Availability, Performance & Security
APV Series physical and virtual appliances are deployed in front of Web and application servers to distribute traffic, scale server pools, maintain persistence and accelerate applications. In addition, Array ADCs act as both a strategic point of control and a first line of defense for business-critical applications and services.
Array application delivery controllers are ideal for ensuring availability, performance and security for internal users on private networks, as well as end-users accessing Web-based applications and cloud services over the Internet.
Each Array ADC shares an all-inclusive feature set for simple, cost-effective ordering, and is available with your choice of software or hardware SSL acceleration.
Server Load Balancing
APV Series application delivery controllers ensure 99.999% uptime for applications and services. Leveraging robust distribution algorithms, health check mechanisms, clustering and failover capabilities, APV Series appliances maintain connections, ensure persistence, direct traffic away from failed servers and intelligently distribute application services across multiple servers for optimized performance and availability.
Layer-7 Policy Engine
Customized traffic management is often a trade-off between performance, control and ease-of-use. Unlike ADCs that rely on complex, computeintensive scripting to enable custom Layer-7 policies, Array supports a vast library of policies that are hard-coded at the kernel level, are configurable with point-and-click simplicity via the WebUI or CLI, and can be combined and nested to create advanced customized application traffic management. With Array’s unique approach to Layer-7 traffic management, customers get the best of all worlds: ease-of-use, granular control and superior performance and scalability.
2048-Bit SSL Acceleration
SSL acceleration reduces the number of servers required for secure applications, improves server efficiency and dramatically improves application performance.
Offloading compute-intensive key exchange and bulk encryption, and delivering industry-leading client-certificate performance, SSL acceleration is ideal for scaling secure SaaS services, e-commerce environments and business-critical applications requiring high-volume secure connectivity.
Although more secure than the old 1024-bit standard, 2048-bit keys are five times more compute intensive and can impact both performance and the cost of supporting applications. Array 2048 and 4096-bit SSL encryption offers unbeatable scalability and performance with the lowest-cost per SSL TPS to offset transition costs and improve security without impacting performance.
WebWall Web Application Security
With WebWall™, Array’s suite of Web application security capabilities, APV Series application delivery controllers can protect against denial of service (DoS) and malformed URL attacks and allow a wide range of Layer 2 through Layer 7 protective policies to be stacked atop one another for increased security.
APV appliances are security-hardened to protect applications and servers from L4 and L7 DDoS attacks and support content filtering to guard against Syn-flood, tear drop, ping-of-death, Nimda, Smurf and other malicious attacks. APV appliances also feature extensive access control lists, network address translation and stateful packet flow inspection – all executed at the kernel level – to guard against attacks and unauthorized access without impacting performance or scalability.
In addition, integrated Web application firewall capabilities provide deep application data inspection – beyond IP and TCP headers – to deal with attacks such as SQL injection and cross-site scripting. Deployable in front of multiple Web or application servers, Array’s Web application firewall detects and responds to signatures for known application vulnerabilities and is programmable to deal with future threats.
Link Load Balancing & GSLB
Link load balancing (LLB) and global server load balancing (GSLB) ensure 99.999% availability for wide area network (WAN) connections and geographically dispersed sites. Link load balancing with end-to-end health monitoring and dynamic routing detects outages and monitors performance in real time to distribute traffic across multiple WAN connections for a premium, always-on end-user experience. Ideal for geographically distributed applications and multi-site architectures, global server load balancing directs traffic away from failed data centers and intelligently distributes services between sites based on proximity, language, capacity, load and response times for maximum performance and availability.
APV Series appliances leverage multiple acceleration technologies and optimizations to deliver a premium end-user experience for a wide range of applications and data services. Inmemory caching increases server efficiency and improves seek and response times by over 500%, hardware and software compression can reduce bandwidth utilization and end-user response times by more than half and TCP connection multiplexing aggregates millions of short-lived client connections into persistent fast lanes that increase server efficiency by up to 70% while improving application performance.
ePolicy L7 Application Scripting
Where Array’s Layer-7 policy engine cannot meet application traffic management requirements, ePolicy scripting allows transactions and content to be manipulated to achieve traffic distribution that improves data center efficiency and mitigates the effect of delivering applications over the Internet.
eRoute L4 Routing
Using eRoute, inbound and outbound WAN traffic may be load balanced across multiple ISP links based on preset and user-defined algorithms and directed across routes optimized for maximum stability and performance. Additional L4 traffic management features include VLANs, port forwarding, port and link redundancy and the ability to bundle multiple low-cost links to improve bandwidth utilization and reduce costs.
In conjunction with ISVs and application developer partners, Array APV Series appliances have been certified to provide load balancing, acceleration and security for enterprise applications such as Microsoft Lync 2010 and 2013, Microsoft Exchange 2010 and 2013, SAP, Oracle, eClinicalWorks and others. Leveraging deployment guides, businesses can take the guesswork out of application delivery. Following simple step by step instructions, IT can rapidly and confidently configure APV appliances for optimized delivery of business critical applications.
Traffic Shaping & QoS
Traffic shaping optimizes application traffic on WAN links to improve bandwidth utilization and end-user response times. Supporting user-defined policies, APV Series appliances prevent bandwidth-intensive applications from over-utilizing WAN links and ensure essential applications are prioritized to meet service level agreements. Used in conjunction with link load balancing, global server load balancing and QoS features such as filters and CBQs, traffic shaping can dramatically improve application performance.
For organizations needing an IPv6 Web presence, server load balancing protocol translation (SLBPT) transforms existing IPv4 Web sites into IPv6 compatible sites and greatly reduces the need for duplicate equipment, content and management. Where there is a need to make the most of depleted IPv4 resources, NAT and dual NAT (dual-stack IPv6) allow multiple clients to utilize a single IPv4 address. In migration environments, Array IPv6 solutions support both NAT64 and DNS64 to enable IPv6 clients to connect with IPv4 servers and content. To ensure a consistent application experience across IPv4 and IPv6 clients and networks – and to enable fully-capable, next-generation solutions – IPv6 feature parity is supported for all Array APV Series application delivery controllers.
Management & Integration
APV Series application delivery controllers are simple to install and offer intuitive configuration and management via a WebUI and a familiar command line interface. Using the administration tool kit, network managers can view the status for a wide range of system parameters, enable services on the fly and automate configuration using XML-RPC. Leveraging extensible APIs, application and network intelligence can be integrated with third-party monitoring and management or exported for optimizing complementary data center systems. In addition, APV Series appliances support VMware vCenter integration for intelligent command and control of virtualized application infrastructure.
eCloud APIs & OpenStack Integration
To meet the deployment and management requirements of load balancing and application delivery in the cloud, Array’s eCloud API provides a script-level interface for cloud management systems to manage and monitor Array devices and assist in interactions between cloud operating systems and virtual machines running Array load balancing. For cloud providers and enterprises leveraging the OpenStack architecture for cloud management and automation, Array’s integration with OpenStack load balancing-as-a-service (LBaaS) creates a standardized means to rapidly integrate with and control Array technology.
APV Series hardware appliances support two app delivery product editions. AppVelocity supports a rich server load balancing and application acceleration feature set optimized for local traffic management. AppVelocity-S combines high-performance SSL acceleration with server load balancing and application acceleration to create a traffic management solution ideal for ecommerce environments and applications requiring a high-degree of Secure connectivity. Both AppVelocity and AppVelocity-S product editions include link load balancing and support global server load balancing as an option. vAPV virtual appliances bundle all Array load balancing and application delivery features and support GSLB as an option.
Physical & Virtual Appliances
Dedicated APV appliances leverage a multicore architecture, SSDs, hardware SSL and compression, energy-efficient components and 10 GigE to create solutions purpose-built for scalable traffic management.
The APV10650 is available as an AVX10650 multitenant appliance that is capable of supporting up to 8 fully separate APV ADC instances – each with its own CPU, SSL, memory and I/O resources.
Available for common hypervisors, vAPV virtual appliances are ideal for organizations seeking to benefit from the flexibility of virtual environments, offer infrastructure services and new elastic business models or evaluate Array application delivery with minimal risk and up-front cost.
For multi-tenant environments, the AVX Series virtualized appliances support up to 32 separate vAPV, vxAG secure access gateway, or vAWF Web application firewall instances – each with its own CPU, SSL, memory and I/O resources – with mixand-match licensing and pay-as-you-grow pricing.
|Layer 2-7 Policy & Group Management||Multi-level virtual service policy routing – Static, default and backup policies and groups – Layer 2-7 application routing policies – Layer 2-7 server persistence – Application load balancing based on round robin, weighted round robin, least connections, shortest response and SNMP|
|Layer 2-3 Load Balancing||IP/MAC based load balancing for any IP protocol – Round robin, persistent IP and return to sender – Firewall, IPS/ IDS, anti-spam, anti-virus and composite applications|
|Layer 4 Load Balancing||TCP, TCPS and UDP protocols – Round robin, weighted round robin, least connections and shortest response – Persistent IP, hash IP, consistent hash IP, persistent IP + port and port range – All single port TCP applications, RADIUS and DNS server support – Composite IP application support|
|Layer 7 Load Balancing||HTTP/HTTPS, FTP/FTPS, SIP, RTSP and RDP – L7 content switching (QoS network and client port – SSL and SIP session ID – HTTP URL, host name, cookie and any header – hash header, cookie and query) – URL redirect and HTTP request/response rewrite – HTTP request filter|
|Server Persistence||Source + destination IP, Client IP, SSLID, HTTP header, URL, cookie, application – Individual session control|
|Content Routing & Switching||One arm, configurable reverse or transparent proxy mode per VIP – Configurable reverse or transparent proxy mode, triangle mode – Nested L7 and L4 policies – Combine L7 and L4 policies|
|Global Server Load Balancing||Application availability from multiple locations worldwide – DNS DoS protection – Global site/service selection – Proximity and IP persistence – Load balancing between multi-site SSL VPN deployments|
|Link Load Balancing||Outbound: round robin, weighted round robin, shortest response time, target proximity/dynamic detection – Inbound: round robin, weighted round robin, target proximity/dynamic detection – Integrated DNS|
|ePolicy L7 Application Scripting||Customize SLB policies and collaborate with SLB methods to realize load balancing among real services – Analyze packet contents of HTTP, simple object access protocol (SOAP), extensible markup language (XML) and diameter protocols – Receive, send, analyze, and discard generic TCP and TCPS packets – Perform pattern matching for text data – Control TCP connections – Monitor and take statistics of traffic|
|eRoute L4 Routing||Policy-based routing based on port, source/destination IP, UDP protocols, TCP – RIPv1, RIPv2 and OSPF support – Return to sender (RTS)/IP flow persistence – Port forwarding, link aggregation and port redundancy – Transparent to VPN remote access|
|Application, Server & Link Health Checks||ARP, ICMP, TCP, HTTP/HTTPS, DNS, Radius, RTSP, SIP single port/protocol health checks – Multi-port health checks – Health checks by protocol and content verification – Link health checks based on physical port, ICMP and user-defined L4 – Next gateway health checks, destination path health checks – Ensure availability and performance of applications over WAN links from a single point of management – Scriptable customer-defined composite health checks|
|Clustering||Up to 32 nodes – Active/active, active/standby – Configuration synchronization – Application-specific VIP health checks – Stateful TCP failover – Fast failover via USB ports – Automatic ISP failover|
|Single System Image||Create a single VIP (single ADC instance) out of any number of dedicated, multi-tenant or virtual APV appliances – Enable ultimate flexibility in scaling out|
|IPv6||Full IPv6 support – DNS64 & NAT64 – Dual Stack Lite – IPv6 to IPv4 and IPv4 to IPv6 NAT and full IPv6 addressing – IPv6 ready gold certified|
|Networking||Link aggregation, VLAN/MNET, NTP – Static and port-based NAT, advanced NAT for transparent use of multiple WAN links|
|Application Performance||Dynamic detect – Client connection persistence – Connection multiplexing – TCP buffering – IEEE 802.3ad link aggregation|
|SSL Acceleration (2048 & 4096-bit)||Hardware SSL processing – SSLv3 and TLSv1 – 4096-bit maximum cipher key size (RSA) – End-to-end security (Server-side SSL communication) – SSL session reuse and timeout control – Cipher strength reduction – Customizable cipher suite order – Customizable SSL error pages – Sharable to multiple SLB services – SSL self- check|
|Compression||Hardware accelerated – Virtualized compression – Inline HTTP processing – Compresses HTML, XML, Java scripts and CSS – Compresses Microsoft file formats (DOC, XLS, PPT) and PDF|
|Caching||Virtualized, memory-based cache – HTTP 1.1 compliant, policy-based cache|
|Traffic Shaping||Guarantees application performance – Rate shaping for setting user-defined rate limits on critical applications – QoS for traffic prioritization – Supports CBQs and borrow and unborrow bandwidth from queues – Advanced ACL (SLB QoS) – Supports QoS filters based on ports and protocols including TCP, UDP and ICMP|
|WebWall Web Application Security||Hardened OS – Secure access only, access control based on client certificate information and access method – Customer configurable SSL/TLS version, cipher suite and minimum cipher strength – Tamper-proof key and certificate protection – WebWall stateful packet-inspection firewall – Over 1000 ACL rules without performance degradation – Proxy-based firewall – TCP syn-flood protection – Flash and surge event protection – DoS protection – HTTP access method control – URL filtering – HTTP/DNS cache for mitigating DDoS – Web Application Firewall – Deep application data inspection for dealing with attacks such as SQL injection and cross-site scripting – Detects and responds to known application vulnerabilities – Programmable to deal with future threats|
|DDoS Protection (SLB)||Protocol Attacks: SSL invalid packet, SSL handshake attack, HTTP invalid packet attack – Application Attacks: HTTP slow attack, HTTP flood attack, bandwidth consumption attack – DDoS attack logging|
|Client-Server Certificate Management||CSR and private key generation – Self-signed certificate support – Import certificate and private key – Import certificate format – Extensive certificate support – Certificate backup and restore – Wildcard certificate support|
|Client Certificate Authentication & Authorization||Turbo client certificate verification – Root and intermediate CA import – Basic client certificate verification – Certificate chain support – Certificate revocation list (HTTP, FTP, LDAP) – Online certificate status protocol (OCSP, HTTP/HTTPS) – Certificate-based access control – Inside SSL server, two-way certificates|
|Client Certificate Application Integration||Parse client certificate field information with different language/encoding – Pass individual field/group and field/ customer format to back-end applications – HTTP header, URL and cookie – Integrated with proxy rewrite – Detailed SSL statistics|
|System||Centralized cluster management – Secure CLI, WebUI and SSH remote management – XML-RPC for integration with 3rd party management and monitoring – SNMP V2/V3 and private MIBs – Syslog (UDP or TCP) – Administrator and operator account management – E-mail, paging and alerting capability – Multiple configuration files and unit configuration synchronization – Online troubleshooting – Realtime monitoring – Role-based administration control|
|eCloud API||Interface for cloud management systems to control and monitor hardware and virtual APV appliances – Assists interaction between components such as virtual machines in CloudOS environments – Remote management of interaction between components such as virtual machines in CloudOS environments – Remote management of APV appliances – Notification of events on APV appliances – eCloud demo integrated on APV appliance – APV appliances – Notification of events on APV appliances – eCloud demo integrated on APV appliance – Supports integration with OpenStack Load Balancing-as-a-Service (LBaaS) standard Supports integration with OpenStack Load Balancing-as-a-Service (LBaaS) standard|