Virtual Appliances

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

9 hours 59 minutes
Video Transcription
let's cover appliances and challenges of appliances in the cloud
before diving into the challenges of virtual appliances. Let's cover what an appliances anyway. Traditionally, these air physical hardware devices that come preloaded and pre configured with software that are intended to serve a specific set of purposes
in the virtual world, appliances come in form of a virtual machine image, and that's an image that's preloaded with software. Pre configured, pre defined and possibly tuned similar to the hardware device, this machine image is intended to serve a specific set of purposes such as firewalls, VPN, gateways, data backups
and other examples.
So appliances have a challenge in the cloud world. Physical appliances assume you have physical network access, and this really is not usable or sustainable in a public cloud environment
and building on that assumption of physical network access, these appliances really don't understand software defined networks. This provides a lack of visibility into the virtual networks that you're defining in your cloud environment and moving on their often unable to manage the rapid amount of change in the cloud network.
Remember, we have machines and services coming online, coming off line things air continually evolving in the cloud landscape, and these devices are typically incapable of keeping up with the cloud speed of change. And finally, the premise around how network traffic gets routed through these appliance devices
is often not applicable or very inefficient when working in a cloud.
Physical appliances just aren't a good fit in the cloud environment. But what about virtual appliances?
Much like physical appliances, virtual appliances can become a bottleneck. Keep in mind you're routing all this traffic through the virtual appliance, which itself is running on virtual machine. This can create congestion if the virtual machine gets overload and can't keep up with the traffic. And if the machine crashes, it can have devastating effects on your virtual network
building. On that, the virtual plants may material increase the cloud costs because of the resource requirements. You want performance, so you'll throw horsepower at it. You want high availability, so you're going to try and set up. Fail over
these things cost. Keep in mind that unlike the physical devices which take advantage of low level performance optimization, virtual machines have limitations. They run on top of ah higher per visor that abstracts the underlying hardware and in the cloud sense. They're running in a software defined network, which also abstracts a lot of the traditional network concepts.
So they're virtual appliances at the disadvantage of working above several layers of abstraction and trying to do its job under the assumption of a traditional network design.
Also, keep in mind in Cloud, you're gonna be running across multiple data centers. So consider the number of instances you need to deploy of this virtual appliance across your entire cloud infrastructure. Not that the physical appliances air cheap,
but the costs of virtual appliances and deploying multiples of them across data centers. And all these other factors we've just discussed can really add up quickly.
Another thing to keep in line with virtual appliances that they do need to support that auto scaling. This is the elastic infrastructure, so they don't become that performance chokepoint for you. And while some virtual appliances do support integration with cloud native orchestration to provide that elastic scaling, some do not,
and to put a cap on it, you have a high rate of network change in the cloud environment.
Think about all the machines coming and going on the network. The velocity of new I P addresses. Reassigning I P addresses and so forth is very high and very different than in the traditional network paradigm. It's important you read the technical documentation for virtual appliances carefully
marketing materials for quote next generation appliances may be misleading in terms of which
of the different capabilities work in a cloud setting.
For example, a vendor may be touting that they have a firewall, intrusion detection system and intrusion prevention system. Well, you need to make sure that all of these capabilities support the concept of fail over and elasticity you may find. And I've come across this myself that of that bullet point list on Lee. The firewall capability supports these aspects,
so that means the other elements really aren't a good fit for the cloud environment.
And just what we've talked about. Evaluating capabilities of different past services within a cloud provider fail over regional support, data, replication and so forth. You wanna approach evaluating virtual appliance capabilities in a similar attitude. Just because you loved the device with your old data center doesn't mean you'll love it in the cloud. With all that said,
these devices can be the least worst option
to fill any security gaps between where you need to be and what the cloud service provider gives you.
To recap. We started off covering appliances, physical and virtual appliances, then discuss the specific challenges that both have in the cloud environment.
Up Next
Certificate of Cloud Security Knowledge (CCSK)

This course prepares you to take the Certificate of Cloud Security Knowledge (CCSK) certification by covering material included in the exam. It explains how the exam can be taken and how CCSK certification process works.

Instructed By