Network appliance vendors are increasingly offering virtual versions of their products. By separating the underlying software of their products from dedicated hardware, vendors offer enterprises the flexibility and savings of running virtual appliances on industry standard servers. Virtual appliances mobilize network edge services, allowing them to follow virtual machines around enterprise networks and into the cloud. While virtualizing...
appliances may be all the rage, not every hardware appliance is well suited for the translation to a virtual appliance.
Virtual appliances move from lab to production
Virtual appliances, like the virtual machines they support, are software implementations of their network hardware counterparts. Many traditional network appliance vendors have embraced software -only deployments, offering virtual editions of their enterprise network services. Network monitoring tools, network security suites, network access control and even unified communications appliances have made their way into VMware’s virtual appliance directory. Open source products were the first to make the transition, with a number of significant players in the market, such as Cisco Systems and F5 Networks, adding support for some of their own products in the last 18 months. Over the last several years, just about every network service that took up rack space as an appliance can now be deployed as another workload in the virtualized data center.
Enterprises initially used virtual appliances as an alternative to hardware appliances in development and testing environments. These virtual appliances offered developers the opportunity during development and QA testing to replicate how a network appliance would affect application. Now that virtual appliances have matured and migrated into production environments, a new development model has evolved with them. Networking teams can now test and configure their virtual appliances while the application team is developing and testing the application. This makes sure that the expected level of performance is ensured through the application’s lifecycle, as well as engages the network team early in the development process. The mobility of virtual appliances also eases cloud deployments, as the supporting network services can travel along with the workloads through both public and private cloud services.
Virtual appliances open new use cases
While budget-cutting CIOs might be tempted to replace every expensive network appliance with virtual appliances, cost savings is usually not the motivation for such a transition. In fact, many vendors offer only a small discount on the price of virtual counterparts of their hardware appliances. Instead, vendors market the versatility of a virtual appliance. WAN optimization virtual appliances, for example, allow an enterprise to deploy the product as close to the applications associated with it as possible.
In most cases, choosing between physical and virtual appliances will not be an either/or decision. Enterprises deploy most network services with a mix of both dedicated hardware and virtual appliances throughout a network. Network administrators will be able to make purchasing and deployment decisions based on the particular context. They can use dedicated hardware where high performance or certain functions, such as SSL offload, require specialized chipsets. Then, they can use virtual appliances to support specific tasks, delegate management tasks or go into locations that physical appliances cannot reach.
“For large-scale SSL offload tasks, a BIG-IP appliance, with dedicated chips to support it, still makes more sense than using CPU cycles in a virtual machine,” said Alan Murphy, Sr. technical marketing manager for F5 Networks.
Branch-in-a-box deployments are a popular example of virtual appliances. Customers can run virtual instances of several best-of-breed network services on a single server, rather than deploying a rack of physical appliances or an integrated services router full of hardware modules.
Virtual appliances also allow enterprises to deploy best-of-breed services like WAN optimization within unique hardware deployments, such as ruggedized servers for heavy industrial or harsh environmental situations. Traditional hardware appliance vendors rarely build their products for these types of environments.
Multi-tenant cloud environments also favor virtual appliances. Many enterprises have to support disparate organizations within their environment, and that requires a logical separation. Likewise, service providers and hosting companies need to create separate virtual environments for their customers. Purchasing discreet hardware for each customer is simply unfeasible in such an environment, but deploying virtual appliances for each customer allows for both segregation and unique customization.
WAN optimization virtual appliances have helped Will Hosek, vice president of IT for the tax preparation service SurePrep, maintain the performance of his company's virtual desktop infrastructure across the planet. SurePrep hosts infrastructure with multiple, secure SAS-70 audited data center providers, as well as service centers in Irvine, Calif. and Mumbai, India. Hosek originally considered hardware appliances for WAN optimization, but he quickly recognized their shortcomings for his environment.
“We simply did not have the room to rack additional hardware in the data center,” Hosek said. When an enterprise pays a data center provider by the rack, dedicating rack space to network services hardware appliances is hard to justify.
SurePrep's offshore service center also challenged the hardware appliance approach. Shipping hardware internationally is time consuming and expensive, Hosek said. And vendors are not particularly keen on shipping hardware abroad for trials and testing.
“We didn’t know if it would work for us, so a validation test was essential,” Hosek said.
Instead, Hosek and his team deployed VMware ESX and Silver Peak’s WAN optimization virtual appliance on servers that were already racked on-site. While Hosek's networking team faced the typical challenges of coordinating with local staff half a world away, the trial period for the virtual appliances moved quickly, and SurePrep moved easily from proof of concept into production. Beyond the avoidance of shipping hardware abroad, Hosek appreciated the agility that virtual appliances offer.
“We could wipe the machine out and start over with a new vendor if we had to, which is something you just can’t do with a hardware appliance,” he said. “Going virtual is now always on the table for us.”
Of course, there is also a vendor sales angle in embracing virtual appliances. Many network appliance vendors have begun offering virtual appliances as free trial downloads of their products. Potential customers have the opportunity to kick the tires of the product without the costs associated with sending and returning hardware for customer evaluations.
Virtual appliances not a complete replacement
For all of the compute power that a virtual environment can bring to bear on a workload, there are still many tasks that favor dedicated hardware. Network processes and tasks like SSL offload and network forensics have deferred pre-processing tasks, such as processing gigabytes of network packets, to discrete chipsets built into the hardware appliances. These chipsets take the burden off of the appliance’s general CPU. Dedicated hardware remains first choice for these specific network tasks.
Dig deeper on Network Virtualization Implementation