc.
Easy transition features – CLI/SDP
interface vlan 120
description Upstream VLAN_120 - Clients and VIPs
ip address 192.168.120.1 255.255.255.0
fragment chain 20
fragment min-mtu 68
rserver host SERVER1
ip address 192.168.252.245
inservice
rserver host SERVER2
ip address 192.168.252.246
inservice
rserver host SERVER3
ip address 192.168.252.247
inservice
serverfarm host SFARM1
probe UDP
rserver SERVER1
inservice
rserver SERVER2
inservice
rserver SERVER3
inservice
class-map match-all L4UDP-VIP_114:UDP_CLASS
2 match virtual-address 192.168.120.114 udp eq 53
policy-map type loadbalance first-match L7PLBSF_UDP_POLICY
class class-default
serverfarm SFARM1
vlan 120 tagged interface e 1 router-interface ve 120 !
interface ve 120 ip address 192.168.120.1 255.255.255.0 ! slb server SERVER1 192.168.252.245 port 0 udp ! slb server SERVER2 192.168.252.246 port 0 udp
! slb server SERVER3 192.168.252.247 port 0 udp ! slb service-group SFARM1 udp health-check UDP member SERVER1:None member SERVER2:None member SERVER3:None
! slb virtual-server vs_192_168_120_114 192.168.120.114 port udp name L4UDP-VIP_114:UDP_CLASS service-group SFARM1
Cisco ACE config
A10 AX config
18 ©A10 Networks, Inc.
Application-Centric Infrastructure Dynamic L4-L7 Services
Nexus 9000 Series Application Policy Infrastructure Controller
A10 Networks Thunder Series
Cisco ACI Integration
APIC
A10 ACOS Appliances Physical, HVA and Virtual
L4, L7 SLB
Application
templates
HTTP
optimizations
A10 Components ADC – Thunder, vThunder, Thunder HVA
Partner
Components
Cisco Nexus Fabric, APIC Controller
Target Markets • Hybrid Cloud
• Large Enterprise: Financials, Pharma,
• Education, SaaS
Differentiation • Choice of form factors
• Operational consistency A10 Cisco ACI Device Package available now!