Computing appliances — architected for network stream processing
I’ve been researching computing appliances quite a lot recently, including for an upcoming trade press column. As part of the research, I circulated preliminary thoughts and questions to a variety of appliance vendors. One, Barracuda Networks, responded at length via e-mail. Credit goes to Steve Pao, VP of Product Management. I’m posting the interchange below.
Q1. Stream processing is different from conventional business computing. Different hardware architectures are commonly appropriate.
A1. Stream processing is different, particularly for enterprise networks, because data in the stream should not back up during processing to create latency. In traditional business computing, total throughput is measured more often than latency. Minimizing latency requires careful attention to layering processing to handle as much as possible with the least expensive operations first, keeping the footprint as small as possible to minimize any virtual memory swapping, and minimizing I/O. There are some hardware considerations, but this is often over-emphasized. As applications delivered through appliances continue to grow in complexity, software architecture plays an often under-represented role.
Barracuda Networks has designed the architecture of its appliances with these characteristics in mind. For example, the Barracuda Spam Firewall’s architecture leverages 12 defense layers, focusing on those layers that require the least processing upfront. This layered approach minimizes the processing of each spam message, which yields the performance required to process email for tens of thousands of users in a single appliance.
CAM note: This kind of “it’s the software, stupid” response is typical of what I hear from appliance vendors.
Q2. For most kinds of appliances, custom chips are nice-to-have but not must-have. And by the way, if there are “custom” chips, they will usually actually be FPGAs.
A2. Custom chips are useful for very high volume/low cost appliances because they can help reduce cost of goods. That said, for most enterprise-class networking and network security appliances, off-the-shelf chips generally provide the performance and flexibility to deliver performance for today’s networks.
Q2A (followup): Looking into this further, I’m getting the sense that boxes are custom but components are not. That is, appliances with a stream-processing flavor commonly include networking cards that, while standards, aren’t common in general-purpose computers. Encryption also is commonly handled by specialized chips.
A2A. Yes, delivery of appliances often requires use of components that, while standard, are not typically used in general purpose computers. Even beyond hardware that vendors may use to enhance system performance, there are also hardware components that are included for the reliability requirements of networking appliances.
For example, the Barracuda Web Filter and Barracuda IM Firewall are network appliances designed to be deployed inline. On the Barracuda Web Filter models 310 and higher and the Barracuda IM Firewall models 320 and higher, the appliances include an Ethernet hard bypass that fails “safe” – allowing traffic to flow through – in the event of system failure.
As another example, the Barracuda Load Balancer is diskless and boots from high capacity flash memory.
Q3. Deliberately limiting the capability of the system makes it harder to hack. But this is important only in security appliances, and I’m not so sure it’s important even for them.
CAM note: The answer below confirms what I said, but with more accurate phrasing.
A3. It is common practice to minimize the number of traditional operating services in order to reduce the potential for vulnerabilities in the system. Every component that is used has the potential to open another vulnerability. That said, today’s applications require a level of sophistication that also requires more underlying services than ever before. As such, the important thing is to have a great internal development process for system design and maintaining a great relationship with the “white hat” security research community. Of course, while larger vendors are larger targets for exploits, they also have the advantage of having the notoriety to attract top security researchers to work with.
Q4. A huge part of appliances’ appeal is ease of deployment and administration. Applications used to arrive bundled with hardware very commonly, especially for smaller buyers (and for them it’s often true even today). Appliances offer the same benefit for system software.
A4. We agree with this assessment. Customers usually can get a Barracuda Networks appliance completely deployed in less time than it takes to load an OS onto a hardware platform – let alone install or configure software applications.
Q5. There’s a lot of grumbling about appliance maintenance costs, as appliance vendors charge percentage-of-purchase-price fees that would be appropriate for packaged software and apply them to the whole bundled hardware/software appliance.
A5. Interestingly, the appliance vendor often has to do more than a traditional software or hardware vendor. There’s a set of support issues that a traditional software vendor can simply sidestep because they don’t support the OS on the hardware. A hardware vendor can generally wash themselves of all issues not related to hardware. What the customer gains from support from a good appliance vendor is a complete solution and no finger pointing. All that said, if the appliance is overpriced, the customer may not get a good value. Customer should always look at the value and absolute dollars as opposed to percentages.
Barracuda Networks does not charge on a per-user basis. Customers pay a one-time fee for the appliance and a recurring yearly fee for Barracuda Energize Updates which include not only basic technical support and firmware updates but also, depending on the product, ongoing virus, spam definition, spyware definition, content filter, IM protocol, and intrusion prevention definitions. For a low annual fee, Barracuda Networks’ customers can deploy secure solutions with virtually no ongoing administration. Energize Update pricing is based on model number and starts at $499 per year.
Optionally, customers can also purchase an Instant Replacement service. In the event of hardware failure, Barracuda Networks products with active Instant Replacement subscriptions can be cross-shipped the next business day to minimize downtime. Instant Replacement pricing is also based on model and starts at $499 per year.
Categories: Barracuda, Computing appliances, Security and anti-spam | 3 Comments |
Anonymizer – penetrating the Great Firewalls of China and Iran
Lance Cottrell of Anonymizer is one of those rare guys who make me believe he started a company in no small part to do good. And so his cloaking-technology company is providing free services to help Chinese citizens sneak through their national firewall, and is doing the same thing for Iran on a paid basis, under contract to the Voice of America. I think this is wonderful, and he reports that it’s working well now. Even so, I think there are scalability concerns. Right now only 10s of 1000s of users are covered. If there were a few more zeroes on that, standard spam-blocking techniques, currently ineffective, might work. What’s more, the Chinese bureaucracy, currently not highly motivated to shut the service down, might bestir itself to be much more effective.
Categories: Anonymizer, Privacy, censorship, and freedom, Public policy and privacy, Security and anti-spam, Software as a service | 4 Comments |
Anonymizer — internet privacy through anonymity
I chatted today with Lance Cottrell, the founder and president of Anonymizer. They’re a little 30-40 person company, but even so they do three different interesting kinds of things. In increasing order of importance, these are:
- Provide anonymity services to ordinary individuals.
- Provide anonymity services to enterprises (aka enterprise sneakiness support).
- Help people get through the national firewalls in Iran and China.
Categories: Anonymizer, Privacy, censorship, and freedom, Public policy and privacy, Security and anti-spam, Software as a service | 3 Comments |
msfirefox — an excellent parody site
Every once in a while, the computer industry comes up with a hilarious parody site. IMO, this site about a Microsoft version of Firefox is one of them.
Categories: Microsoft | Leave a Comment |
KXEN and Verix try to disrupt the data mining market
Data mining is hugely important, but it does have issues with accessibility. The traditional model of data mining goes something like this:
- Data is assembled in a data warehouse from transactional information, with all the effort and expense that requires. Maybe more data is even deliberately gathered. Or maybe the data is in large part acquired, at moderate cost, from third-party providers like credit bureaus.
- The database experts fire up long-running, expensive data extraction processes to select data for analysis. Often, special data warehousing technology is used just for that purpose.
- The statistical experts pound away at the data in their dungeons, torturing it until it reveals its secrets.
- The results are made available to business operating units, both as reports and in the form of executable models.
Each in its own way, KXEN and Verix (the imminent new name of the company now called Business Events) want to change all that.
Read more
Categories: Analytic technologies, Data mining, Software as a service, Usability and UI, Verix | 7 Comments |
Scathing review of Oracle’s pre-Siebel BI products
Stephen Few offers a blistering review of Oracle Discoverer, its portal integration, and its UI in general. This fits well with what I said last November:
Obviously, Oracle has the potential to be a titan in analytics. But it doesn’t have its act at all together yet.
And so I agree with a couple of comments on Stephen’s post, to the effect of “Well, gee, no wonder that Siebel’s BI tools look like they’ll be the surviving technology.”
EDIT: Mark Rittman offers a lot of screenshots of Oracle’s Siebel BI Suite. If you look at other posts on his blog, you’ll see Discoverer as well.
Categories: Analytic technologies, Business intelligence, DBMS vendors and technologies, Oracle | 2 Comments |
Would a Google PC succeed?
Richard Brandt asked me to look over his post on the oft-rumored possibility of a Google PC. I actually opined on this back in January, when the rumors were rife in connection with a supposed Wal-Mart sales/marketing agreement. I concluded that that would make a lot of sense for internet connectivity and student/homework uses (I didn’t consider work-at-home or gaming uses because that didn’t seem a good fit with Wal-Mart). The reasoning I came up with back then looks good in retrospect, with only minor tweaks (e.g., my new reason for not worrying about IE-only websites is the IE emulation capability in Firefox).
Richard, however, goes further, thinking that Google could succeed in PCs used mainly to run word processing, spreadsheets, etc.. His arguments include:
Categories: Google, Hardware, Online and mobile services, Privacy, censorship, and freedom, Public policy and privacy, Software as a service | 7 Comments |
Google vs. Microsoft
Richard Brandt responded to my challenge by explaining in some detail why he thinks Microsoft will never catch up with Google. His argument basically boils down to a very well-reasoned “Why would they? The reasons why Microsoft succeeded in overtaking almost all other PC software vendors don’t apply in this case.” And clearly Google has enormous resources to throw at businesses like search, plus a corporate culture that seems from the outside to be a lot more productive than Microsoft’s these days.
But on the other hand – what exactly is Google’s sustainable advantage?
Categories: Google, Microsoft, Online and mobile services | 8 Comments |
Google in China — Tough question, wrong question
Henry Blodgett poses the question — if you don’t think Google should have cooperated with the Chinese authorities in fostering censorship, what do you think it should have done instead? I think that’s the wrong question (although I’ll answer it below anyway). Rather, I think the right question is:
What can the rest of us do to help overcome Chinese censorship?
In the 1980s, Western information flow was huge in bringing down the Iron Curtain. The main influence was free TV, undermining communist-regime propaganda by showing how people in the West lived (much more affluently than in the East, for starters). George Soros also famously donated copiers, fax machines, etc., which seem to have been a nontrivial aid to internal information flow.
China of course is more open today than communist countries were then. TV, movies, travel, the uncensored part of the internet — they all help ensure a reasonably high level of understanding of Western thought and Western information. Even so, the Chinese government tightly controls discussion of — and access to infomation about — certain sensitive political issues, such as democracy, Taiwan, Tibet, etc., just as several Arab governments do on their favorite hotbutton issues.
But we in the West, if we choose, should be able to overcome that censorship! We can’t even keep ourselves from getting unwanted information — email spam, search engine results spam, etc. Getting information to Chinese people who want it should, by comparison, be straightforward. (I’ll write up a post with a specific plan shortly; the URL should appear in the trackback section to this post.) That’s where effort and attention need to go.
Back to Blodgett’s question. As a number of insightful links and comments in Blodgett’s thread illustrate, Google’s decision about whether or not to cooperate was not an easy one. I really only have two observations to add to those there. First, this isn’t just about short-term revenue and market presence. It’s also about developing technology cost-effectively that will be useful in any future Chinese endeavors under any future Chinese regime.
Second, that technology development point cuts both ways. Google will be training a lot of smart Chinese engineers in exactly the skills they’d need to make automated censorship more effective. And for that reason, I think Google should have stayed away.
Since I also favor proactive steps to fight censorship, I guess that puts me in Blodgett’s “Option III” group.
Categories: Google, Public policy and privacy | 1 Comment |
IBM mixes its paradigms — or does it?
I’ve been writing this month about the three different paradigms used by the leading enterprise software vendors:
- Data/information-centric (IBMOracle)
- People-centric (Microsoft)
- Process-centric (SAP)
Well, in a recent announcement IBM set out to straddle the three categories, and a couple more to boot:
IBM has identified five entry points to enable customers to more easily approach and initiate an SOA project. These entry points include people-, process- and information-centric approaches as well as connectivity and the ability to reuse existing assets.
But a look at some of the detail from the announcements strongly suggests that the three paradigms haven’t overnight truly become co-equal.
For supporting a people-centric approach to SOA, WebSphere Portal version 6.0 integrates IBM Workplace and collaborative technologies, making it easier for users to build and deploy composite applications that can be tailored by industry, role or task. The new release takes advantage of AJAX to create a more responsive user environment.
Sounds like pretty basic stuff.
Additionally, the latest version provides a workflow builder that utilizes the process engine from WebSphere Process Server, open standards-based software powered by WebSphere Enterprise Service Bus (ESB) that helps simplify the integration of business processes.
Ditto, although I’d put that in the “process” rather than “people” category.
To improve business visibility and deliver a process-centric approach to SOA, IBM announces WebSphere Business Monitor version 6.0. This software provides an aerial view of the business and enables customers to proactively identify potential issues before they impact productivity. New features in WebSphere Business Monitor include business alerts, links to third party reports that combine real-time performance and historical analysis, and scorecards to track the status and metrics of projects.
Again, pretty basic.
For an information-centric approach to SOA, IBM is delivering industry-specific models to help clients successfully launch their SOA initiatives. The enhanced IBM Banking Information FrameWork and IBM Insurance Application Architecture models provide a set of critical processes, workflows, and activities to help organizations reengineer their business processes to implement strategic initiatives such as master data management.
Now, I’ve in no way been briefed on those, but off the top of my head that sounds more than just “basic” to me.
Data is still pre-eminent at IBM.
Categories: DBMS vendors and technologies, IBM | 1 Comment |