Are appliances here to stay?

Computing appliances promise simplicity, but do they deliver? ZDNet Australia investigates.



Computing appliances promise simplicity, but do they deliver? Simon Sharwood investigates.


Contents
Introduction
A changing market
The appliance-making appliance
Do they really scale?
The ease-of-use myth
Walking the appliance road
Taking a holiday from spam
What about the disks?

Imagine being forced to use nothing more than a stove to cook everything you ever wanted to eat. You'd quickly find that using a saucepan to boil water is easy, and a pair of tongs is all that's required to make toast. But once you got bored with boiling and burning you'd quickly fill your kitchen cupboards with an interesting assortment of implements to let you bake, grill, stew and do other more interesting things to food.

Even with this array of tools, you'd be limited in your choices. Pot roast, after all, is nice but it does not produce properly golden potatoes. You see because most people like their potatoes golden brown, they will purchase an oven for roasting, the same as they will buy a toaster for toasting, a kettle for boiling water, and a range of other kitchen appliances. Some even go so far as to invest in rice-cookers, bread makers, and other specialist appliances because they believe they do the job better than generic tools and leave the stove and the oven free for other tasks.

Vendors of computing appliances hope you think the same way about your data centre. Most will tell you that servers are like stoves: they put out plenty of processing heat but require the specialist software "implements" to create anything useful. Managing that hoard of implements and juggling for space on the stove creates management issues.

A single-purpose appliance, they argue, will be easier to operate, more reliable, and so much more effective at its designated function that your staff will be able to move on and work on more important matters than maintenance.

It's certainly a catchy message and one with impressive commercial credentials.

Cisco and its networking brethren, for example, are basically appliance companies. Their routers and switches perform functions that were once the province of servers, but do so in a sealed box that packs plenty of computing power, but has absolutely no pretensions to performing the server's Swiss-army-knife trick of tackling any processing task.

Network Appliance is another vendor that made its name and a considerable fortune spruiking the simplicity of appliances, sparking the flattery of imitation from even industry giant EMC. The likes of Google and Nokia also offer appliances, for search and security respectively, while in recent years dozens of others have arrived in the market with appliances performing tasks as varied as bandwidth management, e-mail security, anti-virus and DNS serving.

All use the same core arguments to support their approach: appliances are simple devices that do one thing well and remove the hassle of tuning, maintaining, and securing an operating system. Appliance vendors are also unanimous in asserting that their products need only be connected to a stray port on a switch to commence operations and then require almost no maintenance.


Contents
Introduction
A changing market
The appliance-making appliance
Do they really scale?
The ease-of-use myth
Walking the appliance road
Taking a holiday from spam
What about the disks?

A changing market
While appliance vendors' arguments are very similar, their products increasingly fall into two camps. "A couple of years ago an appliance was a black box," says Gartner's Asia-Pacific research director for servers and storage Phil Sargeant. "It was almost a magical thing."

Black boxes, or "pure" appliances, are still favoured by many vendors. Designed from the ground up for a particular computing task, pure appliances generally have a custom motherboard holding all components, and no moving parts other than fans and a sealed box. Software is often embedded in application specific integrated circuits (ASICs) and/or field programmable gate arrays to allow easier updates.

Pure appliances will often deploy the real-time operating systems most often associated with embedded computing. All configuration options will be immutably set as soon as the device leaves its factory, and changes will be made even harder by the fact the OS has been burned into solid state memory. Exotic CPUs are also common, as are "network processors", microprocessors devoted to managing network traffic.

Of course, custom hardware development of this variety is expensive, and while appliances are a booming market they ship in nowhere near the volumes achieved by personal computers and PC-servers. Real-time operating systems are also expensive and eclectic. Yet demand for appliances is strong. Some vendors, therefore, see "hybrid" appliances.

"Now the lines have blurred between an appliance and a server," Gartner's Sargeant says. "An appliance is really just a server that does one thing." This definition is reflected in the fact that many hybrids use commodity PC or server technologies as a way into the market.

Hybrid appliances are hardened by removing certain hardware elements or using them in configurations that disable known risks. Hybrid appliances also lock down their operating systems, usually by using customised versions of Linux or Microsoft's little known program to enable "Windows Powered Specialized Servers" that uses a special cut of Windows Server 2003. Some hybrids even revert to storing the operating system on a hard disk, despite the risk of mechanical failure.


Contents
Introduction
A changing market
The appliance-making appliance
Do they really scale?
The ease-of-use myth
Walking the appliance road
Taking a holiday from spam
What about the disks?

The appliance-making appliance
The popularity of hybrid appliances is such that Forrester Research analyst Robert Whitley now sees OEMs starting to offer basic appliance architectures that vendors can use to enter the appliance market quickly and affordably.

"We are beginning to see 'meta-OEMs' offering off-the-shelf appliance architectures," Whitely says. "You can see the same code and the architecture over and over again in different appliances." This commonality, he fears, erodes the security credentials of appliances. "Should a vulnerability be found in one of these appliance architectures, you could have a wide-scale problem," he says, citing the much-loathed scramble-to-path operating systems.

And while proponents of the hybrid and pure approach to appliances share the same vision, the potential for this kind of vulnerability fuels friction between the respective camps.

"I think it is important to draw a distinction between appliances with their own microkernel and those that use Linux or another operating system," says Steve Bracken, system engineer at Network Appliance. "An appliance layer running on an OS that is running locked down may not be as hardened as a device designed from the ground up as an appliance."

"It is harder to build from the ground up but you get better results than just jumping on the flavour-of-the-month appliance bandwagon."

The counter-argument in favour of hybrid appliances is that the expense of "pure" appliances can be crippling.

"I have customers with 1GB of RAM they took from a server on their desks and they ask me, 'Can I put this in my appliance?'" Mike Bessey, systems engineer with e-mail management appliance vendor IronPort, says. "I have to tell them that we build with pre-fixed configurations and there is nothing you can do about it. The appliance might no even recognise new RAM."

Nor can the appliance accept a new processor or other quick performance-boosting upgrades. "We say that if you want more performance, you have to go buy a bigger, better IronPort," Bessey says. He also concedes that physical failures for appliances can be costly. "A PC server uses a AU$20 network interface card. If it breaks, you buy another one. If the network interface on an appliance motherboard goes, you might need a whole new motherboard."


Contents
Introduction
A changing market
The appliance-making appliance
Do they really scale?
The ease-of-use myth
Walking the appliance road
Taking a holiday from spam
What about the disks?

Do they really scale?
The manageability and scalability of the appliances is also being questioned, especially by justifiably cynical IT professionals who have had experience with supposedly well-architected systems fail to scale, supposedly secure systems breached, or encountered maintenance issues with products promoted as either highly manageable or bulletproof.

IronPort's Bessey believes one manageability issue is actually created by the fact that appliances are so locked down.

"Customers ask if they can run a script to deal with the one weird thing in their environment they can't do without," he says. "With a general-purpose computer or an almost-appliance you can add applications. But the more appliance-like it is, the less you can put your own stuff there." The result can be inflexibility that either creates the need for a hard-to-manage work around or robs a business of some nice-to-have functionality.

Paul Wilkinson, a senior consultant with Dimension Data, also recommends caution when considering appliances because the concept alone does not deliver security.

"I have seen a few presentations from appliance vendors, and they always say Windows is a risk and attracts attacks because it is the most common platform. Then they tell you they are secure because they have their own code," Wilkinson says.

"For me, that means appliances have a lower target profile but it does not mean that its code is actually better."

Wilkinson therefore warns customers to be a bit careful. "Challenge vendor's claims," he suggests, adding that he feels appliances can sometimes introduce unwelcome complexity to an enterprise. "If you are a large organisation and decide to use appliances for one or two roles, you can create islands that create a new management challenge."

That management challenge can sometimes be a result of the appliance promise of low- maintenance requirements, which lulls IT staff into a false sense of security.

"I don't think end-users are thinking about scaling or redundancy with appliances," Gartner's Sargeant says.

Network Appliance's Bracken agrees. "We had a customer with a fully redundant failover implementation of our appliances, but then someone did an upgrade to all of their DNS servers," Bracken recalls. "There was no change control -- some of the authentication servers failed over, some did not." The result was chaos for users.

"It was a process problem, not a tech problem," Bracken points out. "But this was an example of a customer making a very carefully planned [upgrade] but failing to include appliances' dependencies in their plans."

Bracken also admits that appliances do not free an organisation from the need to plan large-scale implementations.

"Imagine you want to use appliances as storage devices in remote offices and then mirror that data back to a central appliance at head office," he says. "You can't do that unless you start out with the business requirement so you know if you are doing it to replace tape at the edge of the network to improve restore times."

Once the business requirement is in place, the other IT tasks required will be much easier to identify.

"You'll identify a need for a bandwidth utilisation strategy; maybe consider how to use Peribit's bandwidth-management appliances to help," Bracken says.

"So there is planning involved. If all you are doing is replacing a file server with network attached storage it is a no-brainer, but for wider use, some planning and optimisation of third party components is necessary."

This need for planning evokes the scalability issues often associated with many Windows NT 4.0 installations. Departments will create solutions to meet their needs, but implementations designed for single servers would then struggle to scale when pressed into wider use across an enterprise. This is a result of businesses failing to appreciate the necessity of creating enterprise-scale architecture to deliver enterprise- class performance.

"It's a fair assessment to say that deploying appliances to repeat the success of a small implementation risks repeating the Windows scenario," Forrester's Whitely says. He says would-be users must therefore consider an enterprise-wide appliance plan just as they would consider a plan for an enterprise-wide client/server architecture.


Contents
Introduction
A changing market
The appliance-making appliance
Do they really scale?
The ease-of-use myth
Walking the appliance road
Taking a holiday from spam
What about the disks?

The ease-of-use myth
Appliances may also require more configuration and maintenance than marketing messages would have you believe.

Most are certainly the subject of regular updates to firmware, even if those updates are not as voluminous or important as those Windows server users have become accustomed to.

IronPort managing director Mike Bosch also concedes that his devices require a little more work to set up.

"Our entry-level product comes with a single sheet with six instructions and that is about it," he says. "You open a hole in the firewall on port 425, connect it to your network give it an IP address, and redirect current mail from existing gateway to the IronPort."

To get the machine to perform productively, or to adopt policies previously embodied in software, can take longer.

"The one thing that may take some time is transferring the rules from mimesweeper," or similar content management applications that run on a server according to Bosch. "It can take a couple of days to convert previous inbound and outbound scripts to our mail filter."

Sven Radavics, director for sales security appliance vendor WatchGuard believes the end user should actually expect to spend more time maintaining appliances than marketers would have them believe. "Some of the marketing for appliances hurts the appliance story in the long term," Radavics says. "People see terms like 'plug and play' and get disappointed."

"A firewall appliance is performing a complex and important task. But to safeguard your security you really need to monitor the logs that it produces.

"We see people that never look at the logs. They have an attitude that this is an appliance they can set, and then forget," Radavics says, adding that this can increase the security risk.

Ongoing maintenance is another issue where appliances do not always deliver on their promise.

Gartner's Sargeant and Forester's Whitely both say that just because appliances require less support than servers, does not mean they don't warrant careful attention.

"Things still go wrong," Sargeant says. "And the more appliances, the greater the management requirement."

Most appliances will offer their own non-standard management consoles. Sargeant says this means that getting abreast of them can be a costly hassle.

Interoperability can also be a problem that can make it difficult to use complementary appliances alongside each other, or to build stacks of appliances that work together to provide a range of computing services.

"You should not expect your new shiny Juniper box to work alongside your old Cisco devices," Whitely says. "There will be a disconnect in the experience."

Appliance vendors are currently collaborating on management standards to allow greater interoperability and manageability -- an effort that is quite advanced in the storage arena but nascent elsewhere.

Other vendors are emerging specifically to deliver redundancy and manageability for appliances, achieving the latter by allowing appliances to be included in enterprise security policies instead of requiring individual configurations for appliances.

Overall, the trend is for GUI-driven management consoles to replace command-line interfaces, and for the use of standards that make it easier to virtualise appliances or manage them though overarching enterprise or network management suites.


Contents
Introduction
A changing market
The appliance-making appliance
Do they really scale?
The ease-of-use myth
Walking the appliance road
Taking a holiday from spam
What about the disks?

Walking the appliance road
These steps represent considerable and welcome evolution of appliances, yet the fact that these steps are even necessary highlights their immaturity.

"Like any new tech in its early days, appliance can be sold on a single value proposition," WatchGuard's Radavics says.

But Radovics feels it is not immaturity but over enthusiasm which is the greater barrier to the success of appliances.

"The business model needs to be there to support an appliance-computing model," he says. "What I get concerned about is people who get sold on the appliance strategy and change the IT strategy to meet the limitations of appliances."

Perhaps that's the main lesson to be learned about the appliance market today. Any appliance-buying decision must take into account the relative merits of the pure and hybrid approaches and the constraints that come with them, instead of blithely accepting the appliance vision and assuming that all such devices are equal.

Buyers will also need constand reminding of the fact that that the lower maintenance requirements of an appliance do not necessarily translate into less complex purchasing decisions or planning requirements.

Organisations will have to contemplate how appliances can become a part of their overall IT diet. Just as a diet comprised of variations on a single recipe would struggle to meet your nutritional needs, today's appliances cannot satisfy all of a business' computing needs.

The abilities of appliances may appear to be improving with every passing month -- for the foreseeable future anyway. This means that appliances, while they seem certain to be on the menu at the moment, still have some way to come before becoming a staple part of the computing diet.


Contents
Introduction
A changing market
The appliance-making appliance
Do they really scale?
The ease-of-use myth
Walking the appliance road
Taking a holiday from spam
What about the disks?

Taking a holiday from spam
Tourism Australia had a problem. The volume of spam sent to its 400+ e-mail addresses was so high that it was becoming increasingly difficult for its staff to plough their way through their day's messages. Yet the company's experiences with automated spam control software resulted in unacceptable numbers of false positives being deleted before they reached the intended recipient.

"We used to have a dedicated person to read the subject line and header of every e-mail to see if they should come through," says the organisation's chief technology officer Roberto Martinelli.

Martinelli says this was an expense that he recognised was not sustainable in the long term -- it was this that led to him making the decision to investigate using IronPort e-mail monitoring appliance for the job.

"We did a pilot and it was as simple as advertised," he says. "The success rate has been 99.5 percent for spam and antivirus and the false positive rate was much lower: just what we wanted."

The organisation now operates one appliance alongside its single e-mail gateway, and despite the fact it operates several offices Martinelli finds it more effective to operate a single gateway than to arrange and maintain remote deployments.

"If our network configuration was distributed e-mail servers, the appliance configuration would be different. But the setup of our organisation suits IronPort."

While the person employed to monitor e-mail is no longer required, the appliance is not entirely maintenance free.

"Day to day we do nothing," Martinelli says. "I look at it from time to time and get the occasional e-mail advising of updates. The business rules also need a bit of a review from time to time too." Through a command line interface the organisation finds familiar as the same tools are required to manage it servers.

Overall, however, the organisation's experience has been very positive and Martinelli is now considering other appliances.

"When I started reading all the documentation they provided for me I said 'yeah, I have seen this all before' but we have resources to manage -- this is where an appliance becomes very attractive. This is our first appliance but it probably won't be our last because so far it has proven very easy to use."


Contents
Introduction
A changing market
The appliance-making appliance
Do they really scale?
The ease-of-use myth
Walking the appliance road
Taking a holiday from spam
What about the disks?

What about the disks?
Storage experts recommend regular replacement of disk and tape devices, generally once they reach the end of their warranty.

"If a hard drive has a three-year warranty, it probably has a three-year life-cycle," Guy Riddle, of CBL Data Recovery, a company that restores data from damaged storage media, says.

"If you plan to keep a three-year-old device in service, I recommend replacing its hard drive." Mike Sparks of tape specialist Quantum makes similar recommendations.

"When the warranty of your tape drive runs out, consider a migration," he says. "It works out pretty well because in three years there will have been new generations of technology and tape capacities will have quadrupled. When you migrate you will only need one quarter the amount of tapes and they will be four times faster."

Network Appliance's Steve Bracken feels differently. "We would not tell a customer to swap out their disk drives because they are out of warranty [even though] the most common reason for breakages [in our appliances] is disk drives and fans. We plan for that using redundant architecture,"he says. The company also offers a slick services organisation.

"Enterprise customers want two-hour response times for on-site support," he says. "To enable that, you need an alerting process."

"Our appliances automatically send e-mails to our support team as soon as anything goes awry. In the USA we can even arrange to have products shipped to end-users without human intervention."

This article was first published in Technology & Business magazine.
Click here for subscription information.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All