Clever Gizmos at the edge of the network
The world of professional network managers is filled with
minutia and arcana. There are hundreds of acronyms to keep
track of, a constant onslaught of protocols and technologies,
performance bottlenecks and security threats,
software patches and, generally, many more problems than solutions.
Think Dante's fifth level of Hell, the one where you are
forced to have lunch with Cisco1 salesmen every day.
The rare occasion when a straightforward answer to a pressing need presents
itself can feel like heavenly grace bathing you in a warm radiant light.
I'm not trying to invoke divine intervention on behalf of edge appliance, but
these unassuming little workhorses increasingly present themselves as quick and
cool solutions in a chaotic world.
In the article below, I'm going to tell you how edge appliances solve a few
of the problems that some harried network manager is worrying about in your
behalf right at this very moment.
So what the are they?
Edge appliances are dedicated networking devices that combine hardware
and software to elegantly solve a specific problem, or perform a single task
very efficiently. Typically they take the physical form of a 1U
Intel-based server that resides on the "edge" of a network and
provides a shared function or resource . They are designed to be rack mounted,
right alongside the web servers and routers they work with. To keep costs
down, many edge servers run a version Linux or Unix that has been stripped
of all functions except those that will be used for the task at
Even though they all look pretty similar, these skinny metal boxes handle
jobs that are all over the map, and new ones seem to appear everyday. The
appeal of these devices2 is that they focus on a single job
and do it really well. The downside is that you can easily end up with a
bunch of them, and each one has its own idiosyncrasies that you have to know in
order to set them up and maintain them.
Here are a few examples of network edge appliances:
Packets are the lingua franca of the Internet and edge
appliances that inspect these electronic envelopes and move them along
to their proper destinations are a mainstay of the industry. In some
sense, traffic managers invented the category of edge devices as Cisco and
other networking companies introduced a flood of customized routers and switches
as the Internet began to grow exponentially in the early 1990's. More
recently packet inspection and packet shaper devices with cute names like the Packeteer,
allow network managers to test and troubleshoot networks by simulating real
It may not be apparent to "civilians," but any computer
professional will tell you that we are currently experiencing a tidal wave of
data. The Internet has presented us with an unprecedented ability to
gather usage, demographic and sales information and most businesses are
determined to gather all that they can, even if they don't know what they're
going to do with it. This presents the network manager with a
never-ending quest for devices on which to capture that flood, and manage it
once you've got it. Network Attached Storage (NAS) devices are compact
servers dedicated to providing loads of easily managed disk space at a low
price. On another front, devices like the HP SureStore
AutoBackup Appliance contain tape drives and other archival storage devices that
assist in the process of moving older data into long term storage.
Keeping the bad guys out of the network probably
keeps more network managers awake at night than any other topics. Edge
appliances such as firewalls, intrusion detection and prevention appliances use
a variety of approaches to securing the network. Extreme performance is
required here because whether your firewall is directing packets from a hacker
into the bit bucket, or the intrusion-detection appliance is checking for
suspicious activity, they have to be capable of handling all the network
traffic between your network and the rest of the Internet.
When you hit the "Buy It" button on your favorite e-commerce
website, you should see the little padlock icon (or whatever) on your browser
appear to assure you that your purchase information is being encrypted over a
secure connection. This moment of warm and fuzzy consumer security is
brought to you at a price. The server overhead involved in processing an
encrypted SSL session can be as much as 10 times normal. If you multiply
this times the thousands of encrypted sessions currently running on a large
commercial website, you can understand the market for SSL accelerators.
Along these same lines are XML accelerators that are beginning to appear on
the market. These devices are designed to manage the growing volume of XML data
generated as web services increase in popularity.
Designing an e-commerce website that can scale from a modest introduction to
the almost unimaginable volume of traffic experienced by an international
Internet presence like Amazon.com is one of the most challenging tasks a
networking professional can encounter. Load balancers help
to solve one of those problems by carefully monitoring the status of the
individual servers and routing inbound traffic to the server most able to handle
Internet businesses with a worldwide presence must address the problem of
delivering their content to customers who may be a very long way away. One
way to handle this problem is to distribute copies of the content to servers
that are physically located around the globe and then directing incoming
customer requests to the closest server. Content cache devices like the
NetCache, from Network Appliance Company3, manage this
process by detecting changes in content and automating its distribution.
1 Cisco, the mother of all appliance vendors: http://www.cisco.com/
2 InfoWorld magazine just did a nice eval of edge
3 Network Appliance website: http://www.netapp.com