• SYN-Guard: Protects server farms against multiple forms of DoS attacks, such as
TCPSYN and ACK attacks, by monitoring and tracking session flows. Only valid
connection requests are actually sent to servers. ServerIron ADX switches are
capable of defeating DoS attacks at the industry’s highest rate of up to 120 million
SYN/sec.
• High-availability application switching: Utilizes active-standby mode, whereby the
standby ServerIron ADX switch assumes control and preserves the state of existing
sessions in the event the primary load-balancing device fails. In active-active mode,
both ServerIron ADX switches work simultaneously and provide a backup for each
other while supporting stateful failover.
• HTTP multiplexing (server connection offload): Increases server performance,
availability, response time, and security by offloading connection management from
the servers. Using persistent HTTP 1.0 and 1.1 connections to the server, ServerIron
ADX switches stream a large number of client connections to very few server
connections. Connection offload enables the servers to dedicate resources for high-
performance application content delivery.
• Application rate limiting: Protects server farms by controlling the rate of TCP and UDP
connections on an application-port basis, thereby guarding against malicious attacks
from high-bandwidth users.
• High-performance access control: Uses extended ACLs to restrict access to specific
applications from a given address or subnet.
• Application redirection: Uses HTTP redirect to send traffic to remote servers if the
requested service or content is not available on the local server farm.
• Hardware SSL acceleration: Utilize dedicated SSL hardware for high-performance SSL
offload, both in SSL terminate and proxy modes
• Advanced firewall and security device load balancing: Increases firewall and
perimeter security performance by distributing Internet traffic loads across multiple
firewalls and other perimeter security appliances. This approach overcomes
scalability limitations, increases throughput, and improves resiliency by eliminating
perimeter security devices—such as firewalls, anti-virus gateways, VPN devices, and
intrusion appliances—as single points of failure.
• Transparent Cache Switching (TCS): Balances Web traffic across multiple caches,
eliminating the need to configure each client browser, improving Internet response
time, decreasing WAN access costs, and increasing overall Web caching solution
resiliency. ServerIron ADX switches improve service availability by implementing
cache health checking, redirecting client requests to the next available cache server
or directly to the origin server in the event of a cache or server farm failure.
Q Do ServerIron ADX switches provide SSL offload and application server acceleration?
A The ServerIron ADX 1000, 4000, and 10000 series, provide industry-leading high-
performance SSL offload, in both SSL terminate and SSL proxy modes. The ADX 1000
models 1008-1, 1016-2, 1016-4 and 1216-4, that is shipped post February 1st, 2010, is
shipped with built-in SSL hardware and can be upgraded for SSL offload through simple
software license upgrade. The ADX 4000 and ADX 10000 chassis can be field-upgraded
for SSL by adding an SSL expansion module on top of the management module. The ADX
1000 with 4 application cores can process up to 28,672 TPS (transactions per second),
and the ADX 10000 chassis with two SSL expansion modules can process up to
230,000 SSL TPS.
10 of 14