Appliances vs. Traditional Servers: Pros and Cons

Similar documents
1 Building an Identity Management Business Case. 2 Agenda. 3 Business Challenges

1 Hitachi ID Password Manager

Approaches to Enterprise Identity Management: Best of Breed vs. Suites

Locking down a Hitachi ID Suite server

1 The intersection of IAM and the cloud

Virtualization Support - Real Backups of Virtual Environments

Regulatory Compliance Using Identity Management

Week Overview. Installing Linux Linux on your Desktop Virtualization Basic Linux system administration

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Self-Service, Anywhere

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

Integrating Hitachi ID Suite with WebSSO Systems

DirX Identity V8.5. Secure and flexible Password Management. Technical Data Sheet

Simplified Private Cloud Management

Cloud Computing. Chapter 1 Introducing Cloud Computing

Best Practices for Identity Management Projects

Service Offering: Outsourced IdM Administrator Service

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Data platform evolution

How Customers Are Cutting Costs and Building Value with Microsoft Virtualization

Windows Server 2012 R2 The Essentials Experience

HP Virtualization Performance Viewer

ADDING STRONGER AUTHENTICATION for VPN Access Control

Kaseya IT Automation Framework

What s New in VMware vsphere 4.1 VMware vcenter. VMware vsphere 4.1

Interact Intranet Version 7. Technical Requirements. August Interact

SCO Virtualization Presentation to Customers

System Center 2012 Suite SYSTEM CENTER 2012 SUITE. BSD BİLGİSAYAR Adana

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

Oracle Desktop Virtualization

Frequently Asked Questions

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Required Software Product List

API-Security Gateway Dirk Krafzig

Password Management Before User Provisioning

Understanding Oracle Certification, Support and Licensing for VMware Environments

RSA Authentication Manager 8.1 Setup and Configuration Guide. Revision 2

Implementing Microsoft Azure Infrastructure Solutions 20533B; 5 Days, Instructor-led

Experience with Server Self Service Center (S3C)

VMware vcenter Update Manager Administration Guide

Microsoft s Advantages and Goals for Hyper-V for Server 2016

Course 20533B: Implementing Microsoft Azure Infrastructure Solutions

Beyond passwords: Protect the mobile enterprise with smarter security solutions

Operationalize Policies. Take Action. Establish Policies. Opportunity to use same tools and practices from desktop management in server environment

EXECUTIVE VIEW. EmpowerID KuppingerCole Report. By Peter Cummings October By Peter Cummings

PC Blade Virtualization Configuration Guide

RSA Identity Management & Governance (Aveksa)

OracleAS Identity Management Solving Real World Problems

Implementing Microsoft Azure Infrastructure Solutions

STRONGER AUTHENTICATION for CA SiteMinder

1 Introduction to Identity Management. 2 Identity and Access Needs are Ever-Changing

Virtualization in a Multipurpose Commercial Data Center

SPLA Licensing New Products Tips & Tricks. Stefan Schwarz Licensing Sales Specialist Microsoft Central & Eastern Europe

RED HAT ENTERPRISE VIRTUALIZATION FOR SERVERS: COMPETITIVE FEATURES

Deputy Secretary for Information Technology Date Issued: November 20, 2009 Date Revised: December 20, Revision History Description:

P-Synch by M-Tech Information Technology, Inc. ID-Synch by M-Tech Information Technology, Inc.

Symantec Client Management Suite 8.0

Growing your business through small business opportunities.

Setting Up the Development Workspace

Microsoft Hyper-V Powered by Rackspace & Microsoft Cloud Platform Powered by Rackspace Support Services Terms & Conditions

Cloud Computing. Chapter 1 Introducing Cloud Computing

Virtualization and Cloud Computing

whitepaper Absolute Manage: Client Management Managing Macs in a Windows Environment

Virtualization Impact on Compliance and Audit

Self-Service Active Directory Group Management

Entrust IdentityGuard Comprehensive

Intel Cloud Builder Guide: Cloud Design and Deployment on Intel Platforms

Table of Contents. Page 1 of 6 (Last updated 30 July 2015)

VMware Workspace Portal Reference Architecture

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

2) Xen Hypervisor 3) UEC

Request for Information (RFI) for Managed Hosting Service

Critical Issues with Lotus Notes and Domino 8.5 Password Authentication, Security and Management

RFP BOR-1511 Federated Identity Services - Response to Questions / Answers

Unlimited Server 24/7/365 Support

Manufacturer to Enhance Efficiency with Improved Identity Management

Hitachi ID Password Manager Frequently Asked Questions for Help Desk Managers

Directory Integration with Okta. An Architectural Overview. Okta Inc. 301 Brannan Street San Francisco, CA

Installing and Administering VMware vsphere Update Manager

Logicalis Enterprise Cloud Frequently Asked Questions

1 Hitachi ID Suite. 2 Agenda. 3 Corporate. Managing the User Lifecycle Across On-Premises and Cloud-Hosted Applications

Hybrid Cloud Backup and Recovery Software. Virtualization Support Real Backups of Virtual Environments

Course 20533: Implementing Microsoft Azure Infrastructure Solutions

A Nemaris Company. Formal Privacy & Security Assessment For Surgimap version and higher

VDI can reduce costs, simplify systems and provide a less frustrating experience for users.

Outline. Introduction Virtualization Platform - Hypervisor High-level NAS Functions Applications Supported NAS models

RSA Identity and Access Management 2014

NEC Virtual PC Center (VPCC) Product and Technology Overview

VirtualclientTechnology 2011 July

Out-of-Band Multi-Factor Authentication Cloud Services Whitepaper

WHITE PAPER: Egenera Cloud Suite

VMware vsphere with Operations Management and VMware vsphere

MICROSOFT HIGHER SOLUTION

Server Virtualization A Game-Changer For SMB Customers

How To Use Attix5 Pro For A Fraction Of The Cost Of A Backup

Managed Servers ASA Extract FY14

Performance Optimization Guide

What Is Microsoft Private Cloud Fast Track?

Acronis Backup Product Line

Transcription:

Appliances vs. Traditional Servers: Pros and Cons 2016 Hitachi ID Systems, Inc. All rights reserved.

Contents 1 Introduction 1 2 Definitions 1 2.1 Enterprise software......................................... 1 2.2 Traditional server.......................................... 2 2.3 Appliance server.......................................... 2 2.3.1 Physical appliance.................................... 2 2.3.2 Virtual appliance..................................... 2 2.4 Client device............................................. 2 3 Types of appliances 3 3.1 Consumer-grade versus enterprise equipment.......................... 3 3.2 Commodity hardware versus specialized processors...................... 3 4 Appliance benefits 3 5 Appliance drawbacks 4 6 Summary 6 APPENDICES 7 A About Hitachi ID Systems 8 i

1 Introduction This document is intended to help organizations decide whether an appliance or a traditional server is an appropriate platform for hosting enterprise software applications. It is organized as follows: Definitions: defining relevant concepts and terminology. Types of Appliances: differentiating between different types of appliances and what they are used for. Appliance Servers Benefits: an overview of the advantages of hosting software on an appliance. Appliance Servers Drawbacks: an overview of the drawbacks of hosting software on an appliance. 2 Definitions A growing number of vendors are offering what would otherwise be software-only solutions in the form of dedicated appliances. Appliances may be physical, incorporating both hardware and software, or virtual, in the form of a pre-configured virtual machine with all required software, from the operating system up, pre-installed and configured. In this section, terms and concepts relevant to appliances are introduced, so that the subsequent discussion can be more clear. 2.1 Enterprise software This document is concerned specifically with enterprise software applications. That is, applications which: 1. Run on one or more servers, with at least options for data replication and either load balancing or a hot standby system for high availability. 2. Provide a service to many users, possibly distributed across multiple locations. 3. Must be scalable and reliable, because many users would be adversely impacted by loss of access to the application. 4. Must be secure, because compromise of the system in question would have serious impact on the organization. At issue is whether it is preferable to host such applications on appliances or traditional servers, as defined below. 2016 Hitachi ID Systems, Inc. All rights reserved. 1

2.2 Traditional server A traditional server consists of several components, possibly from different vendors, which are assembled into a unit at deployment time: 1. Hardware typicall X86-style servers from vendors such as Lenovo, HP or Dell. 2. An operating system, such as Windows or Linux. 3. Possibly a web server, such as IIS or Apache. 4. Possibly a database server, such as Oracle Database, Microsoft SQL Server or MySQL. 5. Possibly other components, such as a J2EE application server, SharePoint or a.net framework. Servers are increasingly virtualized. This means that the OS image runs on a VM rather than directly on hardware. The VM runs on a hypervisor, which may be a part of a larger virtualization platform i.e., a private or public cloud. Organizations typically run many servers, sometimes hosting multiple applications on each one. 2.3 Appliance server An appliance server is one where all of the required functional components, including those identified in Subsection 2.2 on Page 2, plus the application software itself, are integrated and configured into a unit and purchased from a single vendor. 2.3.1 Physical appliance Appliances may be physical literally a device shipped from the vendor to the customer and installed on the customer s network. 2.3.2 Virtual appliance Increasingly, appliances are virtual, including all the required components except the hardware in a single VM image, suitable for deployment on an existing customer hypervisor platform. 2.4 Client device Users connect to applications from a client device. This may be a desktop or laptop PC, a telephone or smart phone, a tablet, etc. Most modern applications present a web user interface. In this case, the user s device runs a web browser, which renders the UI. 2016 Hitachi ID Systems, Inc. All rights reserved. 2

3 Types of appliances 3.1 Consumer-grade versus enterprise equipment Many home users are very familiar with appliances, if not with the term, in the form of wireless routers, small hardware firewalls, print sharing devices, network attached storage, etc. These devices are small and inexpensive but are not generally scalable, secure, reliable or flexible enough to meet the needs of medium to large organizations. 3.2 Commodity hardware versus specialized processors Physical appliances intended for enterprise deployment have two basic types: 1. Commodity server hardware, with pre-installed software. This means they run a standard type of CPU (Intel/AMD), an off-the-shelf OS (Windows or Linux) and common applications (IIS, Apache, MySQL, MSSQL, etc.). 2. Specialized hardware components. This normally means inclusion of at least one application-specific integrated circuit (ASIC) to perform some specialized function at very high speeds. Commonly found on firewalls, load balancers, malware scanners, etc. The commodity hardware approach serves mainly to reduce the initial setup and configuration effort for organizations deploying the product. Inside the box is just a traditional software server, assembled and supported by the vendor. Specialized processing hardware is used mainly where the performance characteristics of the system cannot be easily reached with a conventional server. This is typically required in the context of specialized networking equipment, such as SSL processors, virus scanners, application firewalls and more, all of which must perform complex at wire speeds 1Gbps or more. 4 Appliance benefits The main benefits promoted by vendors who sell solutions in the form of appliances are: 1. Easy installation: The operating system and application software are pre-installed, reducing initial installation effort. The application software is likewise pre-installed, and to the extent possible also pre-configured. This is only a significant advantage for applications that require minimal integrations with existing infrastructure and minimal process configuration. Where such integration or configuration is significant, removing a few hours work to install the runtime platform is inconsequential. 2016 Hitachi ID Systems, Inc. All rights reserved. 3

2. Fewer skills required: The simplified installation and configuration lead to scenarios where fewer IT skills are required to implement the solution. This is particularly true where the application is quite simple and requires little or no further configuration beyond initial activation. 3. Sole-source technical support: Any questions about hardware compatibility or operating system patches are eliminated when a single vendor supports every layer of the solution, starting with hardware and ending with the application software. 4. High performance specialized hardware: In the case of specialized processing hardware, the additional and overriding benefit is increased performance. Note that this is not generally true for commodity hardware bundled as an appliance this advantage is only relevant where the appliance incorporates specialized hardware, most often to provide a specialized network infrastructure function. 5 Appliance drawbacks Appliances provide some benefits, such as simpler initial installation of the platform and application, but they also have some drawbacks. These include: Drawbacks of hardware appliances: Hardware appliances present specific challenges, as follows: 1. Relatively lower performance: In order to reduce manufacturing costs, hardware appliances often incorporate previous-generation components. CPU capacity, memory cache, RAM and disk space are often significantly smaller in an appliance as compared to a contemporary general-purpose server. The result is that commodity-based appliances often have significantly lower performance than the same application software running on newly acquired commodity servers. 2. Poor on-site hardware support: Appliance servers are not developed, sold or supported by software vendors. Instead, this work is contracted out to a hardware vendor who simply images the software vendor s OS and application onto their standard hardware, which is then branded as an appliance for that software vendor. Since neither the software vendor nor the contracted hardware vendor (with few exceptions, such as Dell) is likely to have local support staff in many cities, technical support usually degenerates to "mail us the appliance, we will mail you a replacement." 3. Expensive high availability: Since physically shipping goods takes time, organizations that must comply with high availability requirements are often forced to procure extra appliances so that a replacement is available on-site immediately, if required. This can easily double procurement costs. 4. Difficult jurisdictions: 2016 Hitachi ID Systems, Inc. All rights reserved. 4

Delivery of hardware to some jurisdictions may require import licenses, export licenses, payment of duties, invoicing in local currency and may present a range of other challenges related to physical delivery of advanced, cryptographic technology to far-away places. This leads to longer lead times to deliver hardware to some locations in the world, higher cost and the need for more locally deployed infrastructure, usually in precisely those locations that would not otherwise merit extra capacity. Note that some of these problems can be addressed through virtualization (virtual appliance, rather than physical), in practice if not in law. 5. Power and space efficiency: In today s IT environment, organizations are trying to move everything to either on-premise virtual machine platforms (private cloud) or off-site, to the cloud (IaaS or SaaS). Virtualization offers important benefits: (a) Energy and space savings, from efficient use of hardware capacity. (b) Flexible resource allocation, adding or removing CPU, memory and disk as required. (c) High availability, with the ability to recover crashed applications in minutes or even seconds. (d) Snapshot capability, so that bad configuration changes can be quickly rolled back. Physical appliances are by definition not virtual, so run contrary to this trend and cannot support any of these benefits. Moreover, even physical servers are increasingly deployed in a high density form factor, using blade systems or "data center in a box" racks. Physical appliances run counter to these trends. Drawbacks of all appliances (including virtual): All appliances, including hardware and virtual appliances, can have problems with patching, security and compatibility: 1. Many appliances do not include robust, automated patch management. Applying security fixes may be manual or even impossible. Most medium to large organizations have robust patch management, to apply at least security fixes and ideally all bug fixes to their conventional servers automatically. IaaS and SaaS vendors likewise keep their infrastructure up to date, automatically. A serious risk with appliances is that they are on-premise, so do not get patched like IaaS or SaaS systems. On the other hand, they are not a normal part of the organization s centrally managed infrastructure, so do not get patches or anti-virus updates, like other normally-managed servers. As a result, appliances can wind up running for years with no security patches or updates at all. Without security patches, over time, any system becomes vulnerable to attack. Running critical, enterprise infrastructure on an un-patched platform is an unacceptable risk. 2. Major operating system upgrades are impossible. An appliance built to run on Windows 2008 cannot realistically be migrated to Windows 2012. An appliance running RHEL 6 cannot realistically be upgraded to RHEL 7. This is essentially the same problem as patch management, but at larger scale. Eventually old operating systems go out of support, and their vendors stop patching them. If an appliance is not upgradeable to a significantly newer runtime platform, then even if it was well patched in the past, it will stop getting patches eventually. 2016 Hitachi ID Systems, Inc. All rights reserved. 5

3. Hypervisor compatibility can be a problem. Most organizations standardize on one hypervisor platform VMWare, Xen, Hyper-V, etc. Virtual appliances built for one hypervisor are difficult to install on another. Worse, over time, hypervisor file formats for guest VMs change and a VM built for an older hypervisor will become increasingly difficult to deploy on a new hypervisor. 6 Summary There are specific use cases where appliances are attractive: 1. Deployment of simple applications, which require minimal customization and integration, into small to medium environments. 2. Deployment of very high performance network devices, where specialized hardware provides a significant speed boost. Unfortunately, appliances carry both immediate and long-term drawbacks: 1. Physical appliances are not suitable for high density or virtualized data centers. They are also very costly where high availability or deployment to distant locations is required. 2. Ability to patch and upgrade may be compromised, leading to serious deterioration of security over time. 2016 Hitachi ID Systems, Inc. All rights reserved. 6

APPENDICES 2016 Hitachi ID Systems, Inc. All rights reserved. 7

A About Hitachi ID Systems This white paper was produced by Hitachi ID Systems. Hitachi ID Systems, Inc. delivers access governance and identity administration solutions to organizations globally, including many of the Fortune 500 companies. The Hitachi ID Identity and Access Management Suite is a fully integrated solution for managing identities, security entitlements and credentials, for both business users and shared/privileged accounts, on-premise and in the cloud. The Hitachi ID Suite is well known in the marketplace for high scalability, fault tolerance, a pragmatic design and low total cost of ownership (TCO). Hitachi ID Systems is recognized by customers and analysts for industry leading customer service. The Hitachi ID Suite is an integrated solution for identity administration and access governance. It streamlines and secures the management of identities, security entitlements and credentials across systems and applications. Organizations deploy the Hitachi ID Suite to strengthen controls, meet regulatory and audit requirements, improve IT service and reduce IT operating cost. The Hitachi ID Suite includes: Automation, to propagate changes from one system to another. A web portal, suitable for configuration, requests, approvals, certification and more. Workflow, to invite business users to participate by approving or denying changes, completing tasks or reviewing users and entitlements. Password and PIN management, including synchronization, reset, unlock and more. Management of other credentials, including biometrics, security questions, one time password (OTP) devices, smart cards, PKI certificates and more. Reports, analytics and dashboards, for auditors, administrators, managers and others. A rich set of connectors, to easily integrate with almost any system or application, on-premise or in the cloud. Client applications, deployed to or at least running on user devices such as PCs, phones and tablets, to provide pre-boot and off-site access to password management, mobile access to IAM services and the ability to manage locally cached credentials. The Hitachi ID Suite is designed as identity management and access governance middleware, in the sense that it presents a uniform user interface and a consolidated set of business processes to manage user objects, identity attributes, security rights and credentials across multiple systems and platforms. This is illustrated in Figure 1. Figure 1: Hitachi ID Suite Overview: Identity Middleware 2016 Hitachi ID Systems, Inc. All rights reserved. 8

Users Hitachi ID Suite Target Systems Business processes User Objects Attributes Passwords Privileges Related Objects Home Directories Mail Boxes PKI Certs. Employees, contractors, customers, and partners Synch./Propagation Request/Authorization Delegated Administration Consolidated Reporting The Hitachi ID Suite includes several functional identity management and access governance modules: Hitachi ID Identity Manager Entitlement administration and governance: Automation, requests, approvals, recertification, SoD and RBAC. Automated propagation of changes to user profiles, from systems of record to target systems. Workflow, to validate, authorize and log all security change requests. Automated, self-service and policy-driven user and entitlement management. Federated user administration, through a SOAP API (application programming interface) to a user provisioning fulfillment engine. Consolidated access reporting. Identity Manager includes the following additional features, at no extra charge: Hitachi ID Access Certifier Periodic review and cleanup of security entitlements. * Delegated audits of user entitlements, with certification by individual managers and application owners, roll-up of results to top management and cleanup of denied security rights. Hitachi ID Group Manager Self service management of security group membership. * Self-service and delegated management of user membership in Active Directory groups. Hitachi ID Org Manager Delegated constuction and maintenance of OrgChart data. * Self-service construction and maintenance of data about lines of reporting in an organization. Hitachi ID Password Manager Integrated credential management: Passwords, security questions, certificates, tokens, smart cards and biometrics. Password synchronization. Self-service and assisted password reset. Enrollment and management of other authentication factors, including security questions, hardware tokens, biometric samples and PKI certificates. Password Manager includes the following additional features, at no extra charge: Hitachi ID Login Manager Automated application sign-on. * Automatically sign users into systems and applications. * Eliminate the need to build and maintain a credential repository, using a combination of password synchronization and artificial intelligence. Hitachi ID Telephone Password Manager Telephone self service for passwords and tokens. * Turn-key telephony-enabled password reset, including account unlock and RSA SecurID token management. 2016 Hitachi ID Systems, Inc. All rights reserved. 9

* * Numeric challenge/response or voice print authentication. Support for multiple languages. Hitachi ID Privileged Access Manager Securing access to administrator, embedded and service accounts. Periodically randomize privileged passwords. Ensure that IT staff access to privileged accounts is authenticated, authorized and logged. Group Manager is available both as a stand-alone product and as a component of Identity Manager. The relationships between the Hitachi ID Suite components is illustrated in Figure 2 on Page 10. Figure 2: Components of the Hitachi ID Suite 500, 1401-1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@hitachi-id.com www.hitachi-id.com Date: 2015-05-26 File: /pub/wp/documents/appliance-vs-server/appliance-server-pros-cons-1.tex

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information