Microsoft, Check Point take virtual appliances seriously

In 2006 VMware pioneered the idea of a modular data center by offering pre-configured virtual machines to its customers. The company called them virtual appliances.

For several reasons (security, manageability, performance tuning, portability, etc.) the approach didn’t take much traction among customers so far and only few vendors followed VMware in delivering virtual appliances.

It’s important to clarify that offering an evaluation or demo version of any product through a virtual appliance isn’t the same thing of supporting the technology in production environments.
In the last two years many vendors used the virtual appliances as a new distribution media for their trials, but just a bunch of them are really recognizing a VA like a physical installation.

The ISVs have good reasons to not do so: in a virtual infrastructure multiple virtual machines concur to have physical resources access, the more VMs are running at the same time, the more heavy workloads are being executed inside them, the more unpredictable is the performance of every guest OS.
In such scenario the 3rd party vendors can’t really grant the proper operation of their virtual appliance.

Of course, the most sophisticated hypervisors offer some resource management capabilities that can be used to grant a certain performance to a certain virtual appliance. But at the moment there’s no way for the ISVs to define any SLA into the VAs (the upcoming OVF standard will provide a way to do so).

Despite this issue (and others), some new vendors are now moving forward and began to offer production-ready virtual appliances:

  • Microsoft is working to offer its Intelligent Application Gateway 2007 SP2 (an SSL VPN that sits on top of ISA Server) as a virtual appliance for Hyper-V.
  • Check Point just announced that its flagship enterprise firewall VPN-1 is now available as a virtual appliance for VMware ESX and ESXi.