Harmony Controller Architecture¶
Unlike traditional appliances, Harmony Controller application is collection of micro-services. These micro-services are deployed in containers and are managed by an internal orchestrator. Each micro-service offers a specific functionality to the controller. This architecture enables A10 Networks to add capabilities in controller at rapid pace and allows A10 customers to get new integrations and support with high confidence.
Scale on the go
As the business grows, the devices in infrastructure increase and there comes a need to increase capacity of the controller. Typical solution in market is to either buy a bigger hardware or deploy more than one unit.
Contrary to market, unique micro-services architecture of Harmony Controller allows to increase capacity of same controller unit as required. The controller supports horizontally scalable infrastructure. Adding capacity to controller unit is a simple two-step process, takes only a few minutes and can be done without any downtime.
The internal container orchestrator keeps monitoring the micro-services of controller and restarts them automatically as and when they fail. This also moves micro-services around when one entire node fails in a multi-node deployment. Multiple instances are instantiated of the micro-services storing data. In this way, important data is replicated and remains available in case of partial failure. This improves overall availability of controller. Important point to note is that the traffic via managed devices gets no impact even when the device is not able to connect controller.
Harmony Controller Interfaces¶
The Harmony Controller allows organizations to achieve centralized management and control over A10 application services, their various policies and obtain real-time visibility with analytics and alerts. Administrators utilize the Harmony Portal to interface with and configure the controller, which leverages Harmony APIs to manage the various application services.
A10 Harmony Portal¶
A10 Harmony Portal is easy to use a role-based portal for managing application delivery infrastructure and associated policies on a per-application basis. The Self-Service capability eliminates the need for centralized IT admins to set up and configure the per application infrastructure, thereby maximizing agility and operational savings in supporting multiple application teams.
A10 Harmony API¶
A10 Harmony API make all capabilities of Harmony Controller available through the RESTful interface. Orchestration and Configuration APIs can be used to integrate with deployment automation tools like Chef, Puppet, Ansible and CI/CD tools like Jenkins. Analytics APIs can provide access to per-application metrics, logs. They may be used to integrate with third party tools or build custom dashboards.
The A10 HarmonyTM Controller is available in two deployment models – A10 Managed SaaS or as a self-managed, on premise deployment. Consuming it as a SaaS makes it extremely simple andcost-effective to deploy and operate.
SaaS - Managed by A10¶
Available as a service, the cloud-based A10 HarmonyTM Controller subsystem is fully managed and monitored by A10. Application teams can directly get a ‘Tenant’ account on SaaS HarmonyTM Controller or the IT team of the organization can get a ‘Provider’ account and manage their own internal or external tenants. Only control messages, metrics and telemetry data are sent between the controller and service instances, via a secure, SSL-encrypted channel. Application traffic does not flow through the controller. This ensures application data remains within the customer’s network. The controller is built on top of a hardened operating system, installed in a highly available configuration and hosted at a public cloud provider. The A10 Networks’ team runs regular security scans and audits for security vulnerabilities. The controller offers multiple layers of security that are reviewed to ensure security and compliance. The SaaS controller is in an isolated environment with network – layer ACLs and access is granted to authorized personnel. Data exchanges within the subsystems are encrypted using strong ciphers and sensitive data like passwords; SSL private keys are stored in the database with strong encryption. External access is always through industry-standard SSL communication.
Self-Managed by Customer¶
The controller may also be deployed as a customer-managed, or hardware appliance within a customer’s environment in data centers or clouds, including bare metal server, VMware- powered clouds, Amazon Web Services, Google Cloud Platform and Microsoft Azure.
The self-managed controller can be installed on any physical or virtual machine instance. The internal microservices architecture of the controller maximizes the availability of the controller. Additionally, the architecture ensures that the traffic disruption never happens even if connection between the controller and application services is down.