Virtual security appliances emerge

As businesses look for new ways to cut hardware costs and simplify IT management, virtual security appliances have emerged in several forms.

The latest example comes from Crossbeam Systems, a Boxborough, Mass.-based security platform vendor. This week the company announced enhancements to its X-Series Next Generation Security Platform that it said will allow users to consolidate up to 50 physical security and networking devices onto one blade server chassis.

"It's a new and growing trend," said Jon Oltsik, a senior analyst at Milford, Mass.-based Enterprise Strategy Group. "We're seeing lots of different people doing similar things."

Virtualization brings desire for standardization

Businesses with growing security needs usually increase capacity by adding physical appliances, which also require more network switches and load balancers. Virtual security appliances allow users to consolidate and manage these security and networking products on servers instead.

Other players in the security appliance virtualization market include Symantec and McAfee, Oltsik said. Several smaller providers, including Catbird Networks, also offer virtual security appliances. These companies package security software on virtual appliances, but Crossbeam has taken a different approach by basically creating its own hardware platform.

Crossbeam offers a chassis with blade servers that run a Red Hat-based operating system called XOS, which enables users to run third-party security applications. A Crossbeam hypervisor, which allows up to 10 blades in one chassis to work together as one system, is embedded in XOS

"The more people implement server virtualization, the more they want to standardize on the way they manage and operate their entire environment," Oltsik said.

Oltsik said he doesn't expect demand for virtual security appliances to boom; instead, as server virtualization becomes more ubiquitous, it will slowly increase. The benefits of server virtualization -- especially savings on space, power and cooling -- are selling points for appliance virtualization, said Jim Freeze, Crossbeam's chief marketing officer.

"The same motives exist in the network security space," he said. "It's just more of a challenge."

Crossbeam's application processing blades will now feature dual quad-core processors so that they can replicate the high-end appliances that other security vendors have in the works, Freeze said. Also included in Crossbeam's news are 5 and 10 Gbps versions of its network processing blades as well as a new version of XOS.

The new application processing blades will allow users to consolidate twice as many security and networking devices as their dual dual-core predecessors, the company said. The eight-core version will retail for about $25,000, which represents a 31.5% increase over the four-core version's $19,000 price tag.

Prices for the network processing blades are $US28,000 for 5 Gbps and $52,000 for 10 Gbps.

Reducing hardware costs

Crossbeam customer Adam Ferrero, the executive director of network services at Temple University, agreed that server virtualization and the desire to cut hardware costs have driven demand for virtual security appliances.

"The question when you go to buy hardware now is, 'Why aren't you putting that in a VM [virtual machine]?'" Ferrero said.

Temple turned to Crossbeam in August, when it became increasingly tough to increase firewall capacity by adding physical appliances. Crossbeam technology allowed Temple to continue using its existing Check Point Software Technologies Ltd. products and IBM intrusion prevention system, while at the same time consolidating from 12 chassis to four, Ferrero said.

"It's important that we don't have to rip everything up," he said. "That's really appealing."

On any given day, there are 25,000 devices connected to the network between Temple University and the Temple University Health System, so the flexibility of virtual security appliances is another benefit, Ferrero said.

"It hasn't been very difficult to add in the chassis," he said. "Management has been very easy. … If we're not able to accurately predict our growth, it's not a big deal."