Embrane heleos: Scale-out Virtual Appliances

It’s getting harder and harder to decide whether to choose physical devices to do L4-7 processing (stateful- and web application firewalling, load balancing, VPN termination, WAN optimization) in your virtualized data center, or whether to deploy VM version of the same appliances.

Physical devices usually perform better. Virtual appliances are more flexible, but don’t scale well ... and Embrane just complicated your decision-making process: they launched scale-out distributed virtual appliance architecture and products that combine the best of both worlds.

The full review of Embrane’s heleos product range grew way beyond the acceptable length of a blog post, so I published it on ipspace.net.

Here’s the short summary for differently-attentive:

There’s a definite need for scalable virtual appliances in public and private cloud environments, and Embrane’s heleos architecture is one of the best proposed solutions I’ve seen so far. You should definitely consider them as part of your IaaS cloud solution – talk to them, ask for an evaluation, kick the tires ... and let me know how it works.

More information

Disclosure: Embrane indirectly covered some of my travel expenses during the Networking Tech Field Day, but nobody has ever asked me to write about their products or solutions. Read the full disclosure (or more precise ones by Tony Bourke or Matt Simmons).

7 comments:

  1. Dmitri Kalintsev12 December, 2011 23:44

    Hi Ivan,

    Thanks for the overview - certainly an interesting approach that makes good sense.

    One question remained, however - which virtual appliances will this work with? Is the intent to support off the shelf VAs from 3rd parties, or do they require these 3rd parties to implement special configuration APIs, so that these VAs can become DPs and thus can be automatically configured (and re-configured, when needed) by the DPM?

    Probably the later, but in that case 3rd parties must buy into this, and dedicate necessary development resources, before it becomes useful.

    ReplyDelete
  2. They have their own virtual appliances (load balancer, FW, VPN termination - check their data sheets), but supposedly want to be more in the "platforms" space. Let's see how the whole thing evolves ...

    ReplyDelete
  3. I am wondering how did they solve L2-L4 packet processing performance issues triggered by the network virtual appliance adoption...
    Running on top of a guest OS with a hypervisor, all that stuffs on a mutlicore platform can raise strange performance behaviour...
    I pretty know this as we are solving this kind of issues with my company (6WIND) :-P

    ReplyDelete
  4. It seems they're keeping things simple - their focus is not high throughput, but flexible deployment of per-tenant appliances. As I wrote in the longer article, the DPD tops out @ approximately 3 Gpbs, which seems to be what you can push through a single-vCPU VM running on top of vSphere.

    ReplyDelete
  5. ... and if you're willing to explain more about the performance issues you're experiencing, please contact me directly.

    http://www.ipspace.net/Contact

    ReplyDelete
  6. Dmitri Kalintsev13 December, 2011 20:27

    Right, so yet another good approach, success of which totally depends on other major players changing the way they are doing things. Maybe I'm too sceptical, but I think I'm getting a feeling of how this is likely to play out.

    ReplyDelete
  7. I am OK with your answer. just curious to get some more details here. Thanks!
    But at the end of the day, (and this is a general question) don't you think that if the virtual appliances( in general) consume too much resources to meet with required performances then you loose the aim you were initially targeting? (TCO savings)
    Flexibility is a key point for service providers and DC operators BUTwhile keeping costs reasonable, isn't it?

    ReplyDelete

You don't have to log in to post a comment, but please do provide your real name/URL. Anonymous comments might get deleted.

Ivan Pepelnjak, CCIE#1354, is the chief technology advisor for NIL Data Communications. He has been designing and implementing large-scale data communications networks as well as teaching and writing books about advanced technologies since 1990. See his full profile, contact him or follow @ioshints on Twitter.