Deploying I/O- and compute-intensive networking, security and app delivery functions on general-purpose virtualized servers is inefficient. SSL encryption, for example, typically requires specialized hardware, and performance can sharply degrade when deployed in virtual environments. In contrast, Array Network Functions Platforms excel at SSL and other networking, security and app delivery tasks – delivering performance on par with dedicated hardware while shrinking the data center footprint by up to 16x versus standalone appliances.

In many situations, data center managers deploy dedicated appliances for critical networking and security functions because the performance hit of virtualized appliances is just too high. While this is an understandable choice, over time it can lead to dozens if not hundreds of physical appliances in the data center taking up rack space as well as increasing costs for power, cooling and cabling – not to mention the additional work hours needed to configure and manage them.

The AVX Series network functions platform can consolidate multiple networking and security virtual appliances into just a few rack units, saving on the high cost of dedicated appliances as well as space, power and cooling costs. The AVX Series also offers a centralized management console allowing convenient access to VA-level configuration and modification, as well as one-click access to devices’ WebUIs or CLI screens.

Traditionally, network managers have deployed best-of-breed, single-function security appliances to protect against attacks, intrusion and other threats. However, solutions such as WAF, NGFW, IDS/IPS and DDoS protection either lack the ability to decrypt and inspect SSL traffic – the majority of traffic today – or high volumes of SSL traffic can overwhelm their in-built SSL resources, robbing processing cycles and impacting performance.

The AVX Series offers high-performance SSL processing hardware to help ensure robust throughput for security VAs. In addition, SSL decryption, load balancing and security VAs can be orchestrated into service chains to maximize the efficiency and effectiveness of individual point security products. In the example below, a virtual ADC decrypts SSL traffic, which is then passed through a virtual NGFW, virtual IPS/IDS, virtual TAP before being re-encrypted by a second virtual ADC and forwarded to its destination. In this way, each discreet security device is able to do what it does best, with the advantage of full visibility into SSL traffic and the benefit of pre-processing by other security VAs to provide the higher quality security services.

Mastering the intricacies of hypervisor management, virtual and physical port mapping, CPU pinning, NUMA boundary settings, SR-IOV and drivers can be costly and complex. Server-centric technologies may also be unfamiliar to networking and security teams. The ArrayOS™ Resource Manager abstracts these obstacles to NVF deployment by automating VM resource allocation and network settings in a manner that guarantees the performance and functionality of hosted virtual appliances.

The platform also achieves a level of flexibility that far exceeds traditional hardware appliances. Hosted virtual appliances may be spun up on-demand via remote management and may be integrated with a cloud management system for automated provisioning. Functions can be assigned larger VMs for higher levels of performance, capacity is available on a pay-as-you-go basis and capacity can be repurposed as needed to support alternate networking and security virtual appliances.