AVS and ACE

I am having some trouble getting the difference of the AVS Appliance vs. the ACE Modul for the Cat6K.
Our ACE Moduls are already about to be shipped so i am looking forward to get my hands on those. Checking the Application Solution Section there is also the "new aquired" AVS Appliance listed.
A: Is the AVS a Supplement to the ACE Modul in Areas of HTTP,SSL Compression etc. and more granular Payload Inspection?
B: Is the AVS a "rival" product with different features?
We have some discussions regarding the enhancement of our Portal-Infrastructure and some guys are always putting Netscaler from Citrix on the Agenda. I am sure it is a nice product but i like to keep my Enviroment as far Cisco as i can.
That's why it would be nice to get some advice on how to rate, position or compare the ACE,AVS vs. the Netscaler Solution. I have the feeling some of the features which are in the mentioned Netscaler are splitted into two Cisco products.
Points of interest are...
+Payload/Packet-Inspection
+Compression
Thanks for reading...

Can anyone Comment on my impressions listed below and also on my problems in the above Posting?
AVS: Security, TCP Multiplexing, Compression and NO Loadblancing.
ACE: Security, Loadbalancing, Virtualization and TCP Multiplexing but NO Compression? Could Compression be added in future SW Releases?
vs.
Netscaler: Security, TCP Multiplexing, Compression and Loadbalancing
C: If you would combine the ACE and AVS are you supposed to put the AVS behind the ACE for the use of its security features or in Front of a Cat6K with ACE Modul?
D: If you put it behind the ACE is the Idea of running it transparent as more less IDS with App-Accelration and Caching an approach?
E: If you use the Security features of both devices you have more or less a double inspection of the Payload with the AVS going into more depth than the ACE?
Would be great if someone had any experience or advice.
Roble

Similar Messages

  • Credit Card Fraud control - AVS and CVV Checks

    Hi All,
    We are on CRM 5.0 and went live in June 2006. We use Paymetric for our credit card checks. We use EP/ISA for our web shop.
    We want to implement AVS and CVV checks .
    We want to know if anybody has implemented AVS and CVV checks. Paymetric returns us the AVS and CVV check values. What we want to implement is to raise any error saying if AVS (ex like Zipcode) is not match raise an error saying your ZIPCODE is not match and take to that screen in web-shop.
    I would highly appreicate if anybody can help us or answer us.
    Regards,
    Paul Vankayalapathi

    Hi Paul,
    We are alos looking for the same. Please let me know if you get any info.
    Thanks,
    Suriya

  • Sharing a VLAN between FWSM and ACE (Routed Mode)

    Anybody in here with experience on sharing a Vlan between an ACE and a FWSM module?
    I have a transfer network between the ACE and the FWSM in the same chassis. FWSM gets several vlans and ACE gets some Vlans.
    I wanted to configure it like this.
    firewall vlan group 10 <FWSM only vlans>
    firewall vlan group 20 <shared FWSM and ACE vlan>
    or
    svclc vlan group 20 <shared FWSM and ACE vlan>
    svclc vlan group 30 <ACE only vlans>
    The design hides the client side network and the server side network for the ACE behind the FWSM module.
    Layout:
    |-- Clients <--> MSFC <--> FWSM <--> ACE <--> Server --|
    So allocation on the 65xx would be like this.
    firewall module n vlan-group 10,20
    svclc module n vlan-group 20,30
    Any obvious issues with this design if you share the vlan(s) referred in group 20 with both modules?
    FWSM and ACE will be in routed mode.
    Thanks for reading...
    Roble

    Never mind...
    Just found the perfect answer for this in a another posting from Syed.
    http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Data%20Center&topic=SNA%20Data%20Center%20Networking&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dddee0b/0#selected_message
    Roble

  • Cisco CSS and ACE study guide

    Hi,
    Im ready to kick start Cisco CSS and ACE load balancers. I found that 642-972 DCASD and 642-975 DCASI are the relevant exams for that. But, they are expired now. And, I couldn't even find the old materials for those. Could you please anyone assist me in getting started with this?

    Hi Kanwal,
    Thanks for your reply. BTW, wasn't there any specific study guides for 642-972 DCASD and 642-975 DCASI from Cisco? The reason behind this question is, I want to go step by step starting from how load balancing works, the basics and terminologies of load balancing and its various options and operations etc. I have been working with Network Security and just stepping in to DC operations.

  • CSS and ACE appliance SSL TPS

    Hi,
    Can someone explain how are SSL Transactions per second calculated on CSS and ACE?
    We need to select appropriate SSL license needed for future ACE appliance, wich is defined in terms of TPS.
    We also currently have CSS device with SSL module. Is there any way to find current SSL TPS info on a CSS device?
    Thank you and regards,
    Jasmina

    What is the method used to calculate SSL TPS requirement.
    example,
    Current: Peak SSL Transactions  6,000
    If I expect a peak concurrent connection of 200,000 what would be the methodology for calculating SSL TPS needs. (Some sample calculation steps would be appreciated.)
    Can I interpret the licensing as follows,
    SSL TPS: SSL Transactions per second: Number of NEW transactions that can be setup by ACE per second. (Does this mean established SSL transactions are not counted by the license, though each of the packets in established transactions require SSL termination!)
    Thanks
    Sri

  • Difference between ACE module and ACE appliance

    Hi All,
    Can someone help to understand the difference between ACE module and ACE appliance, as i am observing ACE module is providing more throughput when compared the ACE appliance, Is the only advantage we getting with contexts ....
    thanks inadvance,
    Narayana Mallidi

    Hi Narayan,
    Apart from providing throughput, ACE module has more to offer ,
    http://docwiki.cisco.com/wiki/Cisco_Application_Control_Engine_%28ACE%29_Troubleshooting_Guide_--_ACE_Resource_Limits
    The above link will provide a comparision of ACE module and Ace appliance interms of scalability. Apart from that legacy modules wont support compression, but ACE 30 module can support compression.
    The major advantage of ACE 30 module is with resepct to SSL throughput, SSL TPS, L4 & L7 CPS, & Concurent Connections per second, apart from the increased contexts
    ACE 4710 Data Sheet :
    http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps7027/Data_Sheet_Cisco_ACE_4710.html
    ACE20 Data Sheet
    http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/product_data_sheet0900aecd8045861b.html
    ACE 30 Data Sheet
    http://www.cisco.com/en/US/prod/collateral/modules/ps2706/ps6906/data_sheet_c78_632383.html
    Regards
    Abijith

  • Difference between Ace Director and Ace Memeber

    What is the Difference between Ace Director and Ace Member?
    because recently I saw one Ace director becoming Ace Member... (John)

    You have not read the link I provided, have you ?
    Ace director are not more senior than Ace member, they have more things to commit to like "Ability to commit to participation in an honorary (noncompensated) capacity for 12 months"...
    So, I cannot tell for John, but if one cannot commit within those things, you cannot be Ace director... and it is not "depromoted", probably have less time for this.
    Nicolas.

  • Lync 2010 and ACE load balancing

    Hi there,
    Has anyone deployed [or will be deploying] Lync 2010 utilising the ACE as a hardware load balancer. The ACE is not {yet] on the Microsoft list of supported devices for this product, but I am told this because of lack of documentation from Cisco.
    The consensus from a few colleagues is that it should work as it did for OCS, which we have already deployed, so assuming that the set up and operation is similar, there shouldn't be much difference in the configurations.
    regards,
    Glenne.

    Hey Glenne,
    It seems you got that working already but I wanted to share this simple sample:
    parameter-map type http PARAMETER
      set header-maxparse-length 65535
      set content-maxparse-length 65535
    ============================================
    interface vlan 112
      ip address 10.198.16.71 255.255.255.192
      alias 10.198.16.124 255.255.255.192
      peer ip address 10.198.16.72 255.255.255.192
      mac-sticky enable
      access-group input anyone
      nat-pool 25 10.198.16.125 10.198.16.125 netmask 255.255.255.0 pat
      service-policy input ANS-MGT
      service-policy input VIPS
      no shutdown
    ============================================
    policy-map multi-match VIPS
      class LYNC_VIP
        loadbalance policy  LYNC_POLICY
        ssl-proxy server SSL_LYNC_TERMINATION
        loadbalance vip icmp-reply active
        nat dynamic 25 vlan 112
        appl-parameter http advanced-options  PARAMETER
    ============================================
    class-map match-all LYNC_VIP
      2 match virtual-address 10.198.16.125 tcp eq https
    ============================================
    ssl-proxy service SSL_LYNC_TERMINATION
      key tac-key
      cert tac-cert
      chaingroup tac-chaingroup
    ============================================
    policy-map type loadbalance first-match LYNC_POLICY
      class class-default
        sticky-serverfarm LYNC_COOKIE
    ============================================
    sticky http-cookie ACE_COOKIE LYNC_COOKIE
      timeout 30
      replicate sticky
      serverfarm LYNC_FARM
    ============================================
    serverfarm host LYNC_FARM
      rserver LYNC_SERVER1 80
        inservice
      rserver LYNC_SERVER2 80
        inservice
    ============================================
    rserver host LYNC_SERVER1
    ip address 10.198.16.93
    inservice
    rserver host LYNC_SERVER2
    ip address 10.198.16.113
    inservice
    ===========================================
    Jorge

  • Named ACL and ACE numbering

    I created a new extended named ACL and enter a few ACEs numbered 10,20,30,100,110,1000 to give them plenty of space apart. When I reload the switch, the numbering has disappeared and they are all spaced 10 apart. Why does this happen and is there a way to maintain larger spaces? I am thinking that in time I may come to make many modifications to the ACL and the gap between two entries may reduce to nothing. I am not going to reload my switch just to reset the gaps and I would rather not remove the ACL completely and replace it to achieve the same.
    thanks for any advice
    Chris

    The ACL is stored in RAM initially. When you display your access-list for instance you see the seqeunce numbers. When you display your're running configuration you don't see them.
    Are you using ip access-list or the traditional access-list?
    ip access-list extended Popey
    10 permit ip host 10.10.10.10 any
    100 permit ip 10.10.20.0 0.0.0.255 any
    1000 deny ip any any

  • ITunes and Ace mega codec interferences

    Hi There,
    I use itunes for all music purpose and iPod updating but I use windows media for div-x with ace mega codec pack.
    with previous version of iTunes it works perfectly. I have downloaded the latest up date of iTunes and now iTunes refuse to launch.
    I have uninstal ace mega codec softwares and the new version of iTunes works without problems. It is as per my understanding a compatibility prolem.
    BUT I can't watch any div-x without acemegacodec so i am in front of a dilemna.
    I am sure you can help me in that topics. maybe 1 patch exist to fix this kind of problem.
    Thanks for your assistance
    Laurent

    hi Laurent!
    Then I install the codecpack, (that works when i was using last version of itunes), and itunes new version crashes.
    gaah. okay, this is
    b speculation
    that is partly based on the few reports i got in about the K-Lite Mega Codec Pack 1.38 "breaking" working copies of itunes 5.0.x.
    what i noticed with the details of that mega codec pack was that it contained all the
    b QT 6.5.2
    codecs. so my suspicion is that
    b either
    it was installing a version of QT 6.5.2 somewhere on the computer that itunes 5.0.x thought it should be using (resulting in 5.0.x crashing because it needs at least QT 7.0.2 to run),
    b or
    the old QT 6.5.2 codecs were desperately confusing the existing QT 7.0.2.
    so, perhaps try to see if you've got a new copy of QT 6.5.2 somewhere on your machine after you've installed that Codec Pack, and uninstalling that. if you still get errors (or different errors), try downloading and saving to your hard drive a copy of the standalone QT 7.0.3 installer. (run the installation from there rather than online. switch off antivirus and antispyware prior to the install.)
    http://www.apple.com/quicktime/download/standalone.html
    keep us posted on developments.
    love, b

  • Websockets TCP RST through ASA+IPS and ACE

    Hello,
    We recently deployed a new websockets project within our existing web infrastructure. The websockets traffic (as all the rest of normal web traffic) is crossing an ASA + IPS module  where I do NAT and and then is forwarded to an ACE load balancer where two real server are configured in the server farm in active/standby mode (not load balancing) due the websockets nature. Everything seems to work fine but sometimes (once every 4 days or so) and based upon the server logs a TCP Reset gets the application server and bring down the whole application.
    It's clear that this application as a bug but I would like to avoid that TCP reset as a workaround while application team fix the ibug as the go-live is soon. Anybody faced this issue and can help me to find where that supposed TCP reset comes from? I didn't get IPS alerts.
    Server log:
    "Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.    at System.Net.Sockets.NetworkStream.EndRead(IAsyncResult asyncResult)"
    Thanks,
    Miquel

    Hi Miquel,
    A packet capture on the server shall show the origin of TCP RST. If you are natting the source traffic then take front end pcaps at front end of firewall as well as at backend and similarly for ACE, to see what is the origin of TCP RST. Normally, it should be from client if it is received on the server. LB's just forward the traffic to the server but it depends and it could be loadbalancer resetting the connection. But we don't have any details to be sure. So packet captures would be our best friend here.
    Regards,
    Kanwal
    Note: Please mark answers if they are helpful.

  • Itunes and ace mega codecs pack conflict

    Hey guys. I was wondering why the itunes doesnt work with the ace mega codecs pack. I read the other discussions and im not tech savvy enough to understand how to fix it. I tried uninstalling and reinstalling itunes (cuz thats all i really know). Still doesnt open... i get that error send report thing by windows. Is there an easy way to fix this? Do i need to get rid of a certain codec in the codec pack? pleaseeee help me.. i cant even utilize my iphone

    hi Laurent!
    Then I install the codecpack, (that works when i was using last version of itunes), and itunes new version crashes.
    gaah. okay, this is
    b speculation
    that is partly based on the few reports i got in about the K-Lite Mega Codec Pack 1.38 "breaking" working copies of itunes 5.0.x.
    what i noticed with the details of that mega codec pack was that it contained all the
    b QT 6.5.2
    codecs. so my suspicion is that
    b either
    it was installing a version of QT 6.5.2 somewhere on the computer that itunes 5.0.x thought it should be using (resulting in 5.0.x crashing because it needs at least QT 7.0.2 to run),
    b or
    the old QT 6.5.2 codecs were desperately confusing the existing QT 7.0.2.
    so, perhaps try to see if you've got a new copy of QT 6.5.2 somewhere on your machine after you've installed that Codec Pack, and uninstalling that. if you still get errors (or different errors), try downloading and saving to your hard drive a copy of the standalone QT 7.0.3 installer. (run the installation from there rather than online. switch off antivirus and antispyware prior to the install.)
    http://www.apple.com/quicktime/download/standalone.html
    keep us posted on developments.
    love, b

  • Configure AAA with ANM, ACS and ACE

    I am seeking for best practices with deployment of ANM and ACS to manage ACEs. Configuration guides suggest that authorization can be on ACS 5.2 or ANM.
    I found that an admin user can be assigned to a single role only. What I would like to do, is set myself as an adnmin user have different roles for different ACEs. For example, I want to be a system admin for one ACE and network-monitor role for another ACE.
    Would you someone offer me any suggestions?

    thank you

  • Cisco CSS11503 and ace question

    we are migrating from css11503 to ace. is there a utility to migrate the config to ace? we have 9000 lines of config on css11503. also is there a white paper which compares css with ace and csm?

    TFTP the config file from CSS11503 to the TFTP server and back from server to ACE. ACE can handle 16Gbps of traffic while the CSS can only handle 6 (in the 11506).

  • Please can some-one tell me where to find the price differences between the ACA and ACE exams.

    Please can someone tell me the price difference (in ZAR) between the ACE and ACA exams.

    Why did you post this in the forum for Adobe Reader?

Maybe you are looking for

  • Report on separate sheets

    In my application a page has a table with data rows. The source for the region is a PL/SQL-statement which generates the data rows. The data rows are grouped by the frist table column (person). The break formatting is at the first column. I have the

  • Forms 10g App. is slow: What is the official procedure to follow?

    Hello Forms gurus. This question has been bugging me for some time. Here is the scenario. We have a Telco application developed using Forms 10g. A user complains that his form is slow. We have access to the live DB (assume it is a 10g DB). However, w

  • Errors While import-IMPDP

    Hi Team, Getting below errors while import Please suggest. Processing object type DATABASE_EXPORT/SCHEMA/PROCACT_SCHEMA ORA-39083: Object type PROCACT_SCHEMA failed to create with error: ORA-31625: Schema ASID is needed to import this object, but is

  • Permissions Repair, same issues every time

    Hi there I have a question about permission repair. I have been having a lot of quirks with my machine and, following the advice of people here, am always running disk utility to repair permissions. However, every time I run it, I get the same leghty

  • Oracle 11g stop working after installing Patch 1

    I'm new to Oracle. I installed Oracle 11g Database this weekend. The installation went well with no problems. However, after installing the base system I then installed Patch1. I had no problems installing the patch. I restarted my system and then st