Guest

Cisco Services Modules

Cisco ACE Application Control Engine Module Software Release 2.3.0

  • Viewing Options

  • PDF (95.6 KB)
  • Feedback

PB458841

The Cisco ® ACE Application Control Engine Module for the Cisco Catalyst ® 6500 Series Switches and Cisco 7600 Series Routers represents the next-generation of application switches for increasing the availability, accelerating the performance, and enhancing the security of data center applications. The Cisco ACE Module allows enterprises and service providers to accomplish four primary IT objectives for application delivery:

• Increase application availability

• Accelerate application performance

• Secure the data center and critical business applications

• Facilitate data center consolidation through the use of fewer servers and load balancers

New Features

Cisco ACE Module Software Release 2.3.0 includes the following features, summarized in Table 1:

• New management and reporting capabilities

– Secure backup and restore of Cisco ACE Module files

– Enhanced Simple Network Management Protocol (SNMP) MIB support

– Bulk copy for SSL certificate and key files

– Granular reporting of HTTP URL hits on a virtual IP address1

– New syslog messages for Network Address Translation (NAT)1

Comprehensive suite of SSL offload features

– HTTP header insert for SSL information

– HTTP redirect on client authentication failure

– Lightweight Directory Access Protocol (LDAP)-based certificate revocation list (CRL) retrieval1

– CRL checking of SSL server certificates1

– Sample SSL key and certificate

• Scalability, load-balancing, and networking enhancements

– Enhanced scalability for global server load balancing (GSLB) with Cisco Global Site Selector (GSS) Software1

– Persistence rebalance for HTTP GET requests on the same TCP connection

– Support for secondary IP addresses on an interface VLAN

Table 1. New Features in Cisco ACE Module Software Release 2.3.0

Feature

Description

Benefit

Secure backup and restore of Cisco ACE Module files

The Cisco ACE Module can securely back up and restore the startup configuration, running configuration, checkpoints, license files, and SSL keys and certificate files across multiple virtual devices with a single command, both in administrator and user contexts. An option allows encryption of the backup archive to securely store the SSL keys and certificates.

Provides efficient and administrator-friendly user interface, especially in an environment with multiple contexts, freeing administrators to do more with reduced IT operating budgets

Enhanced SNMP MIB support

The Cisco ACE Module supports additional SNMP MIBs, leading to parity with the MIBs supported on the Cisco ACE 4710.

Enables centralized management of the load balancing infrastructure, improving agility in IT operations

Bulk copy command for SSL certificates and key pairs

The bulk copy command for SSL certificates and key pairs enables the import of multiple SSL certificates and key-pair files at the same time.

Increases productivity by reducing time needed to copy SSL files

Granular reporting of HTTP URL hits on a virtual IP address

The Layer 7 match HTTP URL statement hit count feature allows you to display the number of times that a connection is established (hit count) based on match HTTP URL statements for a class map in a Layer 7 HTTP policy map.

Provides reporting capability for multiple web applications under the same virtual IP address

Syslog reporting for NAT

New syslog messages track the NAT function.

Complies with regulations for service providers to log NAT maps

HTTP header insert for SSL information

The Cisco ACE Module can offload SSL processing from the real server in the web application server farm. In some cases, the web application still requires SSL-related information such as the SSL session parameters, SSL server certificate, and SSL client certificate. With this new feature, the information is provided to the web application through user-defined HTTP protocol headers that are inserted by the Cisco ACE Module during HTTP communication with the real server running the web application.

Efficiently uses expensive real server cycles to process application data and provide a secure single point of management for SSL server certificates on the Cisco ACE Module

HTTP redirect on client authentication failure

The Cisco ACE Module can redirect users in the event of failed client authentication, providing more information such as the reason for the client authentication failure and recommended next steps to restore access to the application.

Efficiently handles client authentication failures, reducing calls to application support and improving the user experience, while providing the benefits of SSL offload

LDAP-based CRL retrieval for SSL offload

The Cisco ACE Module can query the CRL distribution point (CDP) server using the LDAP protocol, both in SSL termination and end-to-end SSL deployment modes.

Enables transparent migration to Cisco ACE SSL offload for environments currently providing access to CDP servers using LDAP

CRL checking of SSL server certificates

The Cisco ACE Module can query the CDP server to verify that an SSL termination point's certificate has not been revoked.

Enables transparent migration to Cisco ACE SSL offload for environments currently verifying SSL server certificates using CRLs

Sample SSL key and certificate

The Cisco ACE Module software image has a sample SSL key and certificate pair to get the user started with SSL offload function testing and integration prior to requesting a third-party-generated SSL key and certificate pair for use in real-world production environments.

Facilitates demonstration and testing of the SSL offload feature

Enhanced scalability for GSLB with Cisco GSS

Cisco ACE Module integration with Cisco GSS now supports up to 4000 virtual IP addresses per Domain Name System (DNS) domain, which scales the Cisco ACE load-balancing solution for large enterprises and service providers.

Scales capacity for a GSLB solution with the Cisco ACE Module and Cisco GSS, leading to investment protection and reduced capital expenditures (CapEx)

Persistence rebalance for HTTP requests on the same TCP connection

The Cisco ACE Module can be configured to load balance each HTTP request on the same TCP connection from a client IP address.

Uniformly distributes HTTP traffic if a significant share of the HTTP requests are from the same client, leading to better resource utilization

Support for secondary IP addresses on an interface VLAN

The Cisco ACE Module supports secondary IP addresses on an interface VLAN in addition to the primary IP address.

Enables transparent migration from load-balancing products that support secondary IP addresses on a VLAN

System Requirements

Table 2 lists the system requirements for the Cisco ACE Module.

Table 2. Cisco Catalyst 6500 and Cisco 7600 Series System Requirements for Cisco ACE Module

Requirement

Description

Chassis

All Cisco Catalyst 6500 Series and Cisco 7600 Series chassis

Supervisor engines

• Cisco Catalyst 6500 Series Supervisor Engine 720 and Virtual Switching Supervisor Engine 720 with 10GE Uplinks
• Cisco 7600 Series Supervisor Engine 720 with Multilayer Switch Feature Card and Route Switch Processor 720 with Multilayer Switch Feature Card

Chassis OS

• Cisco Catalyst 6500 Series running Cisco IOS® Software Release 12.2(18)SXF4 or later for Supervisor Engine 720, and Release 12.2(33)SXH or later for Supervisor Engine 720 with 10GE
• Cisco 7600 Series running Cisco IOS Software Release 12.2(18)SXF4 or later and Release 12.2(33)SRB or later for Supervisor Engine 720, and 12.2(33)SRC or later for Route Switch Processor 720

Chassis connectivity

Functions as a fabric-enabled line card

Chassis slots

Occupies 1 slot in the chassis

Ordering Information

Table 3 provides ordering information for the Cisco ACE Module.

Table 3. Ordering Information

Part Number

Description

C6509E-ACE20-8-K9**

Cisco ACE20 6509E SUP720-10G Bundle with 8Gbps Throughput License

WS-C6509E-ACE20-K9**

Cisco ACE20 6509 Bundle with 8 Gbps Throughput License

WS-C6504E-ACE20-K9**

Cisco ACE20 6504 Bundle with 4 Gbps Throughput License

WS-C6509-E-ACE-K9**

Cisco ACE10 6509 Bundle with 8 Gbps Throughput License

WS-C6504-E-ACE-K9**

Cisco ACE10 6504 Bundle with 4 Gbps Throughput License

ACE20-MOD-K9

Cisco ACE20 Service Module for Cisco Catalyst 6500 Series and Cisco 7600 Series: Includes 1000 SSL TPS and 5 Virtual Devices

ACE20-MOD-K9=

Cisco ACE20 Service Module for Cisco Catalyst 6500 Series and Cisco 7600 Series: Includes 1000 SSL TPS and 5 Virtual Devices (spare)

ACE10-6500-K9

Cisco ACE10 Service Module for Cisco Catalyst 6500 Series and Cisco 7600 Series, Includes 1000 SSL TPS and 5 Virtual Devices

ACE10-6500-K9=

Cisco ACE10 Service Module for Cisco Catalyst 6500 Series and Cisco 7600 Series, Includes 1000 SSL TPS and 5 Virtual Devices (spare)

ACE-16G-LIC

16Gbps Throughput License for Cisco ACE20

ACE-08G-LIC

8-Gbps Throughput License for Cisco ACE 10 and Cisco ACE20

ACE-04G-LIC

4-Gbps Throughput License for Cisco ACE10 and Cisco ACE20

ACE-UPG2-LIC=

Upgrade License from 8 Gbps to 16 Gbps for Cisco ACE20

ACE-UPG1-LIC=

Upgrade License from 4 Gbps to 8 Gbps for Cisco ACE10 and Cisco ACE20

ACE-SSL-15K-K9

15,000 SSL Transactions per Second License for Cisco ACE10 and Cisco ACE20

ACE-SSL-10K-K9

10,000 SSL Transactions per Second License for Cisco ACE10 and Cisco ACE20

ACE-SSL-05K-K9

5,000 SSL Transactions per Second License for Cisco ACE10 and Cisco ACE20

ACE-SSL-UP2-K9=

Upgrade license from 10,000 to 15,000 SSL Transactions per Second License for Cisco ACE10 and Cisco ACE20

ACE-SSL-UP1-K9=

Upgrade license from 5,000 to 10,000 SSL Transactions per Second License for Cisco ACE10 and Cisco ACE20

ACE-VIRT-250

250 Virtual Contexts License for Cisco ACE10 and Cisco ACE20

ACE-VIRT-100

100 Virtual Contexts License for Cisco ACE10 and Cisco ACE20

ACE-VIRT-050

50 Virtual Contexts License for Cisco ACE10 and Cisco ACE20

ACE-VIRT-020

20 Virtual Contexts License for Cisco ACE10 and Cisco ACE20

ACE-VIRT-UP3

Upgrade License from 100 to 250 Virtual Contexts for Cisco ACE10 and Cisco ACE20

ACE-VIRT-UP2

Upgrade License from 50 to 100 Virtual Contexts for Cisco ACE10 and Cisco ACE20

ACE-VIRT-UP1

Upgrade License from 20 to 50 Virtual Contexts for Cisco ACE10 and Cisco ACE20

** Cisco ACE bundles do not include I/O modules so that customers can order the I/O modules of their choice.

For More Information

For more information about the Cisco ACE Module, visit http://www.cisco.com/go/ace or contact your local Cisco account representative.
1This feature was first introduced in Cisco ACE Module Software Release 2.2.0.