Appliances on the network

Appliances remove a lot of the pain from installing point applications, but users must clearly define their needs

Traditionally, all the functions of a computer were written as software applications running on top of a general-purpose operating system.

The end user (either the home PC user or an IT department) would buy a computer, install an operating system or configure a pre-installed operating system, and then install applications on top of the operating system.

However, more specialised applications, such as firewall software, is increasingly being installed in computers or ‘sealed boxes’ specially designed for a particular task. These "appliances" may fulfil functions such as back-up, data warehousing, email filtering and anti-spam, file server, firewall, search, security and archiving and VPN.

Market analysts IDC says appliances have become the platform of choice in the secure content management gateway (SCM) market, promising lower costs, easy administration, easier management and support and efficient scaling. They can also integrate various security functions in one box.

Such devices also deliver unified threat management (UTM) and intrusion prevention or detection.

Vendors claim appliances are "plug and play" and can work almost straight away once taken out of the box. In the network appliance market, vendors include Cisco, Juniper Networks, F5 Networks, Citrix and IBM.

Data warehouse appliance vendors include Netazza, DATAllegro and Greenplum, with longtime software datawarehouse vendors such as Teradata, Oracle and IBM now packaging their software for appliance deployments.

Business Objects is also making its business intelligence software appliance-ready.

In security, we see vendors such as Check Point Software, WatchGuard and SonicWALL.

In Lan/Wan optimisation, we have vendors such as Fortinet, Packeteer and Riverbed Technology.

Adding to the trend, New Zealand-based network monitoring systems developer Endace last year announced it would offer its software as an appliance, claiming that was what the market was demanding.

However, analysts Gartner Research and Forrester warn there are now so many appliances that they are becoming unmanageable as organisations install too many.

However, vendors are responding by increasing the number of functions in a box, though Forrester says we are some way away from all-in-one "branch office in-a-box" solutions combining wireless, security, acceleration and remote management.

Check Point sells around half of its products as appliances. Australia and New Zealand Engineering Manager Steve MacDonald says there is massive adoption of appliances in the marketplace. These are now the strongest side of Check Point’s business. Devices range from small and simple appliances costing $600 right through to $50,000.

“It’s about cost reduction and simplification,” MacDonald says.

New Zealand is a market well suited to appliances because organisations here seek high-functionality at low cost, something which sometimes can only be delivered as an appliance.

HCheck Point, MacDonald says, provides open choice, with its technologies available either as an appliance, or through traditional software. He likens it to buying a house: either you buy a design off the shelf, or you customise your own house to suit to your own requirements.

Being pre-configured, appliances are easy to install and support. There is also one vendor to deal with, which makes it easy when there are problems. You avoid the finger pointing of the traditional hardware v software model.

However, appliances lack the flexibility of software equivalents, so IT managers need to take extra care in assessing their future needs, MacDonald says.

Fellow security appliance vendor Fortinet, which recently opened a New Zealand office, confirms a strong local market, claiming 30%-50% annual growth both here and overseas. New Zealand country manager Clive Levido says the drive towards appliances is being powered by consolidation, virtualisation and acceleration.

“Basically, they (users) are looking to get more efficiency out of their infrastructure,” he says.

In the security market, for example, new standards for credit cards to help combat fraud are also boosting sales.

Levido says appliances tend to be cheaper, easier to install and manage than software equivalents. But again, end users must think about future needs due to them having less flexibility.

However, he says, Fortinet appliances allow upgrading, so they are to some degree futureproof. Fortinet appliances also allow organisations to consolidate a number of platforms. They can also be "accelerated" meaning end users can get greater performance from devices.

Fortinet is also developing relationship with Riverbed Technology and Vmware, which allows Fortinet appliances to be virtualised.

“This allows our clients to put in a virtualised enterprise architecture that includes security. It delivers the same benefit to security infrastructure as Vmware does to the servers - reduced cost, increased flexibility and greater efficiency,” Levido says.

Steve Dixon, ANZ regional director of Riverbed Technology, also reports an "excellent" New Zealand market, noting a major deal with the Department of Conservation (see sidebar).

WAN optimisation devices are a mainstay for Riverbed. Remote users feel as if they are connected directly to the corporate network as the technology helps remove any blockages on the WAN.

Dixon likens the system to installing a turbocharger in a car, claiming WAN optimisation is one of the fastest growing areas at the moment. However, just as a turbocharger might be unsuited to a small car, end-users might have to similarly upgrade their hardware to handle the better performance it will bring.

His guide is, that if organisations have a problems on their networks, such as blockages, then depending on the latency of the network, WAN optimisation should work. It will also allow businesses to justify other projects, such as consolidating servers, centralising storage and back-up, removing Citrix, and installing VoIP and video.

Kiwi company Endace produces "DAG" cards that help make devices work faster.

Marketing VP Steve Gleave says customers can choose such a DAG Card for its Ninja Probe appliance that allows network monitoring, traffic capturing and reply, intrusion detection and other services.

Endace recently announced a partnership with Reuters to help the information supplier measure the latency of its market data distribution, to ensure subscribers needing fresh news for market decisions receive it promptly.

Such a technology is now being sold by the pair to other potential users.

However, Gleave says the limitation of appliances is in being able to do just the one thing. He says Endace allows some modification to let it support multiple applications, helping avoid the management overload warned of by Forrester and Gartner.

“Put one probe in your network and drive multiple applications - one single probe horizontally across vertical applications,” he says.

Be it appliance or software, vendors still stress technology. In security, for instance, UTM uses “state of the art deep packet inspections and services running on the appliance to protect organisations against today’s threats”, claims Kevin Swainson, networking and security manager at Renaissance, which distributes SonicWALL appliances here.

Scott Robertson, ANZ regional director for Watchguard, says such UTM offerings need several layers to ensure all activity is caught.

WatchGuard, he says, does not rely on signatures to protect devices, as signatures are heavily reliant on a fix after an attack or vulnerability is already identified. Instead, proxy architecture is used to provide the administrator with tools to defend from attacks even before they enter the network.

Robertson says most staff know not to receive .exe files though some forget or do not realise. However, a WatchGuard Firebox, with its proxy architecture lets the administrator strip any email of a .exe file, preventing an attack before it occurs.

“We don’t simply inspect the traffic of the content - we disassemble the packet down to the application layer to ensure the validity of the content and many other vendors don’t do that,” he says.

In deciding whether to install applications, Robertson says IT managers need to assess the current and future needs of their organisation and how the technology will help in delivering their security policy.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Fortinetriverbedcheck pointappliancesSpecial IDdepartment of conservation

Show Comments