The performance hit of virtualization means that a virtual appliance can't yet match a dedicated server, so Vordel currently aims its virtual version more at testing and integration than production. Layer 7 started as a vendor of custom appliances with dedicated XML and SSL silicon, so it sees virtualization as an entry point to smaller customers that can't yet justify specialized hardware. But while "software-only" may be a budget-minded mantra for now, it's likely that virtual appliances will soon be used in businesses of all sizes.
Virtual machine performance is increasing rapidly, and the flexibility that virtualization brings is particularly useful in SOA. As new services are rolled out and reused, the SOA infrastructure needs to adapt, and virtualization lets hardware quickly be reassigned between roles. But sharing hardware resources requires that other servers be virtualized, and that can introduce security issues. Although few VMware security vulnerabilities have been reported, the complexity of managing multiple VMs may make it more likely that traffic will accidentally bypass a firewall (see our feature on virtualization security in the Aug. 20 issue of Strategic Security).
Because of SSL's popularity, SSL acceleration is ubiquitous in security gateways: Even virtual-appliance vendors support hardware with SSL accelerator cards. XML acceleration is much rarer, with only Layer 7, Cisco, and IBM boxes including dedicated XML chips; IBM builds its own, Cisco and Layer 7 rely on Tarari. This is partly because of Intel's use of its Sarvega technology--Layer 7 believes that the hardware market will gradually transition to software--but mostly because there hasn't yet been much demand for application-layer acceleration.
Still, rich Internet applications don't let Web servers off easy. While they may reduce XML traffic, RIAs can dramatically increase the number of HTTP connections that a server has to deal with. Instead of waiting for a user to click on a link, most RIAs run in real time, initiating new connections every few seconds. Servers overloaded by this can often benefit from SSL acceleration and other AFE techniques, including load-balancing and HTTP compression.
Photograph by Tim Flach/Stone/Getty Images
WS-* Security Standards: Too Much Of A Good Thing?