Network Functions Platforms
Network Functions Platforms
Enterprises and service providers are moving toward a virtual approach to network and security functions to gain agility and operational efficiencies. However, virtualized servers often fall short when running I/O and compute-intensive networking, security and app delivery functions. In addition, VA provisioning can be complex. All of which adversely impacts adoption and the ability to maintain SLAs for business-critical customers and applications.
In addition to abstracting complexity and taking the guesswork out of VA provisioning, AVX Series Network Functions Platforms provide the best of both worlds – the agility of virtualization and the performance of dedicated appliances. Mix and match different size ADC, SSL VPN and 3rd-party networking, security and app delivery virtual appliances. Add, manage, change and delete VAs on a purpose-built platform that enables intuitive instantiation, service automation and guaranteed performance per virtual network function.
Deploying I/O- and compute-intensive networking, security and app delivery functions on general-purpose virtualized servers is inefficient. SSL encryption, for example, typically requires specialized hardware, and performance can sharply degrade when deployed in virtual environments. In contrast, Array Network Functions Platforms excel at SSL and other networking, security and app delivery tasks – delivering performance on par with dedicated hardware while shrinking the data center footprint by up to 16x versus standalone appliances.
In many situations, data center managers deploy dedicated appliances for critical networking and security functions because the performance hit of virtualized appliances is just too high. While this is an understandable choice, over time it can lead to dozens if not hundreds of physical appliances in the data center taking up rack space as well as increasing costs for power, cooling and cabling – not to mention the additional work hours needed to configure and manage them.
The AVX Series network functions platform can consolidate multiple networking and security virtual appliances into just a few rack units, saving on the high cost of dedicated appliances as well as space, power and cooling costs. The AVX Series also offers a centralized management console allowing convenient access to VA-level configuration and modification, as well as one-click access to devices’ WebUIs or CLI screens.
Traditionally, network managers have deployed best-of-breed, single-function security appliances to protect against attacks, intrusion and other threats. However, solutions such as WAF, NGFW, IDS/IPS and DDoS protection either lack the ability to decrypt and inspect SSL traffic – the majority of traffic today – or high volumes of SSL traffic can overwhelm their in-built SSL resources, robbing processing cycles and impacting performance.
The AVX Series offers high-performance SSL processing hardware to help ensure robust throughput for security VAs. In addition, SSL decryption, load balancing and security VAs can be orchestrated into service chains to maximize the efficiency and effectiveness of individual point security products. In the example below, a virtual ADC decrypts SSL traffic, which is then passed through a virtual NGFW, virtual IPS/IDS, virtual TAP before being re-encrypted by a second virtual ADC and forwarded to its destination. In this way, each discreet security device is able to do what it does best, with the advantage of full visibility into SSL traffic and the benefit of pre-processing by other security VAs to provide the higher quality security services.
AVX Series appliances can host vAPV virtual application delivery controller (ADCs), vxAG virtual secure access gateway (SSL VPNs) or 3rd-party networking, security and application delivery functions, and can mix and match virtual appliances as needed to meet deployment requirements. Visit our Platform Ecosystem page for more information on 3rd-party VA support.
AVX Series appliances can host four different size vAPV, vxAG and 3rd-party instances: entry, small, medium and large. Instances of different sizes can be mixed, matched and fine-tuned as needed to meet deployment requirements. Smaller sizes will allow for more instances per system, and larger sizes will allow for greater performance per instance. The AVX3600 and AVX5800 can host shared-entry instances which offer best-effort performance for smaller workloads where density is a primary consideration.
AVX Series appliances support pay-as-you-grow licensing, allowing you to pay for the VA licenses you need today and purchase additional licenses as needed to meet future deployment requirements up to your system’s capacity. Array virtual ADCs and SSL VPNs are also available in economical bulk license packs for the AVX Series.
Each vAPV, vxAG and 3rd-party instance is automatically assigned dedicated CPU, SSL, memory and input/output interfaces to ensure guaranteed performance per virtual appliance. In addition, dedicated resources are reserved for hypervisor management to eliminate virtual machine contention and enable SLAs for business-critical customers and applications. For shared-entry instances, available only on AVX3600 and AVX5800, best-effort performance is provided.
AVX Series appliances provide high availability at both system and virtual appliance levels. By deploying a high availability pair of vAPV, vxAG, or 3rd-party instances across a pair of AVX Series appliances, availability is assured in the event that either a system or a virtual appliance is unresponsive. Full synchronization to the slave unit of the AVX and VA-related configurations, along with VA images and disks, further assures consistency and high availability.
Local server load balancing, as well as both global server load balancing (GSLB) and link load balancing (LLB) preserve application uptime should servers, network segments, data centers or ISP links, become unresponsive or overburdened.
SSL offloading, connection multiplexing, caching, compression and traffic shaping accelerate Web and application performance while markedly improving network connection and back-end server efficiency.
A purpose-built, ‘Heartbleed proof’ SSL encryption stack, in addition to a reverse proxy architecture, kernel-level ACLs, packet filtering, DDoS protection and WebWall™ application security suite, provide security for mission-critical business applications.
Persistence can be assured, Layer-7 switching rules can route application traffic to defined servers, and HTTP headers can be manipulated to improve application functionality without requiring additional application development.
Array’s eCloud™ RESTful API can be used to enable orchestration of application delivery functions from virtualization management and cloud platforms such as OpenStack Neutron LBaaS, VMware vRealize Orchestrator, and Microsoft System Center Configuration Manager (SCCM).
Select from a range of access methods including Layer-3 network level connectivity, application-level access, Web access and RDP access to physical and virtual desktops via a unified client that provides a superior mix of flexibility, control and security.
Includes a policy engine for per-user, identity-based access to files, URLs, applications and networks; supports device-based pre-authorization and authentication, easily interfaces with multi-factor authentication providers such as RSA, Duo, Syferlock and others, and provides extensive statistics and logs.
Provides superior 2048-bit SSL encryption performance, includes endpoint security with device-based identification, cache cleaning host-checking and flexible policies to protect applications and servers against malicious attack.
Supports secure access from mobile iOS and Android devices as well as VPN on demand, HTML5 app access via a secure browser, remote access to physical and virtual desktops and integrated mobile application management.
Supports up to 256 separate portals per virtual SSL VPN instance. Each can be fully customized to meet the security and usability requirements of multiple entities (such as tenants or communities of interest). Based on Array’s SpeedCore® architecture, which delivers the industry’s leading performance.
vWAN virtual WAN optimization controllers improve application response times by up to 50x and reduce bandwidth utilization by up to 95%. vWAN is ideal for accelerating traffic from headquarters to branch offices, between data centers, from cloud to customer, or for remote and mobile access.
vWAN virtual WAN optimization can improve data transfer times by up to 50x while reducing bandwidth requirements by up to 95% when transferring data between data centers, remote and branch offices, mirrored sites and public/private/hybrid clouds.
congestion avoidance, fast convergence and window scaling for fairness in data flows, improved bandwidth utilization and faster packet loss recovery. vWAN compresses the first data pass to help prevent performance degradation, and offers traffic shaping to assign guaranteed bandwidth for specific hosts, networks, ports or applications.
vWAN continuously identifies and analyzes large data streams to assist in compression, organization and differencing of all data types for data reduction and optimization. In addition, content-aware de-duplication strips off TCP/IP and protocol encapsulation to create a clean history that further reduces data transfer requirements.
Built-in application blueprints optimize protocols to ensure efficient operation over the WAN. Blueprints significantly improve application performance through pre-fetching data and request bundling, local acknowledgement of requests, and request pipelining.
The AVX Series supports 3rd party virtual appliances running on KVM, Ubuntu and CentOS such as virtual next-generation firewalls, virtual Web vulnerability scanners and other logical complements to Array’s application delivery networking solutions.
Third-party virtual appliances receive the same guaranteed performance and other benefits as Array VAs. 3rd-party VAs generally achieve far greater performance on the AVX than on commercial-off-the-shelf VMs. By deploying 3rd-party VAs on the AVX Series, enterprises and service providers can also consolidate multiple network and security functions for cost efficiency and to align with a software-centric strategy and cloud and virtualization trends.
Because the AVX Series platform supports VAs running on KVM, Ubuntu or CentOS operating systems, service providers and enterprises have the ability to create custom solutions for specific use cases or customers. For example, a service provider might include networking, security and billing VAs to serve one or more customers on a single AVX platform. An enterprise could create a standardized set of networking and security VAs for deployment in different branch/remote offices or departments. The AVX Series offers a wide degree of flexibility in solution design.
Major Telco WAF-as-a-Service
AVX Series, vAPV Virtual Load Balancers and 3rd-Party WAF in a ‘Firewall Sandwich’
Jiangxi, China University Deployment
AVX Series for Data Center Consolidation, Service Chaining and Security
Los Angeles Community College District
APV Series ADC & vAPV Virtual ADC for PeopleSoft
vAPV Virtual ADC for SharePoint
vxAG Virtual SSL VPN for Secure Cloud Access
Providence Medical Center
vAPV Virtual ADC for eClinicalWorks
Increase Profitability and Cloud Relevance with Network Functions Platforms
Consolidating and Supercharging vADCs with Network Functions Platforms
Achieving Visibility, Versatility and Value with Network Functions Platforms
Application Delivery as an Infrastructure Service
Managing Application Delivery Controllers in an OpenStack LBaaS Environment
Intel Solution Brief: Array Networks Delivers Deterministic Edge Networking
AVX Series Network Functions Platforms Streamline NFV & Deliver Agility-at-Scale
SSL Intercept Gives 3rd-Party Security Devices Visibility into Encrypted Traffic
Multi-Layer DDoS Protection across Network Session and Application Layers
Deploying Fortinet FortiGate NGFWs on AVX Series Network Functions Platforms
Load Balancing and Application Firewall with vAPV and Positive Technologies
Hillstone Networks’ CloudEdge Integrates with Array’s Network Functions Platform for Advanced Threat Protection
When Networking Meets Hyperconvergence
Enterprise Networking Planet, Dec. 4, 2018
What MSPs Need to Know to Succeed in Cloud Security
SDxCentral, Nov. 28, 2018
Array bolsters throughput, security in NFV appliance
SDxCentral, Aug. 14, 2018