Network Functions Platforms
The Agility of Virtualization. The Performance of Dedicated Appliances.
Enterprises and service providers are moving toward a virtual approach to network and security functions to gain agility and operational efficiencies. However, virtualized servers often fall short when running I/O and compute-intensive networking, security and app delivery functions. In addition, VA provisioning can be complex. All of which adversely impacts adoption and the ability to maintain SLAs for business-critical customers and applications.
In addition to abstracting complexity and taking the guesswork out of VA provisioning, AVX Series Network Functions Platforms provide the best of both worlds – the agility of virtualization and the performance of dedicated appliances. Mix and match different size ADC, SSL VPN and 3rd-party networking, security and app delivery virtual appliances. Add, manage, change and delete VAs on a purpose-built platform that enables intuitive instantiation, service automation and guaranteed performance per virtual network function.
Guaranteed Performance in a Shared Environment
Deploying I/O- and compute-intensive networking, security and app delivery functions on general-purpose virtualized servers is inefficient. SSL encryption, for example, typically requires specialized hardware, and performance can sharply degrade when deployed in virtual environments. In contrast, Array Network Functions Platforms excel at SSL and other networking, security and app delivery tasks – delivering performance on par with dedicated hardware while shrinking the data center footprint by up to 16x versus standalone appliances.
Data Center Consolidation
In many situations, data center managers deploy dedicated appliances for critical networking and security functions because the performance hit of virtualized appliances is just too high. While this is an understandable choice, over time it can lead to dozens if not hundreds of physical appliances in the data center taking up rack space as well as increasing costs for power, cooling and cabling – not to mention the additional work hours needed to configure and manage them.
The AVX Series network functions platform can consolidate multiple networking and security virtual appliances into just a few rack units, saving on the high cost of dedicated appliances as well as space, power and cooling costs. The AVX Series also offers a centralized management console allowing convenient access to VA-level configuration and modification, as well as one-click access to devices’ WebUIs or CLI screens.
Traditionally, network managers have deployed best-of-breed, single-function security appliances to protect against attacks, intrusion and other threats. However, solutions such as WAF, NGFW, IDS/IPS and DDoS protection either lack the ability to decrypt and inspect SSL traffic – the majority of traffic today – or high volumes of SSL traffic can overwhelm their in-built SSL resources, robbing processing cycles and impacting performance.
The AVX Series offers high-performance SSL processing hardware to help ensure robust throughput for security VAs. In addition, SSL decryption, load balancing and security VAs can be orchestrated into service chains to maximize the efficiency and effectiveness of individual point security products. In the example below, a virtual ADC decrypts SSL traffic, which is then passed through a virtual NGFW, virtual IPS/IDS, virtual TAP before being re-encrypted by a second virtual ADC and forwarded to its destination. In this way, each discreet security device is able to do what it does best, with the advantage of full visibility into SSL traffic and the benefit of pre-processing by other security VAs to provide the higher quality security services.
Taking the Guesswork Out of NFV
Mastering the intricacies of hypervisor management, virtual and physical port mapping, CPU pinning, NUMA boundary settings, SR-IOV and drivers can be costly and complex. Server-centric technologies may also be unfamiliar to networking and security teams. The ArrayOS™ Resource Manager abstracts these obstacles to NVF deployment by automating VM resource allocation and network settings in a manner that guarantees the performance and functionality of hosted virtual appliances.
The platform also achieves a level of flexibility that far exceeds traditional hardware appliances. Hosted virtual appliances may be spun up on-demand via remote management and may be integrated with a cloud management system for automated provisioning. Functions can be assigned larger VMs for higher levels of performance, capacity is available on a pay-as-you-go basis and capacity can be repurposed as needed to support alternate networking and security virtual appliances.
App Delivery Functions
The vAPV runs as an entry, small, medium or large virtual application delivery controller on Array’s AVX virtualized appliance to flexibly enable on-demand, full-featured load balancing and application delivery with guaranteed performance.
The vxAG runs an entry, small, medium or large virtual secure access gateway on Array’s AVX virtualized appliance to flexibly enable on-demand, full-featured remote and mobile access with guaranteed performance.