A virtual appliance is a software construct that runs as a virtual machine (VM), or guest, on a virtualization host such as VMware ESX or Microsoft Hyper-V. While running as if it were a VM (from the data center physical infrastructure aspect), the virtual appliance functions as if it were a physical device. There is tremendous opportunity for cost savings in the data center when replacing physical appliances with virtual ones, or when deploying new infrastructure with all-virtualized appliances.
Types of virtual appliances
Many appliances such as firewalls and security devices actually run on top of Linux-based operating system distributions. It can be a simple matter for appliance vendors to repackage their appliance as a Linux VM running the appliance’s primary application. Classic network devices like routers that run a proprietary operating system like Cisco Application Delivery Engine Operating System (ADE OS) can be distributed in Open Virtual Appliance (.OVA) format.
There are three broad categories of virtual network appliances to consider when looking to migrate or upgrade physical network devices:
- Security. Dozens of vendors offer firewall, anti-virus, and IDS/IPS (intrusion detection and prevention systems) in virtual appliance format.
- Application/WAN optimization. This category includes load balancers, cache servers, and application delivery controllers.
- Packet Forwarding. The newest category of virtual appliance includes routers and switches that replace their legacy, physical counterparts.
Virtual appliance vendors
Most vendors of network devices have been working on virtual appliance versions of their products for a few years. Here is a hyper-linked list of the more popular vendors with virtual appliance offerings, and the name of an application from that vendor.
- Barracuda: Spam & Virus Firewall 300Vx
- Check Point: Security Gateway Virtual Edition (VE)
- Cisco: Nexus 1100 Series Virtual Services Appliances
- Citrix: NetScaler Gateway Virtual Appliance
- F5: Enterprise Manager Virtual Edition
- Riverbed: WAN Optimization for Virtual Environments (Virtual Steelhead)
- Silver Peak: VX Series WAN optimization
- Vyatta: Brocade vRouter
Virtual appliance network access and monitoring
A virtual network appliance needs broad and robust connectivity to corporate network LANs, WANs, VLANs, and possibly the Internet. This can introduce a change or challenge to network shops that have traditionally only been concerned about providing local LAN access to their virtualization hosts. To leverage an Internet-facing virtual firewall appliance, or a perimeter network load balancer appliance, it may be necessary to add virtual switches to your VMware, Hyper-V, or Xen server virtualization plant.
Once you are dependent on virtual appliances for networking and other key functions, effective monitoring of the data center network and the virtualization host-based networks becomes critical. Here are listed some key metrics to track to make sure there are no surprises as you continue to move functions to virtual appliances:
Data center network monitoring
- Network performance – loss, latency and jitter
- Health of network devices and services
- Audit network bandwidth
- Track statistics of virtual networks
Virtual network monitoring
- Audit and compliance
- Traffic profiling and visibility
Virtual appliance administration
Unless you are using an administration interface provided by an outsourced service provider, such as a self-service portal, you will need to leverage one or more on-premise management platforms to administer the virtual appliances in the virtual networks. Evaluate virtual appliance solutions’ ease of management by considering these aspects:
- Consistent patching and administration experience across physical and virtual nodes
- Easy to scale up/down by adding either physical or virtual nodes
- Lower TCO by selecting the right fit solution for each application
John Joyner, MCSE, CMSP, MVP Cloud and Datacenter Management, is senior architect at ClearPointe, a cloud provider of systems management services. He is co-author of the "System Center Operations Manager: Unleashed" book series from Sams Publishing, and is developing cloud-based management solutions based on the Microsoft System Center 2012 suite. John is a retired U.S. Navy Lt. Commander 'Surface Warfare Officer', with the subspeciality 'Computer Scientist, Proven'. His tours of duty included Chief of Network Operations for NATO's southern region and network administrator aboard the aircraft carrier USS CARL VINSON (CVN-70).