Cisco Cisco ACE Application Control Engine Module Brochure
© 2006 Cisco Systems, Inc. All rights reserved.
Important notices, privacy statements, and trademarks of Cisco Systems, Inc. can be found on cisco.com.
Page 2 of 5
BUSINESS BENEFITS
Application Control
Enterprises and service providers need flexible, scalable, and reliable platforms for application delivery. Cisco ACE can be logically partitioned to
support virtually separate management contexts using a GUI-based manager, a powerful command-line interface (CLI), or an XML-based API.
Resources can be allocated and managed based on business, application, or customer segmentation requirements. Change control (add, delete,
change) can be done on a per logical/virtual instance, and role-based access control gives even more granular control with the ability to fully
delegate management responsibility for a given instance.
Because ACE provides a layer of logical abstraction, it complements other virtualization and management approaches, including switching
and routing, storage, and application and security services. This operational flexibility enables quick response to business and customer demands
and does so at a lower cost. By ensuring the flexibility of deployment and change control, Cisco ACE delivers more scalable and more efficient
utilization of the application infrastructure as a whole.
Application Performance
To meet business requirements application service must deliver scalability, high availability, and optimal performance to all users across the
extended enterprise. By delivering 16 Gbps of raw throughput and 4 million bidirectional connections, the Cisco ACE solution can handle the
largest production environments and be partitioned to be shared across different constituents. High availability is provided in a variety of active-
active configurations, including across geographically dispersed data centers.
In conjunction with Cisco AVS, Cisco ACE delivers high application performance including high throughput in Layers 2 through 7, highly scalable
Secure Sockets Layer (SSL) acceleration and offload, TCP reuse or connection optimization, latency mitigation, and compression, reducing the
burden on servers and significantly enhancing the delivery of applications. In addition, this solution provides graphical views of application
performance metrics including end-user response times, helping to quickly identify and troubleshoot application bottlenecks. The result is more
efficient use of network and server resources, which lowers costs for the entire application infrastructure as well as deployment and support costs
for every application.
Application Security
Cisco’s Self-Defending Network strategy provides multilayered, defend-in-depth security. As part of that concept, Cisco ACE and Cisco AVS
provide multiple levels of application security including SSL encryption/decryption, bidirectional and full content inspection, positive and negative
(whitelist and blacklist) security, protocol compliance, anomaly detection, transaction logging and reporting for security forensics, and other
security features important for data-center applications.
Whereas intrusion prevention and intrusion detection systems protect Web servers, the Cisco ACE and Cisco AVS solution protects against
vulnerabilities in Web-based applications. What firewalls accomplish at the network level—denying all activities unless explicitly allowed—
Cisco ACE and AVS accomplishes at the application level. A rules-based, policy-directed approach helps ensure that automated requests to
and from the application comply with policy and do not, for example, include a request to turn off the application.
In a typical threat scenario, an attacker uses a Web proxy that resides on a legitimate user’s desktop. The attacker can tamper with message headers,
protocols, or payloads—for example, by inserting malicious code into different parts of the application. Developers often do not protect their code
from these types of attacks.
The Cisco ACE and AVS solution provides protection against entire classes of attacks. Unlike signature-based protection, which handles only
specific known threats, or learned-rules-based protection, which requires an extensive training phase, the Cisco ACE and AVS security solution