DDoS Detection, Mitigation, Orchestration, and Threat Intelligence
Consolidated Security & CGNAT
TLS/SSL Inspection
Web Application Firewall
Application Security & Load Balancing
Analytics & Management
CGNAT & IPv6 Migration
Organizations are striving to become more agile with the role of IT becoming paramount in importance. Fast roll-out, control and optimization of a wide variety of applications drives revenue, competitive advantages and customer satisfaction. These apps must be optimally delivered and secured regardless of where they reside-on-premise or in public cloud, private cloud or hybrid cloud deployments.
In attempting to achieve agility enterprise networking teams have been plagued by two significant concerns. First, such environments have an inherently large scale, shared infrastructure, yet the network architecture is typically static in nature. When IT on-boards a new application or equipment upgrades are made or is simply scaled up, things may not go as planned. Applications can “break”, logjams occur, SLAs not get met and finger pointing starts. Virtualized computing and storage have only upped the ante. A second issue is the overall lack of application awareness and the difficulty of supporting advanced networking and security services.
Operations have partially overcome the resulting bottlenecks by eliminating hierarchical oriented designs. Some IT groups eradicated switch based network segmentation and instituted a flat, Layer 3 network involving leaf/spine solutions with more routing. Others leveraged overlay networks on existing Layer 3 networks by turning to Virtual Extensible LAN (VXLAN). An overlay network is a virtual network that is built on top of existing network Layer 2 and Layer 3 technologies to support elastic compute architectures. Flattening the network makes it more flexible and better able to handle virtualized computing, but does not go far enough.
The upshot is a network that does not have the ability to automatically change traffic flows in a dynamic way. High level visibility to forward packets based on the nature of the traffic present is missing. Administrators are required to manually deploy, configure and maintain numerous elements with ever changing needs. To make matters worse, organizations must massively overprovision their “static” network to handle transient spikes and therefore run at maximum capacity at all times; regardless of actual need.
A key to solving this conundrum is to move to Software Defined Networks (SDN). SDN promises the ability to better utilize assets, dynamically adapt to throughput needs and to perform traffic engineering with an end-to-end view of the network. In legacy topologies, control and forwarding functions are inextricably coupled within the network routers and switches resulting in inflexible designs. By separating the forwarding and management functions SDN provides the ability to scale resources and substantially improve agility while lowering costs.
In decoupling the data plane from the control plane, the data plane can now be directly programmed, support open, standards-based APIs and can use lower cost white box routers, switches and other elements. Network operators can centrally configure, manage and monitor resources with a network that is programmed based on the distinctive needs of the specific applications and traffic profiles present.
To get the most out of your software defined datacenter you need to deploy networking and security services that have the requisite app visibility. Adding secure application services provided from Application Delivery Controllers (ADC) can help realize the goal of a dynamic “app aware” network with advanced capabilities. These secure application services integrate the following in scalable, high capacity, physical, virtual, bare metal or cloud-based appliances:
As the need to scale and monitor ADCs arises having a solution for overarching control and intelligent orchestration of these secure app services with granular visibility and analytics is paramount. This enables the realization of fully automated workflows to increase efficiencies, expedite app deployments, lower troubleshooting times and minimize TCO. IT can obtain:
Next generation ADCs are in effect a new application router that provide a top-level blueprint that is both user and application centric. These systems parse usage patterns in the context of user identities, applications in use, type of access device and even time of day to build granular context-aware access control. SDN enables administrators to leverage service insertion and service chaining to dynamically steer traffic flows through a sequence of ADCs with these Layer 4-Layer 7 services. Additionally, this approach overcomes the added expense and the error-prone process of cobbling together disparate point product solutions.
To ensure a cohesive ecosystem, networking and security solutions need to support open and standards-based programmability. Comprehensive management and monitoring should be accessible from vendor neutral APIs — providing interoperability with automation, orchestration and analytics. If application networking platforms support RESTful APIs, then administrators can quickly integrate them with other services and management systems. Thunder ADCs are 100 percent programmable through their REST-based aXAPIs that integrate with a broad range of platforms beyond SDN controllers such as popular DevOps and CI/CD tools including Ansible, Chef, Puppet, Jenkins, and SaltStack.
Such interaction allows for dynamic scaling of ADCs where user-flows are redistributed on-the-fly among the available ADCs when they get added or removed. The available ADCs are fully synchronized and are aware of one another’s flows and instruct the SDN controller to distribute the user traffic amongst them.
If an ADC suddenly is presented with a flow that causes it to work at near-maximum capacity, it can instruct the controller to temporarily reduce traffic and send new flows to other ADCs in the network. As traffic demands grow, the controller can instantly spin-up a new ADC instance while keeping the existing physical or virtual appliances in place and the controller balances new flows according to their capacity.
Datacenters of all types are moving to utilize software-defined networking methodologies to overcome the legacy static topologies that no longer suffice in a modern world. While SDN is gaining adoption and the use of the associated network function virtualization (NFV) is well established, the advanced secure application services from application delivery controllers need to be factored in. A10 Networks has an extensive array of secure app services from our Thunder ADCs that are proven interoperable with SDN/NFV in the real world.
A10 Networks supports infrastructure automation by combining with cloud orchestration platforms. Plug-in service modules are leveraged to instantiate, configure and monitor the ADCs; which in turn enable automated L4-7 services provisioning by integrating with cloud orchestration solutions such as those based on OpenStack, Microsoft System Center Virtual Machine Manager, and VMware vCloud Director. These modules allow dynamic enforcement of centralized tenant policy as new workloads and application services are created.
Thunder ADCs can allow network engineers and system architects to write their own policies or provision scripts themselves. This empowers IT to tailor automation policies for their application needs. For example, an administrator can use SDN orchestration tools to direct users with mobile browsers to mobile application servers. As new mobile application servers are brought online, the load balancers could adapt and forward mobile traffic to those new servers.
A10 Networks application and service delivery platforms are capable of integration into real world SDN environments, comprised of programmable routers and switches, including those based on OpenFlow, and a variety of controllers, such as those from Cisco APIC, VMware NSX, IBM SDN Virtual Environment and NEC Programmable Flow Controller.
Seeing is believing. Schedule a live demo today.