Skip Links

Next Step in Virtualization: Consolidating Network Appliances

By Dan Joe Barry, CIO
June 30, 2011 03:50 PM ET

CIO - Over the last few years, virtualization has been successful at helping companies reduce the number of physical servers in data centers, leading to savings in space and power consumption. However, there is one area where consolidation has been elusive: network monitoring, analysis and security infrastructure.

In modern data centers, ensuring reliable and secure operation is a must, which in turn requires an array of network appliances dedicated to monitoring network performance and usage as well as providing security. This infrastructure is no longer optional, but a pre-requisite, especially as data traffic increases and more services are consolidated into larger private clouds.

New technology developments now make it possible to consolidate network appliances using some of the same principles and technologies that were used to consolidate application servers, including intelligent adapters and intelligent data distribution mechanisms. The solution enables companies to further reduce their data center footprint, saving not only on capital expenses by eliminating appliance hardware but ongoing operational expenses associated with managing the devices.

An Abundance of Appliances

Running an effective and efficient IP network supporting multiple services requires a number of management tools. Some tools are software-based but, increasingly, many take the form of hardware appliances, such as:

* Network and application performance managers to monitor and analyze network usage

* Firewalls and intrusion detection/prevention systems to detect and block malicious traffic

* Data loss prevention systems to ensure sensitive information is not inadvertently shared outside of the organization

* Security event and information managers to profile network behavior and monitor for anomalies

* Data retention systems to log data for regulatory compliance

Many of these solutions are based on probe architectures, which capture and analyze data in real-time either in passive, off-line or active in-line mode as a "bump-in-the-wire." The challenge for these probe-based network appliances is keeping up with the speed at which traffic is delivered, as effective analysis requires that all data is available and none is lost.

Current Implementations -- and Limitations

Traditionally, appliances live at the edge of the network where the LAN meets the WAN. It's not uncommon that many network appliances need access to the same data on the same connections at the same time. These connections have traditionally been up to 1 Gbps, but now are increasing to 10G, 40G and even 100 Gbps to keep up with ever-increasing amounts of data traffic.

Technology and network appliance products that are widely deployed today can capture all traffic for analysis without packet loss across multiple 10 Gbps Ethernet ports. However, the majority of these are single-server implementations focusing on a specific task. This means that several network appliance devices need to access the same data at the same time.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News