January 29, 2007

Appliances — my conclusions! (For now, at least)

Network World today posted my column predicting a rosy future for computing appliances. A lot of the supporting research has been posted in this blog recently; here’s what was a preliminary summary and survey of appliance vendor strategies.

Subsequent to submitting the column, I developed a simpler taxonomy of computing appliance types, namely:

Type 0: Custom hardware including proprietary ASICs or FPGAs.

Type 1: Custom assembly from off-the-shelf parts. In this model, the only unusual (but still off-the-shelf) parts are usually in the area of network acceleration (or occasionally encryption). Also, the box may be balanced differently than standard systems, in terms of compute power and/or reliability.

Type 2 (Virtual): We don’t need no stinkin’ custom hardware. In this model, the only “appliancy” features are in the areas of easy deployment, custom operating systems, and/or preconfigured hardware.

Here’s what I predict for each of them.

Read more

January 22, 2007

IBM and Microsoft seeing a (virtual) appliance future?

Microsoft recently hired an IBM Fellow named Don Ferguson to be an office-of-the-CTO type. In his last blog post at IBM, he outlined the top ten issues he saw in his area over the next five years. #1?

Software appliances and SW configurations integrated with virtual middleware

You can see the whole list here. Here’s more about Ferguson and his role.

January 20, 2007

Sean McGrath correctly predicts the future of enterprise SaaS

I was proud of coming up with the idea to blend SaaS and appliances, but it turns out Sean McGrath beat me to it.

January 18, 2007

Guide to my recent research on computing appliances

My recent flurry of research into computing appliances was spurred by a column I just submitted to Network World. In that column there’s a URL – pointing to this post – promising a guide to more details on that research. Thus, here’s a set of links to my posts of the past few months on computing appliances, both here and on DBMS2.

Half or more of the computing appliance vendors I’ve looked into follow very similar hardware strategies: They use mainly standard parts; they include uncommon but off-the-shelf networking (and sometimes encryption) accelerators; and they of course optimize the mix of those parts and general hardware architecture as well. (EDIT: I actually gave names to three strategies — even if they were just “Type 0”, “Type 1”, and “Type 2” — in this overview of data warehouse appliance vendors. And in another post I considered arguments about whether one would want a data warehouse appliance at all.) Examples I’ve posted about recently include – and I quote the forthcoming column – “DATallegro and Teradata (data warehousing), Cast Iron Systems (data integration), Barracuda Networks (security/antispam), Blue Coat Systems (networking), and Juniper (security and networking).” (ANOTHER EDIT: But I think DATAllegro’s strategy has changed.)

By way of contrast, there’s also a group whose stance is more along “hardware/schmardware” lines. Sendio and Proofpoint (in most cases) don’t really do anything special at all in their boxes; what’s more, Proofpoint actually has significant software-only deployments over VMware’s virtualization layer. Kognitio and Greenplum think their software-only data warehouse offerings are appliance-equivalents too; indeed, Greenplum’s software is sold mainly bundled with Sun hardware (to the extent it’s sold at all), and Kognitio is hinting at an appliance-like offering for competitive reasons as well. Check Point Software plays both sides of the field; it offers its own kind of “virtual appliance,” but also gets many of its sales through appliance vendors. Its most interesting such partner, if not its biggest, is Crossbeam Systems, which in my opinion may very well represent the future of appliance technology.

January 18, 2007

Crossbeam Systems — the future of appliances?

Crossbeam Systems is the closest thing I’ve found to what is – at least tentatively — my vision of the appliance future. It offers a blade-based computing box that differs from standard boxes in the same direction that appliances typically do. I.e., Crossbeam systems boast beefed up networking, maybe some beefed-up reliability as well, and maybe other beefed-up security processing in the future. Then they offer a software infrastructure (virtualization, robustness, etc.) to let various pieces of software – in Crossbeam’s case, security and security-like tools – run on the box. Read more

January 18, 2007

Check Point Software’s unusual appliance strategy

Check Point Software is the traditional leader in the firewall market, having seized large market share in its early days by innovating convenient, GUI-based policy management tools. Except in niches, its competitors today are mainly networking giants Cisco and Juniper. (Juniper acquired Netscreen in 2004.) Unlike most other security software vendors, Check Point continues to focus on being a packaged software vendor (but see below). Even so, almost all Check Point software is sold either on appliances or as a “virtual appliance.” I’ll explain.

Check Point started out selling software on Sun boxes and the like. Rather than get into appliances itself, it formed partnerships with hardware vendors who’d roll its software into appliances, and soon a lot of its business came from this channel, especially via Nokia. This strategy has continued, with Crossbeam Systems joining Nokia in providing large chunks of Check Point’s overall revenue.

While not liking to disclose much in the way of revenue breakdowns, Check Point admits that appliances dominate its business at the high end of the market, where high-speed networking, extra reliability, and so on are important (especially the reliability). Appliances also dominate at the low-end, where ease of deployment is crucial. (“Custom” hardware in this case is best represented by an accelerator card called “VPN-1,” made by Silicom, Ltd.) But in the big middle, packaged software is still highly competitive, accounting for (according to outside estimates that the company doesn’t laugh at) half or so of Check Point’s business.

But here’s the thing. Relatively little of that software is still, say, a firewall you can install on a Linux server. Rather, Check Point sells many more firewall/OS bundles, which are (it is claimed) super-easy to install on random Intel-based boxes. These are the “virtual appliances.”* Is this cheaper than a tailored appliance? Well, that depends a whole lot on whether you had an extra box lying around, or whether you have a master maintenance contract with a standard box vendors, and so on. Evidently, many customers think it is, while many other customers prefer physical appliances.

*Check Point also has VMware-based virtual appliances, but so far isn’t getting much uptake of those except for demo purposes.

January 18, 2007

Juniper’s integrated appliance story

Juniper Networks acquired super-hot security appliance vendor Netscreen in 2004. At the time, Netscreen’s products were ASIC-based. But as of the 2006 release of its SSG product line, Juniper has come in line with what is pretty much the standard appliance vendor technical strategy. It builds its boxes from standard parts, with the exception of some unusual but still off-the-shelf networking accelerators (most notably an IPsec and encryption accelerator chip from Cavium). It has its own OS, with unneeded services left out both for performance and security. One cool point – Juniper’s security products and routers run in some cases on literally identical hardware, despite having different operating systems, let alone “application” software. The customer can, for example, keep one set of spares for both classes of product. Read more

January 12, 2007

Proofpoint and VMware – an apparently non-trivial virtual appliance success story

I talked with Proofpoint today, and got a more positive view about VMware’s virtual appliance strategy than I’ve gotten from other appliance vendors. They cite over 500 downloads in the past couple of months, of which a significant fraction have turned into actual sales. Specific deployment scenarios they mentioned include:

Read more

January 10, 2007

Sendio — no effective response to the niche-forever challenge

Sendio is something of an exception to the appliance vendors I’ve been chatting with. There’s nothing particularly unique about their hardware or software architecture, and ease of deployment isn’t a big deal for them either. Indeed, it’s a little unclear to me that they really need to be an appliance vendor at all – but what the heck, they’re in the anti-spam market, and appliances are popular there.

So let’s go straight to their anti-spam technology, which is challenge/response. Read more

January 5, 2007

David and Richi on Cisco and Ironport

The Ferris Research lads offer a succinct analysis of the Cisco/Ironport deal. As an old software stock analyst, I was particularly struck by their estimates that A. Cisco paid over 10 times revenue for Ironport and B. Ironport’s revenues weren’t growing. Even more interesting in my opinion is what Richi said to me by e-mail in response to a query, namely (emphasis mine):

Yes, clearly IronPort’s reputation data is part of the prize for Cisco. …

An interesting question is what will happen (if anything) with SpamCop. IronPort deliberately ran SpamCop at arm’s length as a matter of policy. I wonder if Cisco will maintain that policy. SpamCop is of course part of the raw data feeding into SenderBase, along with the data phoned home by the IronPort boxes.

As we’ve seen with the BlackSpider acquisition by SurfControl, spam control companies that aggregate lots of data about spam sources are valuable, for reasons in addition to spam control. If a zombie is sending spam, it’s also probably a potential source of other bad stuff, such as worms and DDoS connections.

Quite possibly, one of Cisco’s goals (dreams?) for this acquisition is to put a whole lot of sender policing into the network infrastructure. Mainly, that’s a good thing — but like most kinds of internet policing, that technology also has the potential for abuse.

In that vein, I note that the Ferris guys say Ironport’s big competitor was Ciphertrust, acquired by Secure Computing. Well, in my opinion Secure Computing are bad guys, or at least were as of my research a few years ago. They have long helped enforce nationwide Web censorship in Saudi Arabia; they got dinged by the SEC for early for CEO stock hyping/selective disclosure; they in my opinion were guilty of a lot more hyping than that; and for the cherry on top of this ethical sundae, CEO John McNulty has a resume in Secure’s SEC filings that is inconsistent with the SEC filings of a previous employer.

← Previous PageNext Page →

Feed including blog about enterprise technology strategy and public policy Subscribe to the Monash Research feed via RSS or email:


Search our blogs and white papers

Monash Research blogs

User consulting

Building a short list? Refining your strategic plan? We can help.

Vendor advisory

We tell vendors what's happening -- and, more important, what they should do about it.

Monash Research highlights

Learn about white papers, webcasts, and blog highlights, by RSS or email.