Posts Tagged ‘Cisco’

Hardware, Software and (Virtual) Appliances Myths – Part Three

December 9, 2008

San francisco Virtual

In Part One I examined some myths about hardware and software appliances and showed appliances are mainly packaged software components.In  Part Two I described why hardware appliances became so successful in the last years and where.

In this part I’ll try to show how virtual appliances combine the best of both worlds.They combine the benefits of both software and hardware appliances with the extreme flexibility of virtualized computing.

Looking back to 2002, Check Point released SecurePlatform – an appliance on a CD, also known internally by the cool name “Black CD”. At the time, Check Point “real” hardware offering was not very successful and it relied on Nokia appliances to compete with Cisco and NetScreen appliances.

NetScreen appliances and appliances in general became more and more successful . Nokia produced excellent appliances as well, but they were typcalliy sold at a very high premium , chiefly for the brand.

SecurePlatform was invented  in order to offer the customers a cheaper option. SecurePaltform is a basically a bootable CD that one inserts into any x86 servers that formats the hard drive and installs a secure, shrunk down, Linux operating system with all of Check Point software products pre-installed.

The idea is to get most of the “real” appliance advantages (ease of install, drivers, secure OS, fast boot time,optimized performance) with the advantages of sofwatre ( flexibility, modularity, familiar shell and interfaces) at a very cheap hardware price (customer can choose his box and use x86 agreements and discounts).It also allows the customer to grow capcity easily without complex upgrades.

Overtime SecurePlatform became very successful and turned in to the customers’ favorite deployment choice. While in 2003 it still lacked a lot of appliance features ( image management, backup and recovery, web based interface), those were added along the years.

It is important to note that SecurePlatform based appliances, like other CD appliances,  still had some gaps from other appliances.

1. The form factor is still of a standard PC. With 1U servers becoming the norm it was less of an issue, but the number of network interfaces was still a problem in some cases.

2. Keeping up with driver computability with all the x86 vendors was very hard. When Dell\HP\Lenovo release a new firmware\driver they don’t bother to update anyone and back porting Linux based device drivers is not fun at all. The implications are that the appliance is not as generic as would seem.

3. There is no single point of support for hardware+software.

4. There is no “real” hardware acceleration, if it is really needed.

To overcome some of these, in 2005, Check Point started selling hardware appliances, based on SecurePlatform as another alternative.

Virtual Appliances are the next generation in the same concept.

Because the hypervisor presents a standard “hardware” API to the operating system, most of the compatibility issues are solved by the hypervisor manufacturers. Because the appliance is packed as a standard virtual machines, there is no need for the reboot\format\install procedure.

Ducati Motorcycle

Ducati Motorcycle

Of course, since the appliane is a virtual machine the customer enjoys great flexibility, not found in regular appliances or even “CD Appliances”

  • High Availability and load balancing across physical server (e.g Vmotion)
  • Full control over memory and CPU allocation in real time
  • Easy provisioning , tracking and backup which are appliance independent
  • Consolidating many appliances to one physical server while maintaining modular design and software independence
  • The appliance can be used “inside” hypervisors, so there is no need to move traffic from the bus to the network
  • Form factor and port density are less of an issue , since the switches and routers are virtual as well

To make the creation of virtual appliances easier, companies like Rpath, are providing an easy to use software to handle a lot of the work Check Point, NetScreen and other vendors and to redo to create their own appliances.

Some problems still remain open, mainly the lack of standard central management to control appliances from different vendors. I’m guessing one start-up or another is working on the problem.Hardware acceleration is lacking, but it would be probably be solved by future developments in the core virtualization companies.And no one needs hardware acceleration anyway 🙂

To summarize, it seems that virtual appliances turn software into the king again.They combine software advantages and overcome its shortcomings.

In a cloud based world, there is a good chance it will become the favorite deployment vehicle.


Hardware, Software and (Virtual) Appliances Myths – Part Two

October 17, 2008

In Part One I examined some myths about hardware and software appliance. Today I’ll try to describe why hardware appliances became so successful in last years and where.

The basics ideas come from a great NetApp pitch I heard in 1994, when they were very small.Their example at the time was “Routing was done by generic Sun\IBM\HP\Digitital Computers and Cisco turned it into Appliance”. The analogy was “File Serving is done by generic Sun servers and NetApp is going to be the Filer Appliance”, which they did.

Appliances can be great because:

  • Appliances can be cheaper than PC – creating a 60$ Small office router is just not possible using  PC hardware components. Even $1000 enterprise branch office is better of using cheap CPU and low memory to achieve a great margin.
  • Appliances are much easier to install – this is probably still true. Having someone else tie together all the software , do the hardening, remove extra bits and having no drivers to deal with is a great win. Installing the right RAID driver for a generic Linux system can still be quite challenging.
  • Appliances can have better performance for dedicated tasks– NetApp favorite example was trying to list 2000 files in a big directory .It could take several minutes in a generic Unix file system. Since NetApp designed the operating system  just for file serving it was done amazingly fast.
  • Appliances can have a much better form factor – It is quite hard to put 12 Network cards in a single PC.To populate it with 40 is just impossible. Moreover, the network cards on x86 servers are in the wrong side ! Network equipment makers place the cards in the front , while generic servers have them in the back. Again, it seems like a small thing, but try to get Dell,HP or IBM to change that for your appliance.
  • The right side of the cable

    The right side of the cable
  • Appliances are not managed by the server group – one of the biggest selling points for network departments is that the server group can not touch dedicated operating systems. If a Firewall admin buys a Linux server she has to conform to the Linux guidance and dictatorship of the server admins.If it PimiPimiOS , they have no say about it.
  • Appliances are more secure – this is true to some extent just because the functionality is limited and no extra services are installed. However, in many cases it may boil down to security by obscurity. Nobody bothers to update their appliances with latest security patches and the proprietary operating system are not inspected by the community. Furthermore, security applications can not be run on these unique environments.
  • Appliances boot faster – seems like a small thing, but waiting  ten minutes for windows to load is not really acceptable for an enterprise grade router or file server. It is also quite annoying in your home DSL modem. Actually it is quite annoying on my $2000  ThinkPad. Anyway, having a very small ,optimized OS and no hard disk allows a very fast boot time, along with dedicated thinking about boot and reboot length.
  • Appliances are more reliable because they have no hard disk (“moving parts”) –  maybe , not so sure about this one. Anyway , in few years no server will have any moving part ( although it seems fans are moving all the time … )
  • Appliance have  a superior , dedicated management console – this is commonly true. Good appliances have a a great unified web and command line management that bundles all management aspects from image management to application configuration. The problem is once you have 30 different appliances from different vendors  each with its own dedicated ChuChuOs. On a side note, it tends to be quite hard to script and program these beasts , for the same reason.

To make the discussion more interactive till i post the third piece here is a small poll to get your feedback.