Cisco ACE 4710
Contents
1. 5 Virtual Devices 50 Application Acceleration Connection License Embedded Device Manager ACE 4710 4F K9 4G Bundle Includes ACE 4710 Hardware 4 Gbps Throughput 7 500 SSL TPS 2Gbps Compression 5 Virtual Devices 50 Application Acceleration Connection License Embedded Device Manager ACE 4710 BUN UP1 0 5G Bundle to 1G Bundle Upgrade License Includes 1 Gbps throughput license 5000 TPS SSL license 500 Mbps compression license 5 virtual devices license 50 Application acceleration conn license ACE 4710 BUN UP2 1G Bundle to 2G Bundle Upgrade License Includes 2 Gbps throughput license 7500 TPS SSL license 1 Gbps compression license 5 virtual devices license 50 Application acceleration conn license ACE 4710 BUN UP3 2G Bundle to 4G Bundle Upgrade License Includes 4 Gbps throughput license 7500 TPS SSL license 2 Gbps compression license 5 virtual devices license 50 Application acceleration conn license Individual Licenses Description ACE AP 02 LIC 2 Gbps Throughput License ACE AP 04 LIC 4 Gbps Throughput License ACE AP 04 UP1 Throughput upgrade license from 1 Gbps to 4 Gbps ACE AP 04 UP2 Throughput upgrade license from 2 Gbps to 4 Gbps ACE AP SSL 05K K9 SSL 5 000 TPS License ACE AP SSL 7K K9 SSL 7 500 TPS License ACE AP VIRT 020 20 Virtual Context License ACE AP C 500 LIC 500 Mbps Compression License ACE AP C 1000 LIC 1 Gbps Co2. GUI and SNMP Typical Operating Power 128 watts W Max Power 345 watts W Flash memory 1GB Ambient temperature 104F 40 Relative humidity 80 Acoustics lt 68 dBA 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 8 of 10 Data Sheet a Item Specification Certifications e FCC e CE e VCCI BSMI BMC e C tick BSMI RPC e UL and cUL e CCC e MIC BSMI Safety Report and BSMI RPC Certificate Ordering Information Table 4 presents part numbers for ordering and Table 5 presents product IDs Table 4 Ordering Information Part Number Description Bundles and Upgrades Description ACE 4710 BAS 2PAK 1G 2 Pack Bundle Includes two units each of ACE 4710 Hardware 1 Gbps Throughput 1000 SSL TPS 100 Mbps Compression 5 Virtual Devices 50 Application Acceleration Connection License Embedded Device Manager ACE 4710 0 5F K9 0 5G Bundle Includes ACE 4710 Hardware 0 5 Gbps Throughput 100 SSL TPS 100 Mbps Compression 5 Virtual Devices 50 Application Acceleration Connection License Embedded Device Manager ACE 4710 1F K9 1G Bundle Includes ACE 4710 Hardware 1 Gbps Throughput 5 000 SSL TPS 500 Mbps Compression 5 Virtual Devices 50 Application Acceleration Connection License Embedded Device Manager ACE 4710 2F K9 2G Bundle Includes ACE 4710 Hardware 2 Gbps Throughput 7 500 SSL TPS 1Gbps Compression
3. and session redundancy with the capability to switch over automatically to a redundant Cisco ACE upon system or network failure failover happens automatically with no human intervention Provides stateful failover capabilities to help ensure resilient network protection for enterprise network environments e Supports active standby and active active redundancy topologies with configuration synchronization e Enables businesses to perform software maintenance release upgrades on Cisco ACE and servers without affecting network uptime or connections Allows stateful redundancy to be enabled on a per virtual device basis isolating a failure to its specific virtual device a failover event in one virtual device does not affect operation of other virtual devices Integrates with the Cisco Global Site Selector GSS software to provide a multiple data center failover system Server health monitoring To instruct Cisco ACE to check the health of servers and server farms user can configure health probes sometimes referred to as keepalives The following probes are supported e ICMP e TCP User Datagram Protocol UDP ECHO tcp udp Finger e HTTP e HTTPS e FTP Telnet e DNS Simple Mail Transfer Protocol SMTP Internet Mail Access Protocol IMAP Post Office Protocol POP RADIUS Scripted Keepalive Application Protocol KAL AP e RTSP e SIP HTTP return code parsing Simple Network Management Protocol SNMP prob
4. cipher suites e SSL accelerated protocols HTTPS Secure IMAP IMAPS Secure Lightweight Directory Access Protocol LDAPS Secure Network News Transfer Protocol NNTPS Secure POP Version 3 POP3S and Secure Telnet STELNET e SSL accelerated ciphers rsa with rc4 128 md5 rsa with rc4 128 sha rsa with des cbc sha rsa with 3des ede cbc sha rsa export with rc4 40 md5 rsa export with des40 cbc sha rsa export1024 with rc4 56 md5 sa export1024 with des cbc sha rsa export1024 with rc4 56 sha rsa with aes 128 cbc sha and rsa with aes 256 cbc sha Public key exchange algorithm RSA 512 bit 768 bit 1024 bit 1536 bit and 2048 bit Digital certificates All major digital certificates from certificate authorities including the following VeriSign Entrust Netscape iPlanet Windows 2000 Certificate Server Thawte Equifax and Genuity TCP offload Cisco ACE directs website traffic in the most efficient manner by analyzing and directing incoming traffic at the request level TCP offload breaks the dependency between application requests and the transport layer It multiplexes and demultiplexes application level requests onto persistent connections set up to back end servers It keeps client and server TCP connections alive independent of each other and reuses TCP connections These capabilities enable granular application layer policy and offload TCP processing from the web servers saving CPU cycles Security Data center securi
5. 0 K9 CON S2P ACE4710 Cisco SMARTnet 2 Hour Premium ACE AP 01 LIC CON SAU ACP01GL Cisco Software Application Support plus Upgrades SASU ACE AP 02 LIC CON SAU ACP02GL Cisco SASU ACE AP 02 LIC ACE AP 04 LIC ACE AP VIRT 020 CON SAU ACPV1020 Cisco SASU ACE AP VIRT 020 ACE AP OPT LIC K9 CON SAU ACP OPT Cisco SASU ACE AP OPT LIC K9 For More Information For more information about the Cisco ACE 4710 visit http www cisco com go ace or contact your local account representative opale CISCO Cseo has mara than 2G off cea worlewids Adgreggss phone numbers and fas numbers are sted on toe Caco Websie at wwweiscocemigainificss 496 the Nive yy ajla risian CIL sine le r Pe Ae Wee of thes ve rahe re Printed in USA C78 440817 06 11 09 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 10 of 10
6. Afafe CISCO Data Sheet Cisco ACE 4710 Application Control Engine Product Overview The Cisco ACE 4710 Application Control Engine represents the next generation of application switches for maximizing the availability acceleration and security of data center applications The Cisco ACE 4710 allows enterprises to accomplish four primary IT objectives for application delivery e Maximize application availability e Accelerate application performance Secure data center and applications Facilitate data center consolidation through fewer servers load balancers and data center firewalls The Cisco ACE 4710 achieves these goals through a broad set of intelligent Layer 4 load balancing and Layer 7 content switching technologies integrated with leading edge acceleration and security capabilities A primary design element of the Cisco ACE 4710 is its use of virtualized architecture and role based administration to streamline and reduce the cost of operations involved in rolling out scaling accelerating and protecting applications To maximize application availability the Cisco ACE 4710 uses best in class application switching algorithms coupled with highly available system software and hardware The Cisco ACE 4710 provides best in industry scalability and throughput for managing application traffic up to 4 Gbps in a one rack unit 1RU form factor upgradeable through software licenses thus providing IT with long term investment prote
7. Role based RBA Figure 3 allows organizations to specify administrative roles and restrict administrators to specific functions within administration RBA the appliance or virtual devices Because multiple administrators within an organization may want to interact with the Cisco ACE appliance at different levels application administration server administration network administration security administration etc it is important to be able to define these administrator roles allowing each administrator group to freely perform its tasks while not affecting the other groups Cisco ACE provides the following predefined roles that cannot be deleted or modified e Admin This role gives a user complete access to and control over all the objects in virtual devices A context administrator can create configure and modify any object in that context including policies roles domains server farms and real servers Network Admin This role provides complete access to and control over the following features interfaces routing connection parameters NAT virtual IP copy configurations and the change to command Network Monitor This role provides access only to all show commands and the change to command If you do not explicitly assign a role to a user with the username command this is the default role Security Admin This role has complete access to and control over the following security related features within a context ACLs application insp
8. bps Compression 1 or 2 Gbps using GZIP or Deflate Syslogs per second 120 000 ACL items Up to 40 000 NAT entries Up to 64 000 NAT translate 1 000 000 PAT Virtual devices 5 virtual devices included in base price upgradeable to 20 virtual devices Total VLANs 1024 Probes 4000 instances of up to 1000 uniquely defined probes ICMP TCP UDP Echo Finger DNS Telnet FTP HTTP HTTPS SMTP POP3 IMAP RADIUS SIP RTSP SNMP KAL AP and scripted SSL Performance SSL throughput 1 Gbps SSL TPS 1000 TPS included in base price upgradeable to 5000 TPS and 7500 SSL TPS Application Switching Performance Maximum connections per second 120 000 complete transactions sustained rate Concurrent connections 1 000 000 Application Switching Configuration Virtual servers 1024 Server farms 1000 Real servers 4000 Sticky table entries 800 000 Web Application Acceleration Performance Advanced application acceleration Advanced application acceleration features of ACE 4710 enable effective use of web browser cache to features reduce number of HTTP responses necessary to view a web page Table 3 presents the product specifications for the Cisco ACE 4710 Table 3 Product Specifications Item Specification Chassis e 1RU appliance WxDxH 16 9 x 20 x 1 67 in 42 4 x 430 x 509 mm Network ports 4 10 100 1000 Ethernet ports Management Embedded browser based
9. ction and scalability Additionally through its innovative virtualization and role based access control capabilities the Cisco ACE 4710 enables IT to provision and deliver a broad range of multiple applications from a single Cisco ACE appliance bringing increased scalability for application provisioning to the data center The Cisco ACE 4710 greatly improves server efficiency through highly flexible application traffic management and the offloading of CPU intensive tasks such as Secure Sockets Layer SSL encryption and decryption processing HTTP compression and TCP session management The Cisco ACE platform is designed to serve as a last line of defense for servers and applications in data centers The Cisco ACE appliance performs deep packet inspection and blocks malicious attacks An integrated firewall enables IT professionals to comprehensively secure high value applications in the data center and facilitates consolidation in the data center Figure 1 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 1 of 11 Data Sheet Figure 1 Cisco ACE Network Integration OTY ORACLE peen 3 y b Ao plumtree ea Cisco ACE WebSphere switch Modul witch Module in Cisco Catalyst SI EBEL Cisco ACE 6500 Series o _ Application Switches yond Switch Appliance s p hea g i S ORACLE Internet P eopleSoft i P Ey Cisco ACE Cisco ACE XML A Global Site Gateway Selector wit
10. e configured to route the traffic when the client side and server side VLANs are on different subnets Bridge mode Cisco ACE can be configured to bridge traffic when the client side and server side VLANs are on the same subnets Asymmetric server normalization ASN Cisco ACE can load balance an initial request from the client to a real server however the server directly responds to the client bypassing Cisco ACE Predictors Cisco ACE performs a series of checks and calculations to determine the server that can best service each client request according to the load balancing algorithm or predictor Cisco ACE uses the following predictors to select the best server to satisfy a client request Adaptive response Least loaded Least bandwidth Least connections Round robin e Hash address e Hash cookie e Hash header e Hash URL Persistence and Cisco ACE provides stickiness that allows the same client to maintain multiple simultaneous or subsequent TCP or IP stickiness connections with the same real server for the duration of a session Cisco ACE supports the following sticky methods Source or destination IP address e Cookie e HTTP header and Generic Protocol Parsing for session level persistence such as SSL session ID 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 3 of 10 Data Sheet a Feature Benefit Redundancy e Provides system
11. ection connection parameters interfaces authentication authorization and accounting AAA NAT copy configurations and the change to command Server Appin Maintenance This role has complete access to and control over the following features real servers server farms load balancing copy configurations and the change to command Server Maintenance This role has access to real server maintenance monitoring and debugging e Real servers Modify permission Server farms Debug permission Virtual IPs Debug permission Probes Debug permission Load balancing Debug permission Change to command Create permission SLB Admin This role has complete access to and control over the following Cisco ACE features within a context real servers server farms virtual IPs probes load balancing Layers 3 4 and 7 NAT interfaces copy configurations and the change to command e SSL Admin This role is the administrator for all SSL features SSL Create permission o o o o o Public key infrastructure PKI Create permission Interfaces Modify permission e Copy configurations Create permission e Change to command Create permission In addition to the preceding default roles new roles can be created to adapt to different organization structures 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 6 of 10 Data Sheet a Feature Benefit Deplo
12. es Performance Application latency Dramatically improves the end user application experience by reducing latency and the number of roundtrips required reduction for application access Eliminates unnecessary browser cache validation requests and provides automatic embedded object version management at the server resulting in significantly improved application response times for application users Caching Caching directly offloads server requests for frequently requested static objects such as images and applets This feature is fully configurable and enhances overall application performance and transaction throughput Cisco ACE delivers a high performance caching architecture to enable several of its patent pending optimizations including delta optimization and FlashForward object acceleration Dynamic caching technology further accelerates enterprise application performance and improves server system scalability by enabling the Cisco ACE to fulfill requests for dynamic content Using this feature the offload capabilities begin to offload application servers and even core databases 1 5 GB of RAM is available for caching The memory ships standard with every appliance Delta encoding Delta encoding significantly reduces the amount of data sent to the client by sending only what has changed in HTML content between successive page visits Cisco ACE can determine exactly what has changed from page to page to the level of detail of a
13. h F Full DNS By combining high application performance with a comprehensive set of state of the art application delivery features the Cisco ACE 4710 promotes greater IT efficiency and reduces the total cost of ownership TCO Figure 2 shows the Cisco ACE 4710 appliance Figure 2 Cisco ACE 4710 Appliance 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 2 of 10 Data Sheet a Features and Benefits Table 1 summarizes the features and benefits of the Cisco ACE 4710 Table 1 Features and Benefits Feature Benefit Availability Application switching The Cisco ACE 4710 represents the next generation of application switches delivering tightly integrated essential application service functions in a single powerful system It provides load balancing and content switching functions with granular traffic control based on customizable Layer 4 through 7 rules e Intelligent device load balancing Cisco ACE provides support for Domain Name System DNS cache transparent caches firewalls intrusion detection system IDS intrusion prevention system IPS VPNs and SSL VPN Generic protocol parsing GPP Cisco ACE has native understanding of the following protocols HTTP FTP DNS Internet Control Message Protocol ICMP Session Initiation Protocol SIP Real Time Streaming Protocol RTSP Extended RTSP RADIUS and Microsoft Remote Desktop Protocol RDP The Ci
14. mpression License ACE AP C 2000 LIC 2 Gbps Compression License ACE AP OPT LIC K9 Application Acceleration License ACE AP SSL UP1 K9 ACE SSL Upgrade from 5 000 to 7 500 TPS ACE AP C UP1 Upgrade Compression From 500 Mbps to 1 Gbps ACE AP C UP2 Upgrade Compression From 500 Mbps to 2 Gbps ACE AP C UP3 Upgrade Compression From 1 Gbps to 2 Gbps 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 9 of 10 Data Sheet oT Table 5 Service Product IDs Product ID Service Product ID Service Level ACE 4710 0 5F K9 CON SNT ACE4710X Cisco SMARTnet ACE 4710 1F K9 CON SNT ACE47101 Cisco SMARTnet ACE 4710 2F K9 CON SNT ACE47102 Cisco SMARTnet ACE 4710 4F K9 CON SNT ACE47104 Cisco SMARTnet ACE 4710 K9 CON SNT ACE4710 Cisco SMARTnet ACE 4710 1F K9 CON SNTE ACE47101 Cisco SMARTnet Enhanced ACE 4710 2F K9 CON SNTE ACE47102 Cisco SMARTnet Enhanced ACE 4710 K9 CON SNTE ACE4710 Cisco SMARTnet Enhanced ACE 4710 1F K9 CON SNTP ACE47101 Cisco SMARTnet Premium ACE 4710 2F K9 CON SNTP ACE47102 Cisco SMARTnet Premium ACE 4710 K9 CON SNTP ACE4710 Cisco SMARTnet Premium ACE 4710 1F K9 CON S2P ACE47101 Cisco SMARTnet 2 Hour Premium ACE 4710 2F K9 CON S2P ACE47102 Cisco SMARTnet 2 Hour Premium ACE 471
15. nd protects against identity theft data theft application disruption and fraud and defends web based applications and transactions against targeted attacks by professional hackers 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 5 of 10 Data Sheet oT Feature Benefit Virtualized Services Virtual devices Virtual devices provide a means for creating resource segmentation and isolation allowing the Cisco ACE appliance to act as if were several individual virtual appliances within a single physical appliance Virtual devices enable organizations to provide defined levels of service to up to 20 business organizations applications or customers and partners from a single Cisco ACE appliance Complete separation of the following Configuration files Management interfaces Application rule sets Customized guaranteed resources per application for the following Throughput e Connections per second Capability to limit and manage the allocation of the following Cisco ACE resources e ACL memory e Buffers for syslog messages and TCP out of order OOO segments e Concurrent connections traffic through the Cisco ACE e Management connections traffic to the Cisco ACE Proxy connections e Setting of resource limit as a rate number per second Regexp memory e SSL connections e Sticky entries e Static or dynamic network address translations xlates
16. ration is a licensable option Cisco Application Cisco ANM supports the management of virtual devices and hierarchical management domains across multiple Cisco Networking Manager ACE appliances This server based management suite discovers provisions monitors and reports across many virtual ANM devices on multiple Cisco ACE appliances making deployment transparent Template based configuration and auditing complement service activation and suspension capabilities to enable quick implementation of applications Configurable RBA delegation of tasks with a matching service API allows concurrent operation by multiple administrator groups across many Cisco ACE appliances and virtual devices Figure 3 Cisco ACE Virtual Devices and RBA Role Physical Module Partition A Definition Gamin Partition B l l l l l l l l Definition Network Security I l l l i l l Resource Allocation Server Admin Admin Management Configuration Monitor T Management Station 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 7 of 10 Data Sheet a Product Specifications Table 2 presents the performance specifications for the Cisco ACE 4710 Table 2 Product Performance Specifications Feature Maximum Performance or Configuration Global Parameters Throughput 0 5 1 2 or 4 G
17. sco ACE GPP feature enables you to configure application switching and persistence policies based on any information in the traffic payload for custom and packaged applications without requiring any programming The Cisco ACE performs payload parsing through hardware using a powerful regular expression regexp engine to obtain maximum performance unlike other software based solutions HTTP header manipulation Cisco ACE supports the capability to modify insert or delete HTTP headers in both client requests and server responses Partial server farm failover Cisco ACE provides the capability to determine which server farm primary or backup receives new traffic based on the number of available real servers rservers e TCP dump Cisco ACE can capture real time packet information for the network traffic that passes through the Cisco ACE for enhanced troubleshooting Source network address translation NAT for virtual IP Source NAT for virtual IP allows user to include a virtual IP address in the NAT pool for dynamic NAT and port address translation PAT with the result that real world IP addresses are saved on the client side network Source NAT for server farm Source NAT can be provided on a backup server farm multiple hops away during the failure of a primary server farm resulting in continuous application availability Flexible network deployment Cisco ACE can be configured in the following modes Routed mode Cisco ACE can b
18. single byte and sends only the content that has changed Compression Cisco ACE delivers powerful 2 Gbps hardware accelerated data compression and provides faster application performance for application users Both gzip and deflate compression are supported 2009 Cisco Systems Inc All rights reserved This document is Cisco Public Information Page 4 of 10 Data Sheet oT Feature Benefit SSL acceleration The Cisco ACE solution integrates SSL acceleration technology which offloads the encryption and decryption of SSL traffic from external devices servers appliances etc thereby allowing the Cisco ACE to look more deeply into encrypted data and apply security and application switching policies This enables Cisco ACE to make more intelligent policy decisions and also helps ensure that your application delivery platform complies with internal and external regulations With reencryption capabilities Cisco ACE SSL acceleration offering helps ensure end to end encryption of sensitive data while providing the capability to apply intelligent policies The following SSL features are supported SSL termination and initiation SSL Version 3 0 Transport Layer Security TLS Version 1 0 back end SSL exportable Rivest Shamir and Adelman RSA cipher suites session ID stickiness SSL URL rewrite HTTP header rewrite session ID reuse client authentication strong RSA cipher suites and Advanced Encryption Standard AES
19. ty The Cisco ACE is designed to serve as a last line of defense for servers and applications in data centers The data center security protects against protocol and denial of service DoS attacks and encrypts mission critical content The Cisco ACE data center security capabilities protect the data center and critical applications from malicious traffic with the following features e HTTP deep packet inspection HTTP header URL and payload e Bidirectional NAT and PAT e Support for static dynamic and policy based NAT and PAT e Access control lists ACLs to selectively allow traffic between ports e TCP connection state tracking Virtual connection state for UDP e Sequence number randomization e TCP header validation e TCP window size checking e Unicast Reverse Path Forwarding URPF checking at session establishment e ACL object grouping e TCP SYN cookies providing distributed DoS DDoS protection e Rate limiting capabilities that can be applied to a set of real servers virtual servers or both Application security Multicore CPU accelerated protocol control offers efficient inspection filtering and fixing of popular data center protocols such as HTTP RTSP DNS FTP ICMP SIP Skinny Client Control Protocol SCCP and LDAP Cisco ACE provides deep protocol inspection capabilities which enables IT professionals to comprehensively secure high value applications in the data center It secures mission critical applications a
20. yment and Management Function consolidation By consolidating the functions of application switching SSL acceleration data center security and more on one device the Cisco ACE derives significant multipliers from bits per second bps to packets per second pps while reducing application latency With consolidation of functions a TCP flow is terminated only once instead of at four or more places across the network saving time processing power and memory The encryption and decryption load balancing decision security check and business policy assignments and validations are all performed at a single point in the network to achieve better application performance with fewer devices simpler network designs and easier management Investment protection By default the Cisco ACE 4710 supports virtualization with one administrator device and five user devices 1 Gbps bandwidth 1000 SSL transactions per second TPS and 100 Mbps of compression The solution can be expanded without the need for new equipment through the following software license upgrades e Throughput The default throughput of 1 Gbps can be increased to 2 or 4 Gbps Virtual devices The number of virtual devices can be increased from 5 to 20 virtual devices e SSL TPS The SSL TPS value can be increased from 1000 to 5000 or 7500 TPS e Compression Compression can be increased to 500 Mbps or 1 or 2 Gbps of throughput Application acceleration Application accele
Download Pdf Manuals
Related Search