A10 Networks Thunder ADC Review

Load balancing works really well, and it provides persistent cookies, source IPs, and good security


What is our primary use case?

We are using ADC for load balancing. Most of our enterprise applications are behind ADC.

It's on-premise.

How has it helped my organization?

It has definitely improved the way our organization performs. Our company is mostly an education institution. We have a campus and an administration where we host all the enterprise applications. With enterprise applications going to six separate entities, it requires a lot of hardware underlying the applications. So load balancing has worked very well.

It definitely has enhanced our application security and our application accessibility. We don't have to go with the original application, the built-in, round-robin kind of thing. The security features, like SSL version 3.0 or TLS 1.2, mean it has pretty good options in the way the application can be configured to make it more secure, as well as the number of servers that are behind it and the way it chooses its servers.

What is most valuable?

The features we have used are basically for load balancing. The round-robin feature, the persistent cookies, the source IPs, source mapping, we use all of that in our situation. 

They also have a feature I use frequently. We have two appliances and I'm able to move my application from one appliance to another. I don't have to move my whole A10 to be active on the other side or to be passive on the other side. If an application is having a problem, I can just move it using a command. That is really interesting and very appropriate for our environment.

It's very easy to use. The commands are easy to use. I have used a couple of other load balancers and I find A10 to be the easiest one. The language and the commands are easier, as is the layout. Even the technology behind it all just links together, so it's pretty easy to use. You just follow the steps and you're good.

Within load balancing, we use some of the security features as well, such as the source mapping. We make sure that everything goes in and out from A10 itself. That makes the messages more secure too. We know what's going in and what's going out. It captures their source IP addresses if we want it to. The VRRP solution is also good. It has automatic failover.

It also has a Virtual Chassis System, although we don't use it. But we do have the option of creating virtual chassis, so that gives it a bit more security. If we find an application which is not going to play well in the main pool, we can easily create a virtual chassis and have that application in that virtual chassis. With the virtual chassis we can also create system partitions and have a test system for test applications and have the others elsewhere.

What needs improvement?

The solution does logging, but the logging capacity is really small. Because we have a bunch of traffic here, we usually get a logging-side warning that "This many logs were lost because of the heavy traffic." If the logging was better, that would be very good.

It has security features like DDoS and WAF, but they are not updated automatically. If any new vulnerability comes out, you are given an option to update that vulnerability in your system and the actual firewalls. Because, for ADC, this is just an added feature, it's not the main security solution right now. It's not the only security that any company would have. There is an opportunity to modify that and make it better.

For how long have I used the solution?

I have been using the solution for the last six or seven years.

What do I think about the stability of the solution?

I don't want to jinx it, but it's pretty stable. There are times where we don't even have to reboot it for a year. We would look at the time and say, "Oh, it's been like 270 days. We haven't rebooted. Let's schedule it to reboot." Otherwise, it's very smooth.

What do I think about the scalability of the solution?

The scalability depends on the resources you have. We do have resources so we are on the higher end in terms of what we bought, and we do have the scalability built-in. We are not using the virtual chassis. But if we want to expand it and have partitions created, to create a separate virtual chassis, we do have that scalability. If we need to add another appliance to it, the process is pretty simple. So it's scalable.

There are talks, internally, that all our applications should be behind ADC. As soon as we get to that level, even if it is just one server-application, the application will be behind ADC. Right now, we have our major enterprise applications, our major ERP systems, our email systems, and our tier-one applications behind ADC.

How are customer service and technical support?

They do have support and it is wonderful. We are on the highest support level. It's very good, even excellent.

If you previously used a different solution, which one did you use and why did you switch?

We were using another product. The main things that attracted us - I saw it a conference where there was a demo - were the pricing at that time, the functionality, and the stability. Of course, we continued afterward doing a little bit more research. A10 was still trying to get its foot into the market over here and they were very helpful. I do not have any regrets switching over to A10.

Initially, we deployed it because of our learning management system, which I was handling. It is Linux-based and it required load balancers. We moved to A10 from another load balancer at least in part because of the better pricing. Also, it was doing Layer 4 and Layer 7 and that's what was required.

How was the initial setup?

The initial setup is pretty simple if you have the guide. It's just like a basic switch on any appliance deployment. Deployment is not hard.

When we initially did it, this was a new product, of course, so we had support do the deployment. But when we changed the appliance, I did it myself, moving from one to another and doing the initial configuration. It's more a matter of the paperwork that you do on the network, and how it will change. But the deployment itself on A10, like configuring your settings, etc., takes no more than two or three hours. If you have your paperwork done, it's pretty easy.

When you move into this solution there is a learning curve if you come from another one. But once you get used to it and you know how things are flowing, it's pretty good.

What about the implementation team?

When we bought A10 and we moved to it, we did have the A10 consultants help us.

Our experience with them was excellent. They were eager to do it. At that time, A10 was pretty new over here. From the support to the administration, everybody was eager to help out, to get it deployed and be successful.

What's my experience with pricing, setup cost, and licensing?

We pay for it on a yearly basis. There is standard licensing for the number of controllers; that just came into existence last year. Other than that, there's just the support: Basic or Gold Support, etc.

What other advice do I have?

In implementing A10, you need to keep in mind your end goal, what is it that you desire? If you're looking for more DDoS, or if you're looking for more firewall-type of capabilities, then you might have to do a little bit more consultation. But if you're looking for ADC and trying to see separation and load balancing, A10 does the job and provides security very well. It has both CLI and a web interface, so it's not too congested nor does it look too busy. Its appearance is very soothing and relaxing so that helps.

It does have the reporting capabilities and the capability to send logs to an external device. If you feel comfortable with Linux, you can really expand its usage. It depends on what your company goals are.

Overall, A10 ADC is pretty good. It's reasonably priced and easy to use.

The biggest lesson I have learned from using ADC is that I have to keep on learning it. The good thing is that even when they do firmware upgrades, there are minor tweaks but it's not ever-changing firmware where we have to upgrade. That's a good thing about A10. I have other applications that I am responsible for and they generally have frequent upgrades and you have to do them or you won't be supported. But I have not gotten into that situation with A10. That's a huge advantage for us, being in the education field, because there are semesters during all 12 months of the year. There are very few windows in which we can actually bring down appliances and upgrade them. Maintenance-wise, with A10, we have not had that problem.

We have the solution’s Harmony analytics and visibility controller but I would not say that it has enabled us to proactively detect, anticipate, or resolve issues before they become problems. It does give very good reporting, but we have not had any issues that it told me about first-hand - or maybe we are not configured in that way. But it's a very good reporting tool and a very good graphical analyzer.

As for deployment and maintenance of the solution, it's only me.

Regarding the solution's single pane of glass traffic management, I don't think we have used any feature for traffic management. At the back-end we have very good bandwidth and, the way it is positioned in the network, the agent doesn't have to do any traffic management. We are not at the saturation point. We are even below the midpoint on traffic.

The solution hasn't affected our operations efficiency because we offer the solution to our applications team, if they need to have their applications behind A10. We just changed data centers, moved into a new building. We are at a stage where we would like, and there are talks, to have all our applications behind ADC, just for security, to have that separation from the users, but we are not there yet.

It is a work in progress. Initially, when we deployed A10, it was the demand of an application that we have a load balancer in place so that it could load balance among the ten different servers the application needed. But now, it has improved our decision-making where, if added security is needed, the application team would say, "Okay, let's put it on A10 for the off-loading, etc." Other features that a server would normally do are conducted by A10, which means a little less load on the server side. That helps the application efficiency.

We are in the process of using the WAF, the web application firewall, from A10. It's not the main firewall product, obviously, but we have found it to be interesting. We are trying to implement it. We are in learning mode right now.

Disclosure: IT Central Station contacted the reviewer to collect the review and to validate authenticity. The reviewer was referred by the vendor, but the review is not subject to editing or approval by the vendor.
Add a Comment
Guest
Sign Up with Email