Best Practices for Selecting and Managing Enterprise Application Appliances
Three features that should guide your choice of an application appliance.
by Jeff Hudgins
Many enterprise applications have a reputation for being expensive to develop, deploy, and maintain. This was certainly true of first-generation, custom-built enterprise applications, which were typically developed in house or outsourced to programmers. Once deployed, these applications often took on a life of their own and required tremendous resources to maintain and upgrade. As these homegrown applications and the ecosystem on which they ran increased in complexity, they grew to become IT’s Achilles heel. Legacy networks were ill-equipped to handle the I/O load and efficiently manage the storage requirements needed to scale as new business requirements emerged.
Second-generation enterprise applications came to the market as IT organizations sought to reduce the the downtime legacy applications imposed. Software vendors provided ready-made “packaged” application software that had low development costs and ran more efficiently, which helped to reduce application downtime. However, IT managers quickly found that they were adding both cost and complexity to deployment and maintenance.
Packaged applications seldom came network-ready. Instead, extensive customization and tuning was required to tune the application for a specific business, which increased costs and slowed application deployment. Enterprises found that packaged applications shifted costs from development to daily operation and maintenance, then watched as the operations and and maintenance costs surpassed the original system’s total cost.
To curtail rising maintenance costs, software vendors began deploying applications on preconfigured, general-purpose servers, often called white boxes. Application server deployments allowed enterprises to better align and balance IT resources and ease deployment costs while producing an ecosystem that delivered greater business value. The first application server deployments succeeded in reducing the costs but posed new challenges for IT managers and software vendors.
The industry’s first application white boxes were open servers, meaning enterprise IT personnel could access the application and OS layers, customize performance, and add functionality. Open servers allowed application drivers, patches, and a host of other software components to change without the software vendor’s knowledge. The problem then was change control and transformation management, which, over time, reduced server performance, availability, efficiency, and security.
Many application vendors have turned to the appliance deployment model to overcome these challenges and meet the needs of the highly managed enterprise head-on. Appliances are application platforms with a “locked-down” OS and application foundation, protected from the inadvertent or malicious tinkering that became so problematic in the open-server model. Purpose-built appliances, customized and tailored to the application itself, require little or no performance tuning. They are optimized to “plug and play” with existing environments, interoperate seamlessly with existing infrastructures and deliver value almost immediately.
The locked-down appliance solved a major problem but introduced another: delivery and monitoring of patches and updates became a challenge. Appliance users need a means to update, track, report, and analyze changes quickly and easily, especially in highly regulated industries. Many industries are forced to adopt risk management within an IT ecosystem, a practice that requires consistent and highly repeatable ways to identify, quantify, and manage enterprise controls. The question is: how do you best incorporate an appliance into a highly managed IT network?
In determining the best way to select an appliance for such a network, enterprises should look for three things. First, it is critical that the solution is secure and that it offers a locked down, minimized OS. Second, an appliance should be easy to deploy and maintain, offering automatic updates and integrating health monitoring capabilities. Lastly, an appliance ought to be simple to manage and provide built-in central management and disaster recovery. When engaging an application vendor, enterprise IT managers should ask if these features are offered with the appliance. Below, we will explain why these features are so important.
Secure the Solution
Enterprises must ensure that all appliances have undergone a rigorous OS hardening process to reduce the operating system footprint. This enhances the post-deployment performance and reduces the vulnerability exposure of the appliance and its resident network. Both Windows and Linux OS packages should be hardened to provide a highly optimized instance.
From an economic standpoint, OS hardening will reduce the lifelong operating and maintenance cost of an appliance since the paired-down OS requires fewer processor and memory resources, which will subsequently reduce energy consumption and increase the efficiency of the appliance. In this manner, OS hardening allows for a “greener” appliance, which supports an enterprise’s green IT initiatives.
To avoid incidental tampering or the malicious corruption of an application platform and its underlying OS, enterprises must deploy appliances that are locked down. Users must structure, assign, and regulate access privileges to eliminate coincidental alterations. This approach helps to ensure that the appliance functions predictably throughout its life cycle and is not subject to random changes that often cause the applications to experience runtime errors and fail in business-critical situations. In cases where problems may occur, knowing that the appliance is “locked down” helps to focus the troubleshooting and repair process because the software vendor and IT team know inherently that the issue is not caused by an uncontrolled change.
Easy to Deploy and Maintain
Appliances that deliver today’s critical business services must be adaptive. Take, for example, the new breed of security information and event management (SIEM) services delivered by appliances. As new threats emerge daily, security appliances must be able to identify, correlate, and react quickly. Appliances that feature automated update services and can deliver updates, patches, and other upgrades to field-deployed appliances are true chameleons. Human intervention is minimized.
The end-user benefits of automating updates quickly multiply if the appliance is able to self-manage OS upgrades and application layers. This eliminates the need for CD installments and technician assistance. The better appliances include a secure phone-home feature for delivering manifests and patches, while some are even capable of updating dark sites by pushing compressed and encrypted updates.
Data-center-centric enterprises and IT operations should consider appliances that feature some form of remote health monitoring that integrates with the network management system. Such appliances are able to audit -- either continuously or on queue -- the operational condition of core appliance elements, such as CPUs, power supplies, and disk drives.
When out-of-tolerance conditions occur, the appliance calls out a warning via common network management protocols. Software vendors can use this notification to generate a service request prior to a catastrophic hardware or software malfunction. At a minimum, applications deployed on a health-enabled appliance can offer a level of failsafe operation that others cannot.
The back-up process in early generation networks was manually intensive, but newer technologies have made back-up a lot more intelligent and automated. When something goes wrong during a patch upload, advanced appliances can automatically capture, save and, in some cases, export the last known good state prior to a new driver installment or a patch/update. By doing so, IT can easily roll back to operationally good conditions, thereby safeguarding the enterprise against unexpected outages and allowing time for more deliberate diagnostics.
To make the most of these and other features, IT centers should make certain that some form of centralized management system is employed. Enterprises can achieve optimum cost savings when a full-featured element manager is used to control the appliance. In fact, some application vendors can centrally manage both the software and the appliance on which it resides. This allows the IT staff to offload the cost and complexity of managing an open server. A comprehensive element manager should contain the access, control and functional tools required to automatically and remotely manage appliances deployed throughout the network.
Jeff Hudgins is vice president of marketing at NEI. You can reach the author at firstname.lastname@example.org