All hail the virtual machine

A new wave of appliances is rolling into the Internet gateway security space. They weigh nothing. They have no physical footprint. There’s no setup. And there are no special hardware requirements. Enter the virtual machine. It’s an IT manager’s dream that’s fast becoming a reality.

In a recent McAfee whitepaper it was noted that “virtual machines offer an entirely new dimension to the user protection mantra that drives security professionals. In the simplest sense, a virtualised operating environment offers “strongly enforced isolation” as its major security-related benefit.

Virtualisation is the big buzz in the security community these days. A virtual machine refers to running multiple operating systems and their applications at the same time on one physical computer (which might have a different native operating system). You can even run several virtual machines for multiple users and for different purposes.

For a long time, virtual machines have been relegated to high-end servers or test labs, but new software and hardware are bringing virtualisation to the mainstream. Integrating security defences into virtual machine technology is fast becoming another efficient and cost-effective option in the fight against malware and other threats. In essence, the “appliance” is all software.

McAfee and other security vendors are investing research and development efforts into virtual Internet gateway appliances. In the near future, this will become a serious alternative for customers whose personal preferences or dictated buying requirements may lead them to consider software appliances that have all the functionality, ease of management, and reliability of hardware appliances at a potentially lower cost and virtually no physical setup.

Virtualisation offers a specific advantage to users — the ability to run a server image on the vast majority of hardware with a common set of drivers. For example, you’ll be able to install a secure Internet gateway software appliance on an off-the-shelf PC through the magic of virtual machine servers such as those offered by VMware. Eventually, this means that the secure Internet gateway appliances could be made available in a fully functioning form as a VMware image without the limitation of needing specialised appliance hardware.

Still, as with all things that increase flexibility, there is a limitation with virtualisation. Overhead is a significant issue associated with a virtualised environment, especially when working with a single function implementation such as a security appliance. The basic hardware requires enough processor horsepower so that your organisation experiences performance comparable to a purpose-built hardware appliance.

Most importantly, the quality of the customer experience promises to be as good as the hardware appliance because the virtual appliance is running in its native operating system environment. Some appliances, for example, require a Linux operating system. With VMware, any machine with an Intel processor running Windows can run the Linux operating system and the software appliance in parallel. It’s not even necessary to validate it on the virtual machine. The big names in operating systems – Novell, RedHat, SUSE Linux, and Microsoft are starting to see the value of virtualisation and are now providing support in their operating systems. Eventually, a virtualisation server may not even be necessary.

“Choice” is the operative word, particularly for cost-conscious and resource-strapped IT shops looking for high-octane spam blocking offered by gateway appliances. For some IT departments, it’s simply easier to get a software purchase approved. And, in fact, a dedicated machine may not be required if your data centre is already running virtualisation on brawny iron, such as heavy-duty blade servers. Plus, the gratification is instantaneous. There are no boxes to unpack and no cabling. For the IT manager, virtualisation could mean just a download and installation operation to initiate a fully functioning security appliance.

Imagine what life would be like if you could download an entire appliance and be well on your way to securing your network gateway in minutes. Keep your ears to ground in the coming months.

Virtualisation won’t be just a dream any more!