Transcription
DATASHEETTHUNDER ADCNext-generation Application Delivery ControllerSupported PlatformsThunder ADCphysical applianceThunder HVAhybrid virtual appliancevThundervirtual applianceaGalaxycentralized managementOverviewA10 Thunder Series is a family ofhardware and software appliances readyto match any deployment need. EachThunder Series form factor is poweredby ACOS software, which brings a uniquecombination of shared memory accuracyand efficiency, 64-bit scalability andadvanced flow processing.A10 Networks Thunder ADC product line of high-performance, next-generation applicationdelivery controllers enable customers’ applications to be highly available, acceleratedand secure. Thunder ADC is our premium ADC product line, delivering up to 153 Gbps ofthroughput in a single appliance or 1.2 Tbps of throughput in a cluster, the broadest range ofform factors (physical, virtual and hybrid), and with expanded system resources designed tosupport future feature needs.The A10 Thunder ADC product line is built upon A10’s Advanced Core Operating System(ACOS ) platform, with our Symmetric Scalable Multi-Core Processing (SSMP) softwarearchitecture that delivers high performance and a range of deployment options fordedicated, hosted or cloud data centers. Application availability for customer satisfaction: Enable your Web and keyinfrastructure servers to scale seamlessly to meet customer demand and ensurebusiness continuity to maximize revenue and user satisfaction. Application acceleration for efficient operations: Provide fast and responsive serviceto your customers for competitive advantage and reduced infrastructure requirementsfor both application delivery and critical services, driving down CAPEX and OPEX. Security for compliance and risk reduction: Protect against advanced and emergingattacks for uninterrupted operations, brand protection, and revenue loss while meetingrequired regulatory compliance obligations for Payment Card Industry Data SecurityStandard (PCI DSS) and other regulations.A10 Thunder ADC delivers critical services in the most efficient hardware and softwaremodels. With its data center-efficient design and compact form factor, Thunder ADCminimizes your rack space, power consumption, and cooling costs.While the Thunder ADC platform provides a rich set of application and security servicesout-of-the-box, it also supports open and standards-based programmability, which allowsdevelopers to rapidly integrate custom and off-the-shelf services with Thunder ADC. The A10Harmony architecture combines open programmability, policy enforcement, and telemetryto deliver the next generation of application networking.1
Features and BenefitsWhether you are an enterprise, service provider or Web giant, A10Thunder ADC offers key benefits to make your data center applicationsavailable, accelerated and secure.Application AvailabilityHighly available applications and data centers: Advanced serverload balancing (SLB) and global server load balancing (GSLB) ensuremaximum uptime by detecting local and remote outages. Acting onadvanced health checks, A10 Thunder ADC directs connections to activeservers and data centers in a way that is transparent to the end user.Next-generation cloud data center evolution: Equip your networkfor the next phase in network evolution with Infrastructure-as-aService (IaaS) capabilities. Benefit from integration of software definednetworks (SDNs) with overlay networking (VXLAN and NVGRE), cloudorchestration systems (OpenStack, Microsoft SCVMM, Cisco ACI, andmore), network functions virtualization (NFV) using vThunder virtualappliances, and enable service chaining and traffic insertion.Fast deployment and proven application configuration andprovisioning: Rapidly enable and deploy business critical applicationswith predefined smart templates for popular applications fromMicrosoft (Exchange, Lync, SharePoint), Oracle and many more, todeploy in hours, not days or weeks.Application AccelerationApplication acceleration for a better user experience andinfrastructure utilization: Offload application infrastructure fromCPU and memory intensive tasks to reduce costs. Techniques includeSSL offload (including offload of demanding 2048- and 4096-bit keyoperations ECDHE, and Perfect Forward Secrecy), HTTP compression,TCP reuse, and RAM caching. Deliver a faster experience for yourcustomers and reduced CAPEX and OPEX as your infrastructure scalesefficiently without wasted compute cycles.Virtualization for ADC and SLB consolidation: Choose the bestoption for your network to enable multi-tenancy. Maximize densitywith our Application Delivery Partitions (ADP), allowing you toconfigure up to 1,023 virtual ADCs on a single Thunder ADC appliance.Rapidly deploy pure software vThunder appliances or Hybrid VirtualAppliances (HVA) to provide strong isolation and complete resourceisolation as required.Full control and deep packet inspection (DPI) capabilities tosolve complex problems: aFleX TCL scripting provides granulartraffic transformation capabilities to adjust traffic as needed for yourapplications. Additionally, advanced ADC capabilities enable themost common requirements to be met with specific preconfiguredtemplates and capabilities, for example L7 URL switching.Flexible management to optimize IT operations: Multiplemanagement capabilities simplify operation tasks using the aGalaxycentralized management system to control any A10 Thunder device,whether pushing configurations, aFleX rules, backing up SSL keys andmuch more. Our aXAPI REST-based API gives complete managementcontrol with custom scripting for homegrown management operationsor integration into third-party management systems. Also, plug-ins andpackages are available to be used with partners’ management systemssuch as Microsoft SCVMM and others.SecurityEnhance your data center security: Our ICSA-certified webapplication firewall (WAF) guards Web servers against the criticalOpen Web Application Security Project (OWASP) top ten threats facingweb-based application servers, while our DNS application firewall(DAF) gives advanced protection against domain name system (DNS)infrastructure exploitation, with granular application rules for querybehavior and mitigation methods such as rate limiting.Enhance, scale and optimize your existing DMZ securityinfrastructure: With our appliances supporting up to 153 GbpsArchitecture and Key ComponentsInternetA10 ADC Firewall Load Balancing DDoS Mitigation WAF DAF AAM Traffic Steering aFleX Scripting Firewalls IDS/IPS DLP OtherA10 ADC SSL Insight Firewall Load Balancing URL ClassificationData CenterDMZ security device scaling, offload and acceleration2Internet DDoS Mitigation WAF DAF AAMA10 ADC ADC High Availability SSL Offload TCP Reuse RAM Caching CompressionBackup Data CenterGSLBIPsecAdvanced Health-ChecksWeb AppDNSOther AppApplication delivery example for Web, DNS and other services
per device, firewall load balancing (FWLB) enables existing securityproducts to scale seamlessly. Thunder ADC also provides visibility intoencrypted traffic for all devices with SSL Insight , eliminating the SSL“blind spot” facing enterprise networks today by allowing all devicesto see and take action on all encrypted traffic. SSL Insight also utilizesSSL security processors in hardware appliances to provide highperformance decryption and re-encryption. Secure Cloud Interconnectprovides hyper-scale performance IPsec VPN connectivity.Protect against the latest emerging threats: As threats emerge, theA10 Thunder ADC enables your network to be ready with effectivecountermeasures. DDoS protection is standard in all appliances, andwith FPGA FTA-based models, protection can be enabled for thehighest volume attacks against application servers. The FPGA mitigatescommon volumetric attacks, while general purpose CPUs can be usedto mitigate more sophisticated low and slow and application attackssuch as Slowloris and HTTP floods.Stop data breaches with A10 Threat Intelligence: Cybercriminals useautomation to execute large-scale attacks and evade corporate defenses.The A10 Threat Intelligence Service, an optional subscription for ThunderADC, provides a near real-time feed of malicious IP addresses to identifyautomated attacks and prevent data loss. Aggregating IP reputation datafrom over three dozen sources, A10 Threat Intelligence Service enablesThunder ADC to block inbound or outbound threats before malicioususers can steal data or disrupt access.Streamline authentication and authorization: With ApplicationAccess Management (AAM), Thunder ADC can authenticate users andenforce access policies. With support for a wide array of authenticationprotocols, including SAML and Kerberos, Thunder ADC enablescustomers to centralize authentication management and reduceoperating costs.A10 HarmonyWith the A10 Harmony architecture, Thunder ADC automatespolicy enforcement, improves visibility, and accelerates serviceintegration. Thunder ADC customers can take advantage of A10Harmony architecture to rapidly provision application networkingservices and effectively manage and monitor their deployments.POLICYENFORCEMENTTELEMETRYSECURE & OPEN Operational Simplicity Reduce TCO Automation Visibility and Control Health Checks Proactive Maintenance Troubleshooting Open APIs Autonomous Security SDN, NFV Integration Third-party IntegrationManagementComprehensive and scalable management: The A10 ThunderADC devices feature an array of options to simplify and automatemanagement tasks to reduce administration overhead and ensurecomplex tasks can be done accurately the first time. To complement theindustry standard CLI Web GUI, our RESTful API (aXAPI) can be used tointegrate with third party or custom management consoles, to efficientlyoperate one or more Thunder ADC appliances. For larger deployments,our optional aGalaxy centralized management system ensures routinetasks can be performed at scale, across multiple physical, virtual orhybrid Thunder appliances, regardless of physical location.Thunder ADC supports granular role-based access control, enabling youto create users and groups and grant read-only or read/write privilegesfor specific partitions or management interfaces. To scale load balancingcapacity, aVCS (virtual chassis system) allows multiple appliances tooperate as one, with a single management point for all appliances in thevirtual chassis.Product DescriptionA10 Thunder ADC Product LineA10 Thunder ADC is a family of hardware and software appliancesready to match any deployment need. Each Thunder ADC form factoris powered by ACOS software, which brings a unique combinationof shared memory accuracy and efficiency, 64-bit scalability andadvanced flow processing. Thunder ADC Hardware Appliances: The A10 Thunder ADC lineof appliances fits all size networks with entry-level models startingat 5 Gbps and moving up to a 153 Gbps high-performanceappliance for your most demanding requirements. All models aredual power supply-capable, feature solid-state drives (SSDs) anduse no inaccessible moving parts for high availability. All modelsbenefit from our Flexible Traffic Acceleration (FTA) technology,with select models featuring field programmable gate arrays(FPGAs) for hardware optimized FTA processing; this provideshighly scalable flow distribution and distributed denial of service(DDoS) protection capabilities. Select models include dedicatedsecurity processors for SSL offload, switching and routingprocessors for high-speed network processing, and lights-outmanagement (LOM) support for out-of-band monitoring andmanagement. Each appliance offers the best performance perrack unit and the highest level “80 PLUS Platinum” certificationfor power supplies to ensure a green solution and reduce powerconsumption costs. Coupled with high density 1 GbE, 10 GbE,40 GbE, and 100 GbE port options, Thunder ADC meets thehighest networking bandwidth demands.Thunder ADC’s integrated Web application firewall has achieved WAF certification from ICSA Labs.ICSA Labs testing and certification ensures that Thunder ADC performs as intended to secure applicationservices from exploitation and attack.3
vThunder Virtual Appliances: The vThunder ADC line ofvirtual appliances is designed to meet the growing needs oforganizations requiring a flexible and easy-to-deploy applicationdelivery and server load balancer solution running within avirtualized infrastructure or public cloud service. Each vThunderinstance has a full set of features that can run atop your choice ofcommodity hardware and also your choice of leading hypervisor;for example, VMware ESXi, Microsoft Hyper-V, KVM, Oracle VMand XenServer. vThunder ADC for Amazon Web Services (AWS)and Microsoft Azure are also available for cloud deployment.Powered by our aCloud services, the vThunder line is alsoavailable from leading cloud service providers. Thunder Hybrid Virtual Appliances (HVA): Offering you thecombined flexibility of a virtual appliance and the power of theperformance optimized hardware appliances, A10 Thunder HVAappliances enable multi-tenancy with multiple vThunder virtualappliances running on dedicated, turnkey hardware applianceswith a high density of instances that are strongly isolated fromeach other, each with its own dedicated ACOS instance anddedicated compute resources. The fact that each instancecan use dedicated SSL security processor technology withSingle Root I/O Virtualization (SR-IOV) to offload and accelerateSSL sessions is a key hardware advantage. All vThunder ADCinstances are included within the HVA appliance.Additional management options are also available to enhance yourThunder ADC infrastructure. A10’s aGalaxy line of hardware andsoftware appliances centrally manage all Thunder ADC hardwareand software appliances for streamlined operations, resulting inreduced OPEX.A10 Networks Harmony nsPlatform OSand ServicesaXAPIADCaFleXaCloud aCloud Services Architecture(SDN and Cloud Integration)CGNTPSACOS – Advanced Core Operating SystemOptimization &Acceleration IPv6 SLB SSL GSLB TCP Opt NATSecurity DDoS SSL WAF AAM DAFDedicated Data CentersMulti-Tenant Data CentersForm FactorsThunder SeriesAppliancesDeliveryModels4Virtual Chassis(aVCS)DedicatedNetworkApplication DeliveryPartitions (ADP)Thunder evThunderPay-as-you-goLicenseCloud IaaS
Thunder ADC Hardware Appliance Specifications TableThunder 930Thunder 1030SThunder 3030S5 Gbps /5 Gbps10 Gbps /10 Gbps30 Gbps /30 Gbps30 Gbps /30 Gbps42 Gbps /42 Gbps200k450k750k1.5 million2.5 millionLayer 4 HTTP RPS1 million2 million3 million7.5 million12 millionLayer 7 CPS (1:1) *150k150k250k420k620kSSL CPS (1024/2048)1.9k / 40025k / 7k47k / 14k54k / 52kDDoS Protection (SYN Flood) SYN/sec2 million4 million7.5 million55 million55 millionApplication Delivery Partitions (ADP)L3V323264641271 GE Copper666001 GE Fiber (SFP)222441/10 GE Fiber (SFP )2244440 GE Fiber (QSFP )00000Management InterfaceYesYesYesYesYesLights Out ManagementNoYesYesYesYesConsole PortYesYesYesYesYesSolid-state Drive (SSD)YesYesYesYesYesProcessor (Intel Xeon)2-core4-core4-core4-core6-core8 GB8 GB16 GB16 GB32 GBApplication Throughput (L4/L7)Layer 4 CPSThunder 3230(S) Thunder 3430(S)*4*477k*4 / 75k*4Network InterfaceMemory (ECC RAM)Hardware Acceleration64-bit Linear Decoupled ArchitectureYesYesYesYesYesFlexible Traffic AccelerationSoftwareSoftwareSoftware1 x FTA-4 FPGA1 x FTA-4 d*6Hybrid*6SSL Security Processor (‘S’ Models)N/ASingleSingleDualDual or Quad66W / 76W98W / 108W131W / 139W190W*5 / 240W*5210W*5 / 260W*5Heat in BTU/hr (Typical/Max)225 / 259334 / 369447 / 474648*5 / 819*5717*5 / 887*5Performance Per Watt (PPW)2,6325,3966,2509,615Dual 600W RPSDual 600W RPSDual 600W RPSPower Consumption (Typical/Max)Power Supply(DC option available)*24,167Single 600W Single 600W 80 Plus Platinum efficiency, 100 - 240 VAC, Frequency 50 – 60 HzCooling FanHot Swap Smart FansDimensionsRack Units (Mountable)Unit Weight1.75 in (H), 17.5 in (W), 17.45 in (D)1U1U1U1U1U17.8 lbs19.9 lbs (RPS)18.0 lbs20.1 lbs (RPS)20.1 lbs23 lbs23 lbsOperating RangesRegulatory CertificationsStandard Warranty1.75 in (H), 17.5 in (W), 17.15 in (D)Temperature 0 - 40 C Humidity 5% - 95%FCC Class A, UL,CE, TUV, CB, VCCI,China CCC, MSIP,BSMI, RCM, FAC RoHSFCC Class A, UL,CE, TUV, CB, VCCI,China CCC, MSIPBSMI, RCM, FAC RoHS, FIPS 140-2*3FCC Class A, UL,CE, TUV, CB, VCCI,China CCC, MSIP,BSMI, RCM, EAC,FAC RoHS, FIPS140-2*3FCC Class A , UL ,CE , TUV , CB ,VCCI , China CCC ,BSMI , RCM RoHS , FIPS 1402 *3FCC Class A , UL ,CE , TUV , CB ,VCCI , China CCC ,BSMI , RCM RoHS , FIPS 1402 *390-day Hardware and SoftwareLayer 7 connections per second - measures number of new HTTP connections (1 HTTP request per TCP connection, without TCP connection reuse) within 1 second *2 Layer 4 CPS per Watt (Max) *3 For FIPS 140-2,FIPS models must be purchased *4 With maximum SSL *5 With base model. Number varies by SSL model *6 No dedicated hardware but FTA-4 FPGA handles select switching/routing functions Optional RPSavailable Certification in process*15
Thunder ADC Hardware Appliance Specifications Table (continued)Thunder 4430(S)Thunder 5330(S)Thunder 5430(S)-11Application Throughput (L4/L7)38 Gbps /38 Gbps78 Gbps /78 Gbps79 Gbps /78 GbpsLayer 4 CPS2.7 million3.1 million3.7 millionLayer 4 HTTP RPS12 million15 million20 millionLayer 7 CPS (1:1) *1620k770k790kSSL CPS (1024/2048)DDoS Protection (SYN Flood) SYN/sec86k / 84k*498k / 96k*4*4111k*4 / 110k*4*455 million112 million112 million1271271,0230001 GE Fiber (SFP)0001/10 GE Fiber (SFP )16816Application Delivery Partitions (ADP) L3VNetwork Interface1 GE Copper40 GE Fiber (QSFP )404Management InterfaceYesYesYesLights Out ManagementYesYesYesConsole PortYesYesYesSolid-state Drive (SSD)YesYesYesProcessor (Intel Xeon)6-core10-core10-coreMemory (ECC RAM)32 GB32 GB64 GBHardware Acceleration64-bit Linear Decoupled ArchitectureYesYesYes1 x FTA-3 FPGA1 x FTA-4 FPGA2 x FTA-3 FPGAHardwareHybrid*6HardwareDual or QuadDual or QuadDual or Quad266W*5 / 319W*5210W*5 / 260W*5288W*5 / 345W*5Heat in BTU/hr (Typical/Max)908 / 1,088717 / 887983*5 / 1,178*5Performance Per Watt (PPW)*28,464*511,92310,725*5Dual 600W RPSDual 600W RPSDual 600W RPSFlexible Traffic AccelerationSwitching/RoutingSSL Security Processor (‘S’ Models)Power Consumption (Typical/Max)Power Supply(DC option available)*5*5*580 Plus Platinum efficiency, 100 - 240 VAC, Frequency 50 – 60 HzCooling FanDimensionsRack Units (Mountable)Unit WeightOperating RangesRegulatory CertificationsStandard Warranty*5Hot Swap Smart Fans1.75 in (H), 17 in (W), 24.6 in(D)1.75 in (H), 17.5 in (W), 17.15in (D)1.75 in (H), 17 in (W), 24.6 in(D)1U1U1U23 lbs25.6 lbs25.2 lbsTemperature 0 - 40 C Humidity 5% - 95%FCC Class A, UL, CE, TUV, CB,VCCI, China CCC, MSIP, BSMI,RCM RoHS, FIPS 140-2 *3FCC Class A , UL , CE , TUV ,CB , VCCI , China CCC , BSMI ,RCM RoHS , FIPS 140-2 *3FCC Class A, UL, CE, TUV, CB,VCCI, China CCC, MSIP, BSMI,RCM RoHS, FIPS 140-2 *390-day Hardware and SoftwareLayer 7 connections per second - measures number of new HTTP connections (1 HTTP request per TCP connection, without TCP connection reuse) within 1 second *2 Layer 4 CPS per Watt (Max) *3 For FIPS 140-2,FIPS models must be purchased *4 With maximum SSL *5 With base model. Number varies by SSL model *6 No dedicated hardware but FTA-4 FPGA handles select switching/routing functions Optional RPSavailable Certification in process*16
Thunder ADC Hardware Appliance Specifications Table (continued)Application Throughput (L4/L7)Layer 4 CPSLayer 4 HTTP RPSLayer 7 CPS (1:1)*1SSL CPS (1024/2048)DDoS Protection (SYN Flood) SYN/secApplication Delivery Partitions (ADP) L3VThunder 5630(S)Thunder 6430(S)Thunder 6630(S)79 Gbps / 78 Gbps150 Gbps / 145 Gbps150 Gbps / 145 Gbps6 million5.3 million7.
SSL Insight also utilizes SSL security processors in hardware appliances to provide high-performance decryption and re-encryption. Secure Cloud Interconnect provides hyper-scale performance IPsec VPN connectivity. Protect against the latest emerging threats: As threats emerge, the A10 Th
