Jump to content

Virtual security appliances

Add links
From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Johnupeterson (talk | contribs) at 21:23, 22 January 2008 (Created page with ''''Virtual Security Appliance''' A Virtual Security Appliance is a computer appliance that runs inside virtual environments. It is called an appliance because...'). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Virtual Security Appliance

A Virtual Security Appliance is a computer appliance that runs inside virtual environments. It is called an appliance because it is pre-packaged with a hardened operating system and a security application and runs on a virtualized hardware. The hardware is virtualized using hypervisor technology delivered by companies such as VMWare,Citrix and Microsoft. The security application may vary depending on the particular network security vendor. Some vendors such as Reflex Security have chosen to deliver Intrusion Prevention technology as a Virtualized Appliance, or Patch Management technology delivered by Blue Lane while others like Montego Networks have chosen to deliver multi-layered firewall technology. The type of security technology is irrelevant when it comes to the definition of a Virtual Security Appliance and is more relevant when it comes to the performance levels achieved when deploying various types of security as a virtual security appliance. Security Appliance History

Traditionally, security appliances have been viewed as high performance products that may have had custom ASIC chips in it that allow for higher performance levels due to its dedicated hardware approach. Many vendors have started to call pre-built operating systems with dedicated applications on dedicated server hardware from the likes of IBM, Dell and offshore brands “appliances”. This terminology although heavily used now has strayed from its original roots. Companies such as NetScreen Technologies and Tipping Point defined security appliances by having dedicated hardware with custom ASIC chips in them to deliver high performing Firewall and Intrusion Prevention technology respectively. These companies defined there specific markets in the early 2000-2004 time frame.

Modern day use of the term

Security Appliances during that time not only had custom ASIC chips and dedicated hardware but also was delivered on hardened operating systems and had pre-install security applications. This capability delivered performance as well as ease of installation and as a result, software vendors began calling pre-installed security applications on general purpose hardware, “Security Appliances”. This model became so appealing that pure software vendors such as CheckPoint Software began shipping pre-built operating systems with their security applications after a long history of selling software that had to be installed on existing customer hardware and customer operating systems. The shift to virtualizing hardware With the explosion of virtualization technology that has brought on the ability to virtualize hardware and create multiple software computer instances, it became apparent in 2005 by security vendors that a new method of deploying their security appliances was on the horizon. For the first time in history a vendor could now deliver a hardened operating system with a pre-installed security application that promised ease of deployment without having to couple a dedicated hardware device.

The Challenge

With all new technologies comes trade offs and in the case of virtual security appliances the trade off is many times performance restrictions. In the past, companies such as Tipping Point delivered Intrusion Prevention technology in an appliance form factor and provided the highest levels of performance by leveraging custom silicon chips called ASICs and dedicated hardware. Today, companies such as Reflex Security and Blue Lane that are virtualizing Intrusion Prevention and Patch Management technology are challenged with delivering optimal performance levels because in the virtualized world, applications and operating systems share computing resource. In the physical appliance world, those resources are dedicated. Many have argued that low intensity security applications such as Firewall technologies are better suited for virtual security appliances than high intensity security applications such as Intrusion Prevention. Why is this? This is because Firewall technologies typically inspects smaller amounts of data such as TCP & UDP headers whereas Intrusion Prevention technologies look at the entire packets and deep into the payload. The other reason is for performance challenges are because IPS technologies typically run their security processes in User Space vs. Kernel Space. Firewall technologies traditionally run in Kernel Space which also provides for faster performance due to it being married tightly with operating system and low level network driver calls.

The luxury disappears

To overcome these limitations, ASICs and Multi-Core processors have traditionally been used with IPS applications. This luxury is not available in virtualized environments because customers want to use their CPU cycles for end user applications and not security. Using large amounts of compute cycles for security defeats the purpose of server virtualization.

Retrieved from "https://en.wikipedia.org/w/index.php?title=Virtual_security_appliances&oldid=186197826"