The network functions platform companyVirtualized app delivery and security

Rodolf Schmit – RISK 2019 Event - Lasko

Array At-a-Glance

HeadquartersMilpitas,CA

Employees250+

Technology30+Patents

FocusVirtualizedApplicationDeliveryandSecurity

ProductsNetworkFunctionsPlatforms(NFV)

ApplicationDeliveryControllers(ADC)

SecureAccessGateways(SSLVPN)

SegmentsEnterprise,ServiceProvider,PublicSector

MarketsNorthAmerica,China,Japan,India&EMEA

Customers5000+Worldwide

Maximum performance

and scalability in the

enterprise data center

Array Networks Product PortfolioHyper-converged networking, security and application delivery

Virtual & Public Cloud Infrastructure ServicesEnterprise Private CloudDedicated Appliances

Hyperconverged and

virtualized networking

and security solutions

Offer networking and

security as a service on

premises or hosted

On-demand utility

consumption for AWS,

Azure, VMware, etc.

AVX Series

Network Functions PlatformAPV Series ADC

AG Series SSL VPN

vAPV Virtual ADC

vxAG Virtual SSL VPN

Virtualized app delivery and security

EnterpriseNFVEvolvingtoVirtual

AppliancesSecureAppDelivery

Solvingperformanceandcomplexitychallenges Creatingafoundationforthefuture

ApplicationDelivery(ADC)

SSLVPNRemoteAccess NetworkFunctionsPlatform 3rd PartyEcosystem

• Highavailability

• Trafficmanagement

• Performance

• Secureaccess

• Multi-tenancyandconsolidation

• Agilitywithguaranteedperformance

• Acceleratedserviceprovisioning

• Flexibleservicechaining

Providingafast,always-onuserexperience

Evolving towards virtualization

0

500

1,000

1,500

2,000

2,500

2012 2013 2014 2015 2016 2017 2018 2019

VirtualADCleases-MSP

VirtualADC

ADCSLB

ADCAPMobileData

ADCAdvancedPlatform

Pros and cons of virtual appliances

CONSPROS

• Performancepenaltyandscalabilityissues

• Complexisolationandtroubleshooting

• Organizationaldisruption

• Skillsdeficits

• Hiddenhardwareandhypervisorcosts

• Flexibilityandportability

• Orchestrationfriendly

• Pay-as-you-go/grow

• Avoidsvendorlock-in

• Choiceofhardware

• Space,powerandcooling

✖

✔

Eliminate the trade-off with Array!

• Virtualized• Multi-tenant

environment• Vendorneutral

• Simple• Guaranteed

performance• Affordable

NetworkFunctionsPlatform

The Network Functions Platform

Large

ADC

Small

ADC

Small

ADC

Small

WAF

Small

WAF

Medium

SSLVPN

Entry

ADCs

UnusedCapacity

HypervisorManagement

CPU SSL RAM I/O

VariableSizeVMs

Mixandmatch32entry,

16small,8mediumor

4largevirtualappliances

Pay-As-You-Grow

Purchaseanddeployvirtual

appliancesinproportion

tobusinessrequirements

MultipleNetworkFunctions

DeployADC,WAF,SSLVPN,

DDoSandotherfunctionsfrom

Arrayor3rd partyvendors

ManagementAutomation

IntegratewithexistingMNS

andcloudmanagement

platformsviaRESTfulAPIs

SimplifiedConfiguration

Eliminatescomplexityby

automaticallyassigningvirtual

appliancehardwareresources

GuaranteedPerformance

DedicatedCPU,SSL,RAMand

I/Opervirtualappliancefor

guaranteedperformance

Entry

ADCs

SHARED

ENVIRONMENTS

GUARANTEED

PERFORMANCE

Multi-tenancy and consolidation

ExternalCustomers(CSP&MSP)

CSPorMSPprovidesloadbalancingorSSLVPNasaninfrastructureservicesupportingmultiplecustomers.

ProvidermustaccelerateservicedeploymentwhileminimizingCapExandOpEx.

InternalCustomers(Enterprise)

ITactsasaproviderofprivatecloudappdeliveryandsecurityservicessupportinginternalprojectsanddepartments.

ITmustbecomemoreagileinitsabilitytoofferrobust,on-demandservices.

Agility with guaranteed performance

SSLAcceleratedVirtualAppliances

ITwantsamulti-tenantADCoravirtualizedenvironmentcapableofsignificantlyhigherSSLperformanceand guaranteedSSLperformanceperinstance.

SupportproductionappsorcustomerSLAs.

Compute-IntensivevADCFunctions

UsecaserequiresmultipleADCfunctionssuchasSLB,SSLoffload,SSLVPN,LLB,GSLB orWAF.OnevADCcannothandlethecombinedload.

DistributeADCfunctionsacrossmultiplevirtualappliances,eachwithguaranteedperformance.

SSL accelerated virtual appliances

§ NetworkFunctionsPlatforms

areuniquelycapableofrunning

virtualADCswithHW

acceleratedSSL

§ Forinstance,alarge

vADCisallocated:

- 8vCPU

- 16GBvRAM

- 4IOVFs

- 4SSLVFs

vCPUs

vRAM

SSLVFs IOVFs

Compute-intensive vADC functions

§ Eachcompute-intensivevADC

functiondeployedasan

independentvirtualappliance

withdedicatedHWresources

§ Interconnectfunctions

togain:

- Neededfunctionality

- SWagility

- HWperformance

vADC

vWAF

vSSLVPN

vDNS

Why Array for virtualized appliances?

Software-CentricAgilityGaintheflexibilityofvirtualinfrastructure,

withflexiblesizing,functions,management

andpay-as-you-growconsumption.

SimplifiedDeploymentEliminatecomplexityassociatedwithvirtual

andphysicalportmapping,CPUpinning,

NUMA boundarysettingsandSR-IOV.

CostEfficiency&ValueReducecostsassociatedwithspace,power

andcooling,minimizehardwarecostsand

driveefficiencyviaagilemanagement

GuaranteedPerformanceReservedCPU,memory,SSLandinterfaces

perVAdeliverhardware-likeperformance

andguaranteedperformance.

Arrayor3rd-PartyVAsHostArrayapplicationdeliveryandsecurity

virtualappliances,orvirtualappliancesfrom

othernetworkingandsecurityvendors.

“NFV in a box”

Plug&PlaySimplicity

§ Eliminatestheneedforspecialized

serverorvirtualizationexpertise

§ Abstractscomplexconfigurationtasks

suchasCPUpinning,NUMAboundarysettings,

SR-IOVandphysicalandvirtualportmapping

AnyNetworkFunction

§ Arrayor3rd-partyfunctions

§ CertifiedPlatform-ReadyProgram

§ Appdelivery,securityornetworking

§ Pay-as-yougrow– purchaseand

deployfunctionsasneeded

GuaranteedPerformance

§ ReservedHWresourcespervirtual

networkfunction(VNF)or

virtualappliance(VA)

§ DedicatedvCPU,vRAM,SSLVF

andIOVFperVNForVA

IntuitiveOrchestration

§ VisuallyinterconnectVNFsandVAs

viaanadministrator-friendlyWebUI

§ IntegratewithexistingMNSandcloud

managementviaRESTfulAPIs

§ DeployasanodewithinOpenStack

Deploy Array, 3rd party or Open

Source Software

3rd Party Software

ADC SSL VPN WAN

Open Source SoftwareArray Software

SLB LINUXLINUX

SLB LINUXLINUX

NGFWWanOp ADCNGFWWanOp ADC

ArrayOS

AVX Series Hardware

Intuitive orchestration

PlatformOverview ServiceChaining CreateVNF Configure

NetworkFunctions

CreateNewServiceChain

vAPV vxAG

VirtualNetworking

ExternalNodes

Policy-BasedServiceChainFlows

1

vxAG vAPV

2

SSL vAPV

3

SSL vAPV

How can Array help you today?

ApplicationDelivery&

Security

High-availability,performanceand

securityforbusiness-criticalapps

Secureremote,mobileand

cloudaccess

Multi-Tenancy&

Consolidation

Gainthebenefitsofvirtualization

whileavoidingthepitfallsof

performanceandcomplexity

Achieveagilityatscale

Enabling

NFVAdoption

Solveappdeliveryandvirtualization

challengeswhilelayingafoundation

forNFV

“NFVinaBox”

Arrayprovidesanindustry-leading

combinationoffeatures,performance,

ease-of-use,valueandfuture-proof

deploymentmodels.

ArrayoffersuniquesupportforSSL

acceleratedvirtualappliancesand

guaranteedperformanceinshared

environments.

Arrayoffersplug-and-playsimplicitywith

supportforanynetworkfunction,

intuitiveorchestrationandguaranteed

performance.

AVX Platform Models

Scale

Pe

rfo

rma

nce

AVX

10650

AVX 3600

AVX 7600

AVX

9800

AVX

5800

AVX

7800

AVX x600

Series

New

AVX x800

Series

AVX x800 Platforms: Performance &

Scale

NetworkFunctionsPlatforms

Number of Pre-defined

VAs

Max System

Performance& Scale

AVX 9800AVX 5800

AVX 7800

Number of Large Instances 1 2 4

Number of Medium Instances

2 4 8

Number of Small Instances 4 8 16

Number of Entry Instances 8 16 32

Max L4 CPS 750K 1.5M 3.0M

Max L4 Throughput 40 Gbps 80 Gbps 160 Gbps

Max SSL TPS (2K Key) 40K 80K 160K

Max SSL Throughput 40 Gbps 80 Gbps 160 Gbps

Full Datasheet: https://www.arraynetworks.com/ufiles/resources/DS-AVX-Series.pdf

AVX Series Vs. The Competition

NetworkFunctionsPlatforms

Openplatform,purpose-builttorun

networkingandsecurityVAs;simple,

high-performanceandcost-effective.

COTSGenericServers

Perceivedascheapanddispensable;

however,theycomewithsignificant

complexityandperformanceissues.

Similar Platforms

Productssimilarinmessagingand/or

concept,suchasCiscoENCS5000,

CitrixSDXorEOLproductslike

Crossbeam.

Eliminatestheneedforvirtualization

expertise;automatespartitioningof

systemresourcestodeliverguaranteed

HW-likeperformanceSLAs.

RequiresexpertiseinHWcomponents,

vendorsandversions,opensourceSW,

SR-IOV,DPDK,drivers,partitioningcores,

sizing,resourceallocation,etc.

Sufferfromsamedeficiencyasgeneric

servers,typicallysupportoremphasize

proprietaryvendorfunctions,come

withapremiumpricetag.

✔ ✖ ✖

The network functions platform company

Some Use Cases

21

Multi-tenancy and

Consolidation

Due to load fluctuation,

most hardware procured

will be idle in non-peak

hours

AVX and vAPV enable

flexible ADC capacity for

multiple apps

vAPV only

Guaranteed

Performance

SSL performance is a

must; therefore making all

other VNF solutions

unacceptable

Single platform enables

multiple apps for ease of

management and easy

capacity planning

CAPEX and

OPEX Savings

Less than half the cost of

standalone HW

EverBright

Bank

4xAVX7600

22

Dynamic Security

Policies

Apply different security

policies to different user

groups

Hillstone vNGFW; Array

vAPV, vxAG and vWAF

Internal users access via

SSL VPN; external users

filtered through WAF

Software-defined security

Guaranteed

Performance

NGFW, SSL VPN, LLB,

WAF functions all

perform equal to a

standalone hardware

appliance

Single platform enables

multiple security functions

for ease of management

CAPEX and

OPEX Savings

Less than half the cost of

standalone HW

Quickly and easily

react to new or

changing requirements

JUT

2xAVX7600

23

Network Functions

Virtualization

Use VNFs to replace

hardware VoIP gateways

Deployed Cisco CSR1000v

and Silverpeak VX-1000

VoIP and video

conferences for employees

Guaranteed

Performance

With vSwitch, Cisco

vRouter can reach

500Mbps throughput

SR-IOV will improve

performance even better

Single platform enables

multiple networking

functions for ease of

management

CAPEX and

OPEX Savings

Significant CAPEX savings

compared to hardware

approach

Fits into company IT

strategy

Logitech

1xAVX7600

The network functions platform companyThank you!