Some security appliance vendors now offer security software products within virtual machines, with the goal of...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
making configuration and deployment easier. Can you explain why this seems to be a growing trend, and what are the implications, both good and bad, for enterprise security?
A problem common to all software vendors is ensuring their products are installed and configured correctly and don’t disrupt existing applications and services on the customer’s computer. A virtual security appliance is a pre-built, pre-configured, ready-to-run application solution packaged along with an optimized operating system. This type of operating system is referred to as JeOS (just enough operating system), pronounced “juice.” (The difference between a virtual machine (VM) and a virtual appliance is the appliance comes with a pre-configured OS and application stack, whereas a VM has neither.)
A JeOS contains only the programs and components required to support the specific workload it runs. It occupies a much smaller footprint compared to a general purpose operating system, and therefore has a smaller attack surface. It is also much easier to maintain and manage since fewer updates are required for a slimmed down OS. This smaller attack surface and simplified patch management make virtual appliances more secure than applications installed on top of a regular OS. Vendors can also concentrate solely on developing their product without having to spend time trying to make it work on a variety of system configurations.
There are other advantages, particularly for system administrators of large enterprise systems. Since the software application arrives packaged in a run-to-ready format, pre-installed and pre-configured with its own operating system, it removes many of the problems associated with rolling out an application across many diverse configurations. By simply downloading and powering on the virtual appliance file, the application is instantaneously available.
Maintenance is also easier. Virtual appliances are a unified offering and are supported by patches and service packs provided directly by the software developer. This means an administrator has a single point of contact instead of having to test and manage patches, service packs and upgrades from multiple vendors. There are no compatibility problems, either, as all patches and updates are pre-tested and delivered by the vendor.
The rapid rise in the number of virtual appliances at the VMware virtual appliance market place shows how popular this form of software product is becoming. Any product that is pre-configured and ready-to-run on a slimmed down pre-configured OS has to be good for overall system security.
Dig Deeper on Virtualization Security Issues and Threats
Related Q&A from Michael Cobb
Many large enterprises have their own internal public key infrastructure. Expert Michael Cobb explains the considerations organizations should make ...continue reading
Network administrators typically resist policies for separate accounts when performing different tasks. Expert Michael Cobb explains the risk of ...continue reading
Microsoft is banning weak passwords on many of its services with the Smart Password Lockout feature. Expert Michael Cobb explains how it works, and ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.