In Part One I examined some myths about hardware and software appliances and showed appliances are mainly packaged software components.In Part Two I described why hardware appliances became so successful in the last years and where.
In this part I’ll try to show how virtual appliances combine the best of both worlds.They combine the benefits of both software and hardware appliances with the extreme flexibility of virtualized computing.
Looking back to 2002, Check Point released SecurePlatform – an appliance on a CD, also known internally by the cool name “Black CD”. At the time, Check Point “real” hardware offering was not very successful and it relied on Nokia appliances to compete with Cisco and NetScreen appliances.
NetScreen appliances and appliances in general became more and more successful . Nokia produced excellent appliances as well, but they were typcalliy sold at a very high premium , chiefly for the brand.
SecurePlatform was invented in order to offer the customers a cheaper option. SecurePaltform is a basically a bootable CD that one inserts into any x86 servers that formats the hard drive and installs a secure, shrunk down, Linux operating system with all of Check Point software products pre-installed.
The idea is to get most of the “real” appliance advantages (ease of install, drivers, secure OS, fast boot time,optimized performance) with the advantages of sofwatre ( flexibility, modularity, familiar shell and interfaces) at a very cheap hardware price (customer can choose his box and use x86 agreements and discounts).It also allows the customer to grow capcity easily without complex upgrades.
Overtime SecurePlatform became very successful and turned in to the customers’ favorite deployment choice. While in 2003 it still lacked a lot of appliance features ( image management, backup and recovery, web based interface), those were added along the years.
It is important to note that SecurePlatform based appliances, like other CD appliances, still had some gaps from other appliances.
1. The form factor is still of a standard PC. With 1U servers becoming the norm it was less of an issue, but the number of network interfaces was still a problem in some cases.
2. Keeping up with driver computability with all the x86 vendors was very hard. When Dell\HP\Lenovo release a new firmware\driver they don’t bother to update anyone and back porting Linux based device drivers is not fun at all. The implications are that the appliance is not as generic as would seem.
3. There is no single point of support for hardware+software.
4. There is no “real” hardware acceleration, if it is really needed.
To overcome some of these, in 2005, Check Point started selling hardware appliances, based on SecurePlatform as another alternative.
Virtual Appliances are the next generation in the same concept.
Because the hypervisor presents a standard “hardware” API to the operating system, most of the compatibility issues are solved by the hypervisor manufacturers. Because the appliance is packed as a standard virtual machines, there is no need for the reboot\format\install procedure.
Of course, since the appliane is a virtual machine the customer enjoys great flexibility, not found in regular appliances or even “CD Appliances”
- High Availability and load balancing across physical server (e.g Vmotion)
- Full control over memory and CPU allocation in real time
- Easy provisioning , tracking and backup which are appliance independent
- Consolidating many appliances to one physical server while maintaining modular design and software independence
- The appliance can be used “inside” hypervisors, so there is no need to move traffic from the bus to the network
- Form factor and port density are less of an issue , since the switches and routers are virtual as well
To make the creation of virtual appliances easier, companies like Rpath, are providing an easy to use software to handle a lot of the work Check Point, NetScreen and other vendors and to redo to create their own appliances.
Some problems still remain open, mainly the lack of standard central management to control appliances from different vendors. I’m guessing one start-up or another is working on the problem.Hardware acceleration is lacking, but it would be probably be solved by future developments in the core virtualization companies.And no one needs hardware acceleration anyway
To summarize, it seems that virtual appliances turn software into the king again.They combine software advantages and overcome its shortcomings.
In a cloud based world, there is a good chance it will become the favorite deployment vehicle.