If you were talking to someone whose organization is considering A10 Networks Thunder SSLi, what would you say?
How would you rate it and why? Any other tips or advice?
My advice is to rely on the tech support. They're there to help and they will not abandon you. Their engineering team is very good at what it does. They're definitely going to work out — in their own environment — any issues you may have during your installation, and will find a solution and help you implement that solution, so that you're not left with a very expensive paperweight. The biggest lesson I have learned from using SSLi is that the internet is still changing. It is getting more secure, relatively speaking, and from an administrator's standpoint, because it's getting more secure, it's getting harder to protect the end-users from malicious activity and from themselves. The Thunder SSLi appliances definitely help us maintain a better security posture so that we don't have problems. If you look at it from a different point of view, it's kind of scary that these appliances actually exist, but they exist for a good reason. The good reason is that we need to be secure in our lives and sometimes, as a corporation, you need to protect your assets, and this is one device that can definitely help protect your assets. There are several models. We have the second-tier edition. We have a pair. One device is set as incoming traffic and the other device is set as outgoing traffic. They're running on the latest firmware as of a year-and-a-half ago. This is one of those devices that, once you turn it on and it's functioning properly, you'll forget that you have it. And as long as the code was good when you started using it, until something major changes, you never really have to go into it to look at anything that's going on. It doesn't necessarily update automatically, but the device works so well that, until something major in the world changes in SSL traffic, there's really no reason for you to go in there and make any updates. Sometimes you'll come across a bug where you'll have to go in and make those changes, but that's true of any device. In terms of efficiency of operations, this type of solution it will slow things down a little bit, but that's the nature of SSL decryption. However, the effect that it has is what I would call net-neutral. When the device is turned on, there's really no noticeable impact to the end-user. That is really important to us because we have a lot of media delivery from YouTube for the classes. We have a lot of business applications and learning applications that need timely content delivery. The benefit far outweighs the efficiency hits that we took on traffic flow. It's been a little while since I've been in to configure the product, but as far as improvements go there really isn't much needed. The product is on track for a really good run. Based on the experiences with the setup, I'd have to give the solution a nine out of 10. It's not a 10 because the templates and the initial setup are a little odd, but because the support is there, I'll give it a nine.
Before you go with any product, especially when it comes to security and the ability to shore up initiatives, sit down and do a gap analysis. Understand the environment before moving forward. Sometimes, we become very reactionary and need to fill the gaps. We find an appliance that will fit the gap immediately, and then we're left eight years down the road trying to build upon that solution. My advice is make sure to understand your current needs, project your future needs in an efficient way, and that they are grounded in the actual data. That is what we did, partnered with our integrator and our outstanding infrastructure staff. We were able to do an assessment. Get stakeholder buy-in. With security, it's hard to convey the message, especially to stakeholders who are funding the initiative. Making sure they have buy-in and understand the needs will take you well beyond just the anticipated short-term gains since the security area tends to be a very reactionary sector. You can spend a lot of time firefighting instead of focusing on how you can leverage your capacity to grow. We use it every second of every day (24/7). We currently have plans to leverage it in more areas because it has been so reliable. The next thing we are looking at is utilizing its web application firewall in conjunction with our on-premise firewalls. it reinforces some of our processes and relationships with not only vendors, but also integrators and then staff. Klein ISD tends to to be a leader. We tend to be early adopters. We look at technology and are not afraid of it. We like to find ways to have it enhance what we are doing. At Klein, we're here to support students and teachers. Anything we could do to enhance that relationship and expand the knowledge transfer from a teacher to a student. We're here to support that. By doing this, it helps make us better digital citizens. Our students will not graduate and get caught unaware by a ransomware attack. That's not our goal. Our goal is to support the students and their learning experience, making sure that we're doing our part in bringing promise to purpose. We are comfortable with the equipment and are enjoying using it. We don't regret the purchase. We look forward to seeing how they adapt to the new requirements. We try not to use the change word around here since change is scary. Nobody changes for change's sake. We always respond to outside stimuli. I don't know any company who doesn't adapt. As long as A10 continues to knock it out the park, we're happy to be in business with them. We are not using the solution’s support for expanding infrastructure to public, private, and hybrid cloud. We have talked about migrating some of our other equipment, but are not implementing it currently. We are not using Kubernetes at the moment.
For SSL operations, if you need to intercept traffic and cover all your security network devices, it is better to use A10. It can support all SAN boxes, proxies, net devices, and all IPS devices. If you need traffic load-balancing between security devices - proxies, firewalls - A10 has a really good and a strong local-answer feature. It's good for that as well. SSLi is a very powerful device. It has many features and to get them configured is kind of tough. I cannot say it is easy to use, but I can say that is was successful in accomplishing our project. We don't use the solution's visibility controller because after we decrypt the traffic we send it to other security devices which give us the visibility. Our A10 solution has no connection with containers. We don't use a lot of the features it has. We use it just to decrypt and encrypt all of our outbound internet traffic. We have something like 9,000 users and more than 2,000 servers. We use A10 for all those users' access to the internet.