Cisco is introducing an application acceleration board for its Catalyst 6500 switches that takes them up against load balancing and web acceleration devices from the likes of Juniper, Citrix, F5 and Zeus. Cisco is late to market here, but unlike many of its rivals, its Application Control Engine (ACE) also offers role-based management and can be partitioned into multiple virtual accelerators.
Expected to list from around £22,500, ACE is designed to front-end browser-based applications running on a server-farm. It includes capabilities such as SSL offload, web proxy, load balancing and security - for example, it can scrub incoming requests to remove buffer overflows and deliberately malformed queries so they never reach the servers.
It also offers the highest throughput in this sector, with more expensive models running at up to 16Gbit/s, claimed Cisco technical marketing manager Stefano Testa, plus a single Catalyst can take up to four ACE boards. He added that he sees potential in a three or four slot Catalyst chassis offered as a web acceleration appliance, with an ACE, a supervisor board and one or two connectivity boards.
ACE's big advantage is partitioning, he claimed. "It's already common to have hundreds of applications on a single load balancer - that makes configurations very complex," he said. "This virtualises the management so each application or application group can have its own configuration and setup.
"We've also built in role-based access control - the separation of roles is why some Catalyst modules, such as security, still have their own management interfaces."
Other application acceleration vendors have said that the separation of roles is why converged gateway devices are accepted for branch offices, but not in the data centre. Role-based access sidesteps those objections, said Testa, and could speed up the introduction of new web apps by streamlining the workflow between the apps, security, systems and network admin teams.
He said that each ACE can support up to 250 partitions, but will be licensed for five as standard, with the option to buy more. Up to 64 roles can be defined within each partition.
"We have ways to guarantee resources for partitions," he added. "Each partition can also have its own unique routing tables, even with overlapping IP addresses."
ACE will replace some older 6500 add-ons, such as content switching and SSL offload, and derives in part from Cisco's acquisition last year of WAN/web optimiser FineGround. Cisco's AVS (application velocity system) appliance, based on FineGround's Velocity-FS, will remain available - Testa claimed that for now ACE complements AVS, rather than replacing it. He said though that ACE can support daughter-cards, and that eventually AVS could become just such a card.
He added that Cisco will use ACE internally, for example to replace its CSM (Content Switch Module) blade for the Catalyst. He said that Cisco uses 20 CSMs to load balance the 90-odd Oracle applications that run its business, and estimates that it will be able to replace these with just four ACEs.