Posts Tagged ‘Performance’

Hardware, Software and (Virtual) Appliances Myths

September 21, 2008

For years software engineers and real engineers ๐Ÿ™‚ย  have been fighting over the crown for most-important-hard-to-do-only-real-men-can-do-it-award. In the last ten years appliances started to enter the debate and in the last few years virtual appliances are changing the map.

In this multiple piece post I’ll try to review some of the historical myths,ย  their relevance today and what the future holds.

A lot like a Belle and Sebastian song there can be many interpretations on the subject. This is mine.Just a trail for the devil to erase.

1. Hardware is faster than software.

Unfortunately for developers, no software can run without hardware so the argument is false by nature.

What people usually mean is “software the runs on a dedicated hardware runs faster than software that runs on a general purpose hardware (Intel\AMD x86)”.

I think in 2008 everyone agrees the case is quite the opposite. The economics of building new chips plants are so huge that only Intel\AMD can afford them. Dedicated ASIC\FPGA\DSP cannot compete in most cases with the price performance of X86. Even in raw performance they can only keep a two year initial gap which fades their development cycles are much longer than Intel\AMD.

At some period many start-ups offered interesting hardware acceleration techniques for security.In many cases their network processors\ASIC\FPGAย  were really great and innovative. The problem was that most customer needed 10mbps Firewall, Enterprise Customers needed 20-100 Mbpsย  firewall and $4000 Intel box could perform at 2Gbps. The claim these vendors had is that they can do 4-10Gbps for the toughest scenarios. This was partially true with three important reservations.

  • Almost Nobody needed a 4Gbps Firewall
  • They would charge 20K$ for a single card
  • They could not do a lot of the really hard new problem ( Deep Packet Inspection , Anti Virus )

With such numbers, these companies didn’t do very well, AFAIK.

2. Appliances run faster than software.

Maybe, but this is not because of the dedicated hardware. Most appliances are just dressed up x86 server, painted in industrial Grey ,nice reboot buttons and LEDs in the front. They don’t have any FPGA\Network Processor or ASIC that can accelerate performance.

Actually because of inventory and QA problems, the appliance is usually running an older CPU than the one in the open market from IBM\Dell\HP.

3. Appliances have a dedicated Superior operating system

Here is a partial list of dedicated Operating Systems : Cisco PIX, NetApp Data ONTAP,Juniper JunOS, Check Point SecurePlatform, Cisco IOS, Nokia IPSO

This might have been true in the past. Today everyone is using a stripped down Linux or FreeBSD.

This is not a bad thing, but it does not always create superiority.Done in the right way it delivers : performance optimizations, increased security due to hardening, faster boot time, no worries about drivers compatibility, smaller memory foot print and enhanced image management.

Done in the wrong way itย  delivers : limited operating system, legacy capabilities, support contract that are broken if you try to extend the OS, limited scripting and API’s, learning a new management interface and shell for every new appliance and medium security that lacks latest patches and updates.

Some of the worlds most common appliances are using proprietary operating system that do not support multi-threading, multiple CPU’s or even simple inter process memory protection. They are better off switching to Linux.

In the next blogs :

  • When do appliances make sense ?
  • When is a real specialized hardware needed ?
  • The myth of no-moving-parts
  • What’s an appliance-on-a-cd ?
  • Why do Virtual Appliances combine some the best of both worlds?