Sunday, September 16, 2007

Appliance partitioning without a hypervisor

The hypervisor is not an operating system replacement, its an operating system feature. Even VMware's ESX platform runs from within an operating system model. The Linux 2.6 kvm feature is a prime example of how a hypervisor can be easily and seamless integrated into the operating system. The kvm module gives the user the choice of running a hypervisor, to switch the feature on and off. This is in contrast to being told you have to run a hypervisor. I don't know about you, but I like having that choice, as not all applications need to run virtualized.

There are some folks that will completely disagree with me, try to tell you that the hypervisor is the death of the operating system. They should try Linux kvm, and then talk to the blade server people. Blade servers, remember when they first came out? The 1U rack mount server was dead, eh wait. Eh no, the 1U rack mount server is still here, yet all those vendors bounced up and down trying to convince you otherwise. Those marketing folks probably need to tone down the sugar content of their coffee! :)

A lot of customers looking at virtual appliances, really just want application partitioning. They want to be able to run DNS, SMTP, IMAPD and perhaps HTTP/HTTPS on a pair of really powerful servers, without worrying that SMTP might take the rest down. The reason for this might be that their needs are small enough, or they want high availability but don't want to invest in racks of servers. Perhaps they are using co-location and have limited space on their budget. It is this scenario where the marketing people are saying virtualization == security, when in reality thats not the case. What they really mean is that virtualization is providing application partitioning, and providing the advantage of securing those applications from each other. If you setup SMTP badly on a virtual appliance, its still going to be at risk.

So in reality, these customers don't actually want virtualization. What they want is a multi-role appliance with each appliance module partitioned from each other. This is what AppOS does, and has done since 2003. They want multi-role appliance partitioning but they think they want virtualization. You can get this with virtualization, but you can also get it with AppOS without the virtualization overhead. AppOS however, gives you the choice of running the solution in either mode. In the end, customers like flexibility and choice!

No comments: