The main selling point of application front-end appliances is dedicated hardware for functions like load balancing or processing SSL and HTTP, so virtualizing them seems like it would defeat their very purpose. Yet most vendors offer their products as virtual appliances, and F5 on Monday announced a new architecture intended to make full use of virtualization. F5 said that version 11 of its BIG-IP system helps the data center dynamically adjust to different conditions, rapidly provisioning network services by instantiating them on virtual machines. Its security platform also includes new features that protect against Web 2.0 attacks.

F5 makes virtualization fit with dedicated hardware by recreating the entire virtualization stack, from hardware to hypervisor to OS to software. "The key to a dynamic data center is managing application infrastructure from a strategic point of control that makes sense," Alan Murphy, senior technical marketing manager at F5, said in an interview.

The core of the new platform is virtual clustered multiprocessing (vCMP), a technique that F5 said can aggregate all of the physical resources in a deployment into a single virtual pool. "Under the hood, vCMP is like a hypervisor," said Murphy. "But it's custom written for our traffic delivery system on our hardware." However, F5 is giving customers choice--or hedging its bets--by offering versions that run on standard VMware platforms too.

The virtualization theme also extends to security devices, which can be controversial. While sandboxing processes in virtual machines is a useful technique to improve security, many enterprise users are reluctant to run security appliances themselves in a virtual environment. F5 thinks this isn't a serious concern for most of its customers.

"Companies like VMware have done an excellent job in locking down the virtual appliance," Mark Vondemkamp, director of security product management at F5, said in an interview. "The latest version doesn't have any shell support at all." However, in common with other security vendors that have gone down the path of virtual appliances, F5 isn't abandoning physically isolated devices for people who need them.

In addition to thwarting Web 2.0 attacks based on AJAX and JSON, F5 is hoping to take advantage of Web 2.0's social features through a community development site for iRules, the programmable filters used to customize the BIG-IP. Vondemkamp gave an example of a recent DDoS attack that used a botnet to exploit flaws in several of its customers' servers. "Our customers and community were able to write an iRule and load that on the box in near real time," he said. As a result, the F5 box was able to mitigate the attack even without patching the underlying flaw.

The updated software also includes some of F5's own analytics software. The vendor said it is in an ideal position to monitor traffic trends for functions such as business intelligence and capacity planning because its appliances already see nearly all traffic entering a data center and inspect it to route it appropriately and monitor for attacks. The box can collect multiple statistics of both users and the servers they are accessing, including latency, throughput, IP address, virtual server, and geographic location.

You can't afford to keep operating without redundancy for critical systems--but business units must prioritize before IT begins implementation. Also in the new, all-digital InformationWeek SMB supplement: Avoid the direct-attached storage trap. Download it now. (Free registration required.)