Alteon Application Switch Family Optimizing networks for business application performance



Similar documents
Secure and Optimize Application Delivery, Performance, and Reliability

Alteon Web OS. Intelligent Internet. What s New in Alteon Web OS Alteon Web OS Benefits. Product Brief

Alteon Switched Firewall

Nortel Networks VPN Gateway 3050 is a flexible security appliance that can be. Optimizing SSL environments to. secure data center applications

>THIS IS THE WAY >THIS IS

Alteon SSL Accelerator. A remote access gateway for today s extended enterprise

Nortel Switched Firewall 5100 Series

How To Build A Switched Firewall 6000 Series From Checkpoint

White Paper. Application-layer security: Enabling the next generation of security services with application switching

APV9650. Application Delivery Controller

NLoad Balancing Stackable Switch

The Alteon isd SSL Accelerator, V2.0

Voice over IP- Session Initiation Protocol (SIP) Load Balancing in the IBM BladeCenter

Product Brief. Nortel Switched Firewall 6000 Series Accelerated VPN-Firewall. Switched Firewall defined

AppDirector Load balancing IBM Websphere and AppXcel

APV x600 Series. Application Delivery Controller APV1600, APV2600, APV4600, APV5600, APV6600, APV8600, APV9600

Radware s AppDirector and AppXcel An Application Delivery solution for applications developed over BEA s Weblogic

SonicWALL Clean VPN. Protect applications with granular access control based on user identity and device identity/integrity

FASTIRON II SWITCHES Foundry Networks award winning FastIron II family of switches provides high-density

Layer 4-7 Server Load Balancing. Security, High-Availability and Scalability of Web and Application Servers

SOLUTION GUIDE. Radware & CyberGuard Complete Security Solutions offering Load Balancing, High Availability and Bandwidth Management.

Gigabit SSL VPN Security Router

Cisco SR 520-T1 Secure Router

Content Switching Module for the Catalyst 6500 and Cisco 7600 Internet Router

Securing Networks with PIX and ASA

Gigabit Content Security Router

Gigabit Multi-Homing VPN Security Router

What's New in Cisco ACE Application Control Engine Module for the Cisco Catalyst 6500 and Cisco 7600 Series Software Release 2.1.0

How To Use The Cisco Wide Area Application Services (Waas) Network Module

Gigabit Multi-Homing VPN Security Router

Unified Services Routers

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

IBM Security Network Intrusion Prevention System

Application Traffic Management

Networking and High Availability

Ixia Director TM. Powerful, All-in-One Smart Filtering with Ultra-High Port Density. Efficient Monitoring Access DATA SHEET

Outline VLAN. Inter-VLAN communication. Layer-3 Switches. Spanning Tree Protocol Recap

Government of Canada Managed Security Service (GCMSS) Annex A-1: Statement of Work - Firewall

Course Overview: Learn the essential skills needed to set up, configure, support, and troubleshoot your TCP/IP-based network.

INTRODUCTION TO FIREWALL SECURITY

Cisco ASA 5500 Series IPS Solution

Unified Services Routers

Building a Systems Infrastructure to Support e- Business

Link Controller ENSURES RELIABLE NETWORK CONNECTIVITY

Cisco ACE 4710 Application Control Engine

WHITE PAPER MICROSOFT LIVE COMMUNICATIONS SERVER 2005 LOAD BALANCING WITH FOUNDRY NETWORKS SERVERIRON PLATFORM

Benefits. Product Overview. There is nothing more important than our customers. DATASHEET

Networking and High Availability

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Deliver More Applications for More Users

Content Scanning for secure transactions using Radware s SecureFlow and AppXcel together with Aladdin s esafe Gateway

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Radware AppDirector and Juniper Networks Secure Access SSL VPN Solution Implementation Guide

DPtech ADX Application Delivery Platform Series

Lucent VPN Firewall Security in x Wireless Networks

Unified Services Routers

Multi-Homing Security Gateway

Avaya P333R-LB. Load Balancing Stackable Switch. Load Balancing Application Guide

Server Iron Hands-on Training

Cisco RV180 VPN Router

EdgeMarc 4508T4/4508T4W Converged Networking Router

Improving Network Efficiency for SMB Through Intelligent Load Balancing

Superior Disaster Recovery with Radware s Global Server Load Balancing (GSLB) Solution

Cisco Intrusion Detection System Services Module (IDSM-2)

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Network Security Firewall

IBM Security Network Intrusion Prevention System

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

Load Balancing Security Gateways WHITE PAPER

Succession VoIP Services

Single Pass Load Balancing with Session Persistence in IPv6 Network. C. J. (Charlie) Liu Network Operations Charter Communications

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

SERVERIRON INTERNET TRAFFIC MANAGEMENT

Professional Integrated SSL-VPN Appliance for Small and Medium-sized businesses

INDIAN INSTITUTE OF TECHNOLOGY BOMBAY MATERIALS MANAGEMENT DIVISION : (+91 22) (DR)

Firewalls and VPNs. Principles of Information Security, 5th Edition 1

Ranch Networks for Hosted Data Centers

CaptIO Policy-Based Security Device

CISCO CATALYST 6500 SERIES CONTENT SWITCHING MODULE

How Cisco IT Uses Firewalls to Protect Cisco Internet Access Locations

White Paper. McAfee Multi-Link. Always-on connectivity with significant savings

Table of Contents. 1 Overview 1-1 Introduction 1-1 Product Design 1-1 Appearance 1-2

Data Sheet. VLD 500 A Series Viaedge Load Director. VLD 500 A Series: VIAEDGE Load Director

Solution Overview. Nortel Networks. Succession. Communication Server for Enterprise 1000

Solution Brief. Secure and Assured Networking for Financial Services

IBM Security Network Protection

McAfee Network Security Platform A uniquely intelligent approach to network security

Cisco VPN 3000 Concentrator Series

Cisco ACE 4710 Application Control Engine

The Application Delivery Controller Understanding Next-Generation Load Balancing Appliances

PIOLINK, Inc. PIOLINK, Inc. commissioned The

- Introduction to PIX/ASA Firewalls -

Dialogic I-Gate 4000 Session Bandwidth Optimizer Core

Availability Digest. Redundant Load Balancing for High Availability July 2013

The Cisco ASA 5500 as a Superior Firewall Solution

Transcription:

Product Brief Alteon Application Switch Family Optimizing networks for business application performance Alteon 2208 Alteon 2216 Alteon* Application Switches help put an end to the brute force approach to network optimization. The Alteon Application Switch is a multi-application switching system designed to allow enterprises to maximize the return on their existing investments in servers and networks through application intelligent traffic management, integrated application support, and sophisticated security features. The switches also allow service providers to efficiently enable differentiated services for their enterprise customers. As enterprises increasingly use networkbased applications to drive efficiency, IT departments must support increased network traffic and server load while facing numerous security challenges. In the past, IT departments could use brute force solutions to solve common problems adding more bandwidth to relieve congestion, adding more servers to improve application performance, or buying more equipment than needed to meet future growth in data traffic. Stagnant or shrinking IT budgets have put an end to those days. Alteon 2424-SSL

The Alteon Application Switch is built utilizing a next-generation version of the proven Alteon Virtual Matrix Architecture and the award-winning application-rich Alteon OS Traffic Management Software. The switches are built from the ground up as specialized high performance Layer 4-7 application switches and enable the broadest range of high-performance traffic management and control services. Able to manage the traffic of any IP-based application based on header or payload information, Alteon Application Switches have the power and intelligence required to perform deep packet inspection on today s most demanding applications (VoIP, wireless, Web services, database, etc.). Alteon Application Switches extend award-winning Alteon switching portfolio, which has been the number one fixed Layer 4-7 Switch for five straight years (Dell Oro, May 03) and includes the Alteon Web Switch 180 series as well as the modular Passport 8600 Layer 2-7 Routing Switch. Alteon Application Switches build on the success of previous Alteon Switches and drive the market forward in a number of key areas: Provides the market s most powerful Layer 4-7 switch with four times the capacity and 2.5 times the performance of the Alteon Web Switch and three to four times the performance of competitor switches, enabling deep packet inspection without adding latency to the network (Tolly, Jan 03) Includes integrated secure sockets layer (SSL) acceleration with accelerated end-to-end encryption Supports SSL virtual private networking (VPN) for clientless remote access to applications. The first integrated SSL VPN Layer 4-7 switch on the market Enables virtualized switch management through the use of tiered management privileges and traffic segregation that allow a service provider or enterprise to use a single switch to virtually support multiple customers/organizations Provides the market s first Web services-aware specialized traffic management features that enable secure, fault-tolerant Web services Adds multi-layer security to networks through a host of features such as comprehensive Denial of Service (TCP, IP, UDP, ICMP) protection, intrusion detection system (IDS) load balancing, port mirroring, bandwidth management, and Peer to Peer application management. Protects network investment by extending the life of existing server and network infrastructures while also providing continued performance headroom for innovative software application and feature development Introduces high port density in a simplified small form factor, with up to 28 ports in a single rack unit Alteon Application Switches optimize networks for business application performance, improving productivity and simplifying operations associated with these applications by: Delivering multi-application support on a single platform to simplify operations. Applications supported by Alteon Application Switches include local and global server load balancing, application redirection, security acceleration, SSL acceleration, SSL VPN, filtering, bandwidth management, and many others. The Alteon 2424-SSL switches recognize and act on a large number of protocols, including streaming and wireless protocols. Enterprises can enable one or more applications based on specific business and networking requirements. All are concurrently supported in a small form factor for operational ease. Tuning business application performance. To fine-tune the performance and efficiency of business applications such as voice over IP, databases, Web services, streaming media, and others, granular information (e.g., Layer 7 information) about those applications is often required. Processing this information requires deep packet inspection and the flexibility to deal with multiple protocols. Alteon Application Switches are built to handle the computational load required for deep packet inspection and the flexibility to interact with and optimize any IP application or service. Performing policy-based application redirection and load balancing based on application and content intelligence. For example, in a domain name system (DNS) server optimization scenario, Alteon Application Switches can dynamically distribute load among multiple DNS servers using two forms of queries (TCP or UDP) and/or based on DNS names. Similar traffic distribution can be obtained with Intrusion Detection Systems, LDAP servers, and many others. As another example, Alteon Application Switches can use Layer 4-7 intelligence to enable differentiated services based on application (URL), user (cookie), or end-user device. Uniquely identifying users and enabling differentiated service is key to maximizing the value of new wireless mobility applications. Ensuring support for applications that require persistence, in which the client must interact with the same server for the life of a session. Examples of applications requiring persistence include multi-page forms, payment transactions, shopping carts, and wireless (WAP). 2

Ensuring fail-safe business continuity To help ensure business continuity, Alteon Application Switches eliminate single points of failure in a network and provide device and application failover. Features that enable business continuity include: Supporting sophisticated server, link, and application health checking and allowing user-scriptable health checks to determine application availability via a sequence of checks. Application-specific health checking is important because it can identify that an application is unavailable, even if the server is operational. For example, a standard TCP health check may indicate that an LDAP server is operational when the LDAP process is hung. LDAP specific health checking allows Alteon Application Switches to identify the problem and distribute traffic to healthy LDAP servers. Another example is the Alteon Application Switch's ability to enable fault-tolerant streaming media architectures with features like RTSP load balancing. Alteon Application Switches bypass unhealthy servers or devices when distributing new sessions and automatically re-enroll them upon service restoration. Enabling a dynamic data path. The combination of sophisticated health checking and application/ content intelligence allows Alteon Application Switches to enable a dynamic data path. Enabling a dynamic data path provides the network the ability to route traffic dynamically based on application, users, and network conditions. This ensures high availability, improves application performance, and minimizes work for IT departments. Enabling a high-availability architecture via support for an advanced implementation of the Virtual Router Redundancy Protocol (VRRP). Alteon Application Switches support active-active, active-standby, and hot-standby modes. Active-Active mode enables simultaneous High Availability and increases device performance. Providing secure access to business applications and networks Alteon Application Switches simplify network implementation and management through support for integrated compute-intensive applications. The integrated applications initially supported by the switches enable secure access to business applications and/or intranets by remote employees, business partners, and other trusted third parties. Figure 1. Basic server load balancing - Improves server utilization - Increases reliability - Enhances performance - Provides scalability exe,.bin,.cgi GET/www.foo.com/ event/reg.bin HTTP 1.1 Request GET/www.foo.com/event exe,.bin,.cgi GET/www.foo.com/event/ images/foo.gif Alteon Application Switch Figure 2. Content intelligent load balancing: dynamic datapath technology enables application awareness for flexible content location and reduced server costs. SSL acceleration offloads and accelerates compute-intensive SSL processing from servers, resulting in improved application performance at a fraction of the cost of adding general purpose servers. To meet the stringent security requirements commonly found in health care, government, and financial applications, Alteon Application Switches, with the optional integrated SSL application processor, support end-to-end encryption all the way to the server and all the features of the industry-leading Alteon SSL Accelerator. The integrated SSL accelerator greatly simplifies certificate management. SSL is also a cost-effective alternative to traditional VPNs when securing Web services transactions. The switches support a maximum of 1,000 transactions per second (real world testing). External SSL acceleration appliances can be added in a plug-and-play fashion for customers requiring additional capacity. For more information on SSL acceleration features, see the Alteon SSL Accelerator Product Brief. 3

Alteon Application Switch 2424-SSL Server load balancing Firewall load balancing SSL VPN allows the Alteon Application Switch to function as a secure remote access gateway. As an optional feature on Alteon Application Switches, Alteon SSL VPN is a remote access security solution that extends the reach of enterprise applications to mobile workers, telecommuters, partners, and customers. With SSL as the underlying security protocol, Alteon SSL VPN allows for truly unrestricted remote access, using the Internet for remote connectivity and the ubiquitous Web browser as the primary client interface. SSL VPN is also more forgiving on the underlying network, minimizing connection disruption and firewall incompatibility issues. The Alteon SSL VPN supports common authentication mechanisms such as RADIUS, LDAP, and Active Directory, and establishes data security at the session/application layer, allowing granular access control and auditing. For more information on SSL VPN features, see the Alteon SSL VPN Solution Brief. Alteon Application Switch 2424 Secure server farm Intranet Figure 3. High-performance multi-layer security protects the network, transport, and application layer Protecting business applications with multi-layer security IDS server load balancing Inherent multi-layer security features allow Alteon Application Switches to protect against external and internal security threats without sacrificing network and application performance. Multi-layer security features include: Providing extensive network traffic control through network address translation (NAT) and powerful filtering capabilities. These capabilities allow Alteon Application Switches to offload firewalls from some tasks, enabling a more efficient DMZ for business applications and allowing IT departments to maximize the use of existing firewalls. Alteon Application Switches support up to 2,048 filtering rules per switch. Filters can be configured to allow, deny, or redirect traffic based on application type, protocol, IP source/destination addresses, Layer 7 attributes (e.g., URL, cookie, HTTP header), and VLAN ID. Utilizing Layer 7 filtering enables the inspection, classification, and blocking of malicious application level attacks such as the Code Red worm and enables IT administrators to inspect and manage the use of Peer to Peer file sharing applications such as KaZaA. Load balancing firewall, IDS, and VPN devices to ensure graceful scalability for increased performance and reliability. Alteon Application Switches can support multiple IDS vendors simultaneously, a requirement in enterprise networks that use multiple IDS vendors to leverage the strengths of each. Thwarting performance-robbing Denial of Service (DoS) attacks without blocking valid session requests. Alteon Application Switches enable comprehensive DoS attack protection based on TCP, IP, UDP, and ICMP attacks. Using delayed binding, SYN floods are denied. The switch temporarily terminates each TCP connection, only allocating/passing a session when a valid response has been received from the client. Sophisticated pattern matching enables ICMP and UDP DoS protection which thwarts a whole host of availability attacks such as ping of death, Fictitious DNS requests, and SQL Slammer. Protecting applications by enabling IT departments to limit the rate of new TCP connections to the application servers on a per-client basis. This feature, called Application Abuse Protection, increases control over access to applications and improves application availability. 4

Scaling business applications efficiently Alteon Application Switches fit into existing networks and help IT administrators cost-effectively scale networks and applications to meet changing business requirements. Features that enable efficient scalability include: Supporting multi-protocol IP switching based on Routing Information Protocol (RIP) v1, Open Shortest Path First (OSPF), Border Gateway Protocol (BGP) 4, Spanning Tree, static routes, and more. The switches learn and cache IP addresses, providing direct IP switching for locally attached networks and the ability to route between VLANs and IP subnets within the switched network without an external router. Enabling plug-and-play deployment. Because Alteon Application Switches use virtual IP (VIP) addresses to represent groups of real servers, firewalls, or other devices, IT administrators can add capacity without having to reconfigure the network by simply adding servers or devices into an existing VIP pool. In addition, one switch can support multiple applications, reducing the need for complex multi-box implementations. Utilizing all switch resources with the Alteon Virtual Matrix Architecture (VMA). VMA dynamically distributes the processing power of multiple switch and application processors to maximize utilization. To ensure the highest performance, VMA distributes processing capacity dynamically to support traffic across all switch ports. This simplifies network provisioning because the switch provisions itself for network traffic patterns instead of requiring IT administrators to architect the network to present traffic evenly across all switch ports. Supports back-end encryption Alteon SSL Accelerator Alteon 2424-SSL Alteon Switched Firewall Alteon 2424-SSL External devices added for scalability and additional performance Single system image enables simple plug-and-play addition of external devices HTTPS Figure 4. Alteon Application Switch 2424-SSL in a typical configuration utilizing Integrated Security Applications 5

Maximizes return on IT investment Alteon Application Switches are designed to maximize return on investment by helping to reduce capital and operating expenses even as network performance increases. Instead of employing brute force techniques, IT departments can use Alteon Application Switches to help provide immediate savings, including: Capturing additional value from existing network infrastructure via improved server/device utilization enabled by a dynamic data path which can reduce server requirements and costs up to 50 percent Enabling deferral of capital expenditures by gracefully scaling server or security implementations as business requirements dictate Extending network asset life which can result in up to 40 percent lower annual costs Prioritizing traffic for the most effective use of bandwidth which can drive significant ROI Enables efficient, highly available streaming media architectures that drive significant ROI through enhanced employee communication and training without the traditional travel expenses. Alteon Application Switch family technical specifications Major applications Server load balancing Local and global server load balancing IP, FTP, LDAP, DNS, RTSP, POP, SMTP, NNTP, IMAP, RADIUS, and others Network device load balancing Firewall, VPN Intrusion detection system WAN link (inbound and outbound) WAP gateway Application redirection SSL acceleration and load balancing Cache Streaming media Advanced filtering Layer 2-7 attributes VLAN Accept, deny, NAT, redirect Rewrite ToS byte Content intelligence Layer 7 inspect Cookie, URL, HTTP header, user agent Embedded security services Access control Advanced Denial of Service protection (TCP, IP, UDP, ICMP) Application abuse protection Layer 7 filtering (Peer to Peer management) Integrated SSL VPN Integrated SSL acceleration Traffic management Bandwidth management and rate limiting ToS marking Persistence support Source IP Source port Cookies SSL identifier HTTP header Network services Layer 2/3 NAT VLAN tagging Trunking Technical specifications IP routing interfaces: 256 VLANs: 255 Default gateways: 259 Trunk groups: 12 6

In addition to immediate savings, Alteon Application Switches can improve application performance and availability, resulting in higher revenue opportunities and reduced costs over time through improved customer satisfaction and employee productivity. As little as a 1/2 percent increase in application availability can drive revenues with an ROI of greater than 900 percent. Alteon switches help enterprises achieve these results by: Simplifying network design and management/operations through support for multiple load balancing applications, bandwidth management, and security application integration in one simple platform Maximizing fail-safe business continuity through sophisticated health checking and load balancing functionality Providing secure remote access simply and cost-effectively with SSL VPN Protecting network and application infrastructure through multi-layer security features Enabling transparent scalability of networking and application infrastructure without operations headaches or application downtime Allowing IT administrators to adjust network and server infrastructure quickly to meet rapidly changing business requirements. Alteon Application Switch family technical specifications (continued) Network protocol and standards compatibility 10BASE-T/100BASE-TX (IEEE 802.3-2000) 1000BASE-SX (IEEE 802.3z) Spanning Tree (IEEE 802.1d) Logical link control (IEEE 802.2) Flow control (IEEE 802.3x) Link negotiation (IEEE 802.3z) VLANs (IEEE 802.1Q) Frame tagging (IEEE 802.1Q) on all ports when VLANs enabled SNMP support: RFC 1213 MIBII, RFC 1493 Bridge MIB, RFC 1398 Ethernet-like MIB, RFC 1757 RMON1 (groups 1-4), and RFC 1573 MIB compliant. Alteon Enterprise MIB. IP RIPv1 OSPF TFTP (RFC 783) BootP (RFC 1542) BootP (RFC 951) Telnet (RFC 854) EtherChannel-compatible trunking Power Auto-ranging power supply 00-240 VAC @ 3.5 Amps, 50-60 Hz Maximum power consumption 250 Watts Environmental temperature 0 to 40 C (+32 to +104 F) Relative humidity 85% maximum, non-condensing Certifications EMC (Electromagnetic requirements) USA: FCC Part 15, Subpart B Class A Australia: AS/NZS CISPR 22:2002 Canada: ICES-003 Japan: VCCI Class A Europe: EN 300 386 v1.3.1 (2001-09) Taiwan: BSMI Registration Certificate Rest of World: CISPR 22 Class A For additional detail on Alteon Application Switch, Alteon Web Switch, Alteon OS, Alteon SSL Accelerator and Alteon SSL VPN capabilities, please refer to: www.nortelnetworks.com/alteon Safety IEC 60950 (International) National Deviation per CB Member Countries to IEC 60950 UL 1950 (USA) CSA 22.2, No. 950 (Canada) EN 60950 (Europe) 7

Alteon Application Switches Alteon switches 2424 2424-SSL 2216 2208 Total ports 28 28 18 10 10/100 Ethernet ports 24 24 16 8 Gigabit Ethernet ports 4 4 2 2 SFP GBIC concurrent sessions 2,000,000 2,000,000 1,000,000 600,000 (1000BASE SX/LX) Layer 7 performance (sessions/second) up to 51K* 30K* 15K* Layer 4 performance (sessions/second) >64K* 40K* 20K* Virtual server support 1,024 1,024 1,024 1,024 Real server support 1,024 1,024 1,024 1,024 Policy filters 2,048 2,048 2,048 2,048 Integrated SSL acceleration (tps.)** no Base: 300 no no Max: 1,000 Integrated SSL VPN no yes no no Maximum concurrent sessions: 16,000 Height (inches/ru) 1.75/1 1.75/1 1.75/1 1.75/1 * Using real-world test scenarios with zero session loss. ** Using real-world test scenarios. In the United States: 35 Davis Drive Research Triangle Park, NC 27709 USA In Canada: 8200 Dixie Road, Suite 100 Brampton, Ontario L6T 5P6 Canada In Caribbean and Latin America: 1500 Concorde Terrace Sunrise, FL 33323 USA In Europe: Maidenhead Office Park Westacott Way Maidenhead Berkshire SL6 3QH UK In Asia: 6/F Cityplaza 4, Taikooshing, 12 Taikoo Wan Road, Hong Kong is an industry leader and innovator focused on transforming how the world communicates and exchanges information. The company is supplying its service provider and enterprise customers with communications technology and infrastructure to enable value-added IP data, voice and multimedia services spanning Wireless Networks, Wireline Networks, Enterprise Networks, and Optical Networks. As a global company, does business in more than 150 countries. More information about can be found on the Web at: www.nortelnetworks.com For more information, contact your representative, or call 1-800-4 NORTEL or 1-800-466-7835 from anywhere in North America., the logo, and the globemark design, and Alteon are trademarks of. All other trademarks are the property of their owners. Copyright 2003 reserves the right, without notice, to make changes to the information contained in this document and in equipment design or components as changes in engineering or manufacturing methods warrant. Nortel Networks assumes no responsibility for any errors that may appear in this document. NN104642-062703

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information