Cisco Cisco MGX-FRSM-HS2 B Serial Frame Service Module 数据汇总
Product Bulletin
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information.
Page 2 of 4
Table 1.
New Features in Cisco ACE Module Software Release 2.3.0
Feature
Description
Benefit
Secure backup and restore of
Cisco ACE Module files
Cisco ACE Module files
The Cisco ACE Module can securely back up and
restore the startup configuration, running
configuration, checkpoints, license files, and SSL
keys and certificate files across multiple virtual
devices with a single command, both in administrator
and user contexts. An option allows encryption of the
backup archive to securely store the SSL keys and
certificates.
restore the startup configuration, running
configuration, checkpoints, license files, and SSL
keys and certificate files across multiple virtual
devices with a single command, both in administrator
and user contexts. An option allows encryption of the
backup archive to securely store the SSL keys and
certificates.
Provides efficient and administrator-friendly user
interface, especially in an environment with multiple
contexts, freeing administrators to do more with reduced
IT operating budgets
interface, especially in an environment with multiple
contexts, freeing administrators to do more with reduced
IT operating budgets
Enhanced SNMP MIB support
The Cisco ACE Module supports additional SNMP
MIBs, leading to parity with the MIBs supported on
the Cisco ACE 4710.
MIBs, leading to parity with the MIBs supported on
the Cisco ACE 4710.
Enables centralized management of the load balancing
infrastructure, improving agility in IT operations
infrastructure, improving agility in IT operations
Bulk copy command for SSL
certificates and key pairs
certificates and key pairs
The bulk copy command for SSL certificates and key
pairs enables the import of multiple SSL certificates
and key-pair files at the same time.
pairs enables the import of multiple SSL certificates
and key-pair files at the same time.
Increases productivity by reducing time needed to copy
SSL files
SSL files
Granular reporting of HTTP URL
hits on a virtual IP address
hits on a virtual IP address
The Layer 7 match HTTP URL statement hit count
feature allows you to display the number of times that
a connection is established (hit count) based on
match HTTP URL statements for a class map in a
Layer 7 HTTP policy map.
feature allows you to display the number of times that
a connection is established (hit count) based on
match HTTP URL statements for a class map in a
Layer 7 HTTP policy map.
Provides reporting capability for multiple web
applications under the same virtual IP address
applications under the same virtual IP address
Syslog reporting for NAT
New syslog messages track the NAT function.
Complies with regulations for service providers to log
NAT maps
NAT maps
HTTP header insert for SSL
information
information
The Cisco ACE Module can offload SSL processing
from the real server in the web application server
farm. In some cases, the web application still requires
SSL-related information such as the SSL session
parameters, SSL server certificate, and SSL client
certificate. With this new feature, the information is
provided to the web application through user-defined
HTTP protocol headers that are inserted by the Cisco
ACE Module during HTTP communication with the
real server running the web application.
from the real server in the web application server
farm. In some cases, the web application still requires
SSL-related information such as the SSL session
parameters, SSL server certificate, and SSL client
certificate. With this new feature, the information is
provided to the web application through user-defined
HTTP protocol headers that are inserted by the Cisco
ACE Module during HTTP communication with the
real server running the web application.
Efficiently uses expensive real server cycles to process
application data and provide a secure single point of
management for SSL server certificates on the Cisco
ACE Module
application data and provide a secure single point of
management for SSL server certificates on the Cisco
ACE Module
HTTP redirect on client
authentication failure
authentication failure
The Cisco ACE Module can redirect users in the
event of failed client authentication, providing more
information such as the reason for the client
authentication failure and recommended next steps to
restore access to the application.
event of failed client authentication, providing more
information such as the reason for the client
authentication failure and recommended next steps to
restore access to the application.
Efficiently handles client authentication failures, reducing
calls to application support and improving the user
experience, while providing the benefits of SSL offload
calls to application support and improving the user
experience, while providing the benefits of SSL offload
LDAP-based CRL retrieval for
SSL offload
SSL offload
The Cisco ACE Module can query the CRL
distribution point (CDP) server using the LDAP
protocol, both in SSL termination and end-to-end SSL
deployment modes.
distribution point (CDP) server using the LDAP
protocol, both in SSL termination and end-to-end SSL
deployment modes.
Enables transparent migration to Cisco ACE SSL offload
for environments currently providing access to CDP
servers using LDAP
for environments currently providing access to CDP
servers using LDAP
CRL checking of SSL server
certificates
certificates
The Cisco ACE Module can query the CDP server to
verify that an SSL termination point’s certificate has
not been revoked.
verify that an SSL termination point’s certificate has
not been revoked.
Enables transparent migration to Cisco ACE SSL offload
for environments currently verifying SSL server
certificates using CRLs
for environments currently verifying SSL server
certificates using CRLs
Sample SSL key and certificate
The Cisco ACE Module software image has a sample
SSL key and certificate pair to get the user started
with SSL offload function testing and integration prior
to requesting a third-party-generated SSL key and
certificate pair for use in real-world production
environments.
SSL key and certificate pair to get the user started
with SSL offload function testing and integration prior
to requesting a third-party-generated SSL key and
certificate pair for use in real-world production
environments.
Facilitates demonstration and testing of the SSL offload
feature
feature
Enhanced scalability for GSLB
with Cisco GSS
with Cisco GSS
Cisco ACE Module integration with Cisco GSS now
supports up to 4000 virtual IP addresses per Domain
Name System (DNS) domain, which scales the Cisco
ACE load-balancing solution for large enterprises and
service providers.
supports up to 4000 virtual IP addresses per Domain
Name System (DNS) domain, which scales the Cisco
ACE load-balancing solution for large enterprises and
service providers.
Scales capacity for a GSLB solution with the Cisco ACE
Module and Cisco GSS, leading to investment protection
and reduced capital expenditures (CapEx)
Module and Cisco GSS, leading to investment protection
and reduced capital expenditures (CapEx)
Persistence rebalance for HTTP
requests on the same TCP
connection
requests on the same TCP
connection
The Cisco ACE Module can be configured to load
balance each HTTP request on the same TCP
connection from a client IP address.
balance each HTTP request on the same TCP
connection from a client IP address.
Uniformly distributes HTTP traffic if a significant share of
the HTTP requests are from the same client, leading to
better resource utilization
the HTTP requests are from the same client, leading to
better resource utilization
Support for secondary IP
addresses on an interface VLAN
addresses on an interface VLAN
The Cisco ACE Module supports secondary IP
addresses on an interface VLAN in addition to the
primary IP address.
addresses on an interface VLAN in addition to the
primary IP address.
Enables transparent migration from load-balancing
products that support secondary IP addresses on a
VLAN
products that support secondary IP addresses on a
VLAN