Driven by greater use of the cloud and a desire for elastic, on-demand solutions, enterprises and service providers are looking to transform their network infrastructure by infusing agility and automation into their data centers—namely through the use of virtual appliances to deliver network services. In the process of architecting this new, more dynamic data center, they are recognizing that today’s network service virtual appliances lack one critical element: virtual appliance lifecycle management.

In theory, virtual appliances—such as firewalls, IPS/IDS and load balancers—promise new levels of agility and cost savings compared to physical devices. By leveraging virtual appliances, organizations will be able to speed new solutions to market and serve a broader customer base because of the ease of deployment. Additionally, according to SNS Research, virtual network services and the move to other software-based solutions could result in capex savings of up to $32 billion annually by 2020, as organizations will no longer have to roll out physical devices in the data center or at the customer premises to deliver each individual service. 

But in reality, without virtual appliance lifecycle management, true agility and savings only can be achieved after IT undertakes many manual, time-consuming and operationally expensive steps. The mindset of “set it and forget it” that was common with hardware no longer applies. Virtual services are designed to dynamically change to meet the needs of an application or environment, so more automation is required to ensure the full benefits of virtualization can be realized.

Tasks that require either manual intervention or a variety of appliance-specific tools include cloning, licensing, configuration, layout, relocation, monitoring, troubleshooting, upgrades, removal and service chaining, to name just a few.

Figure 1  – High-Level Steps in the Lifecycle of a Virtual Appliance (click to enlarge)

Each of the high-level steps seen in Figure 1 also need dozens of other actions to be taken as well. Figure 2 illustrates a sample of the actions required just to instantiate a virtual network service.

Figure 2 – Steps to Instantiate a Network Service Virtual Appliance (click to enlarge)

The challenges are exacerbated because organizations will likely deploy more virtual appliances than the number of physical devices currently in use. This means that each of these manual operations associated with deploying single virtual appliance must be repeated for hundreds or potentially thousands of virtual appliances. And, because the virtual appliances are comprised of software, they tend to be more complex to manage than the purpose-built hardware on which those services traditionally had been deployed. 

Because of these ongoing tasks, and the fact that the network environment is continually changing over time, virtual appliance lifecycle management must be a critical component of every enterprise’s or service provider’s strategy. Such a lifecycle management tool helps network administrators oversee the implementation, delivery, operation and maintenance of virtual appliances over the course of their existence.

Each vendor has its own specific tools for managing its virtual appliances, or users have to resort to popular, but basic, management tool. Most of these management tools are often limited to configuration, and are unable to take care of the full lifecycle – from spinning them up to applying the right licenses to uninstalling them when they are no longer needed.

To benefit from the agility and cost savings promised by virtualization, and not be slowed down by the current management challenges, enterprises and service providers require a solution that can support a broad range of network functions and is independent of any specific vendor. There are many who believe that lifecycle management can only be accomplished with a management tool designed for basic virtual machines controlled by the hypervisor, which is typically used by the systems administrators within an IT organization.

The problem with this approach is that systems administrators are typically server hardware experts, and having them shift to dealing with software-based services often takes them out of their comfort zone. While it may make sense to do this at the outset, obstacles will likely arise once services are deployed. For example, if a performance problem arises with a virtual firewall, there are individuals – from systems administrators to security professionals, who will be involved in trying to solve the issue.  However, when there’s shared ownership, the situation can quickly get complicated and security may be compromised as a result.

To eliminate the challenges organizations can face with this shared ownership of virtual appliances – which are essentially traditional network functions – they need a different type of tool that is owned and understood by the network teams, who ultimately should be responsible for lifecycle management of these services.

Virtual appliances require a different type of lifecycle management strategy than virtual machines, which are simply compute resources owned by systems teams. Virtual machines are just black boxes, where CPU capacity and memory matters more than I/O capacity. Virtual appliances have the opposite requirements – they need more I/O capacity, but address capacity and memory differently. Other differences include the approaches to high availability and licensing.  For virtual machines, high availability is built in at the application layer, but for virtual appliances it is an active standby pair, which requires optimization. And licensing, which is a more generic concept for VMs, needs more careful attention for network services.

Traditional virtual machine management tools are not properly equipped to handle these types of functionalities, which is why a specialized solution to handle the complete lifecycle of virtual appliances is required to ensure that enterprises and service providers can achieve the true benefits of moving to a software-based model. 

With the right virtual appliance lifecycle management solution, enterprises and service providers will be able to eliminate the complexity of maintaining spreadsheets and other manual processes, typically associated with loading virtual machines, spinning up the service and staying current with licensing.

Virtual appliance lifecycle management fully automates all of these processes. So, instead of taking days, even weeks, to deploy, new virtual network services can be up and running, and available to users, in a matter of seconds. And with virtual appliance lifecycle management, costs can be reduced significantly as fewer development cycles and less human intervention is required.

By taking a platform approach, with centralized lifecycle management, users are able to offer true multitenant, app-centric services. Network services can be dedicated on a per-app basis, rather than share functions across multiple applications. This single platform approach also eliminates the operational complexity associated with having multiple services, each managed to some degree by tools from different vendors.

By employing a comprehensive lifecycle management platform, enterprises and services providers can eliminate the many manual steps still required when deploying virtual appliances to deliver network services, and achieve the true promise of agility and cost savings of moving to software-based solutions. 

About the Author
Dante Malagrinò is co-founder and chief product officer at Embrane.