A10 Networks Thunder ADC Reviews

Our primary use case is load balancing, from Layer 4 to Layer 7, on different partitions. And it's also our internet gateway router with our ISP. We're using the standard DDoS protection which is on the box itself.

We have about 91 virtual IP addresses we're load balancing at the moment.

Before A10, we didn't have any load balancing capabilities. Now we use a different partition for the DNS infrastructure with the DNS firewall. The unit uses a separate partition for the internal- and for the external-facing. Before, everything was connected together, and we couldn't split very easily between test, production, and development.

The effect of the solution on our efficiency is that before, we only had round-robin DNS load balancing capabilities, with no health-checking, for example. Or we would have to use network-based load balancing from Microsoft. All that can bring a network down quite quickly, if you configure things incorrectly. With A10, we have a very robust load balancing solution that is capable, like F5, of iRule or aFleX scripting. You can influence the complete packet instead of just a few bytes or bits of the packets, depending on whether it's http or another Layer 4 to Layer 7 traffic flow.

Compared to F5, which I used about six years ago, the A10 is much easier when routing. You don't have to use the wildcard bits to route it between the different segments. It's much less troublesome to configure.

A10 Networks also doesn't have separate licenses for some features. All licenses are already onboard, which is not the case with F5. It's called the GTM on F5 and on A10 it's GSLB. The DNS load balancing is globally based and that isn't a separate license. That's already on the box in the ADC license itself.

The solution's traffic flow management capabilities are quite easy to use and quite good, and our ability to troubleshoot traffic flow issues is good if you know how to read the packet captures. If you know your way around the command prompt, it's fine.

We've got the solution's support for expanding infrastructure to public, private, and hybrid cloud containers for our internal data center, and we're also balancing some things we've got in AWS. That's only available internally. That scales well, especially the virtualization with the A10s. You can split it up into 32 separate units.

The solution's support for our on-premise applications is good. It's very flexible. You can split it up into different Layer 3 partitions: internal- or external-facing. Or you can use it as a separate partition for testing.

There is room for improvement in the GUI. I just migrated from the 2.7 software train to the 4.1, and there are still people on 2.7. The latter is a very old GUI if you compare it to F5. It's not as easy to use and a lot of things are missing. 

They've made a lot of improvements in the 4.1 step, but compared to the ease of use of F5, it's still quite difficult. For people who haven't got a lot of experience, the GUI can be quite challenging.

We've been using the Thunder ADC product for nearly six years.

I've never had any trouble. There have been some bugs in some software-release trains, but there were no production issues as a result.

We have between 1,500 and 3,000 users connecting to the appliances daily. Administration-wise, there are two network admins but we're not required to look at it because we've got our daily monitoring alerts.

For our new applications, all load balancing is being done on the A10s. In terms of increasing our usage, there are still some new applications on our roadmap that are being developed. They will replace other applications that are not load balanced at the moment. The replacement will be load balanced so we plan to put more things behind them.

It scales well. I haven't found any inconsistencies between the data sheets and the hardware specs. For our purposes, we haven't run into any degraded performance or the like.

A10's technical support is very good. Most of the time we go through our support partner, but you can also send an email straight to A10 support and, most of the time, within one to two hours, you get a response.

Initially, I got support directly with the vendor and that was fine. Now, we've also got a support partner. I haven't any experience with them yet because we just engaged them with the new units. But my direct experience with A10 was quite good.

The primary reasons that we switched to A10 were that F5 wasn't 46-bit hardware-capable yet, at the time, and because of the licensing. For what we wanted to do with our replacement parts, we would have had to migrate to a much more expensive and higher-end hardware model at that size. And support-wise, F5 is about five times more expensive than A10 is.

Overall, at the time, we were quite happy with F5. But we were looking around and came across A10 and did a proof of concept with them. Price-wise, it was very interesting and hardware-wise as well.

The initial setup was quite straightforward, but take into account that I've been using it for a long time. 

If you come from a Cisco background and you switch to F5, it's quite a big step. A10 is more like a Cisco IOS, in terms of the CLI. The F5 is more Junos OS, CLI-wise. So for me, the migration from F5 to A10 — because we use a lot of Cisco as well, internally — and the setup of A10, was quite easy. The commands are quite similar for configuring the interfaces.

For the migration five or six years ago took, the initial deployment took about two or three days to get the failover and everything else working. The migration itself for about 70 VIPs, took about a month. My recent migration from one unit to the other unit took about two weeks, taking into account the different departments and getting a service window to migrate things.

In terms of our implementation strategy, as is, from the one A10 to the other A10, everything we're load balancing was just a copy-paste and then we made some hardware improvements because we have more 10-GB interface capabilities. We can split the load better between a separate Layer 3 core and our ACI data center core.

We did it ourselves, but we had a review of the initial configurations and migration steps from A10 Professional Services, and that took about two hours. Our experience with them was quite good.

We have seen ROI from going with A10. Part of that was the ease of configuration, but that's because most of the other network engineers also have a Cisco background, and they had never done anything with the F5 solution before. So it was quite easy for them to get used to configuring it. And in the support contract, we saved a lot of money, on the order of $15,000 to $20,000 a year.

As for the initial investment in the hardware, F5 and A10 are quite similar now. For the current A10 solution, the initial cost was about $36,000. As for annual support, the F5 solution would be between $10,000 and $12,000, while the A10 is $2,200 a year for support.

In terms of A10's security features, the web application firewall handles the top 10 OWASP use cases. But the ATM on the F5 is much more enhanced or comprehensive. For pure load balancing and the normal security features, both solutions are okay. They are easy to configure for simple setups.

The biggest lesson I have learned using the ADC solution is the ease of routing between the different segments that are behind the solution, compared to F5.

You have to look at your use cases for load balancing and how much you want to have influence from the traffic. In my opinion, there are only two solutions that are very close to each other, the F5 and the A10, in terms of the way you can influence your traffic. Then it comes down to the price. Security-wise, they each have different angles for how you set it up.

We don't use A10's FlexPool consumption-based licensing model. We have some VM test units. We would have to bring our own license if we wanted to host it in the cloud. That's another subscription model that we haven't used.

In terms of the solution's single-pane-of-glass view, you actually you need the Harmony analytics to see everything. You can see everything that is configured on, but to get the most out of the monitoring part, you have to have Harmony with it. With Nagios and Zabbix, etc., you have to do a lot of OED searching to get all the collect counters for your service groups.

Our company uses the solution to enhance our client's connection to their data centers. One data center is in Brasilia and the other is in Sao Paulo. The solution bolsters the connection between the data centers.  

The DNS application firewall and load balancing are very valuable. 

A graphical dashboard for analyzing performance is needed. Sometimes, it is necessary to use the CLI to see connections. 

I have been using the solution for five years. 

The solution is very, very stable with no issues. I rate stability a ten out of ten. 

The solution is scalable by adding new appliances. 

I contacted support once by opening a query on their website and it was answered quickly. My experience with support was excellent. 

The setup is easy. 

We contracted with a partner for deployment which was completed in one day. 

The solution costs less than its competitors. 

We evaluated five equipment options for our client and prices were very different. Technically, the options were comparable so we chose the solution because it was the least expensive. 

The solution is good and I never have any issues because of the equipment. 

I rate the solution a nine out of ten. 

Our clients are using it for their entire network. They have multiple networks across India. They are using it for application load balancing. 

They have multiple servers. 

The customers are using all the features. It's got a good set of features. 

It is a stable solution.

The product is easy to set up. 

It's scalable. 

Technical support has been helpful. 

I'm not sure what improvements can be made. I'm a reseller. I don't deal with the solution directly.

We've had a customer that wanted to use an IPsec VPN and we haven't been able to put the two together.

The license does not come along with it, so you have to purchase everything separately. 

The costs can be quite high.

We've used the solution for one year.

The solution is stable. There are no bugs or glitches and it doesn't crash or freeze. 

The product can scale. It's not an issue. 

Technical support is good. It's very prompt. My customer had a support problem.

Positive

The initial setup is not complex. It's rather straightforward. 

I'd rate the product five out of five in terms of ease of setup. 

The product has been very good, and, until now, the customer is not facing any problems. They have been happy with the product.

How long the deployment takes depends on the customer and the scenario. In my case, I had it up and running in three or four months with no downtime whatsoever. Typically, it can be a one-day job. 

We pay a licensing fee on a yearly basis.

The pricing is okay. As far as other products are concerned, it is quite pricey, however.

I'm a reseller for A10.

This is one of the best products. It is capable. I'll always suggest it for my customers as it is better than the other products. If you compare to other products, it's a one box solution, as we say. Everything comes in the one box, and that's the beauty of this product.

I'd rate the product ten out of ten. 

We are in the government sector and we use this solution for load balancing and application management.

The solution is user-friendly and the CLA troubleshooting is easier compared to other solutions.

There are competitors that have more features.

In a future release, I would like to see VAS, application policy management, profiling, and the SSL encryption and decryption features should be on the system instead of having a separate SSLi system. Additionally, they should combine the products into one solution instead of having separate products, such as encryption and decryption, and load balancing.

I have been using the solution for approximately four years.

The technical support is good.

I previously used F5 BIG-IP.

The implementation is easy.

The price of the maintenance support is too expensive.

I have evaluated Avi Networks.

If someone has experience in Cisco Networks, the CLA hierarchy and configuration are 90% the same making this solution easier to use.

I rate A10 Networks Thunder ADC a seven out of ten.

Our primary use case is for servicing a remote workforce. Especially these days when a lot of people are working remotely, a solution like this is important. We have to deploy applications and we do not necessarily want to upload the applications into the cloud or locally on desktops or laptops. ADC is really good for desktop virtualization and application delivery. Instead of having a full client, you look at a projection hosted in the data center. All the processing is being done back in the data center in the corporate domain. Because of the fact that the processing is not being taken care of locally, ADC is a very lightweight client that handles the feed on your laptop. It also enhances security.  

Everything is kept in the server room, not exported locally to someone's house or whatever location they are working in. You do not have to worry about securing the data. There are certain programs that you have to patch a lot, like Adobe Flash — which seems to always need a patch. Instead of doing that on all 100 laptops that are in the field, you just do it once in the data center and everybody uses that same version. That type of simplification for your deployments is another benefit of ADC.  

Because the maintenance is all happening at the data center, it is a lot more controlled and it is way easier. Another thing that this helps with is that only certain people get access to certain applications. The accountants are really the only ones who need access to the accounting software. It is really easy to set up groups based upon Active Directory and then define who gets access to those applications. That ability to limit access is really kind of cool and can potentially save money and licensing costs.  

The most valuable parts of this product have to do with the efficiency of deployments and data security.  

Everybody says Network Thunder works as advertised. It is just one of those things that actually performs as advertised. I take no news as good news. I do not really have any negatives. We usually like to get well-balanced reviews from people who have experience with the product and especially from the vendors themselves.  

As far as improvements, that may be different than things that are missing or broken. I just do not have any cons. I do not have any glaringly big needs for additions either. One thing that might be improved is the interface. I think it is pretty straightforward. It is just not the prettiest, but it is functional. That is getting pretty granular.  

Maybe one concrete thing that they can improve on is their two-factor authentication. Just do something to make the native solution more robust. That would probably be the one thing that I have heard mentioned. They have basic two-factor authentication. It is also nice that they have options for integrating with other two-factor products. The problem with that is that then you have to buy two products and license two solutions. One customer made a comment saying that it would be nice if we only had to buy one product to take care of the whole solution. In other words, they thought it would be better to just be able to buy the A10 and not buy two products to create the two-factor authentication they would have preferred. That should be something that A10 could at least offer.  

We have been selling A10 ADC (Application Delivery Controller) over the past couple of years. We have been selling the load balancer for going on nine years.  

There are not really any nagging glitches or any kind of little ongoing annoying problems. Certainly, there are none that I have experienced and not that I have heard of from people using it. If there are ever any issues they are just normal, temporary issues that you expect when you work with technology. That is if you can consider anything that is a glitch to be normal.  

If we are talking about load balancing, then I can speak more about stability issues. But the Network Thunder ADC has mostly been very good. There was an issue a few years back with one of my customers and A10 addressed the problem and took care of it promptly. Isolated incidents can have to do with a lot of things within a larger architecture. It would be a problem with the architecture then, and not the product.   

We never really tried to scale the internal initial deployment hands-on. It has been left as is. More users have been added over time but nothing so crazy that it really required some type of scaling of the product. This company is a little over a hundred users. They are all using it remotely, from home, daily.  

Roles for the users are just all over the board.  

For just Network Thunder, I have not had to deal with the A10 technical support team. Our clients never said anything about how they like it one way or another. I assume that means they have not had to contact them either. There has just been one load balancing issue a client had and it was isolated to that location. A10 took care of it. They are one for one as far as tackling problems I know about.  

The installation is absolutely straightforward. Nothing more to say about that.  

As far as how many people are usually required to maintain it, in this company it is just one technician for 100 people using the product. His role is probably considered a straight system admin. It would not be a senior tech or even someone dedicated to the product.  

I can just say that it is cheaper than other solutions that are supposed to do the same thing. That is actually one of the reasons that customers chose it.  

It is a pretty good product. On a scale from one to ten (where one is the worst and ten is the best), I would rate A10 Networks Thunder ADC as a nine-out-of-ten. I do not get too many complaints from customers. Giving it a nine seems fair. It works as advertised.   

We use it for SLB and GSLB load balancing. We're using the Thunder ADC 1040 but before that we used their AX 2500.

The SLB and GSLB load balancing are the most valuable features. They meet our need to do server-side load balancing and global site load balancing so we can distribute traffic, not only intra-data center, but inter-data center.

We are using them in the cloud and they are flexible, supporting the cloud services that we use. We use Azure.

In my opinion, they need to improve their cloud support. There is support for cloud, but not all functions are there, such as high-availability.

We've been using A10 Networks Thunder ADC for eight or nine years. It's nothing new for us. It's been a while.

The stability is on par with what we expected. We have very little downtime that is related to the product itself.

Scalability for us is more horizontal, so it's easy for us to add nodes into the cluster. It's not really scaling vertically where we need more power. We're using the smaller devices; we don't use their chassis where you can add more power.

It is our only load balancing solution. We plan to transition into Azure, but we don't see a need, based on the way we use it, to grow it. It will just be transitioned.

Previously, we were using F5 Networks' load balancers and we moved away from them because they were not flexible and they did not provide a good value. Since we switched to A10 Networks, we have had all the features that we need in a more value-oriented package. In particular, they provide SLB and GSLB, whereas F5 wanted to charge us for every single thing. We like the all-in-one-bundling from A10 Networks. It turns out to be a good value.

The setup was straightforward. We worked with a support engineer from A10 Networks to plan the setup and they provided a migration tool. It was a straightforward migration when we switched from the AX to the Thunder series. Also, when we switched from F5 to A10 they provided resources to us.

We have it installed globally, so it took about three months to replace them all. The replacement strategy was to do it in pairs in each location, one at a time, to have the least impact with production.

I didn't have any complaints about the consultant from A10. It was a good experience.

We ran the numbers and our return on investment is projected to be five years out with A10, compared to if we had replaced our infrastructure, back then, with F5.

It's a regular CapEx purchase, and annual maintenance per device.

We evaluated F5 again, because it was time for a renewal. We evaluated Juniper — at the time they had a load balancing solution. We also evaluated Cisco.

The biggest lesson I have learned is that even though at that time A10 was an up-and-comer, it was worth the chance. As a smaller player at the time, it provided a product that was stable and provided a better value. Being willing to take a calculated risk was worth it in the long-run.

Don't only look at the dominant players like F5. Do your research on vendors that might not have dominant market share. That's not to say that you would just choose to go with any small player. It would have to be a smaller player that has stability and that has at least some size to support you on an enterprise level, which is what we found with A10 at the time.

We have about 10 administrators of the solution.

I would rate Thunder ADC at nine out of 10. There are some things that can be improved, but we've been happy with it.

We are using ADC for load balancing. Most of our enterprise applications are behind ADC.

It's on-premise.

It has definitely improved the way our organization performs. Our company is mostly an education institution. We have a campus and an administration where we host all the enterprise applications. With enterprise applications going to six separate entities, it requires a lot of hardware underlying the applications. So load balancing has worked very well.

It definitely has enhanced our application security and our application accessibility. We don't have to go with the original application, the built-in, round-robin kind of thing. The security features, like SSL version 3.0 or TLS 1.2, mean it has pretty good options in the way the application can be configured to make it more secure, as well as the number of servers that are behind it and the way it chooses its servers.

The features we have used are basically for load balancing. The round-robin feature, the persistent cookies, the source IPs, source mapping, we use all of that in our situation. 

They also have a feature I use frequently. We have two appliances and I'm able to move my application from one appliance to another. I don't have to move my whole A10 to be active on the other side or to be passive on the other side. If an application is having a problem, I can just move it using a command. That is really interesting and very appropriate for our environment.

It's very easy to use. The commands are easy to use. I have used a couple of other load balancers and I find A10 to be the easiest one. The language and the commands are easier, as is the layout. Even the technology behind it all just links together, so it's pretty easy to use. You just follow the steps and you're good.

Within load balancing, we use some of the security features as well, such as the source mapping. We make sure that everything goes in and out from A10 itself. That makes the messages more secure too. We know what's going in and what's going out. It captures their source IP addresses if we want it to. The VRRP solution is also good. It has automatic failover.

It also has a Virtual Chassis System, although we don't use it. But we do have the option of creating virtual chassis, so that gives it a bit more security. If we find an application which is not going to play well in the main pool, we can easily create a virtual chassis and have that application in that virtual chassis. With the virtual chassis we can also create system partitions and have a test system for test applications and have the others elsewhere.

The solution does logging, but the logging capacity is really small. Because we have a bunch of traffic here, we usually get a logging-side warning that "This many logs were lost because of the heavy traffic." If the logging was better, that would be very good.

It has security features like DDoS and WAF, but they are not updated automatically. If any new vulnerability comes out, you are given an option to update that vulnerability in your system and the actual firewalls. Because, for ADC, this is just an added feature, it's not the main security solution right now. It's not the only security that any company would have. There is an opportunity to modify that and make it better.

I don't want to jinx it, but it's pretty stable. There are times where we don't even have to reboot it for a year. We would look at the time and say, "Oh, it's been like 270 days. We haven't rebooted. Let's schedule it to reboot." Otherwise, it's very smooth.

The scalability depends on the resources you have. We do have resources so we are on the higher end in terms of what we bought, and we do have the scalability built-in. We are not using the virtual chassis. But if we want to expand it and have partitions created, to create a separate virtual chassis, we do have that scalability. If we need to add another appliance to it, the process is pretty simple. So it's scalable.

There are talks, internally, that all our applications should be behind ADC. As soon as we get to that level, even if it is just one server-application, the application will be behind ADC. Right now, we have our major enterprise applications, our major ERP systems, our email systems, and our tier-one applications behind ADC.

They do have support and it is wonderful. We are on the highest support level. It's very good, even excellent.

We were using another product. The main things that attracted us - I saw it a conference where there was a demo - were the pricing at that time, the functionality, and the stability. Of course, we continued afterward doing a little bit more research. A10 was still trying to get its foot into the market over here and they were very helpful. I do not have any regrets switching over to A10.

Initially, we deployed it because of our learning management system, which I was handling. It is Linux-based and it required load balancers. We moved to A10 from another load balancer at least in part because of the better pricing. Also, it was doing Layer 4 and Layer 7 and that's what was required.

The initial setup is pretty simple if you have the guide. It's just like a basic switch on any appliance deployment. Deployment is not hard.

When we initially did it, this was a new product, of course, so we had support do the deployment. But when we changed the appliance, I did it myself, moving from one to another and doing the initial configuration. It's more a matter of the paperwork that you do on the network, and how it will change. But the deployment itself on A10, like configuring your settings, etc., takes no more than two or three hours. If you have your paperwork done, it's pretty easy.

When you move into this solution there is a learning curve if you come from another one. But once you get used to it and you know how things are flowing, it's pretty good.

When we bought A10 and we moved to it, we did have the A10 consultants help us.

Our experience with them was excellent. They were eager to do it. At that time, A10 was pretty new over here. From the support to the administration, everybody was eager to help out, to get it deployed and be successful.

We pay for it on a yearly basis. There is standard licensing for the number of controllers; that just came into existence last year. Other than that, there's just the support: Basic or Gold Support, etc.

In implementing A10, you need to keep in mind your end goal, what is it that you desire? If you're looking for more DDoS, or if you're looking for more firewall-type of capabilities, then you might have to do a little bit more consultation. But if you're looking for ADC and trying to see separation and load balancing, A10 does the job and provides security very well. It has both CLI and a web interface, so it's not too congested nor does it look too busy. Its appearance is very soothing and relaxing so that helps.

It does have the reporting capabilities and the capability to send logs to an external device. If you feel comfortable with Linux, you can really expand its usage. It depends on what your company goals are.

Overall, A10 ADC is pretty good. It's reasonably priced and easy to use.

The biggest lesson I have learned from using ADC is that I have to keep on learning it. The good thing is that even when they do firmware upgrades, there are minor tweaks but it's not ever-changing firmware where we have to upgrade. That's a good thing about A10. I have other applications that I am responsible for and they generally have frequent upgrades and you have to do them or you won't be supported. But I have not gotten into that situation with A10. That's a huge advantage for us, being in the education field, because there are semesters during all 12 months of the year. There are very few windows in which we can actually bring down appliances and upgrade them. Maintenance-wise, with A10, we have not had that problem.

We have the solution’s Harmony analytics and visibility controller but I would not say that it has enabled us to proactively detect, anticipate, or resolve issues before they become problems. It does give very good reporting, but we have not had any issues that it told me about first-hand - or maybe we are not configured in that way. But it's a very good reporting tool and a very good graphical analyzer.

As for deployment and maintenance of the solution, it's only me.

Regarding the solution's single pane of glass traffic management, I don't think we have used any feature for traffic management. At the back-end we have very good bandwidth and, the way it is positioned in the network, the agent doesn't have to do any traffic management. We are not at the saturation point. We are even below the midpoint on traffic.

The solution hasn't affected our operations efficiency because we offer the solution to our applications team, if they need to have their applications behind A10. We just changed data centers, moved into a new building. We are at a stage where we would like, and there are talks, to have all our applications behind ADC, just for security, to have that separation from the users, but we are not there yet.

It is a work in progress. Initially, when we deployed A10, it was the demand of an application that we have a load balancer in place so that it could load balance among the ten different servers the application needed. But now, it has improved our decision-making where, if added security is needed, the application team would say, "Okay, let's put it on A10 for the off-loading, etc." Other features that a server would normally do are conducted by A10, which means a little less load on the server side. That helps the application efficiency.

We are in the process of using the WAF, the web application firewall, from A10. It's not the main firewall product, obviously, but we have found it to be interesting. We are trying to implement it. We are in learning mode right now.

• Load balance web traffic
• Load balance application traffic
• DDoS protection
• Carrier Grade Network (CGN)

We have the ADC product, as well as the CGN.

We are using both the public and private deployment model. We are using AWS as our cloud provider.

It helps us operational when had our DDoS attack. We got a call at two o'clock in the morning one day from one of our service providers that there was a DDoS attack happening against one of our IPs. We looked at the way our network was configured, then we looked into the best way to mitigate it. We knew that our A10 had the capability, but we didn't have it enabled at the time. We called support and were able to get it enabled. Immediately, we stopped that DDoS attack. From an operational perspective, we had a down situation that we were able to quickly resolve and bringing it.

It also helps out a lot, from an operational perspective, when we are load balancing our servers, whether application or web. It is real easy to do a maintenance window. I can go into any of my service groups, then take the servers out of the service group and do maintenance on half of the servers while the other half are still online. I can get all those updated, back up to date, and put all of them back, then take the other half out and update them. So, it allows us to do seamless updates to our servers and application infrastructure.

We send all of our production web traffic through our A10. We have a major website, which is our school's website. On the website, there are many different applications and sites, so being able to balance that between our on-premise resources as well as our public cloud with AWS is a huge feature.

The solution's security features are excellent. It actively helped us mitigate a DDoS attack in October of 2018. You can do SSL offloading. You can use the A10 to terminate your SSL connectivity, meaning that you can install all your public certificates on the A10 box itself. It just has a wealth of security features.

Being a public entity and having a public website, which is highly visible with a lot of traffic, we are a target for DDoS. Within the last year, we have had a couple of DDoS attacks which could have affected our web traffic and taken down certain parts of our website. This did not happen because the A10 was able to mitigate the attacks using rate limiting that can be configured for DDoS mitigation on the box.

The single pane of glass traffic management is a nice feature. It allows us to be able to delegate access to different groups of people. This means that I can provide a front line support (a help desk) a certain level of access to be able to look at things, a second level support a little more access, and then engineers can have full access. It is very useful to have a simple dashboard where you can login and look into what your traffic patterns are, then look and see what times of day you're experiencing the heaviest traffic. You can quickly identify if you are possibly having a security issue or security breach. It makes it very easy to use the box.

Troubleshooting traffic flows is fairly easy on the box, as you can do packet captures or tcpdumps directly on the A10 itself. So, you can do a trace and see what the A10 is doing with certain traffic. E.g., if I have a client somewhere out in the world who is coming into my A10 box and reporting some weird behavior, or saying, "Hey, I can't get to this application on your website," or "I'm getting blocked for this reason. I can't look at the A10 and figure it out." I could then go into the traffic flows, run a tcpdump, and do a traffic capture. At this point, I can immediately identify where the traffic is coming from and why it is not getting through the box.

I have a very technical background and was a network engineer for many years before I became a manager. For me, it is a very easy to use product. The web GUI makes it very easy to configure. The CLI is not very difficult to use, along with the syntax. The command line is very easy to learn.

They need to make the user interface (GUI) a bit more usable and intuitive. Some features can be a little difficult to find at times. Sometimes, the workflow in the GUI doesn't match the workflow of an actual workflow. E.g., if I want to create a load balancer application, sometimes you've got to do things a bit out of order in the GUI in order to make it work right.

It has helped us deliver five nines of uptime. It is a very reliable box. It has never failed on us.

For deployment and maintenance, we have a primary and backup who are network engineers.

I know that they are scalable, but we personally have never outgrown the boxes that we have. We've never really had to scale.

We definitely plan to increase usage. Today, A10 is used on a production website that gets hundreds of thousands of visits a week. I would expect an increase in the number of visits to the website, which is on the load balancing side. For the Carrier Grade Network, we are currently using it to net roughly 9500 users through the A10. So, we're doing CGN for 9500 people in all of our residences. That number is expected to double within the next five years.

We have about 20 to 25 people administrating or helping support it: network engineers, network architects, software engineers, security engineers, support staff, and web developers.

The technical support is really good. When it comes to support, there is always room for improvement. However, there has not been a time that I reached out to A10 support, including after hours, such as two o'clock in the morning during that DDoS attack, and I have not been able to get a hold of an engineer right away. I have had some situations where the person couldn't resolve my issue and they had to go do some research, then come back to me within a day or two with a solution. Overall, they have a good support model. They have a great response time. First call resolution is not always there for urgent issues. The first call resolution is something that could be improved upon.

The A10 support and training site has a significant wealth of information and documentation about how to configure the most common configurations requested. Therefore, it is very easy to use coming from a network engineer background.

We previously used a Cisco solution. One of the main reasons for switching away from Cisco was the licensing model. A10 gives you global server load balancing for free, while Cisco charged a significant licensing fee for that.

The initial setup was straightforward. The way the box is brought online, A10 has good documentation on how to set it up. The person that I had on my team in charge of bringing this box online had zero A10 experience. Within a week or so, they were able to get up to speed and bring the box online, get it licensed properly, get it updated to the latest code, and put a basic configuration on it.

You plug it up, then it is a next, next, finish type of thing to get it online and operational.

The initial deployment plan was to get the box online, then to load balance some basic traffic and see how it worked. After that, we created some health checks to see how they worked and tested those out. We then tried to create some flex codes to do some basic redirects. We tested them, and those worked. We followed that same pattern when it came to application balancing.

From the network side of things, once we knew that it worked, we then passed it over. We created partitions for each of our application groups and gave them access to the A10 box. They could then configure their own server or applications on the box.

You do need intermediate network skills in order to use the box effectively. It is an advanced technology that you are configuring. It is not like you're just setting up a basic network with a switch and a router. Load balancers can be used for many different purposes: Doing URL redirects, application load balancing, and web load balancing. It can be used a million different ways. It can also be used to do a lot of different security features, such as SSL offloading so you can inspect SSL traffic. Thus, you must have a good understanding of what the box is capable of to be able to configure it.

So far, the solution has supported all of our in-house applications, which are homegrown, as well as the applications that we have purchased from vendors. We haven't run into a situation where we have ever tried to configure our A10 to work with software that was either homegrown or purchased where we couldn't get it to work. The solution has been very successful.

We have seen ROI from a being able to delegate certain rights to certain other groups of people to administrate their own configurations on the A10. Also, from an operational overhead, as well as cost, there has definitely been a huge return on investment.

For the hardware and license, we paid $35,000 per box, which was a one-time cost. Then, for the Gold Support on the two boxes, we pay $9400 annually.

We also evaluated F5 and Citrix NetScaler.

The pros of A10 versus F5 are ease of use, as well as cost. F5 is much more difficult to configure. One of the pros of F5 is that it has more granular configuration, meaning you could do a lot more with F5 than you could do with an A10. However, A10 was a better fit for our needs. One of the cons of F5 is the cost.

With NetScaler, one of the cons is the cost. One of its pros is functionality-wise, the feature sets are very rich. 

The pros of Citrix and F5 are that they are more widely deployed than A10. If I was trying to find other people, such as my peers who have worked on A10s, there will be a lot more people out there that have worked on Citrix or F5 opposed to A10. This is a con for A10. 

It has been a good, reliable solution for us. If you want a reliable solution that is very easy to configure and administrate, the A10 is the right choice. It is a very cost-effective solution. I would always pick A10 unless there was a specific feature set that one of the other vendors offered and I absolutely needed.

We do not use the solution’s Secure Service Mesh to optimize traffic within Kubernetes and containers today, but that is something we would like to do in the future.