What are the benefits and risks associated with consolidating many functions on a single device?
- Cal, Seattle, WA
The docs consult and deliver their opinion:
Dave Roberts of Inkra Networks says:
This question deals with one of the biggest problems IT managers are faced with today: complexity. With networks that often include hundreds or thousands of disparate appliances, each requiring its own management console, simply managing today's data center can be a nightmare. Hence the recent uptake of consolidated appliances, which offer multiple services all from one device. Why deploy five separate appliances if one box can meet all five of those needs?
This leads us into the benefits of consolidated devices. There are many devices on the market today that consolidate functions such as firewalls, VPNs, intrusion prevention or detection services (IPS/IDS), and other services into one appliance. This reduces the cost of purchasing multiple appliances (CAPEX) as well as the cost of configuring and managing these multiple appliances (OPEX). Ten years ago it was common practice to just add another one-box/one-function appliance into the network whenever more services were needed, which has resulted in the extraordinarily complex networks that IT managers are faced with managing today. Drastically reduced IT budgets and the need to reduce overall complexity have created the perfect environment for consolidated devices.
Besides reduced cost and simplified management, consolidated devices also offer the benefit of scalability, albeit limited. If you are currently in the market for a new firewall but know that six months down the road you are also going to need VPNs, then purchasing a consolidated device that includes both would be beneficial. This would enable you to "turn up" the VPN service when you were ready to make that upgrade, without having to make another trip to the data center to re-cable and configure a new appliance. The limitations, however, are that you can only "turn up" a limited amount of services before needing to purchase additional consolidated appliances.
While consolidated devices definitely have their benefits, there are inherent risks involved as well. One risk to consider when consolidating several services into one appliance is the introduction of a single point of failure in your network. Say you are using a consolidated device for firewalls, VPNs, and intrusion prevention and the device fails. You would immediately lose all connectivity. Depending on how separate appliances were deployed, you might have been able to escape with just a partial failure if the services were separate. In the worst case, however, traffic would still have to flow through the failed appliance and you would be no worse off. In order to avoid this, it is often best to deploy appliances, whether consolidated or not, in pairs to provide a backup in case of device failure.
Another issue to consider is the level of management consolidation that complements the feature consolidation. If several functions are consolidated onto a single device but each function still requires its own management interface, then you will still face the same "console-itis" you've been plagued with when managing multiple appliances. In fact, I'd term this "co-location" of functions rather than "consolidation" - the functions are separate but just happen to be resident in the same system.
It is also important to consider the difference between consolidated devices and virtualized devices. If you are going to need more capacity and functionality in the future, then you will need a virtualized solution, not just a consolidated one. With consolidation, you will still need to deploy more integrated appliances throughout your network in order to scale, bringing us back to the scalability limitations of consolidation discussed above. Virtualized products, which are currently available, allow you to deploy multiple instances of multiple services all from the same appliance by pooling IT resources and allocating specific tasks as needed.
Whether consolidated or virtualized, you will want to make sure the product has high availability features to maximize uptime, as well as appropriate management consolidation features to accompany the consolidation of functions.
Jeff Kaplan of THINKstrategies says:
I agree, consolidation and virtualization are two very separate concepts. The difference between consolidation and virtualization is similar to the difference between ROI and TCO. The purpose of ROI is to extract the maximum value from something, whereas TCO means lowering the very cost of owning it. Consolidation is an effort to reduce the cost of a technology by improving its operating efficiency and effectiveness, while virtualization seeks to maximize the value (in terms of both CAPEX and OPEX) of a technology through increased automation, scalability and the ability to offer multiple functions or services from a single platform.
As Dave mentions, data-center complexity is creating a lot of problems for IT managers. Both consolidation and virtualization can simplify certain aspects of today's complex data centers, and increase its productivity. Consolidation allows you to increase the performance of each device, while virtualization enables you to offer multiple services from each device. The difference here is the potential to replace five devices with one using consolidation, or to replace varying types of devices with one using virtualization.
One of the key advantages of the new data center is the ability to centralize your IT efforts around core technologies and business principles. One aspect of this involves consolidating your operations so that they can be better managed, and another aspect involves standardizing the nature of these technologies so that they can be better utilized. Ultimately, the new data center is headed towards a virtualized model that allows you to utilize more versatile technologies to respond to fluctuating IT demands and meet business requirements as they rise and fall. Virtualization technology adds value to a data center by increasing flexibility, scalability, ease of management, and responsiveness.
When making the decision to go virtual, however, you must also recognize that virtualization technology is still evolving. You should deploy this technology internally or via on-demand services incrementally so you can monitor initial deployments closely. This will permit you to ensure that your virtualization approach can clearly improve the performance of your existing systems without becoming a single point of failure or disrupting your operations. Virtualization offers the opportunity to simplify management while increasing scalability, but it is wise to take an incremental approach in order to ensure the success of your deployment.
Kaplan is managing director of THINKstrategies, an IT strategy consultancy in Wellesley, Mass. He can be reached at jkaplan@thinkstrategies.com.