Datasheet
Data Sheet
© 2009 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 10
Feature Benefit
Virtualized Services
Virtual devices Virtual devices provide a means for creating resource segmentation and isolation, allowing the Cisco ACE appliance to
act as if were several individual virtual appliances within a single physical appliance. Virtual devices enable organizations
to provide defined levels of service to up to 20 business organizations, applications, or customers and partners from a
single Cisco ACE appliance.
Complete separation of the following:
●
Configuration files
●
Management interfaces
●
Application rule sets
Customized, guaranteed resources per application for the following:
●
Throughput
●
Connections per second
Capability to limit and manage the allocation of the following Cisco ACE resources:
●
ACL memory
●
Buffers for syslog messages and TCP out-of-order (OOO) segments
●
Concurrent connections (traffic through the Cisco ACE)
●
Management connections (traffic to the Cisco ACE)
●
Proxy connections
●
Setting of resource limit as a rate (number per second)
●
Regexp memory
●
SSL connections
●
Sticky entries
●
Static or dynamic network address translations (xlates)
Role-based
administration (RBA)
RBA (Figure 3) allows organizations to specify administrative roles and restrict administrators to specific functions within
the appliance or virtual devices. Because multiple administrators within an organization may want to interact with the
Cisco ACE appliance at different levels (application administration, server administration, network administration, security
administration, etc.), it is important to be able to define these administrator roles, allowing each administrator group to
freely perform its tasks while not affecting the other groups. Cisco ACE provides the following predefined roles that
cannot be deleted or modified:
●
Admin: This role gives a user complete access to and control over all the objects in virtual devices. A context
administrator can create, configure, and modify any object in that context, including policies, roles, domains, server
farms, and real servers.
●
Network Admin: This role provides complete access to and control over the following features: interfaces, routing,
connection parameters, NAT, virtual IP copy configurations, and the change to command.
●
Network-Monitor: This role provides access only to all show commands and the change to command. If you do not
explicitly assign a role to a user with the username command, this is the default role.
●
Security-Admin: This role has complete access to and control over the following security-related features within a
context: ACLs; application inspection; connection parameters; interfaces; authentication, authorization, and
accounting (AAA); NAT; copy configurations; and the change to command.
●
Server-Appln-Maintenance: This role has complete access to and control over the following features: real servers,
server farms, load balancing, copy configurations, and the change to command.
●
Server-Maintenance: This role has access to real-server maintenance, monitoring, and debugging:
Real servers: Modify permission
Server farms: Debug permission
Virtual IPs: Debug permission
Probes: Debug permission
Load balancing: Debug permission
Change to command: Create permission
●
SLB-Admin: This role has complete access to and control over the following Cisco ACE features within a context:
real servers, server farms, virtual IPs, probes, load balancing (Layers 3, 4, and 7), NAT, interfaces, copy
configurations, and the change to command.
●
SSL-Admin: This role is the administrator for all SSL features:
●
SSL: Create permission
●
Public key infrastructure (PKI): Create permission
●
Interfaces: Modify permission
●
Copy configurations: Create permission
●
Change to command: Create permission
In addition to the preceding default roles, new roles can be created to adapt to different organization structures.