Guest

Cisco AVS 3100 Series Application Velocity System

Cisco AVS 3120 Application Velocity System

  • Viewing Options

  • PDF (177.7 KB)
  • Feedback
Data Sheet

The Cisco® AVS 3120 Application Velocity System significantly lowers the cost of Web application deployments by accelerating performance and optimizing server and network resources. In addition, more business transactions are achieved per minute, eliminating the need for local data centers. Acceleration is accomplished by reducing latency and bandwidth required for any given Web application. Optimization is achieved by off-loading tasks from the server, such as Secure Sockets Layer (SSL) encryption and decryption, compression processing, and redundant requests from the server. Cisco AVS also adds application security at the edge of the data center, further ensuring security of vital corporate resources. Additionally, the Cisco AVS 3180 provides critical Web application monitoring and measurement capability, thereby reducing troubleshooting time.

Cisco AVS 3120 appliances can be rapidly deployed in any environment and can uniquely accelerate, optimize, and secure the delivery of Web applications. No changes are required for application code, desktop applications, or servers. It can be configured and managed with the Cisco AVS 3120 onboard, browser-based GUI management system or with the Cisco AVS 3180 Management Station (see the Cisco AVS 3180 data sheet).

ARCHITECTURE

The architectural approach behind the Cisco AVS 3120 is standards-based; it focuses on a data-center-centric, one-box approach (or asymmetric approach) for acceleration and security, with an agentless architecture for measuring end-user response times. At the core of the Cisco AVS 3120 solution is a comprehensive Layer 7 Web application processing engine, which not only processes all application content but also provides for optimization and security at the application and session levels. It optimizes across individual sessions and dramatically improves the way that applications perform on the network (Figure 1).

Figure 1. Cisco AVS 3120 Architecture

DEPLOYING THE CISCO AVS IN THE ENTERPRISE

Deploying the Cisco AVS 3120 in the enterprise typically involves a data center installation directly in front of the Web application servers and does not require changes to the Web application, desktop application, or servers. Easy to deploy, configure, and manage, the Cisco AVS 3120 appliance can improve Web application performance by 100 to 500 percent or more.

APPLICATION ACCELERATION

The Cisco AVS 3120 appliance significantly mitigates network latency, reduces bandwidth requirements, adds additional application security, and improves server performance by off-loading tasks to the network.

NETWORK LATENCY MITIGATION

Using patented techniques such as FlashForwarding and Smart Redirect, the Cisco AVS 3120 reduces the latency at which a client accesses an application-one of the largest network bottlenecks. By transforming the browser cache into a dynamic "engine," the Cisco AVS 3120 significantly reduces the amount of data required to complete a page load or transaction by reducing the overall number of network round trips required, typically resulting in a 200- to 500-percent improvement in response times for the client.

BANDWIDTH REDUCTION

The Cisco AVS 3120 Application Accelerator Module can help companies realize a 70- to 90-percent typical reduction in bandwidth usage (Figure 2). The result is a dramatic reduction in bandwidth costs, a delay or elimination of network upgrade expenses, and an overall improved
end-user experience.

Figure 2. Performance Improvement and Bandwidth Saving

SERVER CPU OFF-LOAD

With the Cisco AVS 3120 Application Accelerator Module, organizations can obtain up to an 80-percent typical reduction in server cycles, greatly increasing the effective capacity in their data centers. In addition to achieving better overall performance, organizations can also delay or reduce server purchases and minimize application licenses.
Table 1 lists the acceleration features and benefits of the Cisco AVS 3120.

Table 1. Acceleration Features and Benefits of Cisco AVS 3120

Features

Effect

Benefit

Network Latency Mitigation
• Request aggregation
• FlashForwarding and browser cache  management
• Browser TCP multiplexing
• PDF download optimization
• Response redirection control

2 to 5 times typical improvements in response time

Dramatically improve end-user performance

Bandwidth Reduction
• Delta encoding
• Dynamic browser caching
• Dynamic image optimization (JPG,  GIF, PNG)
• Gzip/deflate compression
• Flexible processing rules

70- to 90-percent typical reduction in bandwidth use

• Reduce bandwidth costs
• Delay or eliminate network  upgrades
• Improve end-user performance
Server CPU Off-Load
• Configurable dynamic caching
• Load-based caching
• Lazy request evaluation
• Single sign-on optimizations
• TCP connection multiplexing
• SSL off-load and acceleration
• Static caching
• Extensible Markup Language (XML)  off-load

80-percent typical reduction in server cycles

• Delay or reduce server  purchases
• Minimize application licenses
• Improve performance

WEB APPLICATION FIREWALL

The Cisco AVS 3120 Web Application Firewall module delivers significant level of attack protection available for Web applications. It can be deployed easily and rapidly by network security professionals, making the Cisco AVS 3120 an ideal solution for immediate risk remediation for all enterprise applications. With unprecedented application layer visibility, the Cisco AVS 3120 provides real-time threat detection and analysis with no-risk network deployment options.

Web Applications-The Weakest Link

It is simple, really. Application security is important because applications are the weak link to the most important resources of your company. For hackers thinking about new hacking techniques, the soft target is not the network or the operating systems-it is the applications. Transactional Web applications give anyone with a browser direct, unprecedented access to critical business data: employee records, customer transactions, credit card numbers, social security numbers, and partner information to name just a few.

Figure 3. Threats are Directed at Application Layer

Powerful Web Application Protection

Built upon bidirectional deep inspection technology, the Cisco AVS 3120 Web Application Firewall can immediately block the most common and damaging attacks against Web applications. It effectively thwarts attacks that threaten business continuity and eliminates the need for "rush" software development fixes and patches. Optimized for custom applications where attack signatures do not apply, the Cisco AVS 3120 protects all Web applications against sophisticated custom-made hacker threats such as:

• Structured Query Language (SQL) injection

• Cross-site scripting

• Command injection

• Cookie and session poisoning

• Application reconnaissance

• Lightweight Directory Access Protocol (LDAP) injection

• Buffer overflows

• Directory traversals

• Attack obfuscation

• Application platform exploits

• Zero-day attacks

Rapid and Risk-Free Deployment

The Cisco AVS 3120 is the first and only Web application firewall that can easily and rapidly be deployed by network security professionals.
It provides two deployment modes, including out-of band monitoring mode and inline transparent mode. The out-of-band monitoring mode is a no-risk deployment architecture that transmits no traffic into the network, introduces no points of attack for hackers, and adds no delay to traffic on the network. It can be deployed with zero network downtime and without introducing any single point of failure. The inline transparent mode enables the deployment of the Cisco AVS 3120 with zero network configuration changes. It is completely transparent, and security rules can be applied actively or passively. It can be removed from the network with no changes to network configuration or disruptions to application availability.

Figure 4. Out-of-Band Monitoring

Network security professionals can effortlessly secure any Web application in any network without deep understanding of the application. The Cisco AVS 3120 can be deployed in a variety of security postures, from basic protection from random attacks to advanced protection from targeted attacks. Installation and configuration takes only a few hours, and security policies can be generated automatically. Just as a traditional network firewall denies or allows traffic based on connection tables or network access control lists (ACLs), the Cisco AVS 3120 denies or allows traffic by comparing the results of its deep application inspection with Web application ACLs. Configuring the AVS has the same design as configuring the network ACLs on a firewall, so any security professional already familiar with a network firewall can be productive from the beginning. The Cisco AVS 3120 ships with initial predefined rules providing immediate and effective application protection, while permitting easy customization of the application security policy. The Cisco AVS 3120 provides the network security administrator with unparalleled, granular control over Web application security policies, which can be set and enforced at the URL, parameter, and header level to provide superior flexibility and accuracy.

Benefits and Features

• Protection of mission-critical applications and data from attack

– Protection against all major Web attacks

– HTTP normalization

– Bidirectional deep inspection

– Web application cloaking

– Customizable error codes

– Data theft

– Granular application rules set per URL, header, or parameter

• Rapid and risk-free deployment designed for network security professionals

– Out-of-band monitoring mode

– Transparent inline mode

– Application of rules in active and passive

– Auto-recommendation of security rules

EASY DEPLOYMENT AND MANAGEMENT

In addition to outstanding performance, the Cisco AVS 3120 Application Accelerator Module offers enterprises industry-leading deployment and management features that automate mundane tasks and enable IT personnel to easily track network performance with comprehensive reports. Specific features include:

• Cisco AVS 3120 auto-installer helps enable quick and easy deployment with a simple one-command system installation process.

• Graphical reports help IT personnel easily quantify Cisco AVS 3120-enabled bandwidth usage reductions and Cisco AVS 3120 throughput.

• The Cisco AVS 3120 Simple Network Management Protocol (SNMP) MIB helps enable SNMP-based management that is compatible with BMC Patrol, IBM, Tivoli, HP OpenView, and others. It also reduces the time and costs associated with management tasks.

• Browser-based administration helps enable browser-based Cisco AVS 3120 monitoring to ease management tasks.

• Cisco AVS 3120 transaction logging provides access to Web data statistics for traffic-accounting and data-mining applications.

• Support for multiple URLs and domains helps enable simultaneous handling of multiple applications.

• Intelligent data inspection optimizes efficiency of the Cisco AVS 3120 for maximum application acceleration.

APPSCOPE END-USER PERFORMANCE MONITOR

The Cisco AVS AppScope Monitor (AppScope) is the industry's only agentless, end-to-end application performance measurement solution. The AppScope management client and database run on the Cisco AVS 3180 Management Station Appliance (refer to Cisco AVS 3180 data sheet). AppScope polls performance measurement data from the Cisco AVS 3120 appliance, providing an easy way for organizations to monitor, measure, and report end-user response times from a central location. AppScope measures the true application performance as realized by real end users-nothing is simulated. It breaks down response times into individual components that allow better allocation of IT resources and greatly reduce mean time to repair.

Figure 5. URL Trend Report

The unique proxy architecture of the Cisco AVS 3120 helps AppScope measure not only the delivery time of both HTTP- and HTTPS-encrypted pages (there are no compromises between visibility and security), but also embedded objects such as images, JavaScripts, and style sheets. In addition, AppScope accurately determines both the server-delay and network-delay components associated with the user experience. Agentless and transparent, AppScope requires no changes to the application or the desktop ("drop-in" deployment) and provides both business- and process-level aggregation. The unique statistical traffic-sampling technology of AppScope helps organizations sample user requests rather than measuring them all-offering a tremendous savings in resources and making AppScope highly scalable for high-traffic applications.

GUI-Based Reporting

AppScope provides a sophisticated GUI-based reporting engine to efficiently track application performance. The reporting engine provides detailed graphical performance-monitoring results with details available for the following:

URL group-Analyze results for single- and multi-URL transactions.

Source IP address and group-Monitor results for a specific network client and groups of network clients.

Source geography group-Monitor results for clients in distributed, remote offices.

When generated, the monitor data is stored in a self-contained relational database for additional flexibility. IT personnel can then use reporting tools such as Crystal Reports, create custom performance-monitoring reports, or integrate the data with all network and system management platforms. AppScope also provides a wizard-based transaction builder and full support for enterprise management systems, including BMC Patrol, IBM Tivoli, and HP OpenView.

System Specifications

Tables 2 and 3 provide system specifications for the Cisco AVS 3120 and the Cisco AVS 3180 Management Station, respectively.

Table 2. Cisco AVS 3120 Specifications

Specification

Description

Software

Cisco AVS 3120 Application Accelerator Module, AppScreen Web application firewall, and GUI single-device management; both the Cisco AVS 3120 appliance and the Cisco AVS 3180 Management Station are required for AppScope performance monitoring

Chassis

1-rack unit (1RU) appliance

Memory

4 GB

CPU

3 GHz

Network Ports

1 available RJ-25 10/100/1000 autosensing Ethernet port for inline traffic; 1 available RJ-25 10/100/1000 autosensing Ethernet port for management; 3 additional Ethernet ports are inoperable and will be used in future software releases

Table 3. Cisco AVS 3180 Management Station Specifications

Specification

Description

Software

Cisco AVS AppScope Monitor performance monitoring client; both the Cisco AVS 3120 appliance and the Cisco AVS 3180 Management Station are required for AppScope performance monitoring; GUI device management for one or more Cisco AVS 3120 appliances

Chassis

1RU appliance

Memory

4 GB

CPU

3.2 GHz

Disk Space

Two 200-GB hard disks

Network Ports

1 available RJ-25 10/100/1000 autosensing Ethernet port; 1 additional Ethernet port is inoperable and will be used in future software releases

Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2006 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)Printed in the USA	C78-338639-00   03/06 Text Box:  Corporate HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-4000	800 553-NETS (6387)Fax:	408 526-4100	European HeadquartersCisco Systems International BVHaarlerbergparkHaarlerbergweg 13-191101 CH AmsterdamThe Netherlandswww-europe.cisco.comTel:	31 0 20 357 1000Fax:	31 0 20 357 1100	Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAwww.cisco.comTel:	408 526-7660Fax:	408 527-0883	Asia Pacific HeadquartersCisco Systems, Inc.168 Robinson Road#28-01 Capital TowerSingapore 068912www.cisco.comTel: +65 6317 7777Fax: +65 6317 7799Cisco Systems has more than 200 offices in the following countries and regions. Addresses, phone numbers, and fax numbers are listed onthe Cisco Website at www.cisco.com/go/offices.Argentina · Australia · Austria · Belgium · Brazil · Bulgaria · Canada · Chile · China PRC · Colombia · Costa Rica · Croatia · Cyprus Czech Republic · Denmark · Dubai, UAE · Finland · France · Germany · Greece · Hong Kong SAR · Hungary · India · Indonesia · Ireland · Israel Italy · Japan · Korea · Luxembourg · Malaysia · Mexico · The Netherlands · New Zealand · Norway · Peru · Philippines · Poland · Portugal Puerto Rico · Romania · Russia · Saudi Arabia · Scotland · Singapore · Slovakia · Slovenia · South Africa · Spain · Sweden · Switzerland · Taiwan Thailand · Turkey · Ukraine · United Kingdom · United States · Venezuela · Vietnam · ZimbabweCopyright  2006 Cisco Systems, Inc. All rights reserved. CCSP, CCVP, the Cisco Square Bridge logo, Follow Me Browsing, and StackWise are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, and iQuick Study are service marks of Cisco Systems, Inc.; and Access Registrar, Aironet, BPX, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Enterprise/Solver, EtherChannel, EtherFast, EtherSwitch, Fast Step, FormShare, GigaDrive, GigaStack, HomeLink, Internet Quotient, IOS, IP/TV, iQ Expertise, the iQ logo, iQ Net Readiness Scorecard, LightStream, Linksys, MeetingPlace, MGX, the Networkers logo, Networking Academy, Network Registrar, Packet, PIX, Post-Routing, Pre-Routing, ProConnect, RateMUX, ScriptShare, SlideCast, SMARTnet, The Fastest Way to Increase Your Internet Quotient, and TransPath are registered trademarks of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.All other trademarks mentioned in this document or Website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (0601R)Printed in the USA	C78-338639-00   03/06