Hillstone Application

Delivery Controller (ADC)

1
Challenges in Application Delivery

Hillstone ADC Value Proposition

Hillstone ADC Product Portfolio

Deployment Scenarios & Winning Cases

© 2021 Hillstone Networks All Rights Reserved | 2

2
Challenges in Application
Delivery

3
The Challenges of Today’s Application Delivery

Poor User Access Experience

Slow Access Unstable Service

Slow page loading Often inaccessible

Slow business submission Sudden access interruption

Slow data query Accidental data loss

4
 The Causes of the Challenges

ISP1 ISP2

Internet
Server side issues External link issues

Insufficient server Slow cross-operator access

performance
Poor link stability and
Slow fault detection via server reliability

Bottleneck in database Uneven traffic on multiple

access performance links

5
 What’s the Solution?

Load Balancing Access Acceleration Business Transformation

Server Load Balancing Website Acceleration IPv6 Migration

Link Load Balancing Application Acceleration HTTPS Transformation

Global Server Load Balancing

6
Hillstone ADC Value Proposition

7
Hillstone Load
Balancing

Application Server Load Balancing

Delivery Link Load Balancing

Global Server Load Balancing

Controller
Access
Acceleration
Website Acceleration

Application Acceleration

Business
Hillstone ADC Transformation

the Advanced Application Delivery Service HTTPS Transformation

IPv6 Migration

8
Server Load Balancing (SLB)

Load Session Health

Balancing Persistence Checks

ADC • Layer-7 logging • Flexible session • Supports

persistence passive health
• Supports SMTP, POP3, method check
IMAP, ICMP, TCP, UDP,
HTTP, HTTPS, DNS,
FTP protocols and third-
party objects
• Supports Kubernetes

Server Cluster Scenario

9
 Link Load Balancing (LLB)

Link
Switching

Poor Link Quality

Dynamic
DynamicLink
LinkSwitching
Switching Bandwidth Filled

ADC ADC

Passive detection technology to monitor

link quality and adjust traffic
(patented technology)
• Supports configure minimum active links
• Supports link priority configuration

User 1 User 2 User 3

Video & gaming P2P downloading

10
 Link Load Balancing (LLB)
High Quality Link High Quality Link Low Quality Link

Application-based Routing
ADC ADC
Core Services

Specify different applications (such as

video streaming, P2P downloading) to
Server Zone
use different links

User 1 User 2 User 3

Video & gaming P2P downloading

11
 Global Server Load Balancing (GSLB)

Data Data
ADC ADC
Center A Center B
INTERNET

Comprehensive Smart DNS Delegated DNS Server Health Status

DNS Records Server Monitoring
Supports IP address
Supports A, AAAA, NS, library Works together with the
and ISP address library GSLB conducts health
CNAME, PTR, MX, original DNS server with
with automatic updates, monitoring via SLB
TXT, SRV delegated DNS zone to
and overloaded link ADC
detection

12
Website &
Application
Acceleration Web Cache
• Local cache of pictures/videos/files/scripts
• Improved response speed by reducing server
read and write

Large Memory

Website & App

Acceleration
Connection Page
Multiplexing Compression
Powerful CPU
• Support connection pool • 70% compression ratio
technology for HTML, XML, Java
Scripts, CSS, DOC, XLS,
PPT, PDF pages and
files
• Improved
Massive Concurrency transmission
efficiency

13
 HTTPS Transformation

ADC
INTERNET

HTTPS HTTP

SMTPS SMTP

FTPS FTP

… …

Hardware Encryption Performance Saving

• Dedicated hardware SSL offload • IPS/WAF is deployed behind ADC and only need to
• Industry-leading SSL processing performance process plain text traffic, no extra performance
consumption

14
 More Hillstone ADC
Feature Highlights
Full-featured IPv6
Support
• External link self-discovery
& rewriting technology
• IPv6 homepage notice
• IPv6 rewrite log
End-to-end Secure
SSL Inspection K8S Support
Application Delivery
• Works together with • ADC supports interactive
• Visualization of public
Hillstone Networks’ next- deployment with K8S,
network encrypted traffic
generation firewalls and provides proxy service for
• Analyze encrypted traffic other security products to
K8S to improve load
through linkage with sBDS, provide end-to-end security
protection capabilities from balancing capability
NIPS, DLP, IDS and WAF
network access to data
centers.
15
 Website IPv6 Migration
Intelligent rewriting at the application layer IPv6 homepage notice
Automatically replacing external links and the link images Perceived transformation effect

ADC

IPv6 log tracing

Easy auditing of IPv6 rewrite

16
 SSL Inspection

WAF

DLP
Decryption zone
DLP

Perspective mirror Proxy / Offload

SSL mirror plaintext traffic

ADC

Intranet Users / Servers Hillstone ADC Hillstone NGFW Internet

SSL Encryption / Decryption

Data leakage

Unknown threat

17
End-to-end Secure Application Delivery

WAF

ADC WAF
Internet

WAF

Perimeter Traffic Application VM Traffic

Protection Scheduling Protection Visibility & Protection
18
K8S Support
New!

Hillstone ADC (Hardware/virtual version) Push configuration to ADC

VS1 VS2 VS6 VS7

HS-ADC-Controller
• North-south traffic access
service1
IP1 IP1
can be achieved through:
Service + NodePort Ingress-controller Service + NodePort
pod1 Ø Service + NodePort
Service 2
mode
Service 1 Service 1 Service 6 Service 7
Create/update/delete
List & watch
Ø Ingress + Ingress-
Pod 1 Pod 2 Pod 3 nginx traefik Ingress-controller Pod &
Service
Service controller + NodePort
mode
Kubernetes Master (K8S)
API Server
Pod & Service

Service 3 Service 4 Service 5

Create/update/delete
Pod & Service
Pod 1 Pod 2 Pod 3

19
 Hillstone ADC Customer Value

Improved system availability through comprehensive load

balancing and health check

Best user access experience based on improved server /

bandwidth efficiency, and optimized application performance

Effortless IPv6 migration and SSL offloading performance

guaranteed HTTPS upgrading

End-to-end secure application delivery

20
Hillstone ADC Product Portfolio

21
 Hillstone AX-Series ADC Portfolio
L4 Throughput
AX6060/AX6060S

120G

Concurrent Connections: 60 Million

AX4060/AX4060S

80G
Concurrent Connections: 40 Million
AX2000/AX2000S

40G AX12 AX1000/AX1000S

Concurrent Connections: 40 Million

AX08
Concurrent Connections: 20 Million
20G Concurrent Connections: 9 Million

Concurrent Connections: 6 Million

AX04

10G

AX02 Concurrent Connections: 3 Million

5G
Concurrent Connections: 1 Million

L7 RPS
22
Hillstone AX-Series ADC Specifications 1.
2.
2048 bits RSA key
Maximum possible test method for the test of transactions per second (TPS)

SG-6000-AX1000 SG-6000-AX1000S SG-6000-AX2000 SG-6000-AX2000S SG-6000-AX4060 SG-6000-AX4060S SG-6000-AX6060 SG-6000-AX6060S

L4 Throughput 30 Gbps 30 Gbps 50 Gbps 50 Gbps 80 Gbps 80 Gbps 120 Gbps 120 Gbps

L4 Connections/s (CPS) 750,000 750,000 950,000 950,000 1.4 Million 1.4 Million 1.9 Million 1.9 Million

L7 HTTP Throughput 20 Gbps 20 Gbps 40 Gbps 40 Gbps 60 Gbps 60 Gbps 90 Gbps 90 Gbps

L7 HTTP
1.5Million 1.5 Million 1.9 Million 1.9 Million 2.95 Million 2.95 Million 4 Million 4 Million
Requests/s (RPS)
Concurrent Connections 20 Million 20 Million 40 Million 40 Million 40 Million 40 Million 60 Million 60 Million

RSA 2K SSL (TPS)1 70,000 75,000 120,000 140,000 170,000 190,000 260,000 260,000

RSA 2K SSL Throughput2 4.5 Gbps 4.5 Gbps 5.5 Gbps 6 Gbps 9.5 Gbps 12 Gbps 13 Gbps 15 Gbps

SSL Acceleration
Software ASIC Software ASIC Software ASIC Software ASIC
Technology
DNS (QPS) 230,000 230,000 350,000 350,000 400,000 400,000 450,000 450,000

HDD 1 TB 1 TB 1 TB 1 TB 1 TB 1 TB 1 TB 1 TB

Memory 32 GB 32 GB 64 GB 64 GB 64 GB 64 GB 64 GB 64 GB
2 × USB Port, 1 × 2 × USB Port, 1 × 2 × USB Port, 1 × 2 × USB Port, 1 × 2 × USB Port, 1 × 2 × USB Port, 1 × 2 × USB Port, 1 × 2 × USB Port, 1 ×
Management Ports MGT, 1 × HA, 1 × MGT, 1 × HA, 1 × MGT, 1 × HA, 1 × MGT, 1 × HA, 1 × MGT, 1 × HA, 1 × MGT, 1 × HA, 1 × MGT, 1 × HA, 1 × MGT, 1 × HA, 1 ×
RJ45 Port RJ45 Port RJ45 Port RJ45 Port RJ45 Port RJ45 Port RJ45 Port RJ45 Port
Available Slots for
2 2 4 4 4 4 4 4
Expansion Modules
IOC-AX-4GE-B-H, IOC-AX-4GE-B-H, IOC-AX-4GE-B-H, IOC-AX-4GE-B-H, IOC-AX-4GE-B-H, IOC-AX-4GE-B-H,
IOC-AX-4GE-B, IOC- IOC-AX-4GE-B, IOC-
IOC-AX-4SFP-H, IOC-AX-4SFP-H, IOC-AX-4SFP-H, IOC-AX-4SFP-H, IOC-AX-4SFP-H, IOC-AX-4SFP-H,
AX-4SFP, IOC-AX- AX-4SFP, IOC-AX-
IOC-AX-8GE-B-H, IOC-AX-8GE-B-H, IOC-AX-8GE-B-H, IOC-AX-8GE-B-H, IOC-AX-8GE-B-H, IOC-AX-8GE-B-H,
8GE-B, IOC-AX- 8GE-B, IOC-AX-
Expansion Module IOC-AX-8SFP-H, IOC-AX-8SFP-H, IOC-AX-8SFP-H, IOC-AX-8SFP-H, IOC-AX-8SFP-H, IOC-AX-8SFP-H,
8SFP, IOC-AX- 8SFP, IOC-AX-
Option IOC-AX-4GE4SFP-H, IOC-AX-4GE4SFP-H, IOC-AX-4GE4SFP-H, IOC-AX-4GE4SFP-H, IOC-AX-4GE4SFP-H, IOC-AX-4GE4SFP-H,
4GE4SFP, IOC-AX- 4GE4SFP, IOC-AX-
IOC-AX-2SFP+-H, IOC-AX-2SFP+-H, IOC-AX-2SFP+-H, IOC-AX-2SFP+-H, IOC-AX-2SFP+-H, IOC-AX-2SFP+-H,
2SFP+, IOC-AX- 2SFP+, IOC-AX-
IOC-AX-4SFP+-H IOC-AX-4SFP+-H IOC-AX-4SFP+-H IOC-AX-4SFP+-H IOC-AX-4SFP+-H IOC-AX-4SFP+-H
4SFP+ 4SFP+
IOC-AX-2QSFP+-H IOC-AX-2QSFP+-H IOC-AX-2QSFP+-H IOC-AX-2QSFP+-H IOC-AX-2QSFP+-H IOC-AX-2QSFP+-H
23
Hillstone Virtual ADC (vADC)
Product Models SG-6000-AX02 SG-6000-AX04 SG-6000-AX08 SG-6000-AX12

Core (Min.) 2 4 8 12

Memory (Min.) 4G 8G 16G 24G

Disk（Min.) 20GB 20GB 20GB 20GB

Total No. of
10 10 10 10
Interfaces

Public Cloud Hypervisor

Note: The Hillstone vADC is not listed on the public cloud markets yet; manual configuration is required.
24
 Hillstone AX-Series vADC Specifications
SG-6000-AX02 SG-6000-AX04 SG-6000-AX08 SG-6000-AX12

L4 Throughput (SRIOV) 5 Gbps 10 Gbps 20 Gbps 30 Gbps

L4 Throughput (VMXNet3) 2 Gbps 2 Gbps 2 Gbps 2 Gbps

L7 HTTP Throughput (SRIOV) 4 Gbps 7.5 Gbps 15 Gbps 22 Gbps

L7 HTTP Throughput (VMXNet3) 2 Gbps 2 Gbps 2 Gbps 2 Gbps

L4 Connections/s 120,000 160,000 400,000 550,000

L7 HTTP Requests/s 60,000 150,000 300,000 450,000

Concurrent Connections 1 Million 3 Million 6 Million 9 Million

ECDHE RSA 2K SSL (TPS) 3,000 4,000 5,000 14,000

ECDHE RSA 2K SSL Throughput 300 Mbps 800 Mbps 1.5 Gbps 3 Gbps

25
Deployment Scenarios &
Winning Cases

26
Hillstone ADC Deployment Scenario 1
– Intranet Service Area
Intranet User

ADC
Server 1

ISP 1 Server 2
Internet
ISP 2 Hillstone NGFW
(inline)
Server 3

From Internet to Intranet: Domain-based server load balancing + HTTPS transformation + IPv6 transformation

Value of Hillstone Deployed next to the switch in front of the servers, the ADC solution will neither change the original
ADC Solution network structure, nor cause network interruption, nor affect existing services.

27
Hillstone ADC Deployment Scenario 2
– Network Perimeter
From Intranet to Internet: link load balancing + NAT + routing + policy control

Intranet User Server 1

ISP1
Server 2
Internet ADC
ISP2
Hillstone NGFW
(transparent) Server 3

From Internet to Intranet: Smart DNS + domain-based server load balancing + HTTPS transformation + IPv6 transformation

Value of Hillstone Deployed at the network perimeter, only one ADC device is needed, which simultaneously performs
ADC Solution link load balancing and intranet server load balancing, NAT and other functions.

28
Hillstone ADC Winning Cases

29
 +1 408 508 6750
inquiry@hillstonenet.com
5201 Great America Pkwy, #420
Santa Clara, CA 95054
www.hillstonenet.com
30