Network Functions Platforms

The Agility of Virtualization. The Performance of Dedicated Appliances.

Enterprises and service providers are moving toward a virtual approach to network and security functions to gain agility and operational efficiencies. However, virtualized servers often fall short when running I/O and compute-intensive networking, security and app delivery functions. In addition, VA provisioning can be complex. All of which adversely impacts adoption and the ability to maintain SLAs for business-critical customers and applications.

In addition to abstracting complexity and taking the guesswork out of VA provisioning, AVX Series Network Functions Platforms provide the best of both worlds – the agility of virtualization and the performance of dedicated appliances. Mix and match different size ADC, SSL VPN and 3rd-party networking, security and app delivery virtual appliances. Add, manage, change and delete VAs on a purpose-built platform that enables intuitive instantiation, service automation and guaranteed performance per virtual network function.

Guaranteed Performance in a Shared Environment

Deploying I/O- and compute-intensive networking, security and app delivery functions on general-purpose virtualized servers is inefficient. SSL encryption, for example, typically requires specialized hardware, and performance can sharply degrade when deployed in virtual environments. In contrast, Array Network Functions Platforms excel at SSL and other networking, security and app delivery tasks – delivering performance on par with dedicated hardware while shrinking the data center footprint by up to 16x versus standalone appliances.

Data Center Consolidation

In many situations, data center managers deploy dedicated appliances for critical networking and security functions because the performance hit of virtualized appliances is just too high. While this is an understandable choice, over time it can lead to dozens if not hundreds of physical appliances in the data center taking up rack space as well as increasing costs for power, cooling and cabling – not to mention the additional work hours needed to configure and manage them.

The AVX Series network functions platform can consolidate multiple networking and security virtual appliances into just a few rack units, saving on the high cost of dedicated appliances as well as space, power and cooling costs. The AVX Series also offers a centralized management console allowing convenient access to VA-level configuration and modification, as well as one-click access to devices’ WebUIs or CLI screens.

Orchestrating Security

Traditionally, network managers have deployed best-of-breed, single-function security appliances to protect against attacks, intrusion and other threats. However, solutions such as WAF, NGFW, IDS/IPS and DDoS protection either lack the ability to decrypt and inspect SSL traffic – the majority of traffic today – or high volumes of SSL traffic can overwhelm their in-built SSL resources, robbing processing cycles and impacting performance.

The AVX Series offers high-performance SSL processing hardware to help ensure robust throughput for security VAs. In addition, SSL decryption, load balancing and security VAs can be orchestrated into service chains to maximize the efficiency and effectiveness of individual point security products. In the example below, a virtual ADC decrypts SSL traffic, which is then passed through a virtual NGFW, virtual IPS/IDS, virtual TAP before being re-encrypted by a second virtual ADC and forwarded to its destination. In this way, each discreet security device is able to do what it does best, with the advantage of full visibility into SSL traffic and the benefit of pre-processing by other security VAs to provide the higher quality security services.

MSP & CSP Services

Business-Critical Applications

Array AVX Series Network Functions Platforms

Multiple Network Functions

AVX Series appliances can host vAPV virtual application delivery controller (ADCs), vxAG virtual secure access gateway (SSL VPNs) or 3rd-party networking, security and application delivery functions, and can mix and match virtual appliances as needed to meet deployment requirements. Visit our Platform Ecosystem page for more information on 3rd-party VA support.

Flexible Size Options

AVX Series appliances can host four different size vAPV, vxAG and 3rd-party instances: entry, small, medium and large. Instances of different sizes can be mixed, matched and fine-tuned as needed to meet deployment requirements. Smaller sizes will allow for more instances per system, and larger sizes will allow for greater performance per instance. The AVX3600 and AVX5800 can host shared-entry instances which offer best-effort performance for smaller workloads where density is a primary consideration.

Pay-As-You-Go Capacity

AVX Series appliances support pay-as-you-grow licensing, allowing you to pay for the VA licenses you need today and purchase additional licenses as needed to meet future deployment requirements up to your system’s capacity. Array virtual ADCs and SSL VPNs are also available in economical bulk license packs for the AVX Series.

Guaranteed Performance

Each vAPV, vxAG and 3rd-party instance is automatically assigned dedicated CPU, SSL, memory and input/output interfaces to ensure guaranteed performance per virtual appliance. In addition, dedicated resources are reserved for hypervisor management to eliminate virtual machine contention and enable SLAs for business-critical customers and applications. For shared-entry instances, available only on AVX3600 and AVX5800, best-effort performance is provided.

High Availability

AVX Series appliances provide high availability at both system and virtual appliance levels. By deploying a high availability pair of vAPV, vxAG, or 3rd-party instances across a pair of AVX Series appliances, availability is assured in the event that either a system or a virtual appliance is unresponsive. Full synchronization to the slave unit of the AVX and VA-related configurations, along with VA images and disks, further assures consistency and high availability.

Supports Array and 3rd-Party VAs

Array vAPV Virtual ADC

Availability

Local server load balancing, as well as both global server load balancing (GSLB) and link load balancing (LLB) preserve application uptime should servers, network segments, data centers or ISP links, become unresponsive or overburdened.

Performance

SSL offloading, connection multiplexing, caching, compression and traffic shaping accelerate Web and application performance while markedly improving network connection and back-end server efficiency.

Security

A purpose-built, ‘Heartbleed proof’ SSL encryption stack, in addition to a reverse proxy architecture, kernel-level ACLs, packet filtering, DDoS protection and WebWall™ application security suite, provide security for mission-critical business applications.

Control

Persistence can be assured, Layer-7 switching rules can route application traffic to defined servers, and HTTP headers can be manipulated to improve application functionality without requiring additional application development.

Management & Orchestration

Array’s eCloud™ RESTful API can be used to enable orchestration of application delivery functions from virtualization management and cloud platforms such as OpenStack Neutron LBaaS, VMware vRealize Orchestrator, and Microsoft System Center Configuration Manager (SCCM).

Array vxAG Virtual SSL VPN

Access Methods

Select from a range of access methods including Layer-3 network level connectivity, application-level access, Web access and RDP access to physical and virtual desktops via a unified client that provides a superior mix of flexibility, control and security.

Authentication, Authorization & Auditing (AAA)

Includes a policy engine for per-user, identity-based access to files, URLs, applications and networks; supports device-based pre-authorization and authentication, easily interfaces with multi-factor authentication providers such as RSA, Duo, Syferlock and others, and provides extensive statistics and logs.

Across-the-Board Security

Provides superior 2048-bit SSL encryption performance, includes endpoint security with device-based identification, cache cleaning host-checking and flexible policies to protect applications and servers against malicious attack.

Mobility

Supports secure access from mobile iOS and Android devices as well as VPN on demand, HTML5 app access via a secure browser, remote access to physical and virtual desktops and integrated mobile application management.

User Experience

Supports up to 256 separate portals per virtual SSL VPN instance. Each can be fully customized to meet the security and usability requirements of multiple entities (such as tenants or communities of interest). Based on Array’s SpeedCore® architecture, which delivers the industry’s leading performance.

Array vWAN Virtual WAN Op

Application Acceleration

vWAN virtual WAN optimization controllers improve application response times by up to 50x and reduce bandwidth utilization by up to 95%. vWAN is ideal for accelerating traffic from headquarters to branch offices, between data centers, from cloud to customer, or for remote and mobile access.

Backup & Replication

vWAN virtual WAN optimization can improve data transfer times by up to 50x while reducing bandwidth requirements by up to 95% when transferring data between data centers, remote and branch offices, mirrored sites and public/private/hybrid clouds.

TCP Optimization, Compression & Traffic Shaping

congestion avoidance, fast convergence and window scaling for fairness in data flows, improved bandwidth utilization and faster packet loss recovery. vWAN compresses the first data pass to help prevent performance degradation, and offers traffic shaping to assign guaranteed bandwidth for specific hosts, networks, ports or applications.

Differencing & De-Duplication

vWAN continuously identifies and analyzes large data streams to assist in compression, organization and differencing of all data types for data reduction and optimization. In addition, content-aware de-duplication strips off TCP/IP and protocol encapsulation to create a clean history that further reduces data transfer requirements.

Application Blueprints

Built-in application blueprints optimize protocols to ensure efficient operation over the WAN. Blueprints significantly improve application performance through pre-fetching data and request bundling, local acknowledgement of requests, and request pipelining.

3rd Party VA Support

Supports 3rd Party Virtual Appliances

The AVX Series supports 3rd party virtual appliances running on KVM, Ubuntu and CentOS such as virtual next-generation firewalls, virtual Web vulnerability scanners and other logical complements to Array’s application delivery networking solutions.

Benefits of AVX for 3rd-Party VAs

Third-party virtual appliances receive the same guaranteed performance and other benefits as Array VAs. 3rd-party VAs generally achieve far greater performance on the AVX than on commercial-off-the-shelf VMs. By deploying 3rd-party VAs on the AVX Series, enterprises and service providers can also consolidate multiple network and security functions for cost efficiency and to align with a software-centric strategy and cloud and virtualization trends.

Deploy Custom Solutions

Because the AVX Series platform supports VAs running on KVM, Ubuntu or CentOS operating systems, service providers and enterprises have the ability to create custom solutions for specific use cases or customers. For example, a service provider might include networking, security and billing VAs to serve one or more customers on a single AVX platform. An enterprise could create a standardized set of networking and security VAs for deployment in different branch/remote offices or departments. The AVX Series offers a wide degree of flexibility in solution design.

Product Literature

AVX Series Virtualized Appliances Datasheet

Major Telco WAF-as-a-Service
AVX Series, vAPV Virtual Load Balancers and 3rd-Party WAF in a ‘Firewall Sandwich’

Jiangxi, China University Deployment
AVX Series for Data Center Consolidation, Service Chaining and Security

Los Angeles Community College District
APV Series ADC & vAPV Virtual ADC for PeopleSoft

Needham Bank
vAPV Virtual ADC for SharePoint

VM Racks
vxAG Virtual SSL VPN for Secure Cloud Access

Providence Medical Center
vAPV Virtual ADC for eClinicalWorks

Increase Profitability and Cloud Relevance with Network Functions Platforms

Consolidating and Supercharging vADCs with Network Functions Platforms

Achieving Visibility, Versatility and Value with Network Functions Platforms

360° Application Security