The Cisco® ACE 4710 Application Control Engine (Figure 1) belongs to the Cisco ACE family of application switches, used to increase the availability, security and consolidation of data center applications. The Cisco ACE product family consists of the Cisco ACE Modules for the Cisco Catalyst® 6500 Series Switches and the Cisco 7600 Series Routers, Cisco ACE4710 Appliance, Cisco Global Site Selector (GSS) appliance and Cisco Application Networking Manager (ANM) management software.
Figure 1. Cisco ACE4710 Appliance
The Cisco ACE4710 allows enterprises to accomplish these key IT objectives for application delivery:
• Increase application availability and performance
• Secure the data center and applications
• Facilitate data center consolidation through the use of fewer servers, load balancers, and data center firewalls
The Cisco ACE4710 achieves these goals through a broad set of intelligent Layer 4 load-balancing and Layer 7 content-switching technologies that work with IPv4 and IPv6 traffic and are integrated with the latest virtualization and security capabilities. It supports translation between IPv4 and IPv6 traffic, supporting migration to IPv6 and allowing deployments in mixed networks.
The Cisco ACE4710 provides flexibility in managing application traffic, with scalability up to 4 Gbps in a one-rack-unit (1RU) form factor, upgradeable through software licenses, thus providing IT with long-term investment protection and scalability.
Additionally, through virtualization and role-based access control (RBAC) capabilities, the Cisco ACE4710 enables IT to provision and deliver a broad range of applications from a single Cisco ACE appliance, bringing increased scalability for application provisioning to the data center. This capability helps streamline and reduce the cost of operations involved in implementing, scaling, accelerating, and protecting applications.
The Cisco ACE4710 greatly improves server efficiency through highly flexible application traffic management and the offloading of CPU-intensive tasks such as SSL encryption and decryption processing, HTTP compression, and TCP session management.
The Cisco ACE platform is designed to serve as a last line of defense for servers and applications in data centers. An integrated firewall enables IT professionals to comprehensively secure high-value applications in the data center and facilitates data center consolidation (Figure 2).
Figure 2. Cisco ACE Network Integration
By combining high application performance with comprehensive set of state-of-the-art application delivery features, the Cisco ACE4710 promotes greater IT efficiency and reduces the total cost of ownership (TCO).
Features and Benefits
Table 1 summarizes the features and benefits of the Cisco ACE4710 Appliance.
Table 1. Features and Benefits
The Cisco ACE4710 provides load-balancing and content-switching functions with granular traffic control based on customizable Layer 4 through 7 rules with support for both IPv4 and IPv6 addresses, virtual IP addresses (VIPs) and server farms.
Cisco ACE can natively load-balance the following protocols in an IPv4 environment: HTTP/HTTPS, FTP, DNS, ICMP, SIP, RTSP, Extended RTSP, LDAP, RADIUS, SCCP and Microsoft RDP. In an IPv6 environment, it can natively load-balance HTTP, HTTPS and SSL protocols. It has generic protocol parsing capabilities that enable the configuration of application switching and persistence policies based on any information in the traffic payload for custom and packaged applications without requiring any programming.
The Cisco ACE4710 supports translation and load balancing between IPv4 and IPv6 networks and provides flexibility to customers in planning their IPv6 migration.
Predictors or load-balancing algorithms enable the Cisco ACE to select the best server to satisfy a client request.
Persistence and stickiness
Stickiness allows the same client to maintain multiple simultaneous or subsequent TCP or IP connections with the same real server for the duration of a session.
Stateful failover capabilities help ensure resilient network protection for enterprise network environments. The Cisco ACE integrates with Cisco GSS to provide a multiple data center scaling and failover system.
Server health monitoring
Cisco ACE checks the health of application servers and server farms through configuration of health probes.
The Cisco ACE4710 delivers up to 2-Gbps hardware-accelerated data compression and provides faster application performance for application users.
Cisco ACE integrates SSL acceleration technology, which offloads the encryption and decryption of SSL traffic from external devices (servers, appliances, etc.), thereby allowing Cisco ACE to look more deeply into encrypted data and apply security and application switching policies and help ensure compliance with internal and external regulations.
Cisco ACE directs website traffic in the most efficient manner by analyzing and directing incoming traffic at the request level. These capabilities enable granular application-layer policy and offload TCP processing from the web servers, saving CPU cycles.
Data center security
Cisco ACE protects the data center and critical applications from protocol and denial-of-service (DoS) attacks and encrypts mission-critical content.
Cisco ACE provides deep protocol inspection capabilities, which enables IT professionals to comprehensively secure high-value applications in the data center. It secures mission-critical applications and protects against identity theft, data theft, application disruption, and fraud and defends web-based applications and transactions against targeted attacks by professional hackers.
Virtual contexts provide a means for creating resource segmentation and isolation, allowing the Cisco ACE appliance to act as if it were several individual virtual appliances within a single physical appliance. Virtual contexts enable organizations to provide defined levels of service to up to 20 business departments, applications, or customers and partners from a single Cisco ACE appliance.
Role-based access control (RBAC)
RBAC allows organizations to specify administrative roles and restrict administrators to specific functions within the appliance or virtual contexts, allowing each administrator group to freely perform its tasks without affecting the other groups.
Deployment and Management
Through consolidation of application switching, SSL acceleration, data center security, and other functions on one device, Cisco ACE helps achieve better application performance, with fewer devices, simpler network designs, and easier management.
By default, the Cisco ACE4710 supports virtualization with one administrator device and 20 virtual contexts, 7500 SSL transactions per second (TPS), and up to 2 Gbps of compression. The licensed throughput can be increased to up to 4 Gbps without the need for new equipment, through software license upgrades.
Cisco ACE 4710 Device Manager
The Cisco ACE Device Manager, which resides in flash memory on the Cisco ACE appliance, provides a browser-based interface for configuring and managing the Cisco ACE4710 Appliance. Its intuitive interface combines easy navigation with point-and-click provisioning of services, reducing the complexity of configuring virtual services and multiple feature sets.
Cisco Application Networking Manager (ANM)
Cisco ANM supports the management of virtual contexts and hierarchical management domains across multiple Cisco ACE appliances. This server-based management suite discovers, provisions, monitors, and reports across many virtual contexts on multiple Cisco ACE appliances, making deployment transparent.
Table 2 presents the performance specifications for the Cisco ACE4710 Appliance.
Table 2. Product Performance Specifications
Maximum Performance or Configuration
0.5, 1, 2, or 4 Gbps
0.5, 1, or 2 Gbps (using GZIP or Deflate)
7500 SSL TPS using 1024-bit keys
Maximum L4 connections per second
100,000 complete transactions sustained rate
Maximum L7 connections per second
30,000 complete transactions sustained rate
Table 3 presents the product specifications for the Cisco ACE4710 Appliance.
Table 3. Product Specifications
• 1RU appliance
• W x D x H: 16.9 x 20 x 1.67 in. (42.4 x 430 x 509 mm)
Four 10/100/1000 Ethernet ports
Embedded browser-based GUI and SNMP
Typical operating power
128 watts (W)
< 68 dBA
• BSMI BMC
• BSMI RPC
• UL and cUL
• BSMI Safety Report
• BSMI RPC Certificate
Table 4 lists part numbers for ordering the Cisco ACE 4710 Appliance.
Table 4. Ordering Information
Bundles and Upgrades
1G 2 Pack Bundle: Includes two units each of ACE4710 Hardware, 1 Gbps Throughput, 7,500 SSL TPS, 1 Gbps Compression, 20 Virtual contexts, Embedded Device Manager