A few years ago, I was in an organization responsible for security and performance. What a combination of responsibilities. Now I find myself in an equally interesting organization, spanning appliances and virtualization. Our appliance team develops highly optimized functions, including specialized hardware, while the virtualization team is busy removing all hardware dependencies.
The two industry trends toward appliances and virtualization are each fascinating in their own right, but are even more interesting when they join, creating what the industry refers to as a virtual appliance.
The term "virtual appliance" was coined by combining concepts from both appliances and virtualization. Before discussing the details of virtual appliances, let's first look at the fundamentals of both appliances and virtualization, and how they are combined to create this new concept.
A computer appliance is a computing device with a specific function and limited configuration ability. (paraphrased from Wikipedia)
The use of appliances is common in parts of the IT infrastructure, including networking and security, and continues to grow in other areas. Appliances are generally easier to use than creating similar solutions from general purpose hardware and software because the hardware and all required software come together as one purposed solution.
As shown in Figure 1, an appliance consists of the hardware, an operating system, middleware, and applications. Typically, the operating system and any middleware stack are customized and hidden from the end user. The end user only interacts with the appliance, which is carefully targeted and optimized for a specific purpose. Lifecycle functions, including maintenance, are typically done on the appliance, and not on individual components.
Figure 1. Example appliance
Virtualization is a broad term that refers to the abstraction of computer resources. (paraphrased from Wikipedia)
For the purposes of this article, we’ll focus on server virtualization, where a hypervisor layer exists, supporting the execution of multiple virtual machines on one physical server. Each virtual machine includes the application software and supporting middleware and operating system.
Virtualization is used to provide several capabilities, including server consolidation, isolation, rapid provisioning, and change management. Using virtualization technologies, applications are installed into virtual machines, complete with their own operating system and software stack, and can be run side-by-side with other virtual machines on the same physical server. The isolation feature enables applications with different prerequisite operating systems or middleware to be consolidated onto the same physical server for space and power conservation.
Beyond server consolidation and isolation, virtualization is also being used in rapid provisioning scenarios. In these scenarios, a golden virtual image template is developed and used in support of many applications. As shown in Figure 2, virtualization is used to provide standardized images, particularly for the operating system and related management and auditing capabilities. This standard image is viewed as a control point in many enterprises.
Figure 2. Example virtual image template
A virtual appliance is a minimalistic virtual machine image designed to run under a virtualization technology (for example, VMware or XEN). A virtual applicance is a fully-pre-installed and pre-configured application and operating system environment, whereas a virtual machine is, by itself, without application software. (paraphrased from Wikipedia)
Virtual appliances combine the all-in-one concepts of appliance packaging with virtualization, eliminating the tie to physical hardware. This provides some of the advantages of an appliance but with the flexibility to distribute as software only, along with the ability to consolidate multiple appliances on the same physical hardware. Removing the dedicated hardware requirement is particularly interesting in cases where the appliance application does not warrant a dedicated hardware system.
The concept of a virtual appliance provides a new pardigm for the packaging and delivery of software. Instead of shipping applications with traditional install programs, some companies are now choosing to ship complete virtual machines. This new packaging offers advantages to both the application vendor and the customer. These advantages include some of the most appealing characteristics of appliances along with many of the advantages of virtualization.
Figure 3. Example of using virtual appliances
Some key advantages of virtual appliances, as illustrated in Figure 3:
- Like an appliance, the application and all prerequisite middleware and operating system software is all pre-installed and configured. This eliminates the problems associated with customers installing the application on their own system, a common source of reported problems.
- Like an appliance, the specific image stack is controlled and tested together. This eliminates many of the different combination issues involved in testing traditional software, and significantly reduces the likelihood of dependency problems.
- Like an appliance, updates are received directly from the appliance vendor, and have been tested with the specific software levels in the appliance. This eliminates many of the incompatibility problems that occur between products.
- Using virtualization, the virtual appliance is running in isolation from other applications. Therefore, all applications on the same physical server do not need to use the same prerequisite software, nor do they need to be upgraded at the same time.
- Using virtualization, the virtual appliance is portable across different physical servers (assuming the same hypervisor is present). If the hardware needs to be taken down for maintainence, the virtual appliance can be quickly migrated to another server.
With all these advantages, you may be wondering: Why isn’t everything a virtual appliance? Well, while there are certainly many advantages to be gained from virtual appliances, the concept is still in its infancy, with some significant challenges to consider.
-
Operating system diversity
One of the common IT control points is the operating system. Central IT organizations control the versions of operating system being used, as well as upgrade and patching schedules. Virtualization with golden templates, as shown in Figure 2, provides an excellent tool for implementing this control through the implementation of standard horizontal layers within the templates.
By contrast, in the virtual appliance paradigm, the operating system is part of the virtual appliance delivery. The potential diversity in operating systems is apparent by looking at the operating systems in use with virtual appliances on VMware's Virtual Appliance Marketplace. The site includes appliances based on many Linux® distributions such as Ubuntu, Debian, rPath, RedHat, and SUSE, as well as custom Linux derivatives and other, non-Linux operating systems. Virtual appliances bring in different operating systems and different versions, forcing a vertical management approach for each virtual appliance stack, and causing the IT shop to lose their OS control point.
-
Audit control tracking
The diversity of operating systems can also introduce audit control challenges on top of the problem IT shops already face in verifying that systems are up to date with security and virus patches. Though virtual appliances claim enhanced security because a "Just Enough Operating System" (JeOS ) has lower vulnerability and requires fewer patches, the virtual appliance user does not know what operating system (or operating system subset) is in each appliance. The IT shop is now dependent on different appliance vendors for delivery of security fixes. Existing IT processes for both delivering security patches and auditing systems for patch applications will likely need modification to work for virtual appliances.
-
Control of updates
In addition to the audit of fixes, the loss of control for distribution of updates may also be a problem. For updates, virtual appliances often provide "automatic update" capabilities. However, most IT processes dictate testing procedures and control the timing and rollout of fixes. Given there are no existing virtual appliance management standards, individual virtual appliances each offering different approaches for retrieving and applying fixes will likely present procedural issues.
In addition, this loss of control presents a couple of other problems. Since all fixes must go through the appliance developer, this can present an additional delay. Companies cannot pick up fixes as soon as they are available from the individual products. Also, companies cannot pick and choose which fixes to apply. Many companies are leery of picking up fixes for bugs that they are not actually affected them, because experience has taught them that each additional fix picked up represents a chance for unintended consequences.
-
Extensibility and management
While appliances typically are "locked down" and additional software is not installed on them, virtual appliances differ significantly in the degree of lockdown, if any, that is done and expected. If a virtual appliance is locked-down, this can present a problem to IT shops with specific software they require be installed for each application. For example, an IT shop would not be able to add their corporate standard management agents. However, if the virtual appliance provider allows extensions, they must provide techniques to maintain these extensions during update.
-
Environment specific configuration
For virtual appliances to run in different environments, the stack must be localized to the new hosting environment (IP address, host names, and so on). Since very few applications actually execute completely by themselves, the virtual appliance configuration often necessitates communication with existing databases, directory servers, and other enterprise components. This localization might be complex and, in fact, be far from the expectations of an appliance.
-
Hypervisor prerequisite
In order for virtual appliances to run, a hypervisor supporting the virtual appliance must already be established on the physical platform and must be managed, patched, and so on. Depending on the hypervisor and the IT skill available, the establishment of a virtualization platform to execute virtual appliances could be a significant obstacle. Additionally, virtual appliances need to be developed, packaged, and tested specifically for different hypervisors (such as VMware ESX, XEN, and so on) increasing costs for the virtual appliance vendor.
-
Lack of standards
Virtual appliance standards do not exist today, but there are standards, such as Open Virtual Machine Format (OVF), under discussion. Packaging and management standards for virtual appliances will begin addressing some of these problems. As standards and new management products emerge, IT organizational processes will also need to adapt to support a wider use of virtual appliances.
Even with the problems described above, the benefits of virtual appliances are expected to drive more use, and understanding how they can be used in your environment is increasingly important. The path to developing virtual appliances starts with the same path as using applications in virtual image templates. The first step is understanding the separation between installation and configuration, and, in particular, any configuration that is dependent on the local machine (IP address, host names, and so on).
For IBM® WebSphere® Application Server, two recent developerWorks articles documented how to use WebSphere in virtual images:
- Using WebSphere Application Server in virtual image templates
- Automating the deployment and activation of virtual images
These articles can be used as the basis for creating virtual appliances with WebSphere Application Server.
Virtual appliances is an interesting new concept combining many of the benefits of appliances with the advantages of virtualization. Virtual appliances enable the delivery of pre-installed/pre-configured applications, all ready to go as virtual machines. The advantages of virtualization enable the virtual appliances to be consolidated onto the same physical servers and moved around across different servers. However, virtual appliances also introduce problems, particularly because they remove control points around the operating system, auditing, and management that many IT shops currently rely on to effectively run their operations. How emerging standards and new virtualization management capabilities develop will play a major role in how widely virtual appliances are accepted.
-
VMware’s Virtual Appliance Challenge - and the Winner is? from InfoWorld Virtualization Report, August 16, 2006
-
Comment lines: Could it be time to virtualize?
-
VMware Virtual Appliance Marketplace
-
What are the Benefits of Virtual Appliances: Enhanced security
-
Open Virtual Machine Format standardization effort within Distributed Management Taskforce (DMTF)
-
Using virtual image templates to deploy WebSphere Application Server
-
Automating the deployment and activation of virtual images
Ruth Willenborg is a Senior Technical Staff Member in IBM's WebSphere Technology Institute working on virtualization. Prior to this assignment, Ruth was the manager of the WebSphere Performance team responsible for WebSphere Application Server performance analysis, performance benchmarking and performance tool development. Ruth has over 20 years of experience in software development at IBM. She is co-author of Performance Analysis for Java Web Sites (Addison-Wesley, 2002).
Comments (Undergoing maintenance)
Table of contents
Local resources
My developerWorks community
Tags
Use the slider bar to see more or fewer tags.
Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).
My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).
Popular article tags |
My article tagsSkip to tags list
Popular article tags |
My article tags
