08-07-2006 08:03 AM
I am having some trouble getting the difference of the AVS Appliance vs. the ACE Modul for the Cat6K.
Our ACE Moduls are already about to be shipped so i am looking forward to get my hands on those. Checking the Application Solution Section there is also the "new aquired" AVS Appliance listed.
A: Is the AVS a Supplement to the ACE Modul in Areas of HTTP,SSL Compression etc. and more granular Payload Inspection?
B: Is the AVS a "rival" product with different features?
We have some discussions regarding the enhancement of our Portal-Infrastructure and some guys are always putting Netscaler from Citrix on the Agenda. I am sure it is a nice product but i like to keep my Enviroment as far Cisco as i can.
That's why it would be nice to get some advice on how to rate, position or compare the ACE,AVS vs. the Netscaler Solution. I have the feeling some of the features which are in the mentioned Netscaler are splitted into two Cisco products.
Points of interest are...
+Payload/Packet-Inspection
+Compression
Thanks for reading...
08-08-2006 02:10 AM
Can anyone Comment on my impressions listed below and also on my problems in the above Posting?
AVS: Security, TCP Multiplexing, Compression and NO Loadblancing.
ACE: Security, Loadbalancing, Virtualization and TCP Multiplexing but NO Compression? Could Compression be added in future SW Releases?
vs.
Netscaler: Security, TCP Multiplexing, Compression and Loadbalancing
C: If you would combine the ACE and AVS are you supposed to put the AVS behind the ACE for the use of its security features or in Front of a Cat6K with ACE Modul?
D: If you put it behind the ACE is the Idea of running it transparent as more less IDS with App-Accelration and Caching an approach?
E: If you use the Security features of both devices you have more or less a double inspection of the Payload with the AVS going into more depth than the ACE?
Would be great if someone had any experience or advice.
Roble
08-17-2006 01:55 AM
AVS provides performance optimization , monitoring & Security for "WEB based Applications".
AVS is implemented as an Application proxy. This means that beyond simply processing or caching application stream , It maintains intelligence about whats happening on the network. AVS reduces the traffic between enduser and application server.
AVS devices are placed behind loadbalancers. In loadbalanced environments one vip (lets say vip1) is defined for AVS appliances and 2nd vip (vip2) is assigned to APPs servers.
When client makes a request to the application, loadbalancer (ACE/CSM/CSS) forwards the traffic to AVS pool. The selected AVS device then makes a request to vip2 (appsevrer vip).The response from app server is then processed by AVS appliance and sent back to user.
08-18-2006 07:22 AM
Great!
That makes sense and also sounds like a fairly easy method to implement.
Any hints on the capabilities security wise. The AVS IMHO does inspection of the terminated traffic. And if i am not wrong the ACE does also some type of inspection.
Can you or should or shouldn't you mix those features in a data center enviroment?
My ACE's arrived yesterday so once i get an overview of the new blades my questions probably get a bit more precise.
Anyway thanks a lot for answering.
Roble
08-18-2006 11:22 AM
AVS Security system blocks following attacks
Cookie/Session Poisoning
Web Port misuse (Port 80, 8080?)
HTTP tunneling
IM/P2P, MIME policy violation
HTTP header integrity violation
SQL, Cmd, LDAP Injection
Format String Attacks
Cross-Site Scripting
Application Reconnaissance
Buffer Overflows
Directory Traversals
Application Fingerprinting
Application Platform Exploits
Parameter Tampering
ACE Security features
Access Control Lists
DOS protection
TCp Normalization
TCP checksum
Http Filtering
AVS is more of a Layer 7 application proxy that
looks deep into the application headers to find
anomalies.
hope it helps
Syed Iftekhar Ahmed
08-18-2006 11:12 PM
Thanks Ahmed!
Once i have ported the boxes from CSS to the ACE an AVS might be good addition to the current infrastructure. And i can also stay clear of that Netscaler stuff.
Roble
09-18-2006 09:07 AM
Hi,
Can i replace CSS with ACE for load balancing.
As we are planning to upgrade CSS.
Thanks
09-19-2006 12:33 AM
That is what i'm currently working on.
I am testing our ACE Modules with the Portal Application.
Once i have finished that i can give you a bit more info on the transition.
Anyway i think those ACE'es are a nice replacement for the CSS but i have the feeling the SW is still a bit buggy. I have a lot of strange behaviour right now which i can't fully explain so far. Having a look at the Bugtool convinces me of my theory that the SW needs a bit more work. Hope they have a bugfixed Release soon.
Config wise i feel much more comfortable with them compared to the CSS'es.
09-23-2006 06:08 AM
Hi,
on the ACE Module, there are two slots for adding sub modules on it.
So there will be some enhacements for the ACE aviable later.
I think this will be compression and something similar to the AVS engine.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: