What is our primary use case?
Our primary use case is the application delivery controller part where we mainly use the server load balancing features to front-end our back-end servers to give us additional high availability, some resiliency, and some failures.
All our applications are hosted on a private on-premises data center. We run our own data center with VMware being the main virtualization platform. Then, running on top of VMware, we have Windows and Linux clusters, so x86 Windows and x86 Linux.
Our biggest security concerns are malicious code, user data theft, DDoS attacks, insider attacks, brand damage/loss of confidence, and phishing/fake sites. Hacking/cyber defacement is one of our concerns, but not the biggest. A lot of these security concerns are around data loss and data loss prevention. We are a pension institution, so we do not want to lose any of our member data. We have security things in place using the application firewalls, as an example, to help with our front-end sites.
We are running virtual machines and currently doing a proof of concept with containers. However, we're not working with containers on-prem yet.
How has it helped my organization?
It was our first step into having high availability. Before, we had a lot of things tied to one server. So, if that server/application were to crash, that would affect our users. By putting A10 Thunder in front of it, this improved our uptime and availability.
Our operations pretty much stayed the same. If anything, people got more relaxed. Because before we only had one server, and if that server went down, then we had to react rather quickly. Having multiple servers now in the APN front-ending it, if a server went down, then there may be three or four other servers sitting there doing the work.
We see a 21 to 50 percent change in traffic typically year-over-year. Our demographic is changing so we have more members who are coming to connect to get their financial statements. So, there is growth of our pension system.
What is most valuable?
One of the features that we really like is the services map, which is a way that we map traffic from the front-end virtual server to the back-end servers.
Another feature we like is application switching. I'm using this as a template.
A lot of our SSL management is done on the front-end side, so there is one pane of glass for a lot of our security certificates. It gives us visibility. It also falls under when certificates are going to expire. Even for servers that are coming down, we can see how that affects the traffic flow by using the services map.
Each release of the code is becoming more polished, not that I find it difficult today. I'm glad to see the features and enhancements we request are making it into every release. It is very simple to use.
What needs improvement?
We are starting to do a lot with containers and how the solution hooks into Kubernetes that we haven't explored. I'm hoping that they have a lot of hooks into Kubernetes. That would be the part for improvement: Marketing use cases with containers.
For how long have I used the solution?
We are on our second set of boxes. For Thunder ADC, we have been using it since 2015 for probably four to five years now.
What do I think about the stability of the solution?
The stability of the solution is really good.
There are fewer than 25 people deploying and maintaining this solution. Most of them are application engineers.
What do I think about the scalability of the solution?
It scales well. We are using the hardware appliance. For us to scale up, we buy new hardware. We always buy bigger than what we need so that way we can grow into it.
Internally, we have close to 600 people using it. Externally, we have 400,000 to 500,000 active members who pass data through the device. Typically, everything is web browsing or API calls.
We do not have plans to increase usage at this time, but with the cloud coming up, that is a possibility.
How are customer service and technical support?
The on-premise support is really good. From a support standpoint, if we have problems or anything like that, usually the case is solved within 24 hours. There have not been too many that went over that time frame. Obviously, that is key to keeping things up and running. We have fast resolution.
The device is really solid and we don't need a lot of support. We may have one case a year, if that. This also speaks to how we're using the device. We just haven't hit a lot of bugs in the code or a lot of problems that we can't solve onsite.
Which solution did I use previously and why did I switch?
We previously used a Microsoft solution. We switched because A10 has a lot more options. It is like day and night.
How was the initial setup?
I would put the initial setup at an intermediate level. It is nothing that someone will be able to unbox and do without having some networking or application knowledge. However, if you have a firm IT understanding, then it is pretty simple.
Adding new things takes under 30 minutes.
What about the implementation team?
A10 did not assist with our initial deployment, but I would tell everyone else to do that.
We do have an implementation process that people follow, but it is handled by another team.
What was our ROI?
I believe we have seen ROI. I don't regret our decision to purchase it.
What's my experience with pricing, setup cost, and licensing?
I think people are scared to take a look at A10 because they're not F5. Now, F5 is their biggest competition. You get a lot more for your dollar with A10. So, I would tell people to give A10 a strong look.
We did try out the solution’s Harmony analytics and visibility controller for its one-year trial. Due to the cost, we chose not to keep it onsite.
We just pay for support in addition to our licensing.
Which other solutions did I evaluate?
We also evaluated F5.
Because we were new in the market, our decision was purely based on cost. A10 can deliver the throughput we need, so there wasn't a technical challenge. It ended up being a cost-based decision.
What other advice do I have?
Start off with Professional Services. It doesn't hurt to get 40 hours of Professional Services to help you stand it up. Usually, that's all you need. It is not a lot of hours. A week's worth of help goes a long way.
We can troubleshoot the traffic flow using the services map. Then, we can get flow data out of the device. So, I would rank the solution’s traffic flow management capabilities as adequate.
We plan to implement these technologies or strategies in the next three years: move from hardware appliances to software/scale-out solutions, DDoS protection, upgrade TLS/SSL capabilities to modern PFS/ECC encryption standards, and move to Office 365. DDoSs prevention is something that we're looking into. The web application firewall in the A10 is an option that we're exploring. SSL for strengthening our ciphers has been put on us by more of the user community, as we want to ensure our data is secure. Then, I see us moving more to a hybrid cloud model over the next three years, having more systems in the cloud and less on-prem.
We consider these benefits most important when funding new technology: revenue generation, cost savings, and operational improvements.
We haven't ventured into the solution’s support for expanding infrastructure to public, private, and hybrid cloud containers yet, but we will be.
We don't use a lot of the security features.
There is always room for improvement. I would rate this solution as an eight (out of 10).
Which deployment model are you using for this solution?