The Cisco® AVS 3120 Application Velocity System is an enterprise data center appliance for improving Web application performance, measuring end-user response time, and enforcing application security. It is a complete enterprise application delivery solution for all enterprise Web applications, accelerating the application experience for all users, whether they are in the office or on the road.
The Cisco AVS 3120 offers the industry's best set of optimizations (Figure 2), including:
1. Network latency mitigation
2. Bandwidth reduction
3. Server processing offload
The optimizations have an immediate impact on any application and integrate smoothly with any Web front end. No changes to applications, desktops, or servers are required. Cisco AVS 3120 appliances can be rapidly deployed in any environment and can uniquely control and optimize content delivery at the application layer (Layer 7 of the OSI stack). The Cisco AVS 3120 includes the Application Accelerator Module and AppScreen Web Application Firewall. It can be configured and managed with the on-board, browser-based GUI management system or with the Cisco AVS 3180 Management Station (see the Cisco AVS 3180 data sheet).
The architectural approach behind the Cisco AVS 3120 Application Velocity System is open and standards-based. It focuses on a data-center-centric, one-box approach (or asymmetric approach) for acceleration and security, with an agentless architecture for measuring end-user response times. The design concept is "one page, one packet, one traversal." At the core of the Cisco AVS 3120 solution is a comprehensive Layer 7 Web application processing engine. This engine not only processes all application content, but also provides for optimization and control at the application and session levels. Unlike systems built on packet-based processing, it can optimize across individual sessions and dramatically improve the way that applications perform on the network.
Figure 1. AVS 3120 Architecture
DEPLOYING THE APPLICATION VELOCITY SYSTEM IN THE ENTERPRISE
Deploying the Cisco AVS 3120 in the enterprise typically involves a data center installation directly in front of the Web application servers. It requires no changes to the desktop, applications, or servers. It is easy to install, configure, and manage.
APPLICATION ACCELERATOR MODULE
Cisco AVS 3120 Application Accelerator Module benefits fall into three categories-network latency mitigation, bandwidth reduction, and server CPU offload.
NETWORK LATENCY MITIGATION
Using patented techniques such as FlashForwarding and Smart Redirect, the Cisco AVS 3120 reduces the latency at which a client accesses an application, which is one of the largest network bottlenecks. By transforming the browser's own cache into a dynamic "engine", the Cisco AVS 3120 significantly reduces the amount of data required to complete a page load or transaction by reducing the overall number of network roundtrips required. This typically results in a 200 to 500 percent improvement in response times for the client.
The Cisco AVS 3120 Application Accelerator Module helps your company realize a 70 to 90 percent typical reduction in bandwidth usage (
Figure 2). The result is a dramatic reduction in bandwidth costs, a delay or elimination of network upgrade expenses, and an overall improved end-user experience.
Figure 2. Performance Improvement and Bandwidth Saving
SERVER CPU OFFLOAD
With the Cisco AVS 3120 Application Accelerator Module, your organization can obtain up to an 80-percent typical reduction in server cycles, greatly increasing the effective capacity in your data center. In addition to better overall performance, you can also delay or reduce server purchases and minimize application licenses.
Table 1 lists the features and benefits of the Cisco AVS 3120.
Table 1. Features and Benefits of the Cisco AVS 3120
Network Latency Mitigation
• Request aggregation
• FlashForwarding/browser cache management
• Browser TCP multiplexing
• PDF download optimization
• Response redirection control
2-5X typical improvements in response time
Dramatically improve end-user performance
• Delta encoding
• Dynamic browser caching
• Dynamic image optimization (JPG, GIF, PNG)
• Gzip/DEFLATE compression
• Flexible processing rules
70-90 percent typical reduction in bandwidth use
• Reduce bandwidth costs
• Delay or eliminate network upgrades
• Improve end-user performance
Server CPU Offload
• Configurable dynamic caching
• Load-based caching
• Lazy request evaluation
• Single sign-on optimizations
• TCP connection multiplexing
• Secure Sockets Layer (SSL) offload and acceleration
• Static caching
• XML offload
80 percent typical reduction in server cycles
• Delay or reduce server purchases
• Minimize application licenses
• Improve performance
EASY DEPLOYMENT AND MANAGEMENT
In addition to outstanding performance, the Cisco AVS 3120 Application Accelerator Module offers enterprises industry-leading deployment and management features that automate mundane tasks and enable IT personnel to easily track network performance with comprehensive reports. Specific features include:
• Cisco AVS 3120 auto-installer enables quick and easy deployment with a simple one-command system installation process.
• Graphical reports enable IT personnel to easily quantify Cisco AVS 3120-enabled bandwidth usage reductions and Cisco AVS 3120 throughput
• The Cisco AVS 3120's Simple Network Management Protocol (SNMP) MIB enables SNMP-based management that is compatible with BMC Patrol, IBM, Tivoli, HP OpenView, and others. It also reduces the time and costs associated with management tasks.
• Cisco AVS 3120 transaction logging provides access to Web data statistics for traffic accounting and data mining applications.
• Support for multiple URLs and domains enables multiple applications to be handled simultaneously.
• Intelligent data inspection optimizes the Cisco AVS 3120's efficiency for maximum application acceleration.
APPSCREEN WEB APPLICATION FIREWALL
The Cisco AVS 3120 AppScreen Web Application Firewall (AppScreen) provides "day-zero" protection using a rules-based, policy-driven approach. This integrated approach offers complete flexibility and helps secure your application infrastructure (even encrypted SSL transactions) from entire classes of HTTP and HTTPS-based threats. AppScreen also provides protection against entire classes of attacks, unlike signature-based protection, which handles only specific, known threats; or learned-rules-based protection, which requires an extensive training phase.
Security is always a priority within the enterprise. Yet while network firewalls and intrusion prevention systems protect against network-layer attacks, they do little to prevent application-layer attacks, including worms and other intrusions. These attacks can easily exploit the vulnerabilities found in both the enterprise infrastructure and the applications themselves. The Cisco AVS 3120 AppScreen delivers application protection against classes of attacks right out of the box, with preconfigured rules and policies. AppScreen can be rapidly deployed across applications and via customized rules and policies, without requiring staff to be trained on its management.
Traditional virus checking and signature-based solutions must generally download signatures (definitions) of known viruses in order to defend the system, leaving enterprises vulnerable. The Cisco AVS 3120 AppScreen offers day-zero security, automatically protecting against complete classes of vulnerabilities. Out of the box, AppScreen provides:
• Binary blocking
• Cross-site script blocking
• Directory traversal blocking
• SQL injection blocking
• File upload blocking
Full Content Inspection-Enabled-The Cisco AVS 3120 AppScreen scans and analyzes all HTTP and HTTPS requests. Network firewalls normally only look at the TCP header and about 16 KB of information; this packet-centric approach does not have content awareness or application awareness. AppScreen's stateful inspection (having awareness of the application state based on content matching) enables a deeper inspection than packet-level information like TCP headers.
Simple, Policy-Driven, Rules-Based Management-The Cisco AVS 3120 AppScreen uses XML to allow administrators to set actions and notifications upon rule matches at both the global and application-class levels, including blacklist and whitelist behaviors. AppScreen even provides additional policies (such as binary blocking) to supplement all standard rule matching.
Reports and Alerts-The Cisco AVS 3120 AppScreen provides graphical views of incidents by severity
(Figure 3). It also includes SNMP interfaces, allowing alerts to be published to enterprise management systems.
Customization with XML-Cisco AVS 3120 AppScreen policies can be customized and enhanced using industry-standard XML.
Figure 3. Graphical Summary of Incidents by Severity
APPSCOPE END-USER PERFORMANCE MONITOR
The AppScope Monitor (AppScope) is the industry's only agentless, end-to-end application performance measurement solution. The AppScope management client and database run on the Cisco AVS 3180 Management Station Appliance (see AVS 3180 data sheet). AppScope obtains performance data by polling performance measurement data from the Cisco AVS 3120 appliance. AppScope performance monitoring provides a lightweight way for organizations to monitor, measure, and report end-user response times from a central location. AppScope measures the true application performance as realized by real end users-nothing is simulated. It breaks down response times into individual components that allow better allocation of your IT resources and greatly reduce mean time to repair.
Figure 4. URL Trend Report
AppScope provides a sophisticated GUI-based reporting engine to efficiently track application performance. The reporting engine provides detailed graphical performance-monitoring results with full detail available for the following:
• URL group-Analyze results for single- and multi-URL transactions
• Source IP address and group-Monitor results for a specific network client and groups of network clients
• Source geography group-Monitor results for clients in distributed remote offices
Once generated, the monitor data is stored in a self-contained relational database for additional flexibility. IT personnel can then use reporting tools such as Crystal Reports, create custom performance-monitoring reports, or integrate the data with all Network and System Management
platforms. AppScope also provides a wizard-based transaction builder and full support for enterprise management systems, including BMC Patrol, IBM Tivoli, and HP OpenView.
Table 2 provides system specifications for the Cisco AVS 3120 Application Velocity System. Table 3 provides system specifications for the Cisco AVS 3180 Management Station.
Table 2. Cisco AVS 3120 Application Velocity System Specifications
Application Accelerator Module, AppScreen Web Application Firewall, and GUI single-device management. Both the Cisco AVS 3120 appliance and the Cisco AVS 3180 Management Station are required for AppScope performance monitoring.
One available RJ-25 10/100/1000 autosensing Ethernet port for inline traffic. One available RJ-25 10/100/1000 autosensing Ethernet port for management. Three additional Ethernet ports are inoperable and will be used in future software releases.
Table 3. Cisco AVS 3180 Management Station Specifications
Cisco AVS AppScope Monitor performance monitoring client. Both the Cisco AVS 3120 appliance and the Cisco AVS 3180 Management Station are required for AppScope performance monitoring. GUI device management for one or more Cisco AVS 3120 appliances.
Two 200-GB hard disks
One available RJ-25 10/100/1000 autosensing Ethernet port. One additional Ethernet port is inoperable and will be used in future software releases.