The A10 Lightning Application Delivery Service (ADS) optimizes the delivery and security of cloud-native applications and services running over public or private clouds. For organizations embracing the cloud and application centricity, ADS increases operational efficiency, offloads IT administrators from cumbersome tasks and reduces risk.
The solution provides innovative Layer 4-7 capabilities, including traffic management with contentswitching with advanced elastic load-balancing, security and analytics for applications on public, private and hybrid clouds.
- Scale capacity to meet performance demands. Increase application availability and operational efficiency with advanced elastic load-balancing and application security that auto-scales with demand.
- Make smarter decisions with unique application data. Use per-application analytics to proactively identify issues, streamline troubleshooting and effectively meet capacity requirements to deliver superior user experiences.
- Increase agility with multi-cloud initiatives. Achieve deployment flexibility with the ability to seamlessly manage and maintain workloads residing in private, public or hybrid cloud environments.
- Enhance DevOps processes. ADS is purpose-built for cloud-native applications designed with containers and microservices-based application architectures and elegantly integrates with DevOps processes.
- Defeat cyberattacks and meet compliance requirements. Ensure business continuity by defending against advanced and emerging attacks and ensure uninterrupted operations.
IT infrastructure administrators are able to empower application teams with a self-service model that enhances agility while providing per-application visibility and insights. Its multi-cloud capability and either an aggregate consumption-based subscription pricing model or as a self-managed platform with subscription licensing options increases deployment flexibility and lowers cost.
Architecture and Key Components
A10 Lightning ADS is purpose-built to serve not just traditional Web applications but also new-age microservices and container-based applications. The solution delivers optimized cloud application delivery, application performance, security and per-application visibility for cloud native applications.
The solution offers a highly scalable, software-defined distributed architecture with a separation of control and data planes. This allows the A10 Lightning ADC data plane elements to be lightweight and deployed close to, or embedded within, the application environment. Organizations gain centralized control of both the data plane elements and policy management from the centralized controller.
This design provides built-in high-availability and elasticity. The A10 Lightning ADCs are automatically deployed in a cluster with a scale-out architecture that is managed by the controller. With centralized management, all policies may be configured in a central place, irrespective of where the A10 Lightning ADCs are deployed (e.g., different cloud, regions, environments).
The A10 Harmony Controller manages A10 Lightning ADC clusters, client APIs and administrative capabilities. This deployment model helps organizations configure all policies in a central location, regardless of where A10 Lightning ADCs are deployed.
A10 Lightning ADS Components
Harmony Controller provides centralized management, policy configuration, monitoring, control and a big data repository and analytics
engine. The controller manages and orchestrates clusters of software-based A10 Lightning ADC instances that implement and enforce policies.
The controller is a multi-tenant system that provides role-based access to application admins for self-provisioning of application services. It’s
a scalable, microservices-based application that is delivered as a SaaS by A10 or can be deployed within an organization’s private cloud. With the controller, dynamically add new on-demand A10
Lightning ADCs based on load to eliminate overprovisioning.
Lightning ADC is a compact, efficient full proxy that front-ends cloud applications and microservices to execute Layer 4-7 application delivery policies.
A10 Lightning ADCs are typically deployed in the network - where the application servers are running - and communicate with the controller over a
secure SSL encrypted messaging infrastructure. A10 Lightning ADC instances are stateless and are managed by the controller. Based on the
traffic analytics and policies set by the admin, the controller can auto-scale the A10 Lightning ADCs to serve the application traffic.
Harmony Portal is an easy-to-use, role-based portal for managing application delivery infrastructure and associated policies on a per-application basis.
The self-service capability eliminates the need for centralized IT admins to set up and configure the per-application infrastructure, maximizing agility and operational savings to support multiple application teams.
Harmony APIs make all ADS capabilities available via the RESTful interface. Orchestration and configuration APIs may be used to integrate with
deployment automation tools like Chef, Puppet and Ansible, as well as continuous integration/continuous deployment (CI/CD) tools like Jenkins.
Analytics APIs also provide access to per-application metrics and logs. They may be used to integrate with third-party tools or to help build custom dashboards.
Deployment Options: SaaS and Self Managed
There are two ways to utilize Lightning ADS: SaaS or self managed. In the first option, the A10 Harmony Controller is provided as a software-as-a-service (SaaS), hosted and managed by A10 Networks.
Organizations may obtain an account for the controller and start utilizing cloud-native application loadbalancing, security and analytics capabilities in just a few minutes.
The self-managed option is offered as a complete platform under the full control of the organization. The Lightning ADS components are provided as a software bundle. This version operates in a similar manner to
the SaaS option except the organization deploys and manages the controller in VMs within their on-premise or private cloud. The controller inter-operates with various private cloud orchestration tools.
The controller manages A10 Lightning ADCs that run inside a customer infrastructure in public clouds, private clouds or data centers. The controller is capable of simultaneously supporting instance
deployments in multiple clouds for expanded scalability, flexibility and choice.
With the ADS deployment architecture, application traffic flows only via A10 Lightning ADCs (and never through the controller). With this approach, the application traffic remains secure in customer networks.
Only control messages, metrics and telemetry data are sent between the controller and A10 Lightning ADCs via a secure SSL-encrypted channel.
This architecture provides two overarching deployment advantages:
- Users gain self-provisioning, agility and complete control over application traffic while customizing the configured policies to the specific application.
- Organizations significantly reduce the cost of infrastructure, as well as management overhead, that directly reduces the total cost of ownership (TCO).
Provide fast and responsive service to your end-users for a competitive advantage. Reduce infrastructure requirements for both application delivery and critical services, driving down CAPEX and OPEX.
- HTTP/2: Support new revisions of the HTTP protocol and decrease latency to improve page load speed.
- Compression. Condense requested server content to significantly reduce the transmission of superfluous content for faster response times and quicker page downloads.
- In-memory caching. Cache content directly on the A10 Lightning ADCs to respond faster to previously retrieved application material. Prevent added delays and remove extra loads from the servers.
- Offload-processing for intensive workloads. Move CPU, memory and encryption tasks to the A10 Lightning ADCs for better user experiences. Tasks such as SSL, TCP connection pooling, and rewriting of request/responses for headers and body are best handled by the A10 Lightning ADC.
Protect against advanced and emerging attacks for uninterrupted operations, brand protection and revenue loss - all while meeting regulatory compliance obligations.
- Elastic Web application firewall (WAF). Use advanced rule sets to protect against top OWASP vulnerabilities such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), plus gain application-specific security rules for popular applications like WordPress, Joomla, Microsoft Outlook Web Access (OWA), etc.
- Defend against attacks. Deploy advanced security to protect against malware, malicious botnets and application-layer DDoS attacks. Monitors traffic parameters to identify and protect your business from application-layer DDoS, botnet attacks and malware. Safe user traffic is permitted while the system identifies and blocks malicious traffic before it can impact app server resources and availability.
- Access control. Using any information available in the HTTP request (e.g., IP subnet, country, browser or any custom parameter), access control can be exercised and the user can be either blocked or can be asked to prove the identity.
Ensure your organization has complete visibility and control. Provide data-driven insights and actions improve cloud application performance and health.
- Per-application analytics. Use insights and analytics at the application level to help application owners proactively identify issues, troubleshoot faster and quickly build capacity plans.
- Comprehensive reporting, visualization and analysis. Gain deeper insights into a specific metric, time range or correlation. The application dashboard gives access to a broad range metrics for application traffic, security, performance and health.
- Centralized access logs. Get to the root of any issue - and begin remediation efforts - with application access logs that empower application owners to easily get to the root of any issue.
- Alerts. Program the system to raise alerts in various conditions or a combination of conditions. Alerts are delivered via email for manual action and/or to a webhook URL for automation.