A10 Networks has announced new gateway devices and a revision to its ACOS operating system.
The three new chunks of metal are the 6430 / 6430S (same unit, with and without SSL support) and the half-the-power, half-the-price 5430S.
A10's director of product marketing Paul Nicholson introduced El Reg to yet another measure of green-ness, the number of Layer 4 connections per second per Watt it will support, a measure that seems to have less-than-ubiquitous support.
However, some of the measures in the Thunder kit come more readily to hand: the 6430S supports 150 Gbps throughput, handles 5.3 million Layer 4 connections per second, and has enough grunt to handle 1,024 tenants. The SSL-supporting version can run more than 130,000 new SSL connections per second.
For those without the $US229,000-plus (add $US40,000 to include SSL), the 5430S is a fifty-fifty tradeoff, with performance and price both more-or-less halved: 2.8 million layer 4 connections per second, and 67,000 SSL CPS at $US139.995.
The other thing the company is keen on pointing out is the small form factor, with the 6430 a single RU high. Nicholson also pointed to the “no moving parts” philosophy – or nearly none, and the fans are fully hot-swappable.
For DDoS defence, the 5230S unit claims the capacity to get in the way of 113 million SYN cookies per second, while the 6230S stops 212 million.
That feature, along with the new Web application firewall capabilities and authentication services, have been added to the A10 ACOS operating system with no extra license fees.
The authentication services, Nicholson said, are designed to simplify cases such as where different security is applied to internal and external users – such as a company Wiki, where someone outside the firewall has to authenticate, but not someone connected to the corporate LAN.
Authenticating at the Wiki's server, he pointed out, presents a risk, since if there's a vulnerability on the server, it's exposed to the outside world. So A10's position is that if the user has to authenticate to get past the Thunder device, they never get as far as the server.
“You're shifting the authentication away from a Web server's known exploits”, he told The Register. ®