A10 Security Solutions and Cisco ACE - eb-Qual€¦ · ©A10 Networks, Inc. Security Overview and...

©A10 Networks, Inc.

Security Overview and Cisco ACE Replacement

March, 2014

Tobias Kull [email protected]

Security Days Geneva 2015

2 ©A10 Networks, Inc.

A10 Corporate Introduction

54.7M

$91.5M

$120M

$142M

2010 2011 2012 2013

1,000+

2,000+

4000+

Q4' 11 Q4' 12 Today

CUSTOMER GROWTH

COMPANY GROWTH

Headquarters in San Jose

800+ Employees Offices in 32 countries Customers in 65 countries


Network Performance and Security Challenges

Scaling Infrastructure Performance

Mobile Device Explosion

Big Data Analytics

IPv4 Address Exhaustion

100G Backbones

Targeted Resource Denial (DDoS)

Rapid Volume Growth (Botnets)

Cloud Automation (IaaS)

Software-Defined Networking (SDN)

Network Function Virtualization (NFV)

Application Performance

Scalability & Availability

New Data

Center Designs

Increasingly Sophisticated

Security Threats


A10 Product Portfolio Overview

Dedicated

Network

Managed

Hosting Cloud IaaS IT Delivery Models

Application Networking Platform

Performance

Scalability

Extensibility

Flexibility

CGN TPS

ADC

ACOS Platform

Product Lines

ADC – Application Acceleration & Security

CGN – IPv4 Extension / IPv6 Migration

TPS – Network Perimeter DDoS Security Carrier Grade

Networking

Application Delivery Controller

Threat Protection System


3400+ Customers in 65 Countries

Web Giants Enterprises Service Providers

3 of Top 4 U.S. WIRELESS CARRIERS

7 of Top 10 U.S. CABLE PROVIDERS

Top 3 WIRELESS CARRIERS IN JAPAN

A10 ACOS Platform Software & Hardware


ACOS Platform: Scaling Application Networking with Moore’s Law

Extremely Efficient Network Pre-Processing*:

Hardware-Assisted L2-4 Pre-Processing

Optimized Hardware-Assisted Flow Distribution

Hardware-Assisted Security Functions

* Hardware Assist Features Available on Most Thunder Appliances

Highly Scalable Application-Layer Processing:

Scalable Symmetric Multi-Processing

Unique Shared Memory Architecture

Linear Growth in Scale via Parallel Processing

Low-Value Services:

Forwarding, Segmentation

High-Value Services:

Optimization, Availability, Security

Application

OSI Reference Model

Presentation

Session

Transport

Network

Data Link

Physical

MAC: f4:f9:51:f0:d5:9d

IP: 192.168.1.1

MAC: f4:f9:51:f0:d5:9d

IP: 192.168.1.1

Shared Memory Architecture

1 2 3 N

Flexible Traffic Accelerator

Switching and Routing


ADC

aGalaxy

ACOS: Platform for Application Service Gateway Portfolio

Policy Mgmt

Software

Product

Lines

Platform OS

& Services

Form Factors

CGN TPS

aXAPI

ACOS – Advanced Core Operating System

Security DDoS | SSL | WAF | AAM | DAF Optimization

& Acceleration IPv6 | SLB | SSL | GSLB | TCP Opt | NAT

ThunderTM & AX Series

Appliances Virtual Chassis

(aVCS )

vThunder Perpetual License

Dedicated Data Centers

Thunder HVA Appliances Application Delivery

Partitions (ADPs)

Multi-Tenant Data Centers

Dedicated

Network

aFleX aCloud Services Architecture (SDN & Cloud Integration)

aCloud™

IT Delivery

Models Managed

Hosting Cloud IaaS

vThunder Pay-as-you-Go

License


Thunder ASG Products & Example Deployment Use Cases

SLB, Cache, SSL Offload, WAF

Data Center Demilitarized Zone (DMZ)

ADC FWLB & SSL

Intercept

CGNAT, NAT44, NAT64,

DS-Lite

Pay-as-you-Go Licensing Model

Carrier Network

Managed Hosting

Provider & IaaS

DDoS Detection & Mitigation

CGN

TPS aCloud

ADC

A10 ACOS Platform Security Solutions


Application availability

– To maintain uptime

– SLB, GSLB, high-availability (HA), Health-checks, more…

Application acceleration

– For equipment consolidation and faster user experience

– Caching, compression, network optimization, more…

Application security services

– For brand and asset protection while enhancing your existing security

– FWLB, WAF, SSL services, more…

Enterprise Data Center

Acceleration: SSL Offload

TCP Reuse

RAM Caching

Compression

A10 ADC

Web App DNS Other App

Security: DDoS Mitigation

WAF

DAF

AAM

Availability: GSLB

High-availability

Health-checks

Backup Data Center


Scaling security devices and encrypted communications

– SSL Intercept: Eliminate encryption blind spot and scale security appliances

– FWLB and SSL offload, more…

Defend against emerging DDoS attacks

– Network and application protection

Selectively apply dynamic security chains

– Traffic steering and advanced ADC services

DMZ Security Solutions

Firewall Load Balancing

DDoS Mitigation

WAF

DAF

AAM

Traffic Steering

aFleX Scripting

SSL Offload

A10 ADC

Data Center

Firewalls

IDS/IPS

DLP

Other

Firewall Load Balancing

SSL Intercept A10 ADC

Internal Users


A10 Security Alliance Partner Categories

SSL Inspection and Load Balancing

Certificate Management

Authentication

Intelligence

Advanced Detection and Analysis

Programmatic Security Control

SSL problematic


Trends are changing


Why those changes ?


How attackers exploit encrypted traffic


Where do we need SSL inspection ?


Deployment


Benefits to securing inbound & outbound SSL traffic

1. Security

– Threats discovery

2. Availability

– Faster backend server response time

– Automatic server redundancy

3. Performance

– Relieves security appliances

4. Scalability

– Certificate management

– Scale servers & security appliances

Why A10 Wins - Cisco ACE Replacement and in general


Easy transition features – CLI/GUI

Graphical User Interface (GUI)

Fewer screens and steps for tasks

Intuitive and easy to use

Rest-based API

JASON format

Many integrations and SDKs available

Command Line Interface (CLI)

Industry standard (Cisco-like CLI)

Easy to use, comprehensive help

ACOS Version 2.7.x


Easy transition features – CLI/SDP

interface vlan 120

description Upstream VLAN_120 - Clients and VIPs

ip address 192.168.120.1 255.255.255.0

fragment chain 20

fragment min-mtu 68

rserver host SERVER1

ip address 192.168.252.245

inservice


ip address 192.168.252.246

inservice


ip address 192.168.252.247

inservice

serverfarm host SFARM1

probe UDP

rserver SERVER1

inservice

rserver SERVER2

inservice

rserver SERVER3

inservice

class-map match-all L4UDP-VIP_114:UDP_CLASS

2 match virtual-address 192.168.120.114 udp eq 53

policy-map type loadbalance first-match L7PLBSF_UDP_POLICY

class class-default

serverfarm SFARM1

vlan 120 tagged interface e 1 router-interface ve 120 ! interface ve 120 ip address 192.168.120.1 255.255.255.0 ! slb server SERVER1 192.168.252.245 port 0 udp

! slb server SERVER2 192.168.252.246 port 0 udp ! slb server SERVER3 192.168.252.247 port 0 udp !

slb service-group SFARM1 udp health-check UDP member SERVER1:None member SERVER2:None member SERVER3:None ! slb virtual-server vs_192_168_120_114 192.168.120.114

port udp name L4UDP-VIP_114:UDP_CLASS service-group SFARM1

Cisco ACE config

A10 AX config


Best-in-class application networking performance scalability

Software-based platform with platform APIs for Cloud integration

Flexible form factors & packaging

Predictable Capex / Opex with all-inclusive licensing and support pricing

Highly efficient design for data center OPEX

Gold standard for quality & reliability

Why A10 ACOS Wins


Scalable Symmetric Multi-Core Processing (SMMP)

– Designed to Optimize Resource Utilization & Efficiency

Shared-Memory Architecture (SMA)

– Architected for 64-bit multi-core, multi-threaded operations

– Fundamental benefits: memory, processor & I/O efficiency

– Linear performance scalability with x86 trajectory

Flexible Traffic Accelerator (FTA)

– Multi-processor flow distribution

– Symmetric distribution of load across cores

ACOS: Best-in-Class Performance Scalability

Thank you

A10 Security Solutions and Cisco ACE - eb-Qual€¦ · ©A10 Networks, Inc. Security Overview and...

Documents

Transcript of A10 Security Solutions and Cisco ACE - eb-Qual€¦ · ©A10 Networks, Inc. Security Overview and...