WHERE ARE THE NETWORK VIRTUAL APPLIANCES?
Networking technologies remain bound to physical hardware and data center racks, creating potential gaps in support or security in virtualized enviroments--by Allan Leinwand
BUSINESS WEEK – January 31, 2010 – The networking industry is stuck in the 1990s, the last time there was a fundamental shift in commonly deployed network architectures. While servers and applications have gone virtual, migrating into cloud computing environments, networking technologies remain bound to physical hardware and data center racks, creating potential gaps in support or security in virtualized environments. As server virtualization moves into the enterprise and cloud data centers, networking needs to follow with virtual appliances.
Server virtualization uses virtual machines (VMs) to segment a single physical computer server into multiple logical virtual servers. In many environments, collapsing multiple overpowered physical servers onto a single server running multiple VMs can reap significant economic rewards. A single server consumes less power, takes up less space, may be easier to manage, and allows for the dynamic creation and removal of VMs on demand.
VMs can be used inside an enterprise IT department or on public clouds, such as Amazon's EC2. They can move from one physical or geographical location to another using a variety of tools and technologies, such as Rightscale's Cloud Management Platform or VMware's VMotion. Yet unfortunately, when a VM moves from one location to another, it becomes dependent on the networking infrastructure of the physical appliances attached to the new location.
For the past decade of networking, the basic infrastructure setup consisted of applications running on servers that were then segmented by switches into virtual local area networks. Those switches then connected to routers and a potential plethora of appliances, depending on the application needs—physical devices such as load balancers, firewalls, unified threat management devices, Secure Socket Layer accelerators, virtual private network (VPN) concentrators, intrusion detection systems (IDS), data loss prevention devices, and so on.
To be sure, some networking devices and appliances are now available in virtual form. Switches and routers have begun to move toward virtualization with VMware's vSwitch, Cisco's Nexus 1000v, the open-source Open vSwitch, and routers and firewalls running in various VMs from the company I helped found, Vyatta. For load balancers, Citrix has released a version of its Netscaler VPX software that runs on top of its virtual machine, XenServer; and Zeus Systems has an application traffic controller that can be deployed as a virtual appliance on Amazon EC2, Joyent, and other public clouds.
Yet the fundamental problem remains: Most networking appliances are still stuck in physical hardware—hardware that may or may not be deployed where the applications need them, which means those applications and their associated VMs can be left with major gaps in their infrastructure needs. Without a full-featured and stateful firewall to protect an application, it's susceptible to various Internet attacks. A missing load balancer that operates at layers three through seven leaves a gap in the need to distribute load between multiple application servers. Meanwhile, the lack of an SSL accelerator to off-load processing may lead to performance issues, and without an IDS device present, malicious activities may occur. Without some (or all) of these networking appliances available in a virtual environment, a VM may find itself constrained, unable to take full advantage of the possible economic benefits.
Cisco (CSCO), the networking giant, has articulated a multiphase plan toward virtual application deployment and network appliances in its Datacenter 3.0 architecture. The company does not, however, offer any specifics as to its time lines for full network virtualization, so it remains to be seen if the industry will wait for the market leader or move to realize the benefits of virtual appliances for networking all on its own.
Such timing is key, in my mind. The networking industry is clearly moving toward virtual appliances; the faster it gets there, the faster applications in the cloud, public or private, will be able to benefit from the same networking infrastructure they currently enjoy in the physical world. At which point networking architectures will change to a degree we've not seen in well over a decade.