IT appliances: Avoid overdoing it

Having too many single-purpose devices leads to complexity instead of simplicity

Set it and forget it isn’t only a mantra for infomercials for kitchen rotisseries. The idea has also spread through information technology departments. In this case, the amazing machines are appliances — stripped-down, single-purpose computers that can tackle tasks ranging from network management and security to information retrieval and business analysis. This year, the market for security appliances could top $4 billion. Despite their popularity, the set-it-and-forget- it dream isn’t always reality. Appliances are designed to simplify the IT manager’s life, but each new device introduced into a data center can add managerial complexity to the work of an overburdened staff. The strategy of adding to the hardware headcount rather than reducing it also runs counter to another popular trend in government IT departments — packing multiple virtual servers into shared physical computers to reduce hardware maintenance and power costs. All of this causes some observers to warn that unless appliances are installed judiciously, any chance for simplifying operations will quickly evaporate. “The whole appliance issue is a bit of thorn in the side of IT executives,” said Andreas Antonopoulos, senior vice president at Nemertes Research. “If each one is a silver bullet, what you don’t want is for your infrastructure to become a bucket of silver bullets. You need a framework to tie everything together.” Appliances are understandably popular as IT managers bypass the sometimes complex task of integrating hardware and software to solve a particular business problem. Instead, they simply plug in a dedicated computer or blade server configured by the vendor to work immediately. Typical appliances include the application and an operating system, sometimes a stripped-down version of Linux named juice or JEOS, which stands for just enough operating system. “People don’t have to know a lot about Linux or Windows or anything else,” said Adam Powers, chief technology officer at LanCope, a maker of network analysis appliances. “They just follow the installation guide by pointing and clicking their way through a simple Web user interface, and they’re good to go.” Many vendors also ease maintenance and upkeep by providing downloads of application revisions or security patches — sometimes feeding the changes automatically to the device through secure Web connections. The latest appliance designs take advantage of blade formats that slide into a rack-mount chassis to share power and power-protection resources. Meanwhile, such benefits continue to drive appliance sales. For example, security appliances, the largest category, could grow by about 37 percent to $5.5 billion in the next three years, said Victoria Fodale, program manager and analyst at technology researcher In-Stat. Unfortunately, potential problems may lurk behind those benefits, analysts say. For example, the flipside of single-purpose designs is a take-what-you-get reality. “The biggest historical problem with appliances is that people often want to make certain modifications; they don’t want quite what’s off-the-shelf,” said Gordon Haff, principal IT adviser at technology consultant Illuminata. “But once they start modifying appliances, you lose the benefit of having one in the first place.” What some call a conga line of appliances connected to an agency’s network can also present management problems, Haff said. “If you end up with many different appliances from different vendors throughout your infrastructure, you can potentially end up complicating your environment instead of simplifying it,” he said. However, some government IT managers say conflicts among appliances competing for network resources are rare. “The real question is [whether] you have a robust-enough general architecture that you can partition the architecture to take care of specific functions,” said Daniel Mintz, chief information officer at the Transportation Department. “It’s a bigger issue than whether appliances clash or not.” A valuable tool for organizations with a number of appliances is a central management console for troubleshooting and monitoring appliance performance. Many appliance vendors offer central management applications. “The management piece is becoming important because the way for some vendors to differentiate their solutions is through ease of management by having consistent interfaces,” Fodale said. However, many appliance vendor consoles work only for one company’s product line, necessitating monitors for each appliance category. A partial alternative comes from some more flexible, category-specific options. For example, companies such as Arc- Sight, IntelliTactics and NetForensics sell security information management systems that can provide central control for security appliances from a range of vendors. Broader solutions include enterprisewide network management systems, such as Hewlett-Packard’s OpenView and IBM Tivoli products, which can monitor a range of devices connected to internal networks. Appliance red flags include the automatic updates meant to ease users’ maintenance burden. Service contracts that pay for the updates can increase the cost of an “This is why hardware vendors love appliances,” Fodale said. “The box is just a fraction of the overall cost. You also may pay a license fee that you have to update every year.” Ongoing fees represent more than 50 percent of some appliance vendors’ revenue stream, she said. Security can also be a concern. Appliances are often self-contained, so users don’t always have tools to verify security settings in general-purpose servers. “I can’t get in there and audit it myself as a consumer,” Powers said. “I have to trust that the vendor has secured the box.” Fortunately, appliances that support two network management standards — such as Simple Network Management Protocol and Syslog — can automatically create a log of any change to a device’s configuration, such as adding a software revision, rebooting the box or removing it from the network. The logs provide proof for auditors that the equipment is being maintained to comply with security regulations. “Appliances are closed, so that means an administrator can’t just go in and blow away these logs,” Powers said. “It’s not even physically possible for them to do that, and that’s a good thing because the administrator, unfortunately, can’t always be trusted.” Meanwhile, some IT managers take a philosophical approach when weighing the pros and cons of IT appliances. The Education Department, which contracts with outside providers for many IT services, prefers to let those companies make decisions about when appliances are appropriate. “I don’t care if they use appliances as long as I’m confident they’re secure, they’re configured in accordance with all the government’s rules and we’re getting the level of service and outcomes that we contracted for,” said Bill Vajda, Education’s CIO. “If it costs the vendor $100,000 to do that with one device and 50 people or with 50 devices and one person, that’s their concern, not mine.”

Meeting virtualization

To some, the proliferation of single-purpose hardware appliances and space-saving server virtualization are contradictory trends. However, a maturing technology development may eventually bridge the resulting gap.

Virtual appliances combine the concept of single-purpose software solutions with virtualization’s aim to pack multiple virtual servers into a single machine. Virtual appliances offer the plug-and-play benefits of appliances, except they’re delivered entirely as software so organizations don’t have to add new hardware to their data centers, said Srinivas Krishnamurti, director of product management and market development at virtualization technology vendor VMware.

“Virtualization has opened up people’s eyes that a hardware appliance may be utilized only 5 to 10 percent of the time. So there’s a tremendous amount of computing power in that box that’s not being utilized,” he said. “So now people are asking, ‘What if I can get the same benefits of plug and play, but not get the hardware?’ ” Information technology managers at the Transportation and Education departments said virtual appliances are still too new to be part of their infrastructures.

But software vendors are warming to the market. Two years ago, only about six virtual appliances were on the market, Krishnamurti said. Today, IT managers have 600 choices that mirror the selections seen in hardware-based appliances, including ones for security, spam filters, firewalls and business intelligence, he said.

— Alan Joch

Executive summary

  • Special-purpose hardware appliances let agencies quickly deploy needed capabilities, such as security, search and storage. Having too many appliances can overwhelm information technology administrators and undermine agency configuration policies for device security.

  • Chief information officers should allow only appliances that provide system logs for verifying the devices' security profiles and are compatible with enterprise system management platforms.


  • — Alan Joch

    Appliances management

    Information technology appliances may make it easier to launch and maintain tightly focused IT capabilities, such as intrusion protection or network performance monitoring. Agency IT executives who want to avoid the money trap created by appliance sprawl should have staff members look for these features when evaluating new appliances.

  • Audit capabilities. Well-designed appliances shouldn’t require or allow IT administrators to customize security settings. Nevertheless, agencies still need documentation to prove the devices meet prevailing security regulations.


    Event logging can produce audits that show changes to the appliance, such as loading software revisions. For auditing capabilities, check whether a device supports Simple Network Management Protocol or Syslog, or both. Also ask the appliance vendor what specific types of events the device will log.

  • Central management consoles. Vendors offer add-ons for centrally managing their line of appliances, which reduces the time needed for monitoring performance or troubleshooting problems. Organizations that use products from multiple vendors for an appliance niche should consider consoles such as security information management systems that can help manage security appliances. Appliance-heavy organizations that need to manage devices from multiple vendors that cross multiple product categories should make sure their appliance choices support enterprise management systems, such as Hewlett-Packard’s OpenView or IBM Tivoli products, said Apurva Dave, director of product marketing at appliance vendor Riverbed Technology.


  • — Alan Joch












    Concrete benefits














    Management trade-offs






































    NEXT STORY: Secure desktops not just for Vista

    X
    This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
    Accept Cookies
    X
    Cookie Preferences Cookie List

    Do Not Sell My Personal Information

    When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

    Allow All Cookies

    Manage Consent Preferences

    Strictly Necessary Cookies - Always Active

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Sale of Personal Data, Targeting & Social Media Cookies

    Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

    If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

    Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

    Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

    If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

    Save Settings
    Cookie Preferences Cookie List

    Cookie List

    A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

    Strictly Necessary Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Functional Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Performance Cookies

    We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

    Sale of Personal Data

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

    Social Media Cookies

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

    Targeting Cookies

    We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.