As appliances proliferate across data centers and branch offices, network managers are questioning whether the benefits of these specialized devices outweigh the management burden they create. “The appliance form factor is very appealing, but there is a point at which there are just too many appliances. You can have a limited amount of rack space, and for the most part, the goal is to reduce the number of devices you have to manage,” says Koie Smith, IT administrator at Jackson, Tenn., law firm Rainey, Kizer, Reviere & Bell.
Smith and many others seeking security, acceleration and management capabilities over the past few years invested in software packaged on specialized network appliances.
One appeal of such preconfigured appliances is that they can require less upkeep than software installed on a server . A device may need updates only when the appliance vendor releases them and not with every Microsoft patch update, for example. Plus, if for some reason an appliance doesn’t work, its failure is fairly contained, making troubleshooting far easier.
“There is no mixed vendor interaction on an appliance, giving you only one throat to choke when something goes wrong,” says Chris Majauckas, computer technology manager for Metrocorp Publications in Boston.
Another appealing factor for overtaxed network teams is the fast route to deployment appliances offer.
“Organizations have been giving more responsibilities to the network team than the network team can absorb quickly. First, the network group needed to learn VoIP, and then it was about becoming experts at configuring acceleration appliances,” says Robert Whiteley, a senior analyst with Forrester Research. Adoption of new technologies such as these “can get stalled until the network team gets more comfortable with it. Appliances help move that along.”
Yet even with all the ease an appliance offers, network managers are getting tired of rolling out single-function devices that eat up rack space and don’t necessarily earn their keep.
“It becomes unmanageable to have a 7-foot rack of appliances and have to figure out how to get them all configured consistently so that an application behaves or is secured the way you want it to be,” says Joe Skorupa, a research director at Gartner. “There is going to be a backlash at least to get more consolidated appliances out of vendors so network teams are working with one instead of five.”
Building a better branch
The appeal of appliances first starts to fall away when branch-office discussions begin.
“You definitely do not want a lot of appliances in a branch office where there is limited IT staff,” Majauckas says. At his organization, the smaller offices have just one appliance on site. Smith agrees “it would be ideal to just have one or two devices at the branch.”
Fortunately, the branch represents an area where industry watchers believe network managers could more easily slim down the number of appliances installed.
“We believe the branch office can get down to just a couple of devices. You can do most everything you need to do in a server-less branch with two, maybe three, devices, which represents a big improvement,” Gartner’s Skorupa says. For instance, a branch office could function more than adequately with a router with integrated VPN, firewall and call-management technology and a WAN -optimization box that performs caching, compression and other features.
Yet the solution to excessive infrastructure may not be as simple as combining more functions in fewer boxes.
Industry watchers worry that force-fitting too many functions into fewer appliances will create different challenges for network managers. Multipurpose appliances (geared for security or acceleration, for instance) should work as promised, but Forrester feels vendors are quite a ways off from offering all-in-one solutions, such as the branch-office-in-a-box that combines wired and wireless connectivity, security, acceleration, communications and remote-management capabilities.
“By and large, the more moving parts you have, the less reliable your network is,” Whiteley says. “It will take a few years for vendors to cram all things onto a single box. Even though the functions may share the same sheet metal, there may not be a whiz-bang interface, and IT managers could need to maintain separate consoles for security, voice, acceleration and management.”
Gartner concurs. “There is no need to force functions that don’t fit together into one appliance,” Skorupa says. “You have to have the golden mix.”
Meanwhile, the trend toward multifunction devices is underway as such vendors as Fortinet, Secure Computing and Symantec couple security features such as firewalling, VPN and antivirus with monitoring and reporting capabilities. In the acceleration market, companies such as Blue Coat Systems, Juniper Networks and Riverbed have combined WAN-optimization capabilities, such as caching and compression with wide-area file services functions.
“Unified threat-management appliances and WAN-optimization tools evolved out of vendors developing features and productizing them as a single appliance,” says George Hamilton, director of Yankee Group’s enabling technologies enterprise group. “You could have three or four appliances performing a feature that are better as one overall product. Companies started to consolidate these, because they weren’t so much individual products, but more like techniques working toward solving the same larger problem.”
As some vendors grew, they were able to add more features to the product. For instance, Packeteer emerged as a traffic-management vendor and later added capabilities to accelerate HTTP, TCP, video and voice traffic. The multipurpose tools can appeal to network managers looking to minimize rack space or those seeking several features integrated from one vendor.
“Multifunction appliances can be great as long as performance remains good,” Majauckas says. Among the five appliances in his data center is one firewall/VPN gateway from SonicWall, which couples the two capabilities in such a way that Majauckas doesn’t have to reconfigure the device often. “Appliances work well with technology you can configure and leave alone for some time.”
In addition, multifunction devices eliminate some of the maintenance and support required on even low-maintenance appliances. “We look at solutions that somehow work to reduce the complexity of managing the network,” Smith says. “I really don’t want to have to buy 20 licenses to back up each server uniquely.”
Another emerging trend in network appliances is software. As ironic as it sounds, vendors such as Blue Lane Technologies and Proofpoint are delivering to customers virtual versions of their appliances that secure environments without requiring a bit of rack space.
Such software delivered on commodity hardware could be as easy to install as its physical counterparts, but also eliminate the capital investment in devices. “Virtual appliances are also easy to install, but you can have fewer physical devices and keep your network a bit simpler,” says Yankee Group’s Hamilton.
Some see the potential of building their own multipurpose appliances via virtualization . “I can imagine the next phase for acceleration appliances being virtual. You could have one server with four or five appliances doing acceleration, routing, caching and not have to support the hardware,” Smith says.
Others are realizing the technology falls in line with plans to build more fluid data centers.
Seth Scavette, information security officer at Matanuska Telephone Association in Palmer, Alaska, says using Proofpoint’s physical appliance has helped him capture “more junk than any other e-mail filter” and set up rules to keep the ISP compliant with regulatory standards.
When the vendor announced it would offer its software in a virtual appliance model, Scavette signed on. He included reduced rack space, increased flexibility and fewer shipping costs -- considering the long haul to Alaska -- among his reasons for choosing the virtual appliance.
“We have HP blade servers , so on a single blade I could load five or six services, servers or virtual appliances,” he says. “As the need for resources grows or diminishes, I can reallocate and move resources while they are still active and not interrupt services. Virtual technology is just killer.”