Sun Secure Application Switch - N2000 Series

Details

• Fast Layer 4 through Layer 7 application switching
• Optional virtual switching technology
• Fully integrated, hardware-accelerated SSL processing
• Load balancing with hardware-based TCP termination
• Support for traditional load-balancing algorithms
• Wirespeed access control lists and Layer 7 filtering

Cuts the Cost of Switching

Lower costs through smarter switching

The Sun Secure Application Switch - N2000 Series integrates Gigabit wire-speed application switching, chip-level embedded security, and dynamic resource virtualization. This integration of services into a single system helps to greatly reduce TCO and simplify management of distributed computing environments by eliminating and consolidating costly specialized components such as legacy server load balancers, SSL accelerators, and bandwidth management appliances. A dense 2RU, rack-ready chassis also saves data center floor space, helping to further lower TCO.

Optional virtual switching

This allows you to create as many as 10 virtual switches per system in select configurations. It helps maximize resource utilization and lets you accommodate different workloads without rewiring or swapping hardware. If you don't need virtual switching, the standard configurations allow you to purchase the system without it.

Four ways to choose the right switch

Designed to maximize deployment flexibility, the space-efficient 2U Sun Secure Application Switch - N2000 Series is available in four configurations: The Sun N2040 switch provides 40 10/100Base-T Ethernet ports and four Small Form Factor (SFF) pluggable GbE ports, with the Sun N2040V switch adding virtual switching capabilities to this configuration. The Sun N2120 switch provides 12 SFF pluggable GbE ports, with the Sun N2120V switch adding virtual switching capabilities to this configuration.

Save time and money

The Sun N2000 Series secure application switch is simple to install, configure, and manage as a standalone system in an enterprise data center. TCL scripting allows for fast and easy switch configuration, helping to reduce operational costs. A highly intuitive, browser interface gives administrators full control over the platform, enabling them to perform all key configuration, provisioning, monitoring, control, and logging functions from any location.

Extended & Upgraded Warranty Coverage

Customers can extend and upgrade their product warranty coverage with our SunSpectrum Support Services. Through these support offerings, Sun delivers proven expertise and consistent responsive quality service to help you achieve high availability within your IT infrastructure.

Learn more about how you can extend and upgrade your warranty coverage with SunSpectrum Support Services, or contact your Sun Sales Representative.

Business-Grade Application Switching

Performance for your large apps

This switch delivers breakthrough price and performance on application switching throughput as high as 3 Gbps and SSL cryptographic throughput as high as 2 Gbps. Fine-grained Layer 4 through Layer 7 filtering and hardware-based TCP termination allow you to intelligently switch traffic without impacting performance, giving you:

• 64-Gbps nonblocking switch fabric
• Up to 3 Gbps of application switching throughput
• Up to 2 Gbps of SSL cryptographic throughput
• Up to 250,000 new Layer 4 through Layer 7 connections per second

Deeper insight and control

In contrast to competing solutions that provide only basic packet-by-packet inspection, the Sun Secure Application Switch - N2000 Series inspects traffic at the application level, enabling you to direct traffic based on embedded object content. The platform provides bidirectional Layer 4 through Layer 7 application switching on HTTP header, URI, cookie, payload, and content for extremely fine-tuned switching and data protection.

Hardware-driven performance

The Sun Secure Application Switch - N2000 Series implements advanced application switching by terminating TCP in hardware instead of software. Hardware-based TCP termination enables the Sun Secure Application Switch - N2000 Series to deliver breakthrough price/performance, providing throughput speeds as high as 3 Gbps, supporting as many as 250,000 new Layer 4 through Layer 7 connections per second, and supporting as many as 2 million concurrent Layer 4 through Layer 7 connections per second.

Customized capabilities

Intelligent inspection of application data also enables enterprises to customize and prioritize traffic handling to personalize service and content delivery. In addition, by leveraging switch-supplied cookies and the client source address and port, the Sun Secure Application Switch - N2000 Series provides client stickiness, maintaining customer affinity to application data for enhanced network computing. Traditional load-balancing algorithms, including round-robin, weighted round-robin, least connections, and source address hashing, further optimize traffic management.

Full security without the performance drag

Addressing today's critical need for security, the Sun Secure Application Switch - N2000 Series puts a security blanket over your distributed computing environment without incurring the performance sacrifice normally seen with the addition of SSL encryption. By offering Gigabit wire-speed, hardware-based SSL acceleration, the Sun Secure Application Switch - N2000 Series lets you zip through process high volumes of secure SSL-encrypted traffic for end-to-end application security, protecting your data from both external and internal threats. It gives you cryptographic throughput as high as 2 Gbps, supports as many as 12,500 new SSL-based connections per second, and can handle as many as 240,000 simultaneous SSL-based connections per second.

Virtual domains for flexibility

Optional virtualization capabilities dramatically lower the cost of network computing through improved resource utilization and data center consolidation. When using the virtualization capabilities offered in the Sun N2040V and Sun N2120V switches, it can be partitioned into as many as 10 virtual switching domains that are fully protected from one another to ensure complete isolation of resources, including independent policies, rule sets, IP routing domains, administrative domains, and security domains. This virtualization enables you to partition customers from each other within a single physical switching system for reduced capital and operating expenses.

Reconfigure on the fly

Dynamic resource virtualization also allows you to add, remove, and configure virtual switches as data center requirements change and thereby accommodate different workloads without impacting other virtual switches, rewiring or swapping hardware, or needing to take the overall system offline. All services can also be virtualized, including routing, application switching, security, and management capabilities.

Fast, Distributed Security

Hardware-Based SSL Acceleration

The Sun Secure Application Switch - N2000 Series puts a security blanket over your distributed computing environment without incurring the performance sacrifice normally seen with the addition of SSL encryption. It provides Gigabit wire-speed encryption for end-to-end application security, protecting data from both external and internal threats. Support for as many as 12,500 new SSL-based connections per second, 240,000 simultaneous SSL-based connections per second, and cryptographic throughput as high as 2 Gbps enable enterprises to quickly process SSL-encrypted packets. As a result, you can secure high volumes of traffic without experiencing performance degradation.

Client-side and server-side SSL support

Client traffic is first decrypted for intelligent switching and attack protection. If required, the traffic can then be re-encrypted for travel to the server farm to provide end-to-end security from client to server. The switch can also decrypt cookie data, providing client persistence by maintaining customer affinity to application data for enhanced network computing.

Government-quality security

Through its use of FIPS-compliant algorithms, the Sun Secure Application Switch - N2000 Series meets government regulations for implementing strong security measures. The platform also supports X.509 certificates and provides a certificate and key management application that centralizes management of signed certificates in the network, eliminating the need to administer individual certificates on all data center servers that deliver private content.

Advanced security features

The N2000 Series switch was designed with wire-speed Layer 4 through Layer 7 access control list enforcement, which prevents undesired traffic from using data center resources without impacting performance. Layer 4 through Layer 7 filtering on both inbound and outbound traffic also prevents application-level attacks, such as Code Red, as well as protection against other common attacks and intrusions to ensure continual availability of data center resources.

Full TCP termination

This maintains independent TCP connections from a given switch to the client and from the switch to the server. These two connections are never stitched together as in the case of competing systems. As a result, it delivers end-to-end security across the datacenter by never allowing TCP packets to pass directly from client to server. Attack protection includes:

• URL filtering to stop HTTP worms
• Rate and connection limiting to reduce flooding
• Frame filtering to filter frames for any "poison" or unexpected data
• SYN Flood attack mitigation
• SYN cookie support to suppress programmatic TCP static attacks
• SMURF and FRAGGLE attack nullification

Common attack protection against the following:

• Land attack
• IP packets with multicast or broadcast source IP address
• TCP server resource release
• TCP traffic filtering with SYN and FIN bits set
• Packets with source/destination IP as a loop-back address
• Ping of Death attack
• Fragmentation reassembly errors
• Source spoofed frames

Mission-Critical Availability

High-availability built in

Active/hot standby mode provides fail-over support and the switch includes redundant power supplies. The second power supply has an independent power cord to support use in a two-rail data center architecture to protect against rail failures and power supply failures.

A mission-critical real-time operating system (RTOS)

The RTOS performs continuous monitoring of all runtime elements and restarts any failed software components. The operating system supports hot software upgrades, enabling you to upgrade software components without taking the switch offline. In addition, fully partitioned software provides fault isolation for increased security and privacy.

Inline and out-of-band health checking

In addition to traditional out-of-band health checking, the Sun Secure Application Switch - N2000 Series continuously monitors server and application availability. The patented inline health checking allows the platform to monitor traffic as it traverses the switch without impacting performance, speeding recognition of failed services instead of relying solely on out-of-band server polling at fixed configured intervals.

Advanced failure recovery

If the Sun Secure Application Switch - N2000 Series detects that a server, a service on a server, or other load-balanced device has failed, it will immediately stop directing new connection requests to that server, service, or device. When the affected entity is brought online again, the platform automatically adds it back into its load-balancing algorithm for optimal load distribution. This advanced health checking simplifies management of distributed computing environments, resulting in improved resource utilization and lower total cost of ownership.