SpamTitan – Virtual vâ€™s Physical Appliances â€“ 4 compelling reasons for change
Virtual Appliances have appeared on the horizon as an unstoppable force. Where traditional appliances supplanted the office and data centre server, the virtual appliance has taken this to a new level and in turn rendered the incumbent effectively obsolete. Where appliances addressed critical needs not addressed by office servers, they also introduced further complexities and difficulties which are easily resolved by virtual servers. This white paper takes a look at the advantages of virtual appliances in comparison with physical appliances and addresses some of the key benefits. Benefits which include ease of evaluation and testing, ease of deployment, streamlined redundancy and backup, and the key benefits of scalability and mobility....
The Need for Scaleable Architecture
Most organizations today spread their applications across servers based on functional
boundaries. Both large and small companies use email servers, file servers, web servers
and so on. Over time, the trend has been to dedicate a specific server for each function.
This allows for a scaleable, highly flexible architecture. As the organization grows, greater demands are placed on the infrastructure. Not just from an increase in the number of users, but also in terms of the geographic footprint. Branch offices will require their own servers for certain applications. Fault tolerance also plays a part, driving larger installations towards multiple, duplicated servers in preference over a single monolithic system.
As servers donâ€™t generally require user interaction, the trend has been to use vendor supplied appliances for certain types of applications. An appliance allows for a relatively small footprint and also provides more of a plug and play infrastructure over the traditional server application experience. As load increases, new appliances can be brought on-stream and the load distributed evenly. The system administrator can maintain a surplus of similar appliances and install these in the event of failure or increased load. Dividing the application base into component parts and spreading these components across multiple appliances is a tried and tested method of delivering a scaleable architecture.
However, industry research by VMware shows that the system usage per appliance can be as low as 15% of the available processing power.â€ Effectively, the server budget is over six hundred percent higher than necessary. Maintaining a pool of idle servers on standby in case of increased load or for failure recovery, can adversely affect the efficiency even further. Amalgamating applications on each server can go a long way toward resolving the usage issues but at a cost. Running different applications on the same server loses the scalability of the appliance solution and can create security issues.
In addition, maintaining a homogenous environment of appliances is extremely difficult if not impossible. Complicating this is the need to upgrade different applications at different times. A new appliance can have a different platform configuration which will make it difficult to migrate users from an older appliance to a new one.
A virtual appliance is one which subdivides the physical hardware into multiple virtual machines. Each virtual machine provides a self-contained appliance layer to the application. Virtual appliances can thus be distributed across the set of systems merely by transferring a virtual appliance image. Load balancing can be achieved between different servers with no need or requirement to physically move the appliance. The virtual image is simply transferred to the appropriate server.
Any given server can be running a widely disparate range of applications. Server loading can thus be tightly controlled by distributing tasks across physical servers. The resources can be equitably shared across the application pool. Memory utilization, disk utilization and of course processor utilization can be more accurately balanced and controlled.
By encapsulating each application in its own virtual appliance, the needs of that particular application can be tuned more precisely. Virtualization provides all of the benefits of the traditional appliance with the following additional key benefits:
â€¢ Ease of Evaluation and Testing
â€¢ Ease of Deployment
â€¢ Redundancy and Backup
â€¢ Scalability and Mobility
Ease of Evaluation and Testing
In order to evaluate a new appliance, the manufacturer must first ship a sample appliance to the evaluation tester. Once the decision is made to perform the evaluation, arranging for a sample appliance can often take on the order of two weeks before the appliance is available for testing. On completion of the evaluation, the sample appliance must then be shipped back to the manufacturer. Even in the event that the appliance is purchased, generally a new appliance will need to be shipped as the sample appliance will be "shop soiled" and unavailable for sale. Further to this, often it is a requirement of evaluation that the appliance be tested within the data centre or at a remote geographic location. This adds further difficulties in installing and performing the evaluation as the tester must arrange for the appliance to be further delivered to the data centre and installed.
Virtual appliances allow the user to load the virtualized image onto an existing server or desktop and begin evaluation and testing immediately. On completing the evaluation, the administrator or evaluator can simply remove the virtual image and the system is restored to its original state.
By encapsulating the server image in a single file, it is possible to duplicate the image and revert to an earlier image as necessary. By using a virtual server, the test team can produce a pristine installation and duplicate that image. For each test, they can then begin the process starting with a copy of the pristine image and be confident that there are no vestiges of the previous test. For example, using the VMware application and the SpamTitan email security virtual appliance, it is possible to bring up an evaluation copy of the email security system with little more than a download. Extensive testing in a real-life environment can begin almost immediately after preliminary configuration. At any point during the evaluation, it is trivial to revert to the original installation without the need to ship a new appliance. The evaluation can also be performed on the latest version of software available, as opposed to the version of software which was imaged onto the physical appliance during the manufacturing process some months previous. If a physical appliance is shipped by the manufacturer, it is possible that not only is the software out of date with the manufacturing process, but it is also possible that the appliance itself has been misconfigured in some way by a previous evaluation which will be difficult if not impossible for the evaluator to determine.
At the completion of an evaluation, it is often essential to retain the test data or evaluation data for some period of time until decisions have been made by other teams or by senior management. In the normal case, this requires that the sample appliance sit idle until such time as it is free to be reinstalled and redeployed. In some cases, the manufacturer will request the return of the appliance before even the evaluator has had time to complete the evaluation. In the case of virtual appliances, old evaluation and test images can be saved to tape or other backup medium for future analysis or further testing, thus freeing up the test system for other tests. Similarly, the test system can be easily restored to a pristine state by the application of a new image, thus preventing cross-contamination of tests.
Ease of Deployment
Ease of deployment is a key requirement for any data centre or organization. The ability to be able to migrate an image onto a new virtual appliance cannot be overstated. Each virtual image contains all the necessary components to deliver the required service or function. The image can be effortlessly deployed to any virtual machine anywhere.
Installing a new appliance in a data centre or branch office can take days if not weeks.
The hardware must be delivered in the first instance. Secondly, it must be pre-staged and then shipped to its eventual destination. It is often the case that the person performing the initial configuration or pre-staging is not the same person performing the physical installation. This can raise several issues. Most notably, changes in physical topography can render the pre-staged configuration obsolete. Also, it is often the case that the configuration must be performed by a specialist. This means that the physical appliance must be installed at the data centre prior to the arrival of the specialist. It is possible to streamline this in large data centers but it is still cumbersome and generally not available to smaller organizations.
By way of contrast, utilizing a virtual server application such as VMware decouples the server deployment and the deployment of one or more virtual appliances. Often in the case of a branch office, the server is deployed by the hardware provider and is up and running almost immediately. Virtual appliances can be deployed as soon as they become available. Any specialist knowledge can be applied without the need for scheduling. No issues arise from the physical topology as little or no change is required.
Being able to deploy a new email security gateway such as SpamTitan simply by attaching the image to the virtual server application (such as VMware) allows an organization to bring up the new security system in a matter of minutes instead of hours or even days.
Redundancy and Backup
It is essential in this day and age, that organizations plan for the possibility of disaster. This is essential regardless of the size of the organization. In fact, it could be considered to be more important for smaller organizations as large companies have significant resources to specifically deal with redundancy, backup and disaster recovery. In contrast, smaller companies will often struggle with maintaining off-site backups for the different appliances deployed. Often, each appliance will have its own backup schema making automation difficult if not impossible and requiring specialist knowledge by the person tasked with maintaining backups.
A virtual appliance encapsulates all of the required "bits" for that server in an image file.
It is possible to back up the image file on a nightly basis and to automatically copy the image to an off-site facility using the Internet. As the appliances within the organization become virtual, the mechanism for backing them up becomes standard across all appliances.
Eventually, an automated task can perform the backup operation for all of the virtual images. In the event of a disaster, the image can be redeployed and the only loss to the organization will be the data produced since the last backup, which will often be inconsequential. By using virtual server images, the organization can even redeploy its server pool without needing to replace much hardware. Several companies offer a "hot standby" site which can be tailored to virtual server images, allowing staff to resume work almost immediately.
It is also far easier to manage duplicated server applications using virtual servers. If the organization has five or six server applications such as an email security gateway, web content filter gateway, CRM application and so on, replicating these applications can require five or six additional appliances. Using virtual servers, it is possible to replicate all of the server applications with as few as two physical systems.
Redundancy can also be a core requirement when an organization is geographically dispersed.
Each branch office will require its own email security server, domain server and so on. Generally, distributing the applications to each of the remote offices will require a different appliance for each application. Virtualization is almost essential in this case as it allows each branch office to deploy a single hardware system with multiple virtual appliances instead of multiple physical appliances. The head office administrator can thus spread the virtual appliance suite based on each appliance and based on demand rather than on geography. New servers can be deployed and load-balanced with virtual machines at each outpost based purely on real time requirements.