The Pros and Cons of Virtual Appliances

By Andi Mann

(Back to article)

In the IT world, an appliance is a complete stack of functionality in a single, closed system. Typically this will include the hardware, operating environment, any required middleware, and the application functionality itself, all in a single pre-built, pre-configured device.

The analogy is often drawn to basic household appliances like washing machines, and to more ‘high-tech’ devices such as digital video recorders (DVRs), which are increasingly complex and computerized. The TiVo, for example, is a sophisticated Linux-based multi-media computer, yet it is entirely plug-and-play, requiring no software installation or knowledge of the underlying computing capabilities.

Just like these household appliances, IT appliances are intended to encapsulate complex, sophisticated computing functions, in an easy to use, plug-and-play device.

The world of IT appliances is mature and full. They have long been typical in many fields of IT, including:

  • Network management – routers, switches, application accelerators, KVM, and network monitors.
  • Storage management – pluggable storage, NAS and SAN devices.
  • Security management – hardware firewalls, VPN devices, and spam and virus filters.
  • Applications – especially Web servers, e-mail servers, and CRM systems.
  • In addition to traditional hardware-based appliances, a new category of appliances has recently started to emerge, called ‘virtual appliances’. Instead of shipping on a physical hardware device, as a traditional appliance does, these virtual appliances ship as complete environments, minus only the hardware. They are software only. Bundled into a virtual machine, this software is designed to abstract the operating environment from the hardware it runs on.

    Like a physical appliance, a virtual appliance will consist of a complete operating environment—operating system, middleware, Web server, database, application, etc.—but instead of the physical hardware, it will be packaged into a virtual format that is quickly and easily instantiated into a compatible virtualization environment.

    These virtual appliances run on top of server and operating system virtualization systems, including Microsoft Virtual Server, VMware Infrastructure or ESX Server, Xen, Linux Jails, Solaris Containers, Virtual Iron, Microsoft Virtual PC, or other virtualization technology.

    Due primarily to licensing concerns, most virtual appliances tend to be open source, free, or trial-only software.

    The Pros

    There are many advantages of virtual appliances. For example:

    Cost Effectiveness. The appliance model is very cost-effective. Without even the blade hardware of a physical appliance, virtual appliances are even cheaper than standard appliances. Further, most virtual appliances are free, open source software. Of course, you will still need hardware and software to run it but in many cases a spare server, or even spare capacity on an existing server, will probably do.

    Ease of Implementation. Virtual appliances come with the operating system, Web server, middleware, databases, and applications fully installed, preconfigured, integrated, and ready to go. Implementation mostly consists of simply decompressing the appliance file, and loading the resulting virtual image into the virtual server.

    Simplicity. Virtual appliances often come built with very slim, cut-down environments, running just the bare necessities to support the specific functionality that is required. This makes the operating environment more efficient, reduces integration issues, resolves most version conflicts, and removes the need to manually tune or optimize components.

    Security. A cut-down, hardened virtual appliance environment does just what is needed, and no more, so it is mostly protected from the exposures of unwanted and unneeded services (e.g. FTP, Mail, open Web server, management agents, etc.) and interfaces (open ports, APIs, etc.), that may be exploited by hackers or malware.

    The Cons

    Before anyone believes that virtual appliances are all positive, it is important to note there are significant problems as well. For example:

    Management Difficultly. The "black-box" implementation of virtual appliances makes it very difficult to integrate these systems into standard enterprise management, monitoring, problem diagnosis, and performance management solutions.

    Coverage. There are only a limited number of virtual appliances, and their range of coverage of features, functions, platforms, applications, and scope is nowhere near the vast range of choice offered by software solutions. This makes the choice of virtual appliances somewhat limiting.

    Security and Risk. Despite having some security advantages, the closed environment of a virtual appliance is also difficult to protect from malware and intrusion. Patching and configuration is obscured (and sometimes not even possible) and virtual appliances rarely come with sufficient security agents and toolsets (virus scanners, intrusion detection, firewall, malware detection, etc.).

    Support. Just like other open source code, virtual appliances generally contain a complex (and often undisclosed) mixture of software and frequently lack accountability for support when problems happen. The demarcation between suppliers is more complex, and users have no single vendor contact, and no clarity as to what components are involved.

    Virtual appliances do benefit from many of the same positive aspects as physical appliances. However, they also suffer from many of the same problems as both software solutions and physical appliances, as well as a few additional problems that are unique to virtual appliances.

    Like software solutions, they still need the additional cost of the operating environment and infrastructure, including hardware, software, licenses, etc. And they can easily suffer from compatibility issues with other systems and applications running on the same box.

    Like physical appliances, they are hard to maintain, do not provide open interfaces, and provide no ability to monitor or manage with standard system management agents. They are similarly difficult to secure adequately, and in fact are at risk from specific additional security exposures introduced by virtualization technologies.

    While virtual appliances seem like a very good concept, in most instances they actually suffer from the worst problems of both software and appliances, and are really not yet mature enough for mainstream production use.

    Hopefully they will mature as a market, and overcome these significant problems, because they show great promise. In the meantime EMA recommends enterprises seek to take advantage of their benefits for trial, demonstration, and proof-of-concept purposes only.

    Andi Mann is a senior analyst with Enterprise Management Associates, an independent industry analyst and consulting firm dedicated to the IT Management market.