Security Overview and Cisco ACE Replacement March, 2014 Florian Hartmann, Senior Systems Engineer DACH
A10 Corporate Introduction Headquarters in San Jose 800+ Employees Offices in 32 countries Customers in 65 countries CUSTOMER GROWTH 1,000+ 2,000+ 4000+ Q4' 11 Q4' 12 Today COMPANY GROWTH $186M $142M $120M $91.5M 54.7M 2
A10 Product Portfolio Overview CGN Carrier Grade Networking ADC Application Delivery Controller TPS Threat Protection System Product Lines ADC Application Acceleration & Security CGN IPv4 Extension / IPv6 Migration TPS Network Perimeter DDoS Security ACOS Platform Application Networking Platform Performance Scalability Extensibility Flexibility Dedicated Network Managed Hosting Cloud IaaS IT Delivery Models 3
3400+ Customers in 65 Countries Service Providers Enterprises Web Giants 3 of Top 4 U.S. WIRELESS CARRIERS 7 of Top 10 U.S. CABLE PROVIDERS Top 3 WIRELESS CARRIERS IN JAPAN 4
A10 ACOS Platform Software & Hardware
ACOS Platform: Scaling Application Networking with Moore s Law High-Value Services: Optimization, Availability, Security Shared Memory Architecture OSI Reference Model Application 1 2 3 N Presentation Session Transport Network Data Link Physical IP: 192.168.1.1 Flexible Traffic Accelerator MAC: f4:f9:51:f0:d5:9d IP: 192.168.1.1 Switching and Routing MAC: f4:f9:51:f0:d5:9d Low-Value Services: Forwarding, Segmentation Highly Extremely Scalable Efficient Application-Layer Network Pre-Processing*: Processing: Hardware-Assisted L2-4 Pre-Processing Scalable Optimized Symmetric Hardware-Assisted Multi-Processing Flow Distribution Unique Hardware-Assisted Shared Memory Security Architecture Functions Linear Growth in Scale via Parallel Processing * Hardware Assist Features Available on Most Thunder Appliances 6
ACOS: Platform for Application Service Gateway Portfolio Policy Mgmt agalaxy axapi aflex acloud acloud Services Architecture (SDN & Cloud Integration) Software Product Lines Platform OS & Services Optimization & Acceleration ADC CGN ACOS Advanced Core Operating System IPv6 SLB SSL GSLB TCP Opt NAT Security TPS DDoS SSL WAF AAM DAF Dedicated Data Centers Multi-Tenant Data Centers Form Factors Thunder TM & AX Series Appliances Virtual Chassis (avcs ) Application Delivery Partitions (ADPs) Thunder HVA Appliances vthunder Perpetual License vthunder Pay-as-you-Go License IT Delivery Models Dedicated Network Managed Hosting Cloud IaaS 7
A10 ACOS Platform Security Solutions
Enterprise Data Center Application availability To maintain uptime SLB, GSLB, high-availability (HA), Healthchecks, more Application acceleration For equipment consolidation and faster user experience Caching, compression, network optimization, more Application security services For brand and asset protection while enhancing your existing security FWLB, WAF, SSL services, more Backup Data Center Availability: GSLB High-availability Health-checks A10 ADC Security: DDoS Mitigation WAF DAF AAM Acceleration: SSL Offload TCP Reuse RAM Caching Compression Web App DNS Other App 9
DMZ Security Solutions Scaling security devices and encrypted communications SSL Insight: Eliminate encryption blind spot and scale security appliances FWLB and SSL offload, more Defend against emerging DDoS attacks Network and application protection Selectively apply dynamic security chains Traffic steering and advanced ADC services A10 ADC A10 ADC Firewall Load Balancing DDoS Mitigation WAF DAF AAM Traffic Steering aflex Scripting SSL Offload Firewalls IDS/IPS DLP Other Firewall Load Balancing SSL Insight Data Center Internal Users 10
A10 Security Alliance Partner Categories SSL Inspection and Load Balancing Certificate Management Authentication Intelligence Advanced Detection and Analysis Programmatic Security Control 11
Why A10 Wins - Cisco ACE Replacement and in general
Easy transition features CLI/GUI Graphical User Interface (GUI) Fewer screens and steps for tasks Intuitive and easy to use Command Line Interface (CLI) Industry standard (Cisco-like CLI) Easy to use, comprehensive help ACOS Version 2.7.x Rest-based API JSON format Many integrations and SDKs available 16
Easy transition features CLI/SDP Cisco ACE config interface vlan 120 description Upstream VLAN_120 - Clients and VIPs ip address 192.168.120.1 255.255.255.0 fragment chain 20 fragment min-mtu 68 rserver host SERVER1 ip address 192.168.252.245 inservice rserver host SERVER2 ip address 192.168.252.246 inservice rserver host SERVER3 ip address 192.168.252.247 inservice serverfarm host SFARM1 probe UDP rserver SERVER1 inservice rserver SERVER2 inservice rserver SERVER3 inservice class-map match-all L4UDP-VIP_114:UDP_CLASS 2 match virtual-address 192.168.120.114 udp eq 53 policy-map type loadbalance first-match L7PLBSF_UDP_POLICY class class-default serverfarm SFARM1 A10 AX config vlan 120 tagged interface e 1 router-interface ve 120! interface ve 120 ip address 192.168.120.1 255.255.255.0! slb server SERVER1 192.168.252.245 port 0 udp! slb server SERVER2 192.168.252.246 port 0 udp! slb server SERVER3 192.168.252.247 port 0 udp! slb service-group SFARM1 udp health-check UDP member SERVER1:None member SERVER2:None member SERVER3:None! slb virtual-server vs_192_168_120_114 192.168.120.114 port udp name L4UDP-VIP_114:UDP_CLASS service-group SFARM1 17
Cisco ACI Integration Application-Centric Infrastructure Dynamic L4-L7 Services Nexus 9000 Series Application Policy Infrastructure Controller A10 Networks Thunder Series A10 ACOS Appliances Physical, HVA and Virtual APIC L4, L7 SLB Application templates HTTP optimizations A10 Components Partner Components ADC Thunder, vthunder, Thunder HVA Cisco Nexus Fabric, APIC Controller Target Markets Hybrid Cloud Large Enterprise: Financials, Pharma, Education, SaaS Differentiation Choice of form factors Operational consistency A10 Cisco ACI Device Package available now! 18
Thank you