Sun Secure Application Switch N1000 Series

Low Total Cost of Ownership

Up front and ongoing savings

The Sun Secure Application Switch – N1000 Series extends your budget with breakthrough price/performance through its full hardware-based TCP termination in a compact 1U rack-ready chassis. The N1000 switch's advanced hardware-based SSL acceleration and virtual switching technologies give you new levels of switch-driven data center efficiency and consolidation to help cut your operational costs.

Choose the right I/O for your needs

The Sun Secure Application Switch – N1000 Series is available in two I/O configurations. The N1400 switch provides four small form factor (SFF) pluggable Gigabit Ethernet (GbE) ports. The N1216 switch offers two GbE ports and 16 copper 10/100baseT ports for an extra degree of flexibility. Both models provide one 10/100baseT Ethernet port for out-of-band management, and one DB-9 connector with RS-232 signaling for serial port management.

Need Virtual Switching? Choose the "V" version

Built on the same hardware, the N1400V and N1216V switch versions add the Layer 4 though Layer 7 virtual switching functionality offered in the Sun Secure Application Switch – N2000 Series. It gives you up to 10 virtual switches per system.

Extended & Upgraded Warranty Coverage

Customers can extend and upgrade their product warranty coverage with our SunSpectrum Support Services. Through these support offerings, Sun delivers proven expertise and consistent responsive quality service to help you achieve high availability within your IT infrastructure.

Learn more about how you can extend and upgrade your warranty coverage with SunSpectrum Support Services, or contact your Sun Sales Representative.

Business-Grade Application Switching

Integrated SSL at Gigabit Speeds

Through its high-performance SSL processing capabilities, the Sun Secure Application Switch – N1000 Series offers both server-side and client-side SSL implementations. It supports both the SSL 3.0 and the TLS 1.0 protocols. This gives you an entirely new level of functionality and flexibility, backed by end-to-end security.

Custom performance

The Sun Secure Application Switch – N1000 Series is based in part on a custom high-performance chipset and high-performance network processing elements. It offers:

• As fast as 3 Gbps application switching throughput
• As fast as 2 Gbps cryptographic throughput

Fine-grained control

SSL sessions can be terminated and decrypted on the switch then passed on to other security devices for clear text inspection or load balanced to the server farm. Once decrypted, application and security services can be added to the data stream such as client-server cookie persistence, attack mitigation, and/or high resolution application switching. Then, if desired, the switch's specialized hardware can selectively re-encrypt the data stream on an individual server basis as it travels back to the server farm to provide end-to-end security without sacrificing personalization and protection. Using Sun's virtual switching technology, SSL certificates and keys can be managed independently in user-defined secure virtual application switches, offering unprecedented levels of consolidation and value.

Secure certificates

The Sun Secure Application Switch – N1000 Series meets government regulations for implementing strong security measures. The platform also supports X.509 certificates and provides a certificate and key management application that centralizes the management of signed certificates on the network, eliminating the need to administer individual certificates on the data center servers that deliver private content.

Visibility

The Sun Secure Application Switch – N1000 Series not only performs Layer 4 load balancing, but also application switching and integrated security services. That gives you unsurpassed access to the transactions that drive enterprise applications as well as the daily movement of traffic from servers to clients and servers to servers. The N1000 Series' application switching gives a network operator visibility into the composition of network-based customer applications. It also enables a much higher level of intelligence in the networking function.

Focused insight

The N1000 Series provides fast data-path services that can inspect the contents of application data carried over TCP, making policy and forwarding decisions based on embedded object content, accelerated in its custom hardware. By basing forwarding decisions on any application object, rather than on packet-by-packet inspection, the N1000 switch incorporates application and business intelligence into the underlying network infrastructure. Also, it includes a rich policy engine that, for the the first time, enables service level differentiation by pairing a robust quality of service pipeline with an object policy engine.

Let the hardware do the heavy lifting

This switch takes full advantage of Sun's Nauticus chipset to terminate TCP sessions between clients and servers in hardware, which is the basis for intelligent application switching in the fast path. Hardware-based TCP termination essentially removes performance bottlenecks and allows the N1000 Series to inspect streams of data rather than individual packets. Offloading this compute-intensive TCP processing to hardware delivers application switching throughput rates as fast as 3 Gbps.

Mission-Critical High Availability

The Sun Secure Application Switch – N1000 Series offers two-fold reliability: high availability within the core hardware and software elements and fail-over capabilities in redundant data center configurations. The device's functionality includes hot standby and active/active redundancy failover configurations. It also uses an embedded mission-critical operating system for high availability, scalability, and virtual switching services.

Reliability is wired in

Sites that provide mission-critical services, via the Internet or an extranet or intranet, require system redundancy, which is why the N1000 Series can be configured in active/hot standby mode or in active/active mode for high availability. It uses both the VRRP (Virtual Router Redundancy Protocol) and Sun's proprietary VSRP (Virtual Service Redundancy Protocol) to provide redundancy.

Advanced Security Services

Built for security

Designed for security, the Sun Secure Application Switch – N1000 Series delivers a new degree of data center protection within the application switching network system. It also boosts the perimeter security of other security devices. The N1000 Series includes Access Control Lists (ACLs), Layer 3 through Layer 7 filtering on both inbound and outbound traffic, and protection against common attacks and intrusions as well as firewall load balancing and SSL acceleration.

The N1000 Series' Access Control Lists include:

• Layer 2 through Layer 4: Filter by protocol, IP address, and port
• Layer 5 through Layer 7: Filter by URI, headers, and content
• Separate rule sets and routing domains for each dynamic switching domain

• Denial of Service (DoS) attacks
• Frame filtering for poison data
• URL filtering
• SYN flood attack mitigation
• "SMURF" attack nullification
• "FRAGGLE" attack nullification
• QoS attacks
• LANd attacks
• IP packets with multicast or broadcast source IP address
• TCP server resource release
• Filter TCP traffic with SYN and FIN bits set
• Source/destination IP is a loop-back address
• ICMP OOB data
• Fragmentation reassembly errors
• Source-spoofed frames

• Secure Shell v2.0
• Secure Shell file transfer protocol
• TACACS+
• RADIUS

Time-Saving Management

Simple, powerful data center management and device management tools

The N1000 Series gives you a browser interface plus powerful wizards, and a familiar CLI makes it simple to install, configure, and manage as a standalone system within the enterprise data center. Because the device supports third-party management applications, it's easy to integrate into a larger data center management infrastructure. And data center operators can use whatever interface they prefer, such as CLI, WWW, or SNMP, with complete access to the switch's capabilities.

Virtual Switching

This allows a data center operator to configure several virtual switches in a single switching device, using partitions to keep customers' data completely isolated from each other. It's an innovative and cost-effective way to deploy sophisticated network and security services. Sharing resources is important in today’s cost-conscious operating environments. It can help control capital costs by allowing large numbers of users to share physical resources, such as the enclosure, power, switch fabric, fast-path network processors, slow-path control processors, uplinks, and inter-switch links.

Virtualized flexibility

All of the N1000 Series' services, including routing, application switching, security services, and management capabilities, can be virtualized. Network administrators can dynamically add, remove, and configure virtual switches as needed with no impact on other virtual switches and without taking the overall system off-line. These virtual switches can reside at any tier in the data center, enabling the "wire-once, provision-many" model of utility computing.

Management standards

The Sun Secure Application Switch – N1000 Series supports several management methods, which all interface to a centralized management broker that allows for complete access regardless of the management interface used. The N1000 Series supports the following management standards:

• SNMPv1/v2c/v2
• HTML and Telnet
• Configuration logging
• Multiple images
• Multiple syslog servers