If you were talking to someone whose organization is considering A10 Networks Thunder ADC, what would you say?
How would you rate it and why? Any other tips or advice?
Start off with Professional Services. It doesn't hurt to get 40 hours of Professional Services to help you stand it up. Usually, that's all you need. It is not a lot of hours. A week's worth of help goes a long way. We can troubleshoot the traffic flow using the services map. Then, we can get flow data out of the device. So, I would rank the solution’s traffic flow management capabilities as adequate. We plan to implement these technologies or strategies in the next three years: move from hardware appliances to software/scale-out solutions, DDoS protection, upgrade TLS/SSL capabilities to modern PFS/ECC encryption standards, and move to Office 365. DDoSs prevention is something that we're looking into. The web application firewall in the A10 is an option that we're exploring. SSL for strengthening our ciphers has been put on us by more of the user community, as we want to ensure our data is secure. Then, I see us moving more to a hybrid cloud model over the next three years, having more systems in the cloud and less on-prem. We consider these benefits most important when funding new technology: revenue generation, cost savings, and operational improvements. We haven't ventured into the solution’s support for expanding infrastructure to public, private, and hybrid cloud containers yet, but we will be. We don't use a lot of the security features. There is always room for improvement. I would rate this solution as an eight (out of 10).
It's very simple to use, as long as you understand the engineering technology behind it. I would advise going with it. Make sure you have the GUI feature on it so that you can go in and do quick, at-a-glance monitoring. The solution is good for load-balancing your traffic. We don't want to overload other switches, so we pass traffic through the A10 and load-balance it. It also helps us to troubleshoot issues within our network.
The biggest lesson I have learned is that even though at that time A10 was an up-and-comer, it was worth the chance. As a smaller player at the time, it provided a product that was stable and provided a better value. Being willing to take a calculated risk was worth it in the long-run. Don't only look at the dominant players like F5. Do your research on vendors that might not have dominant market share. That's not to say that you would just choose to go with any small player. It would have to be a smaller player that has stability and that has at least some size to support you on an enterprise level, which is what we found with A10 at the time. We have about 10 administrators of the solution. I would rate Thunder ADC at nine out of 10. There are some things that can be improved, but we've been happy with it.
The biggest lesson I have learned using the ADC solution is the ease of routing between the different segments that are behind the solution, compared to F5. You have to look at your use cases for load balancing and how much you want to have influence from the traffic. In my opinion, there are only two solutions that are very close to each other, the F5 and the A10, in terms of the way you can influence your traffic. Then it comes down to the price. Security-wise, they each have different angles for how you set it up. We don't use A10's FlexPool consumption-based licensing model. We have some VM test units. We would have to bring our own license if we wanted to host it in the cloud. That's another subscription model that we haven't used. In terms of the solution's single-pane-of-glass view, you actually you need the Harmony analytics to see everything. You can see everything that is configured on, but to get the most out of the monitoring part, you have to have Harmony with it. With Nagios and Zabbix, etc., you have to do a lot of OED searching to get all the collect counters for your service groups.
Do research. I'd probably look at virtual appliances if I was going forward. One thing we could do with is a proper Dev and Test environment, which we don't have. I would have had some virtual appliances for Dev and Test. We did talk about that, but we haven't gotten around to doing it. There are about ten of us who use it from a management point of view. But all the staff and students benefit from it. It requires two or three people for maintenance. We don't have any specific plans to increase usage. A lot of things might be going to the cloud, so there might be less use going forward. I would give it an eight out of ten because it sits and works, it's robust. But the interface could do with a bit of work.
In implementing A10, you need to keep in mind your end goal, what is it that you desire? If you're looking for more DDoS, or if you're looking for more firewall-type of capabilities, then you might have to do a little bit more consultation. But if you're looking for ADC and trying to see separation and load balancing, A10 does the job and provides security very well. It has both CLI and a web interface, so it's not too congested nor does it look too busy. Its appearance is very soothing and relaxing so that helps. It does have the reporting capabilities and the capability to send logs to an external device. If you feel comfortable with Linux, you can really expand its usage. It depends on what your company goals are. Overall, A10 ADC is pretty good. It's reasonably priced and easy to use. The biggest lesson I have learned from using ADC is that I have to keep on learning it. The good thing is that even when they do firmware upgrades, there are minor tweaks but it's not ever-changing firmware where we have to upgrade. That's a good thing about A10. I have other applications that I am responsible for and they generally have frequent upgrades and you have to do them or you won't be supported. But I have not gotten into that situation with A10. That's a huge advantage for us, being in the education field, because there are semesters during all 12 months of the year. There are very few windows in which we can actually bring down appliances and upgrade them. Maintenance-wise, with A10, we have not had that problem. We have the solution’s Harmony analytics and visibility controller but I would not say that it has enabled us to proactively detect, anticipate, or resolve issues before they become problems. It does give very good reporting, but we have not had any issues that it told me about first-hand - or maybe we are not configured in that way. But it's a very good reporting tool and a very good graphical analyzer. As for deployment and maintenance of the solution, it's only me. Regarding the solution's single pane of glass traffic management, I don't think we have used any feature for traffic management. At the back-end we have very good bandwidth and, the way it is positioned in the network, the agent doesn't have to do any traffic management. We are not at the saturation point. We are even below the midpoint on traffic. The solution hasn't affected our operations efficiency because we offer the solution to our applications team, if they need to have their applications behind A10. We just changed data centers, moved into a new building. We are at a stage where we would like, and there are talks, to have all our applications behind ADC, just for security, to have that separation from the users, but we are not there yet. It is a work in progress. Initially, when we deployed A10, it was the demand of an application that we have a load balancer in place so that it could load balance among the ten different servers the application needed. But now, it has improved our decision-making where, if added security is needed, the application team would say, "Okay, let's put it on A10 for the off-loading, etc." Other features that a server would normally do are conducted by A10, which means a little less load on the server side. That helps the application efficiency. We are in the process of using the WAF, the web application firewall, from A10. It's not the main firewall product, obviously, but we have found it to be interesting. We are trying to implement it. We are in learning mode right now.
Go for it. It's always better to go with a nimble, growing company. Partner your growth with their journey. It's always beneficial for a stable setup.
It does do the job, if your environment is simplistic enough. The product is fair for its market. We test and used the single pane of glass traffic management, but we don't use that now. We went away from that. Now, we administer our devices individually.
It has been a good, reliable solution for us. If you want a reliable solution that is very easy to configure and administrate, the A10 is the right choice. It is a very cost-effective solution. I would always pick A10 unless there was a specific feature set that one of the other vendors offered and I absolutely needed. We do not use the solution’s Secure Service Mesh to optimize traffic within Kubernetes and containers today, but that is something we would like to do in the future.