As virtualization continues to permeate IT shops, many independent software vendors (ISVs) are distributing software...
as Linux virtual appliances: preconfigured virtual machines that include the application's entire stack, including the operating system. But industry experts say that end users need to understand the design of these virtual appliances before bringing them into an environment.
Traditionally, vendors have based appliances on Linux by preconfiguring their software on a dedicated x86 server. For instance, open source networking specialist Vyatta Inc. sells networking appliances with router, firewall and virtual private network software on a Dell Inc. PowerEdge server. With the advent of x86 virtualization, however, instead of shipping a Linux appliance on dedicated hardware, vendors can package it in a virtual appliance that runs on a pre-existing virtualization host.
But would-be virtual appliance distributors now face an important question: how to create that stack? Some opt for a do-it-yourself (DIY) approach in which a generic Linux distribution like Red Hat or Debian is stripped of extraneous packages and to which the vendor's application is added.
Do-it-yourself-Linux virtual apps
Virtual appliance distributors that have taken the DIY approach include Portsmouth, N.H.-based V-Kernel Corp. and FalconStor Software, a data protection and recovery firm based in Melville, N.Y.
At V-Kernel, creating a virtual appliance meant streamlining Novell's SUSE Linux Enterprise Server down to the OS, MySQL and Apache and then adding V-Kernel's Chargeback Virtual Appliance, which tracks and monitors resources on VMware Inc.'s ESX servers, said Alex Bakman, founder and CEO.
"The benefit of [this approach] is the fact that I could strip it down and address my basic needs [as an ISV]," he said. Chargeback is like an electric meter on the side of a house, although this one runs Java scripts and Ajax and meters the usage of resources like the CPU and memory in an ESX environment.
FalconStor used CentOS, a Linux distribution based on Red Hat Enterprise Linux, said Don Mead, vice president of marketing. Founded in 2000, FalconStor believed it was familiar enough with CentOS to build its appliance independently.
In many cases, building a virtual appliance successfully ultimately rests on familiarity with a Linux distribution, said Gary Chen, a senior analyst with Boston-based Yankee Group Research Inc..
"If they already have a preference for a particular distribution, like Red Hat for example, then you'll find ISVs basing their appliance off of that," Chen said.
But some ISVs have taken another path: using a specialized Linux OS, such as Canonical Ltd.'s new release called JeOS or rPath , which helps ISVs create appliances with its rBuilder packaging application.
JeOS (pronounced "juice"), is the latest entrant into the space. Announced at the VMworld 2007 conference in September, JeOS stands for Just Enough Operating System. Canonical -- Ubuntu's corporate sponsor -- has ripped out several software packages to streamline the OS for virtualization purposes. JeOS still includes MySQL; the Common Unix Printing Layer, or CUPS; email; and Lightweight Access Directory Protocol functionality. In theory, when JeOS is finalized in mid-October, users will have access to a server OS that's 215 MB in size, compared with the 700 MB of a standard Ubuntu Server edition.The streamlined OS enables users to download virtual appliances faster and run more of them per server, Canonical executives said at VMworld.
Meanwhile, KnowledgeTree, a document management ISV based in South Africa, enlisted longtime virtual appliance proponent rPath to build, package and distribute its document management and collaboration virtual appliance.
"We went with rPath because we were looking to provide our document management application in a form factor that was easier to implement than installing the software ourselves on Windows or Linux in-house," said Chief Operating Officer Daniel Chalef.
Having rPath do the heavy lifting allowed KnowledgeTree to get its appliance on the market quickly. Speed to market was especially important, Chalef said, given KnowledgeTree's stiff competition, which includes Documentum, FileNet and Xerox DocuShare. The fact that an rPath engineer had already taken KnowledgeTree -- a completely open source application -- and turned it into an appliance didn't hurt either, Chalef said.
Jean-Paul Bauer, lead systems engineer at KnowledgeTree, said the package management capabilities of rBuilder were another reason his firm chose rPath instead of going it alone. "Starting with a stripped-down Linux running bare minimum on Xen or VMware is one thing. … But rPath provides richness on top of that for building virtual applications in addition to managing them in the wild," he said.
Specifically, Bauer said, rPath provides an update server, which appliances can periodically poll for updates.
"RBuilder, the Update Server and Conary [rPath's package management system] are quite rich in this respect and allow rules to be defined around which appliance classes receive which updates, they provide some info around the state of appliances like what they're currently running," Chalef said.
RBuilder also allows ISVs to create appliances that run on a variety of formats, including Xen, VMware, LiveCD and raw hard disk image – a boon for development and production, Chalef said.
On the development side, KnowledgeTree can test the appliance in an internal Xen or VMware environment. On the production side, it's not too much of a stretch to produce on-premise appliances that run as a LiveCD or install directly onto bare hardware, Chalef said.
"RPath allows us to focus on package management," Bauer said. "From rPath's package repository, I can take packages as needed and substitute them for my own packages very easily without breaking my whole system."
Before opting for an rPath-sanctioned virtual appliance, KnowledgeTree entertained the idea of building its own on top of a cut-down Linux distribution such as PicoLinux and uLinux. But these distributions didn't provided a strong package management solution for incrementally building and testing appliances. Nor did they offer facilities for managing updates, Chalef said. Ultimately, KnowledgeTree deemed these distros "too exotic" and unfamiliar, with potential consequences for end users.
A lack of virtual app support
In general, Yankee's Chen said virtual appliance update and patching support are "not where they should be." A report from Framingham, Mass.-based IDC supported this analysis, said research analyst Brett Waldman.
"Ideally, the end user should be getting an open stream of patches, from the OS level to the middleware level to the application level," Chen said. "You need all three levels to work together, because … in a virtual appliance's case, it's a single ISV who is getting patches sent to them, and they are doing all the testing on their own."
Virtual apps assembled by third parties can minimize that problem. "Since the burden [of assembling, patching and testing the appliance] is now on the ISV, another value proposition arises from vendors like rPath," Chen said.
From an end-user perspective, the package management and tweaking should be completely invisible, IDC's Waldman said. Users shouldn't worry about what's under the application and shouldn't have access to it. Everything should be controlled by a remote user interface, he said.
"The ISV should shield the [end] user from the OS layer," Chen said. "It is similar to a physical appliance; you don't really know what's under the hood, nor should you really care. The application is really what you are working with."
That's not to say that automated updates are the sole domain of vendors like rPath. V-Kernel, for example, employs a "phone home" button on its virtual appliance that, when clicked, checks for updates, new versions and then downloads and installs them automatically.
The phone-home feature provides updates on the latest code. The UI is very intuitive. If you know how to navigate a tree and right-click, you can use it," Bakman said.
Email Jack Loftus, news writer, with your questions and comments on Linux and virtual appliances.