Plug and play

Network appliances help ease major changes to the system

Related Links

Network applications

Network appliances

What is it?

'Network appliance' is one of those nebulous terms that can cover a wide variety of products but, as used in this guide, it refers to specialized hardware/software combinations used to expand the capabilities or capacity of a network. It may provide network management, e-mail, security or other capabilities, but the unifying theme is that these are generally complete units with a balance of hardware components closely matching the requirements of the installed software.

A network appliance also is likely to have its own management tools installed and may rely on a direct vendor connection for routine maintenance and support. Of course, it is also a 'black box,' and a defective unit can be swapped out if necessary.

Why do you need it?

One big selling point of a network appliance is that it is intended to be plug-and-play, that is, you just connect it, turn it on and it should be ready to do its job. In the security area, an appliance may block malware before it enters the main network and therefore provide improved security. Not only can an appliance's hardware and software combination take some of the load off existing hardware, it can also better integrate various security tools such as antivirus and anti-spam filters, meaning there will be less redundancy and hence a lower overall processing load and improved performance.

Domain name system and IP address management also have become serious problems for larger networks, and there is a trend to move from software to a dedicated appliance for this network task.

An important budget consideration in adding any network appliance, as opposed to taking a software approach, is whether the appliance can extend the life of existing hardware components by moving a significant portion of server workload to a new piece of hardware.

Finally, a strong selling point for many network appliances is that they bring various tools together into a single network component where they can be managed and upgraded by the vendor, relieving administrators of some of their responsibility for maintaining the network, and especially for installing upgrades across an entire network.

Must-Know Info?

As with any change to a complex network, a network appliance will affect overall performance and the load placed on various existing components'the good news is that, in the case of a network appliance, this
effect is almost always good, reducing the load on other parts of the network.

While any change in a delicately balanced network can be problematic, the consequences of reducing the load on the existing components certainly are easier to deal with than problems caused by increasing the load.

Probably the most important task today for a network appliance is in the area of e-mail management.

Nothing is more essential for many offices, or more difficult for IT to manage, than the ever-growing volume of junk e-mail.

General security tasks also are a vital network job that is well suited to the use of a network appliance. In fact, no other network tasks are better suited for a separate, integrated piece of hardware and software to manage than e-mail and security-related tasks.

Not only do software-only solutions place high demands on the network's existing
processing capability, they also require the sort of constant upgrades and management best left to vendors specializing in the security area.

Traffic management, especially application optimization over wireless or Internet connections (something new for many established networks), is another network task that is ideally suited to a so-called network appliance.

In addition to reduced management requirements and lowered network loads, many appliances also are less expensive than separate hardware and software solutions; this is especially true for firewalls.

CALIFORNIAN: The Infoblox 1050 DNS management tool runs on a Nios operating system and can handle 12,000 DNS queries per second.

Canadian: BlueCat Networks' Meridius 1000 e-mail gateway offers enterprise protection against spam and viruses for $9,995.

Networks are the lifeblood of all information technology these days and, by definition, form a critical part of the infrastructure of all agencies'not just the 'IT' infrastructure.

Without a working network, most agency activity would quickly grind to a complete halt.

Designing a network from scratch is difficult, and building one on the go'expanding capacity and adding features while continuing to support users, as most agencies are forced to do'is even more difficult.

Unfortunately, even when you get everything working just right, you aren't finished. You can't just build a network and walk away from it. A network is a growing'almost living'thing that, in addition to the usual maintenance upgrades, must also expand and adapt to handle new tasks that may not have even existed when the network was initially planned.

But networks are highly complex, and a good one probably will include dozens, if not hundreds, of compromises, resulting in a balance of storage capacity, security, ease of management and performance.

This isn't just a question of budgetary considerations'you simply can't have everything optimized. Some compromises are essential just to get a network operating and, when you factor in the inevitable budget concerns, it turns out that acceptable performance on many networks depends on a delicate balancing act.

This is because any additional processing load added to the network can have serious performance consequences for the network as a whole.

Any significant alterations to the basic architecture of the network can easily require major changes in the way it is managed and supported. They also can have a ripple effect on the network, triggering a need for upgrades all along the line to keep the system performing smoothly.

Therefore, any administrator with a good, solid network already in place would prefer to incorporate additional features or capacity in a way that requires as little extra support as possible.

The best way to add new features or expand capacity is by adding self-contained black boxes to the existing network.

Out of the box

That is exactly what a network appliance is: a device with its own software, preconfigured by the vendor as much as possible.

You will probably have to run a small installation routine, and almost certainly there will be some last-minute updates that must be downloaded (especially for security tools), but essentially a network appliance should be nearly ready to run right out of the box.

It's almost like the network equivalent of a PC Plug and Play.

Realistically, adding new network hardware is seldom as simple as just plugging it in and turning it on.

There always will be some need to make adjustments in the rest of the network as well as the new device, especially if the appliance is replacing some existing tools such as a software firewall, anti-spam, or antivirus program.

But still, it is much easier to get a network appliance than adding similar software features to existing network hardware or assembling equivalent hardware and software from scratch.
The most obvious use for a network appliance is in the security or e-mail area'for example, a network moving from a very low e-mail volume to a potentially very large volume.

Traffic volume may be increasing because your agency now is publicizing e-mail contact information or experiencing a surge of messages from citizens who have found your URL through the portal.

Or you may just be experiencing the normal growth of e-mail volume and the concomitant increase in spam and malware. It is even possible that your agency, or some individual working there, may have the misfortune of being specifically targeted by spammers or hackers.

Whatever the scenario, a network that was handling file sharing, database access, printing and other office tasks has to add powerful security tools to protect the data from Internet predators or even wireless attacks.

As a result, something has to be done to manage an ever-increasing number of
e-mail messages. And the thought of adding new security tools and e-mail management software to a smoothly running network is enough to make any network administrator consider early retirement.

Fortunately, there is another answer'add an e-mail or security appliance that comes complete with preconfigured applications, carries all its own management tools, and is ready to update virus signatures, spam lists and other essential security-related databases directly from the vendor.

Such an integrated appliance may be ready to run within minutes of being powered up and will almost certainly come with tightly integrated and presumably nonconflicting tools.

Among other advantages, a network appliance has its own memory, storage and processor power, which means it should put little or no additional load on what are probably already stressed network servers.

In fact, if the appliance is replacing filtering or other tools that already exist on the network, then adding the appliance will actually reduce the load on existing components, improving performance and probably extending the life of some marginal components.

Another plus is that this configuration offers the option of simply disconnecting the appliance to revert your network to a previous state if you encounter problems.

John McCormick is a freelance writer and computer consultant. E-mail him at

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group