Thank you to everyone who joined SDxCentral and A10 for their exciting DemoFriday on advanced security and application policies. This event on advanced security features Paul Nicholson and Takahiro Mitsuhata of A10 and Chiara Regale of Cisco presenting the latest facts about the integration between the A10 Thunder ADC and Cisco ACI. Following an overview of the A10 Thunder ADC and Cisco ACI, a live demo covered Layer 4-7 security services to be added to the A10 Cisco ACI device package. An exciting step-by-step guide through how a compromised website can be protected by A10 Thunder ADC through configuration derived from the Cisco ACI was also featured.
After the demo, our presenters were nice enough to take some audience questions. Below is the Q&A from the live event.
Does SSL insight decrypt incoming HTTP traffic?
A10: Yes, SSL Insight looks at outgoing and incoming traffic to protect internal users.
When is the device package available and where can I get it?
Is SSL Insight the same as SSL offload?
A10: No, SSL Insight is a relatively new solution being deployed widely in the last year due to the rise of encrypted websites and the associated blindspot it causes in corporate defenses. SSL Offload is a mature technology that has been around for many years, used in many application delivery controllers (ADCs) and server load balancers (SLBs). Specifically:
- SSL Insight is designed to inspect outgoing traffic of internal users and the associated return traffic. Traffic originating from the user is decrypted by SSL Insight, then inspected/action taken by a third party security device, then encrypted by SSL Insight, then sent to the Internet. Returning traffic is then decrypted by SSL Insight, then inspected/action taken by a third party security device, then encrypted and then sent to the internal user.
- SSL Offload is designed to decrypt traffic on the ADC (typically for performance improvements) and to centralize certificate management for, typically, web servers available on the Internet.
What supported hypervisors are there for the virtual appliance? What performance can you get?
A10: We support leading virtual appliances, such as VMware ESXi 4.0 or higher, KVM, Citrix XenServer 6.0, and Microsoft Hyper-V. We also support performance on our Thunder HVA platform running the KVM version of vThunder is 30 Gbps+ of throughput.
How mature is ACI as Data Center technology?
Cisco: The adoption of Cisco ACI has been swift, with many deployments live around the world in production environments. Cisco ACI recently hit a major milestone, showing the maturity and success, the 1000th customer was announced, Danske Bank in Denmark. Danske Bank leads Cisco into the second year of ACI, the stories of results from customers continue to unfold. Customers like Qbranch, Experian, Symantec, NetApp, and Zitcom among others, have also shared their N9K and ACI journeys at Cisco events around the world. You can read more here.
What base platform does the ADC run on?
A10: A10 appliances run the A10 Advanced Core Operating System (ACOS) for maximum performance and scale. ACOS uses a 64-bit, symmetrical shared memory architecture, designed for multi-core CPUs. More information can be found on the ACOS Technology Platform Page.