A10 Thunder ADC

Thunder ADC is a traditional ADC product from A10 Networks. It is available as a hardware appliance as well as virtual appliance. This is built to support all types of applications deployed in data centres. However, it works well in various cloud environments.

Like all traditional ADCs, Thunder ADC has the management function within the box and can be accessed through web User interface and CLI. While it is great for ADC functionality, it typically lacks in providing visibility and analytics of traffic flowing through it.

Thunder ADC can be connected to A10 HarmonyTM Controller for strengthening the utility. Connecting to A10 HarmonyTM Controller adds capabilities like rich analytics, central management, self-service through Provider-Tenant model, and so on.

Thunder Devices Cluster and Device

_images/cluster.png

The Thunder device connecting to the A10 HarmonyTM Controller may be Single, part of a HA pair or part of a VCS cluster. On connecting, a Device Cluster is created within the Provider account in the HarmonyTM Controller. When the next device of the cluster joins, it automatically joins the device cluster.

Partitions and Logical Clusters

Thunder devices typically have multiple partitions. The first one is management partition and is used for device administration. Other partitions can only be used for running application services. When Thunder devices are in HA or VCS, the partition structure of the devices is exactly same. Group of same partitions from all the devices make a logical cluster that hosts application services for the servers. When Thunder devices connects to the HarmonyTM Controller for the first time, a tenant account is created under the provider for each logical cluster and the logical cluster is placed under this tenant. However, there is provision to add more than one logical cluster or Lightning ADC cluster in a tenant account.

_images/logical-cluster.png

Users

Users from the devices are synchronized from devices to the A10 HarmonyTM Controller. Users on shared partition are provider administrator and continue to have access to device management. Users on the individual partition are tenant administrator for the tenant created for that partition. Any user created on the device after the first connection of device to A10 HarmonyTM Controller are also synchronized with A10 HarmonyTM Controller.

Connecting Thunder Device to A10 HarmonyTM Controller

First step in connecting Thunder device to A10 HarmonyTM Controller is to register Thunder with A10 HarmonyTM Controller. On registration, configuration of the Thunder Device is synchronized with A10 HarmonyTM Controller. This includes all partition information, and VIPs Configured for ADC service.

Thunder registration can be done in one of the following ways:

  1. Using Thunder CLI
  2. Using Thunder UI
  3. Using Thunder Device Manager

Registration occurs in the following sequence of steps:

Register using A10 HarmonyTM Controller information

  1. Authenticate the device using the provider’s credentials so that the device is registered for the provider.
  2. Configure the A10 HarmonyTM Controller profile in the Thunder device with the host and provider details.

A registration message contains a list of partitions, users, roles, privileges and the encrypted passwords. A10 HarmonyTM Controller creates the partitions and its associated users or roles and privileges in the database. As a part of registration, Thunder ADC configures the account ID map for each partition. A10 HarmonyTM Controller creates a different tenant for each partition that is registered. This helps in mapping the telemetry information to the correct partition and the applications.

API call to A10 HarmonyTM Controller

The Thunder device sends API calls to A10 HarmonyTM Controller for registering each object. After the object is registered, A10 HarmonyTM Controller creates a object tree for each partition.

Registration using Thunder CLI

Pre-requisites:

You need to have Thunder device upgraded to firmware 4.1.1-P7 version.

  1. Login to the Thunder device using the following credentials:

    username: admin
    password: *****
    
  2. Enter the config prompt

  3. Configure the A10 HarmonyTM Controller profile as shown in the video.

    A sample is shown below is only applicable for 4.1.1-P8 and 4.1.4-P1 Thunder versions:

    harmony-controller profile
    host controller.example.com use-mgmt-port
    thunder-mgmt-ip 13.78.173.250
    provider root
    user-name user@a10networks.com
    password *****
    region India
    availability-zone Bangalore
    metrics-export-interval 60
    !
    harmony-controller telemetry
    log-rate 5
    !
    
    • host
      Host name or IP address of HarmonyTM Controller.
    • thunder-mgmt-ip
      IP address of management port of the Thunder device as accessible from HarmonyTM Controller.
    • provider
      Name of the provider account in HarmonyTM Controller.
    • user-name
      User name of root provider admin of HarmonyTM Controller.
    • password
      Password for the user name provided of HarmonyTM Controller.
    • region/availability-zone
      Geographical location or data center where the Thunder device is deployed.
    • metrics-export-interval
      Interval at which Thunder device sends aggregated metrics data to HarmonyTM Controller.
    • log-rate
      Maximum rate at which traffic logs are sent by the partition per second to the HarmonyTM Controller.

A sample is shown below is only applicable for 4.1.1-P7 Thunder version:

     harmony-controller profile
     host controller.example.com use-mgmt-port
     thunder-mgmt-ip 13.78.173.250
     provider root
     user-name user@a10networks.com
     password *****
     region India
     availability-zone Bangalore
     log-rate 10

* host
       Host name or IP address of |Harmony Controller|.
* thunder-mgmt-ip
                  IP address of management port of the Thunder device as accessible from |Harmony Controller|.
* provider
           Name of the provider account in |Harmony Controller|.
* user-name
            User name of root provider admin of |Harmony Controller|.
* password
           Password for the user name provided of |Harmony Controller|.
* region/availability-zone
                           Geographical location or data center where the Thunder device is deployed.
* metrics-export-interval
                          Interval at which Thunder device sends aggregated metrics data to |Harmony Controller|.
* log-rate
           Maximum rate at which traffic logs are sent by the device per second to the |Harmony Controller|.
  1. Verify whether the A10 HarmonyTM Controller profile is created:

    show run
    
  2. Register the device:

    register
    
    Note: Use **deregister** command to de-register the Thunder device from controller.
    
  3. Verify the status:

    show harmony-controller status
    
    heartbeat-status : ACTIVE
    registration-status : PASS
    registration-status-code : 200
    kafka-broker-state : Up
    

To know more about device registration, you can check out the following video:

Registration using the Thunder UI

  1. Login to the Thunder device using the following credentials:

    username: admin
    password: *****
    
  2. From the System drop-down list, select Admin

  3. Click the Controller tab to view the Harmony Controller Settings page.

  4. Enter the A10 HarmonyTM Controller information as shown in the video

  5. Select Use Management Port

  6. Click Register Device

Registration using Thunder Device Manager

  1. Login to A10 HarmonyTM Controller using your credentials

  2. On the Provider Admin Management page, click View in Device Manager

  3. From the Devices drop-down menu, select Device List

  4. Click +Add Devices

  5. In the Add Device dialog box, enter the following:

    Device IP Address
    User Name
    Password
    
  6. Click Submit to add the device to the Device List

  7. Select the device and click the HC button

  8. Enter the A10 HarmonyTM Controller information as shown in the video

  9. Select Use Management Port

  10. Click Submit to register the device

Single Sign-On and Authorization

When a user logs in to A10 HarmonyTM Controller assumes role of provider administrator or tenant administrator. Based on the role they are able to view the content. When the user wants to get into a device for editing configuration, they need not login again to the device due to single sign-on feature. However, the permissions to the user on that particular device are still be honoured. In this way, administrator of one device is able to change configuration of other device in-spite of being the administrator in A10 HarmonyTM Controller until they get the authorization on the device.

Configuration Synchronization

Any configuration change done on the device even if it is done through device User Interface, device CLI or through A10 HarmonyTM Controller is automatically synchronized with A10 HarmonyTM Controller. If for any reason, connection between Thunder device and A10 HarmonyTM Controller breaks, the application services on Thunder device continues to work. During this time users are able to login to device User Interface or CLI directly for configuration update. Such configuration changes are synchronized with A10 HarmonyTM Controller when the link restores.