The Cisco AVS 3110 Application Velocity System is an enterprise data center appliance for improving HTML- and XML-based application performance, measuring end-user response time, and managing application security (Figure 1). It is a complete enterprise application delivery solution for all Web-based (HTTP/HTTPS) HTML and XML enterprise applications. It offers the industry's best set of optimizations that mitigate network latency, reduce bandwidth requirements, and offload servers (Figure 2). The optimizations have an immediate impact on any application and integrate smoothly with any Web front end. Configuration flexibility is assured with detailed rules-based control, pre-built application templates, and comprehensive best practices. No changes to applications, desktops, or servers are required. Cisco AVS 3110 appliance can be rapidly deployed in any environment and can uniquely control and optimize content delivery at the application layer (Layer 7 of the OSI stack). The Cisco AVS 3110 Application Velocity System includes the Condenser Application Accelerator, AppScreen Web Application Firewall, AppScope Monitor, and Management Console. The system supports clustering for high availability and scalability.
Figure 1.
ARCHITECTURE
The architectural approach behind the Cisco AVS 3110 Application Velocity System is open and standards-based. It is focused on a data-center-centric, one-box approach (or asymmetric approach) for acceleration and security, with an agentless architecture for measuring end-user response times. The design concept is "one page, one packet, one traversal." At the core of the Cisco AVS 3110 solution is a full Layer 7 reverse proxy that provides a comprehensive HTML and XML processing engine. This engine not only processes all application content, but also provides for optimization and control at the application and session levels. Unlike systems built on packet-based processing, it can optimize across individual sessions and dramatically improve the way that your applications perform on the network.
Figure 2.
DEPLOYING THE APPLICATON VELOCITY SYSTEM IN THE ENTERPRISE
Deploying the Cisco AVS 3110 in the enterprise typically involves a data center installation behind the firewall and between the desktop/user and the server. It requires no changes to the desktop, applications, or servers. It is easy to install, configure, and manage.
Figure 3.
Condenser Application Accelerator Module
Cisco AVS 3110 Condenser Accelerator Module benefits fall into three categories-network latency mitigation, bandwidth reduction and optimization, and server offload capabilities (Figure 3). The condenser tackles latency, which is one of the largest network bottlenecks. By transforming the browser's own cache into a dynamic "engine", the condenser significantly reduces the amount of data required to complete a page load or transaction while reducing the overall number of network roundtrips required. As a result, less data is being transferred less often-with no changes to clients and applications.
NETWORK LATENCY MITIGATION
Using patented techniques such as FlashForward and Smart Redirect, the condenser can perform user requests at high LAN speeds instead of WAN speeds, which are prone to latency. This typically results in a 200 to 500 percent improvement in response times.
BANDWIDTH REDUCTION
The Cisco AVS 3110 Condenser Accelerator Module enables your company to realize a 70 to 90 percent typical reduction in bandwidth usage. (Figure 4). The result is a dramatic reduction in bandwidth costs, a delay or elimination of network upgrade expenses, and an overall improved end-user experience.
Figure 4.
SERVER OFFLOAD
With the Cisco AVS 3110 Condenser Accelerator Module, your organization can obtain an 80-percent typical reduction in server cycles, greatly increasing the effective capacity in your data center. In addition to better overall performance, you can also delay or reduce server purchases and minimize application licenses.
Figure 5.
Table 1 lists the features and benefits of the Cisco AVS 3110.
Table 1. Features and Benefits of the Cisco AVS 3110
Features
Impact
Benefits
Network Latency Mitigation
• Request aggregation
• Browser cache management
• Browser TCP multiplexing
• PDF download optimization
• Response redirection control
2-5X typical improvements in response time
Dramatically improve end-user performance
Request aggregation Browser cache management Browser TCP multiplexing PDF download optimization Response redirection control
In addition to outstanding performance, the Cisco AVS 3110 Condenser Accelerator Module offers your enterprise industry-leading deployment and management features that both automate mundane tasks and enable IT personnel to easily track network performance with comprehensive reports. Specific features include:
• Condenser auto-installer enables quick and easy deployment with a simple one-command system installation process.
• Graphical reports that enable IT personnel to easily quantify condenser-enabled bandwidth usage reductions (Figure 4).
• Graphical reports that enable IT personnel to easily quantify Condenser throughput (Figure 4).
• The condenser's Simple Network Management Protocol (SNMP) MIB enables SNMP-based condenser management that is compatible with BMC Patrol, IBM, Tivoli, HP OpenView, and others. It also reduces the time and costs associated with management tasks.
• Condenser transaction logging provides access to Web data statistics for traffic accounting and data mining applications.
• Support for multiple URLs and domains enables multiple applications to be handled simultaneously.
• Intelligent data inspection optimizes the condenser's efficiency for maximum application acceleration.
APPSCREEN WEB APPLICATION FIREWALL
The Cisco AVS 3110 AppScreen Web Application Firewall (AppScreen) provides "day-zero" protection using a rule-based, policy-driven approach. This integrated approach offers complete flexibility and helps secure your application infrastructure (even encrypted SSL transactions) from entire classes of HTTP and HTTPS-based threats. AppScreen provides protection against entire classes of attacks, unlike signature-based protection, which handles only specific, known threats, or learned-rules-based protection, which requires an extensive training phase.
Security is always a priority within the enterprise. Yet while network firewalls and intrusion prevention systems protect against network-layer attacks, they do little to prevent application-layer attacks, including worms and other intrusions. These attacks can easily exploit the vulnerabilities found in both the enterprise infrastructure and the applications themselves. AppScreen delivers application protection against classes of attacks right out of the box, with preconfigured rules and policies. AppScreen can be rapidly deployed across applications and via customized rules and policies, without requiring staff to be trained on its management.
Figure 6. Graphical Summary of Incidents by Severity
Day-Zero Protection
Traditional virus checking and signature-based solutions must generally download signatures (definitions) of known viruses in order to defend the system, leaving enterprises vulnerable. AppScreen offers day-zero security, automatically protecting against complete classes of vulnerabilities. Out of the box, AppScreen provides:
• Binary blocking
• Cross-site script blocking
• Directory traversal blocking
• SQL injection blocking
• File upload blocking
Full Content Inspection-Enabled-AppScreen scans and analyzes all HTTP and HTTPS requests. Network firewalls normally only look at the TCP header and about 16K of information; this packet-centric approach does not have content awareness or application awareness. AppScreen's stateful inspection (having awareness of the application state based on content matching) enables a deeper inspection than packet-level information like TCP headers.
Simple, Policy-Driven, Rule-Based Management-AppScreen uses XML to allow administrators to set actions and notifications upon rule matches, at both the global and application-class level, including blacklist and whitelist behaviors. AppScreen even provides additional policies (such as binary blocking) to supplement all standard rule matching.
Reports and Alerts-AppScreen provides graphical views of incidents by severity (Figure 6). It also includes SNMP interfaces allowing alerts published to enterprise management systems.
Customization with XML-AppScreen policies can be customized and enhanced using industry-standard XML.
APPSCOPE END-USER PERFORMANCE MONITOR
The Cisco AVS 3110 AppScope Monitor (AppScope) is the industry's only agentless, end-to-end application performance measurement solution. Installed in the data center, it provides a lightweight way for organizations to monitor, measure, and report end-user response times from a central location. AppScope measures the true application performance as realized by real end users-nothing is simulated. It breaks down response times into individual components that allow better allocation of IT resources and greatly reduce mean time to repair.
Figure 7. URL Trend Report
The unique proxy architecture of the Cisco AVS 3110 enables AppScope to measure not only the delivery time of both HTTP- and HTTPS-encrypted pages (there are no compromises between visibility and security), but also of embedded objects such as images, JavaScripts, and stylesheets. AppScope also accurately determines both the server delay and network delay components associated with the user experience.
Appscope is agentless and transparent, requires no changes to the application or the desktop ("drop-in" deployment), and provides both business-level and process-level aggregation. AppScope's unique statistical traffic-sampling technology enables your company to sample user requests rather than measuring all user requests-a tremendous savings in resources. This makes AppScope highly scalable for high-traffic applications.
GUI-Based Reporting
AppScope provides a sophisticated GUI-based reporting engine to efficiently track application performance. The reporting engine provides detailed graphical performance-monitoring results with full detail available for the following:
• URL group-Analyze results for single and multi-URL transactions
• Source IP address and group-Monitor results for a specific network client and groups of network clients
• Source geography group-Monitor results for clients in distributed remote offices
Once generated, the monitor data is stored in a self-contained relational database for additional flexibility. IT personnel can then use reporting tools such as Crystal Reports, create custom performance-monitoring reports, or integrate the data with all NSM platforms. There is also a wizard-based transaction builder and full support for enterprise management systems, including BMC Patrol, IBM Tivoli, and HP OpenView.
System Specifications
Table 2 provides system specifications for the Cisco AVS 3110
Table 2. Specifications
Chassis
1U appliance
Memory
2 GB
CPU
3 GHz
Bus speed
800 MHz FSB
Panel display
Front-panel power/reset switch and front-panel LCD keypad
