January 25th, 2007
Enter any data center and you’ll see a variety of boxes. Most are servers, and most of the rest are “network devices” that are single-function devices for translating and directing flows of bits: switches, routers, firewalls, load balancers, VPN concentrators, compression engines, access controllers, e-mail filters, multiprotocol file servers, and more. These are appliances in the classic sense: pre-defined function, closed operating system, quick installation (usually!) — the opposite in these respects to the applications that run on servers.
The simple installation and operation are clear upsides. Others have listed the downsides of hardware appliances, and they apply here as well: issues when scaling up or down, issues with spare parts and data backups, and clumsy element-by-element configuration changes. Yet for all but switches, their functions can be reproduced in servers with 2 or more network interfaces (NICs) and, usually, open source software. So it’s no surprise that they make popular virtual appliances. In fact, most of the winners of the VMware virtual appliance challenge were network-oriented devices.
A notable example of a classic network appliance going virtual is the Zeus Extensible Traffic Manager. This is a high-quality load balancer with many extra “layer 7″ functions to route, filter, and cache traffic for web and application servers. It was built on a general-purpose Linux core, and is sold as a hardware appliance. Now it has been released as a virtual appliance. We’ve talked with our prospects here, and they are intrigued: they like the flexibility of starting off with a load balancer, and doing early application testing with one, and being able to smoothy upgrade to a dedicated hardware appliance as their load grows. Other companies whose products have similar values are the Open Source Router from Vyatta, Reflex VSA for intrusion detection, LoadBalancer.org, and Proofpoint’s email filter. (If you know others, please feel free to submit the name and link in the comments to this post.)
None of these will run as fast in a vm as they will in an engineered hardware appliance, where they could conceivably achieve wire speed of 100 mbps or even 1 gbps, instead of a vm’s more typical 25-50 mbps. But then again, it’s rare that most applications ever see that much demand for their services — under 20 mbps is more typical. In fact, there are cases where the traffic from many applications are forced through a single hardware appliance “because it’s there,” when a more logical network topology would separate the traffic and give each application its own appliance. For example, firewalls sometimes have extremely complex configurations because they manage security for many different applications in a single box, when they could be more easily managed with one firewall per application. Disaggregate the traffic and you may reduce complexity and configuration errors, while lowering the traffic rates to levels more suitable for a virtual appliance. As cores become more numerous in servers, it may become more appealing to use them for network functions, replacing hardware and cabling with software.
I’ve seen some data centers where the “network guys” and the “application guys” are different tribes and hardly understand each other. The network guys generally buy and wire up boxes, while the application guys mostly buy and configure software. It’s a little like the old days, with telephone and PBX guys separated from the computer guys (though not as bad, thankfully). The new options for network functions in virtual appliances could cause another wave of convergence, both in the equipment and the staffing in the data center.
January 25th, 2007
The figures are surprisingly high. From October 2006: “Server virtualization no longer has the same cache it did a year or two ago. And the reason is simple: Now that everybody is starting to do it, there is nothing to boast about. According to IDC, more than three-quarters of companies with 500 or more employees use virtual servers, and 45 percent of all new servers purchased this year will be virtualized.” And VMware leads. Revenues are up 6X in 3 years, and “more than 20,000 companies now [use] VMware technology, including 99 of the Fortune 100 companies.”
January 23rd, 2007
There’s been quite a buzz in the last few months about virtual appliances, with VMware’s Appliance Marketplace and Certification program, and Microsoft’s embrace of vm’s for evaluation software. One happy outcome from my point of view is a revival in operating system innovation. There have been some nifty new OS designs emerging as packaged virtual machines lately:
- Liquid VM is a new BEA product that runs Java with a minimal OS – one with under 200 primitives rather than the thousands in a typical OS API. This Java Virtual Machine is radically smaller than a conventional OS. It’s claimed to perform twice as fast as Java in a virtualized conventional OS, while being much simpler to operate and having fewer potential security holes.
- Transitive is a company that provides software to allow programs compiled on one type of processor to run on another. They provided the engine for Apple’s Rosetta system, for example. They recently released their Quick Transit SPARC-to-Linux package as a VMware virtual machine. In essence, their VM extends x86-based Linux to run SPARC-based Solaris programs, in native SPARC object form. The combination of Linux and their software provides a hybrid Linux+Solaris operating system environment, on any x86 platform. It’s great for enterprises that have SPARC apps that are too expensive to rewrite, but that need to move to newer, faster, and more maintainable hardware.
- rPath uses the Conary packager for Linux to build a custom Linux distribution for any application, automatically. This custom Linux installs only the pieces of the operating system that are those necessary to support the application, resulting in an OS that is smaller, easier to maintain, and more secure. (Some appliances are really small; an LAMP VM clocks in at 190MB.) rPath’s rBuilder can be used to construct virtual or physical appliances, and to generate customer update packages after the appliance is installed.
These innovative approaches are greatly helped by virtualization. The OS in a virtual appliance runs on constant and simplified “virtual hardware”, so it needs none of the complex driver sets and hardware configuration logic of a conventional OS. And the appliance OS has only one application to support, so the irrelevant parts of the OS can be stripped away or disabled, making the appliance smaller, faster and more secure.
OS’s had been converging, and in my opinion, getting boring. In a geeky way I find these new approaches pretty exciting.
January 23rd, 2007
It’s been a couple of months since the last post here. While at VMworld, we considered blogging, but there was so much coverage by the press, bloggers, and VMware itself, that it felt redundant. As usual, VMworld left us feeling there were loads of new developments to keep track of; and meanwhile, we had some new customers that kept us busy. Finally we have some breathing room.
So starting today we resume. You can expect comments on virtualization applied to technical areas, like system testing, networking, and software distribution (“virtual appliances”). And observations about our customers’ applications, like on-demand computing, sensor and mobile networks, and software-as-a-service. Thanks for tuning in!