Gartner Blog Network


Virtual Appliances are Real

by Neil MacDonald  |  March 9, 2009  |  2 Comments

In previous posts, I discussed how security controls need to be virtualized to support the next-generation highly virtualized data center. I have also talked about how most of these virtualized security controls are delivered as “virtual appliances” – essentially a VM containing a preinstalled application service that you download and run on your virtual server infrastructure.

We are familiar with appliances in physical environments – like a washing machine. It plugs into iWasher.600pix.jpginfrastructure (like water and power) and focuses on providing a service (washing clothes) while hiding the underlying complexity from the end-user (most modern washing machines contain an embedded microprocessor and embedded OS that the user doesn’t have to deal with). We are familiar with physical appliances in our network infrastructure – like a network firewall. It plugs into infrastructure (like power and network connectivity) and focuses on providing a service (firewalling) while hiding the underlying complexity from the user (the embedded microprocessor and OS).

So let’s take this a step further. What if we now treat x86 compute cycles as infrastructure – in other words, we have virtualized the underlying hardware using virtualization platforms like VMware and Hyper-V. A “virtual appliance” such as a virtual firewall plugs into this infrastructure (in this case x86 compute capabilities and virtualized network connectivity) and focuses on providing a service (firewalling) while hiding the underlying complexity from the user (like the embedded OS). Conceptually, it’s exactly the same. Instead of plugging a physical appliance into a physical wall socket for power and a physical network socket for network connectivity, you “plug” the virtual appliance into a “virtual socket”  ( the virtual machine monitor “socket” that supports the VM).

For an example of what these look like and the types of services available, VMware has done a good job of creating an ecosystem for virtual appliances built to run on VMware’s virtualization platform. In comparison, Microsoft has made most of its software available to try out as virtual appliances, but hasn’t yet developed the ecosystem that VMware has.

Of course there are many significant issues that have to be considered before embracing the virtual appliance model, especially for security controls. However, the benefits (such as faster and more flexible deployment, potentially lower costs, reduced number of physical appliances, data center power/cooling consolidation and so on) outweigh the potential issues.

The good news is that a complete application (and embedded underlying OS) can be downloaded and installed onto your network in a matter of minutes. The bad news is that a complete application (and embedded underlying OS) can be downloaded and installed onto your network in a matter of minutes. Virtual appliances are real. Be ready for their introduction (with or without your knowledge or permission) into your environment.

Category: virtualization-security  

Tags: hyper-v  virtual-appliances  virtualization  virtualization-security  vmware  

Neil MacDonald
VP & Gartner Fellow
15 years at Gartner
25 years IT industry

Neil MacDonald is a vice president, distinguished analyst and Gartner Fellow in Gartner Research. Mr. MacDonald is a member of Gartner's information security and privacy research team, focusing on operating system and application-level security strategies. Specific research areas include Windows security…Read Full Bio


Thoughts on Virtual Appliances are Real


  1. […] you could deploy security controls like firewalls and IPSs with a push of a button in the form of software-based appliances? What if a virtualized security control was a tenth or a hundredth of the cost of the physical […]

  2. […] remember a demonstration about a year ago where an IPS running in a VM virtual appliance easily consumed 2 out of 8 cores in a multicore system. A 25% overhead for security controls […]



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.