20 Comments

Summary:

While servers and applications have gone virtual, migrating into cloud computing environments, networking technologies remain bound to physical hardware and data center racks. As server virtualization moves into the enterprise and cloud data centers, when will networking follow with virtual appliances?

The networking industry is stuck in the 1990s, the last time there was a fundamental shift in commonly deployed network architectures. While servers and applications have gone virtual, migrating into cloud computing environments, networking technologies remain bound to physical hardware and data center racks, creating potential gaps in support or security in virtualized environments. As server virtualization moves into the enterprise and cloud data centers, networking needs to follow with virtual appliances.

Server virtualization uses virtual machines (VMs) to segment a single physical compute server into multiple logical virtual servers. In many environments, collapsing multiple overpowered physical servers onto a single server running multiple VMs can reap significant economic rewards.  A single server consumes less power, take up less space, may be easier to manage and allows for the dynamic creation and removal of VMs on demand.

VMs can be used inside an enterprise IT department or on public clouds, such as Amazon’s EC2.  They can move from one physical or geographical location to another using a variety of tools and technologies, such as Rightscale’s Cloud Management Platform or VMware’s VMotion.  Yet unfortunately, when a VM moves from one location to another, it becomes dependent on the networking infrastructure of the physical appliances attached to the new location.

For the past decade of networking, the basic infrastructure setup consisted of applications running on servers  that were then segmented by switches into virtual local area networks.  Those switches then connected to routers and a potential plethora of appliances, depending on the application needs — physical devices such as load balancers, firewalls, unified threat management devices, Secure Socket Layer accelerators, virtual private network (VPN) concentrators, intrusion detection systems (IDS), data loss prevention devices and so on.

To be sure, some networking devices and appliances are now available in virtual form.  Switches and routers have begun to move toward virtualization with VMware’s vSwitch, Cisco’s Nexus 1000v, the open source Open vSwitch and routers and firewalls running in various VMs from the company I helped found, Vyatta.  For load balancers, Citrix has released a version of its Netscaler VPX software that runs on top of its virtual machine, XenServer; and Zeus Systems has an application traffic controller that can be deployed as a virtual appliance on Amazon EC2, Joyent and other public clouds.

Yet the fundamental problem remains: Most networking appliances are still stuck in physical hardware — hardware that may or may not be deployed where the applications need them, which means those applications and their associated VMs can be left with major gaps in their infrastructure needs. Without a full-featured and stateful firewall to protect an application, it’s susceptible to various Internet attacks.  A missing load balancer that operates at layers three through seven leaves a gap in the need to distribute load between multiple application servers. Meanwhile, the lack of an SSL accelerator to offload processing may lead to performance issues and without an IDS device present, malicious activities may occur.  Without some (or all) of these networking appliances available in a virtual environment, a VM may find itself constrained, unable to take full advantage of the possible economic benefits.

Cisco, the networking giant, has articulated a multiphase plan toward virtual application deployment and network appliances in its Datacenter 3.0 architecture. The company does not, however, offer any specifics as to its time lines for full network virtualization, so it remains to be seen if the industry will wait for the market leader or move to realize the benefits of virtual appliances for networking all on its own.

Such timing is key, in my mind. The networking industry is clearly moving toward virtual appliances; the faster it gets there, the faster applications in the cloud, public or private, will be able to benefit from the same networking infrastructure they currently enjoy in the physical world. At which point networking architectures will change to a degree we’ve not seen in well over a decade.

Image courtesy of Flickr user Joe Shlabotnik.

This article also appeared on BusinessWeek.com.

  1. HyTrust is a virtual appliance that brings hardware platform-style security to the virtual space, plays well with Cisco too.

  2. Zeus Technology has developed a fantastic virtual appliance load-balancer. http://www.zeus.com

  3. Patrick Kerpan Friday, January 29, 2010

    This is why we brought VPN-Cubed to market in November ’08. We have editions that run at Amazon, GoGrid, Terramark, Rackspace, etc.. and connect to your datacenter.

    We collectively have devices that are used at the physical layer (big iron Cisco stuff) by people who provide physical infrastructure, at the hypervisor level (Cisco Nexus 1000V) to help provide virtual infrastructure, but there is a need for devices for users of virtual infra as you point out above.

    That’s what VPN-Cubed is for, giving the cloud user control of addressing, protocol, topology and security – separate and distinct from the underlying layers.

  4. Allan Leinwand Friday, January 29, 2010

    @Will – are you a user of HyTrust or can you cite an example?

    @Matt – agreed. I mentioned Zeus Systems above.

    @Patrick – does VPN-Cubed offer IDS, SSL termination, DLP and VPN virtual appliances? Can you give a customer example that has moved an application that used to live behind these types of physical appliances that has now migrated to the cloud using virtual appliances with the same functionality?

  5. Cloud 2.0/Cloud TNG/Cloud Reloaded – Top 5 « My missives Saturday, January 30, 2010

    [...] 1] An interesting blog by Allan in GigaOm “Where are the Network Appliances?”. He ends the blog with a poignant statement ” … networking architectures will change to [...]

  6. Yep, true indeed. Confidently, I had this as one of the essential features for Cloud TNG. Except for network services that need wire-speed, all others would move into the “soft-appliance” from factor. Naturally it is not a linear interpolation – the services need to be horizontally scalable, distributable and even inherit some of the protocols that is in the Cloud OS – like gossip, adjacency et al.

    1. On second sentence, I meant coincidentally not confidently – blame it on the spellchecker!
      Moderator ; Can you pl correct ?

  7. Prevensys has Data Loss Prevention virtual appliances.

    1. Thanks for the information. Have you used this virtual appliance and do you have any experience using this in production?

  8. Where Are the Network Virtual Appliances? Hobbled By the Virtual Network, That’s Where… | Rational Survivability Sunday, January 31, 2010

    [...] Leinwand from GigaOm wrote a great article asking “Where are the network virtual appliances?” This was followed up by another excellent post by Rich [...]

  9. Could you comment on how this need for all network devices to have a virtual form factor square up with the efforts to standardize on IEEE 802.1Q variants (ah & bg).

    The notion there is that, esp. in an internal DC, instead of having a plethora of enforcement policies, these can still be managed fewer albeit high performance devices.

    1. Allan Leinwand Bob Sunday, January 31, 2010

      Agreed – virtual network appliances need to be able to handle multiple VLANs and trunking. Let’s bring on the high performance devices running multiple network appliances!

  10. Sajai Krishnan, CEO, ParaScale Sunday, January 31, 2010

    IMO the big theme is that commodity hardware is going to be the norm going forward. Compute (as you pointed out), networking (VMs or Linux) seems to be seeing traction in that direction, and increasingly storage (VM or Linux). With ParaScale you can get file-storage(NAS) by ganging together commodity servers and their internal spinning disks (http://www.parascale.com/index.php/solutions/overview). No question, this is where the world is going.

    1. Thanks Sajai – keep up the good fight at ParaScale.

Comments have been disabled for this post