A10 Thunder TPS Reviews

As a cloud infrastructure and hosting company, we provide public and private cloud services. We use the A10 technology to protect our customers against DDoS attacks against their hosting instances. The latter could be dedicated servers or virtual servers or data storage platforms.

We have technology in place to detect attacks at the border routers of our networks in all 20 data centers worldwide where we operate. If we detect an attack, we reroute the traffic of the IP addresses that are being attacked to the A10 Thunder systems. They drop the malicious attack traffic and they pass through the legitimate traffic to the servers or the virtual servers that our customers use.

We deploy different types, different sizes of equipment. We use these solutions on-premises.

When we started deploying this and we measured the impact on the number of customer complaints, we saw a significant reduction in the overall number of customer tickets. If customers have an issue with one of our servers, they open a ticket; that could be any outage or a DDoS attack. We saw an overall reduction of 11 percent in support tickets.

But we also saw that we were typically able to mitigate over 98 percent of all the attacks that we detect. That has a two-fold benefit. First of all, customers are happier because their service stays alive even in a situation where they are being attacked. And for us, it has a positive impact on our support team because it has 11 percent fewer tickets it needs to handle. That's especially true since "attack tickets" are not nice tickets to have to handle. It also helped us a little bit in the engagement and the motivation of our support team.

A10 has also definitely reduced the amount of manual intervention required during an attack. Before we had these systems in place, if an IP address or server was attacked above a certain level, we would manually no-route or "black-hole" the traffic, and basically remove that IP address from the internet. That was all manual work, while customers were complaining, and their customers were complaining. People were opening tickets. With this solution in place, all that manual work no longer has to happen. After detection of an attack, the scrubbing is initiated automatically. In the case of a huge attack, we will still null-route the traffic which is going to the IP address under attack, but that process is fully automated. So deploying these systems has reduced a lot of the manual work.

Using this solution we have also, to some extent, detected more small attacks, attacks that we had been missing previously. Before we deployed A10, we did not have any technology in place to detect an attack. Only if a customer opened a ticket did we know there was an attack. But when we started deploying the detection technology and the A10 scrubbing technology, we suddenly saw that we actually have a lot of smaller attacks as well, which were invisible to us previously. That means, most likely, that there were a lot of unhappy customers - or unhappy end-users of our customers' systems - that we were never aware of. That was suddenly fixed by deploying these systems. In all of 2018, we identified about 400 attacks each day, anywhere in our 20 data centers around the world. Many of these attacks were invisible to us before 2016 when we did not have this solution in place.

When it comes to the solution's performance given its form factors, for us, any equipment that takes up space and power is using scarce resources in a data center. The fact that these boxes do have a small form-factor, as only 1RU or 2RU devices, and that the power consumption is relatively low, is very beneficial for us.

We don't deliberately use the solution's machine-learning powered Zero-day Automated Protection (ZAP) but the systems require very little effort to keep them alive and manage them. The automation and the updates that A10 built in result in there being very little work for us to do to keep these systems up to date and efficient in the way they scrub attack traffic. So it's not functionality that we deliberately use, but it's a benefit of these systems, which helps us maintain a low cost of operations and an effective system.

The solution's automation also has the effect that the systems are very low-maintenance. That means that we can free up our people to do other work.

The primary benefit that we see from their systems is that their filtering technology has the ability to detect and drop the malicious traffic from the legitimate traffic with a high success rate. That, in combination with the very small effort needed to manage their systems, are the two most important benefits to us. On the one hand, it's the quality of scrubbing, and on the other hand, it's the low total cost of operations for us to keep these systems alive and working efficiently.

The quality of the scrubbing is, of course, what the system is supposed to do. It's the key functionality of the system. That's what we bought the equipment for. And the small effort to manage the systems and keep them alive, of course, immediately translates into a benefit that we have a low cost of managing those systems. That means we can allocate the time of our network engineers to other activities.

If you look at the total response time that we see in our solution, which means the time between the start of an attack and the time that the scrubbing really starts, we typically see two to three minutes. But the majority of that time is actually used by our detection technology, not so much the A10 network scrubbing technology. And then it takes a bit of time to reroute the traffic to the A10 equipment. Once it has been rerouted, the scrubbing starts very fast, so the start of the scrubbing is only a small part of the two to three minutes. In general, we're very happy with the response times and the scrubbing quality of the A10 equipment.

I've heard no complaints, so my perception is that the systems run very stable.

The solution enables us to scale defenses. We use different types or sizes of equipment. Typically, we start in some smaller locations with the smaller equipment type. When we see that location growing, we typically replace that device with a larger one and we move the smaller device to a new location where it's needed. We move the technology around quite a bit, which is our way of scaling up. The fact that there are different sizes of equipment, all with the same technology and the same processes for managing them, is very helpful for us. If you look at our smallest data center worldwide, it's a location which generates around ten gigabits per second of outbound traffic. That typically means about one or two gigabits of inbound traffic. Our larger data centers generate around 1.7 terabits per second of traffic. That's a lot more. And with one family of products, we can still protect both the smaller data centers as well as our larger locations.

So far, the systems do what we expect them to do and they scale as we expect them to scale.

Overall, our experience with technical support has been positive. We've had very few requirements for technical support. I know there's a 24/7 SOC team available to help us with large incidents or attacks which we can't resolve ourselves. But so far, we've never had a need to use that team. It's easy for us because the A10 team lives just a couple of blocks away from us. That makes it a bit easier to communicate.

The initial setup was pretty straightforward but we also had very good support from the local A10 team here in the Netherlands. Our headquarters are based in Amsterdam. The A10 Dutch office is just a couple of streets away from us, which also made it easier to work on this together. But having said that, the systems themselves are pretty easy to deploy.

Our initial deployment, back in 2016, happened in what were our six main data centers at the time. The easiest one for us was here in Amsterdam because it's almost next door to our office. The deployment itself, the physical installation and activation of the system, is not really the critical activity. Most of our time was spent integrating the systems with our own administration systems, so that we could deploy automatically. And there was the whole setting of profiles for IP addresses to understand how the detection should work and how the scrubbing should work. That was a bit of a software development effort which took about three months in total. But once that was done and we had all the integration tested, the actual deployment was basically determined by delivery time of the boxes, and that is true now for the deployment to new sites. Once a box is delivered, it's typically up and running in a couple of days.

Our implementation strategy was to make the solution part of our standard architecture for all data center networks. As of now, we have deployed the technology in 20 data centers around the world. Whenever we start a new site, we immediately put in this technology as well to make sure that we protect our customers on that site. And we try to automate the installation as much as possible so that deployment can be done remotely, from the configuration perspective. That way we don't need to send specialists onsite to a remote data center to get it up and running.

We did the first installation together with the A10 team here in Amsterdam. But all other installations, we've done ourselves, typically with remote hands that have very little knowledge about the specific systems in the data center itself.

The solution is then managed by our team of specialists in our NOC here in Amsterdam. The team that manages it consists of three network engineers who also do other things, of course. They are a part of our network operations team. These three people have developed into specialists for these systems and are, on the one hand, responsible for maintaining them and managing them. But on the other hand, they sometimes get involved when there are specific, large attacks where manual intervention is required to mitigate the attack.

Our experience with the A10 team was very positive, both during the evaluation of the various vendors back in 2015 - A10 was very supportive - as well as during the initial deployments here in Amsterdam where we worked together. They were knowledgeable, responsive, enthusiastic.

We have definitely seen return on our investment. If you look at some of the things we can measure, like an 11 percent reduction in support tickets, that can easily be turned into cost savings. Other things, like improved customer satisfaction, are a bit harder to monetize. But for us, we were convinced that within a year, we'd definitely earn back the investment, both in the A10 equipment, as well as developing the end-to-end solution, including the integration with our administration systems.

The financials are always a challenge with this type of technology. That's not really a product-functionality thing but it's the area where we were pushing A10 the most. But compared to the alternatives that we evaluated in 2015, the price-performance of the A10 solution was definitely superior to the other solutions which we evaluated at the time.

The way we did the deal was a combination of the equipment, the license, and a five-year support contract, for all sites. At the time it was a pretty good deal. 

We did a lot of analysis in the second half of 2015. We evaluated different technologies and we ended up using A10. We went with it based on the price-performance. We had four systems on the shortlist. We physically tested two of those providers and, at the end of the day, the two came out pretty even from a functionality and performance perspective. But the total cost of ownership of the A10 solution was superior to the other vendor, so we decided to go with A10.

One of the four providers did not want to support a proof of concept test, so we dropped that one right away. We dropped another one after looking at functional specifications which, at the time, were not as good as A10 and the other vendor. We were left with the two that we tested. At the end of the day, the total cost of ownership made the difference.

From our perspective, the technology works well, and it has a low cost to maintain and manage.

One of the biggest lessons for me, in using this solution, was that there are so many smaller attacks going on that we were not aware of and which must have had an impact on the satisfaction of our customers, as well as the satisfaction of their customers. Everybody always talks about the huge attacks, the one- or two-terabit attacks that get into the news. But the fact there is such a huge volume of smaller attacks going, script kiddies, etc., to make other people's lives miserable was, to me, a bit of an eye-opener. That was resolved by deploying the A10 solution.

Availability is very critical to the success of our business. If you look at the customers that we primarily and proactively target, they are customers in the online gaming market, in the advertising-technology/marketing-technology markets, in the Software-as-a-Service and in the managed service providers market. All these companies are borne on the internet and their internet presence is critical to their success, to their existence. So for us, it's of primary importance that we keep their services up and running at all times, even when they are being attacked by cyber-criminals.

As Leaseweb, we have around 18,000 customers using our hosting services. All these customers' services with us are protected by the A10 technology.

In terms of increasing our usage of the solution, whenever we deploy new data center locations, we put A10 in right away. We do have some new locations that will be opening up in the next six months, so we will definitely be using more of these systems and protecting more customers.

I would rate A10 at eight out of ten. What would take it to a ten is the scalability, the ease of scaling up without replacing a box.

We use A10 Thunder TPS as an anti-DDoS tool.

The solution is easy to use and implement in terms of operations.

The solution needs improvement in terms of fail-open. We need separate fail-open kits connected to A10 Thunder TPS and the network so that network traffic will pass through normally when the tool goes down.

I have been using A10 Thunder TPS for more than two years.

A10 Thunder TPS is a very stable solution.

The solution is more suitable for medium-sized companies.

The solution provides good technical support.

The initial setup of the solution is moderate, and it is neither easy nor very hard.

Arbor is more famous than A10 Thunder TPS, and more people use it.

It was easy to integrate the solution with our current IT workflow. I would recommend the solution to other users.

Overall, I rate the solution a seven out of ten.

We are the main distributor for A10 Networks. It is used as an appliance. It is mainly used to identify problems in the network. It helps us to stop any type of DDoS attack.

We are using its latest version.

They give us the ability to configure many features for DDoS. There are many items that we can use.

It is very difficult to implement. It should be made a bit easier to implement. There is also a lack of resources on the internet. They need to develop more resources.

We have been a distributor for more than five years.

It is mostly stable.

Their support is good, but it is not excellent.

It is very difficult to do the setup. It needs to be a little bit easier. There are not many resources on the internet for help, and there are also not many people who have knowledge of this product.

Its implementation takes two to three weeks. Two engineers are usually enough.

Before implementing this solution, you should know and get complete information about the features that are possible and that are not possible.

I would rate it a six out of 10. It should be easier to set up. Currently, it is very difficult.

One of the largest persistent threats to service uptime is Distributed Denial of Service Attacks (DDoS). The networking industry and business analysts are seeing a trend in increasing DDoS attacks. These attacks are occurring more frequently and with greater intensity and increased sophistication. Legacy DDoS protection solutions suffer from the following fatal limitations that have made them ineffective at protecting against these attacks:

• Lack of flexibility

• Inability to scale

MULTI-VECTOR ATTACK PROTECTION

Detect and mitigate DDoS attacks of many types, including volumetric, protocol, or resource attacks; application-level attacks; or IoT-based attacks. Hardware acceleration offloads the CPUs and makes Thunder TPS particularly adept to deal with simultaneous multi-vector attacks

The A10 aGalaxy management system provides centralized management of Thunder TPS systems and policies, orchestrates detection and mitigation of DDoS attacks, and delivers a single-pane-of-glass view of the generated reports across all managed Thunder TPS appliances.

No need to license each feature to activate it, it got a perpetual licensing and everything is there, you just have to configure and enable the feature when you need it.

Select Thunder TPS hardware models to benefit from our Security and Policy Engine (SPE) hardware acceleration, leveraging FPGA-based FTA technology and other hardware-optimized packet-processing for highly scalable flow distribution and hardware DDoS protection capabilities.

Availability is very critical for us. We use it to mitigate DDoS attacks for rural North Dakota. We really don't use it to identify attacks, we use third-party software, a Kentik solution, to identify anomalies within the IP stack. Then, we turn around and send mitigation profiles to the A10 based on an API call, and the A10 initializes a BGP session to our core routers to offload that traffic and mitigate it.

We provide hosted solutions so our deployment of A10 is private cloud.

Our setup is something of a hybrid solution. We're using the third-party software, the Kentik solution, but we also have some clients that are directly connected to TPS. There is a 30-second delay in time to mitigation for clients that are not direct. By the time that third-party solution identifies something and sends it, via API, to the TPS, there's about a 30-second delay. When we have customers that are directly connected, they have just about instantaneous mitigations with TPS.

We use that inline setup as a premium service. If customers can tolerate a small spike in traffic flow until the mitigation happens then we'll just leave them on the Kentik solution. If they want it instantaneously then we'll put them inline and connect them directly to the TPS for that. Customers who opt for the premium service include financials, utilities - anything which needs that instant mitigation and understands the threat of DDoS. Some entities can tolerate it if they're down for a minute or two minutes and it's not crucial that they pay the extra dollars.

Overall, DDoS attacks affect small-town North Dakota in a fairly large fashion, meaning that they could affect infrastructure from schools to county courthouses to libraries, etc. Those places aren't directly associated with the target of the attack but the appliance itself and the solution in general allow for the protection of those services in those communities. It has been very successful.

The solution has reduced the amount of manual intervention required during an attack. We have the inline solution and when it comes to the customers that we have on it, it has saved us some troubleshooting time. If we can see that there is an active zone, we know that their traffic is being mitigated. If a customer calls and says, "Hey, I have internet problems", one of the first things we check is if there's a DDoS attack happening.

Anytime you filter, you set up thresholds, you can identify your traffic patterns a lot better.
It has helped in that aspect as well. We did miss attacks previously.

We're just using a portion of it, the mitigation aspect.

If there's one aspect of A10 that needs improvement it would be the training. All of their training is done online, at least in what we've been exposed to. I would like to have a classroom environment for training. I would like to say, "Okay, if we have three or four people who need to get trained up, we want to send them to a classroom." That way they're detached from their home office and have the lab facilities. They can have a classroom environment or experience instead of a virtual classroom. It would give them a chance to provision it. There's a better experience in a classroom than in a virtual classroom.

It's not a terrible issue, but the training was the biggest thing that we faced. We're two years into this and we haven't done all the training probably needed to fully support it, because our deployment is very limited. But when we did want to pursue training, I believe that the training was all virtual.

It's been rock solid. We haven't had any issues with power supplies or software anomalies. It's been a pretty good platform.

For our deployment, we're probably not even using ten percent of its capacity as far as throughput port space. For us, the scalability is very high. For us, it's like investing future-forward.

The usage potential increases daily, exponentially, based on the internet curve. But we're just using a small percentage of the features and a small percentage of its capacity.

We have about 200 customers that have access to the solution with 100,000 users on their side. We carry something like 80 Gig of internet traffic into the state. Because we're using that third-party for the majority, TPS doesn't see all that 80 Gig of traffic. It only sees the traffic that has been identified by the third-party software. The TPS isn't necessarily handling packet, packet, packet, packet; it's handling only packets that are being sent to it by the third-party. In that scope of scalability, it's almost exponential because we're only identifying the traffic flows and patterns that need to be mitigated.

We have opened a few tickets with TAC and they've been good, along with their sales engineering team. We may have a customer that will have an atypical type of deployment. In that case, we'll bring in the sales engineering team or TAC and they'll get us in contact with an expert in that field. Their tech support has been very good.

We did not have a previous solution.

The initial setup was pretty straightforward. You set up your routing tables, your interfaces. There was no magic there.

We have two and we had them both up and running within three or four days, meshed with our network. The process was to get it connected to our core internet routers and have it start talking to a third-party software and, after that, start the mitigation processes.

We mostly did it ourselves. From the A10 side, we had our sales engineer and we had a few calls with their support staff. Based on that, we developed a roadmap and then we self-installed and deployed it.

Our situation is unique because we're owned by the 14 independent broadband providers in North Dakota. So we may not directly see an ROI because the bandwidth of the DDoS traffic basically gets to us. However, we save that extra bandwidth to our owner companies from downstream services. We're saving our members money with the solution.

We did a proof of concept and had a bake-off between Arbor and A10 and Kentik. Because of the reports that we wanted and how we wanted to handle things, the third-party and the A10 solution were technically the best, and scalable.

The flexibility of solutions was important to us. We have the ability to either go inline, to connect directly to the TPS, or to bring it through the third-party. That in itself was a major selling point because we're not stuck with one solution. If we decide that we want to change third-party vendors, we're not married to it. We can shop around and if there's something better that comes out, we can still interface the TPS system with that new software. It meant we weren't just saddled to one vendor for a DDoS solution.

Do your research to understand your solution options. Then, have a PoC bake-off and task the system. Identify ad-hoc anomalies in your test-bed and look at the time to mitigation. Look at different types of situations to see, if an anomaly comes along, how long it would take you to deploy an ad-hoc solution or redirect the traffic. Research and proof of concept is our biggest thing. We never do anything without doing them thoroughly.

The biggest thing I have learned is how many attacks there are and how many different ways the attacks happen, throughout an attack. You can have a DNS attack, you can have an ICMP attack. You can have all these different flavors of attacks. That was probably the biggest eye-opener for me. When you hear the word "DDoS," everything gets put into a container. It's not until you look into the container that you see all the different types of attacks that are summed up by that word.

The solution has been rock solid for us. We haven't had any issues. We've had numerous attacks and it's worked perfectly.

I don't know that it has an increased network availability notably but it has added to it. Instead of having four-nines of availability, we've got five-nines. It's a solution and a package, so it's not our only tool in our toolbox.

We only use the TPS side of it and we're not 100 percent trained up on it, even though we've had two years of deployment on it. We don't know the whole, full-meal deal on what it can do. There's a possibility we'll go to the load balancing and some of those features. Even though we have hosted solutions, we don't have enough because we're a small company. There are other features but we'll explore those as we need.

We have just two people who have access for configuration of the solution and its operations, in our engineering operations.

I would have to rate A10 TPs as a nine out of ten. We've been very happy with the product. Of course, we don't want to give tens because then get people get cocky about it. 

Our primary use case is for our support ticketing and invoice generation. We're resellers and we provide it to our customers. 

Our other use cases are for keeping a record of all the invoices and we use it for our sales to track the accrued sales. 

We can keep track of all the customer's requirements. We can forecast our trails and we can forecast our overall financial things.

We are really trying to improve our sales module. When we need to see our exact payments and invoices we can track which payments and invoices are due so that we can make sure that all the invoices are done on time.

I would like for them to develop an advanced reporting feature. 

It is very stable. We're using a very basic model and it's the basic version. There are very few features so for those features, it is very stable. If we decide that we're going to implement more features into it, then there could be some concern about the stability of the product.

Scalability is fine. 

We have sixteen users. On the support side when we generate tickets, we are quoted fifty plus customers that are on this solution.

The initial setup was straightforward. Deployment only took a few hours. The  user training takes at least a day and then the whole site will go up in around a weeks time. It's all web-based so the back ends sometime require us to make changes but overall it's pretty simple and straightforward.

We only require one staff member for maintenance. 

I would rate it a seven out of ten. 

We use A10 Thunder TPS for load balancing, especially server load balancing.

The solution's firewall features are the most valuable feature of the solution. I think we can use all the features or capabilities that come with the product's license. Maybe today, we are just implementing an SOP or LOB.

We have had some issues with implementation. So, it is the only area that needs improvement. However, I have no issues with the product, so it is probably fine.

I have experience with A10 Thunder TPS.

The solution's support is one of the coolest things about the product. I rate the solution's technical support an eight and a half out of ten.

Positive

We are currently having some issues with the implementation. I think it is because the partner is not ready for implementation, and it's not that they don't have the experience. So, even though we have some issues right now with implementation, the product is very good.

The solution's price is one of the coolest things about the product. We may need to pay fifty percent more if we purchase other solutions. For the payments made to A10 Thunder TPS, we have received three-year support.

I rate the overall product a nine out of ten.