Hardware Appliances: Anathema to SOA?

SOA promises to bring increased agility to business, but it seems that there is a philosophical conflict between purpose-built hardware appliances and the design principles around SOA. Typically, hardware appliances have been used as XML Firewalls or Web Services Security gateways to provide trust enablement, authentication, perimeter defense, and XML acceleration functions to a partner B2B scenario. The problem here is that providing this in a "mysterious black box" seems odd to me.

In particular, we can break down the concept of SOA Agility into four components: Network Performance Agility, Business Processing Agility, Development Agility, and Security Agility.

Network performance agility is the ability of the network infrastructure to closely match the necessary architecture for the deployed services. Business processing agility is the capability of the services to match the business mediation or required business processes. Development agility is the capability of the SOA infrastructure to support a distributed development team across geographic boundaries (typical of modern enterprises), and finally, security agility is the capability of the infrastructure to support changing security standards, evolving threats, and an "open" process for security analysis.

It seems that purpose built appliances from companies like Vordel or IBM DataPower represent an opposing force for each one of these SOA Agility areas. We can summarize SOA Agility, its aspects, and how hardware appliances seem opposed to SOA Agility in the following table:

RequirementHardware ApplianceExplanation
Network Performance AgilityXFixed NIC ports - supporting larger networks means buying more proprietary appliances. High Data center Costs - High TPS/Watt Usage over general purpose servers. Low Reusability Potential - Old appliances must be discarded or returned to the vendor, unlike general purpose servers which can be reused. Lack of Virtualization - Appliances have no capability to take part in data center efficiencies achieved through virtualization.
Business Processing AgilityXNon-extensible - Impossible to add custom business processing on the appliance without a new feature request or vendor upgrade (possible hardware upgrade). Lagging Standards Support - Keeping up with all of the latest standards requires a full-cycle hardware upgrade
Development AgilityXHigh Development Costs - Distributed development teams require additional high cost (generally $50K - $60K) appliances just for application development. The cost of the appliance approximates the cost for the developer! Serialized Development - Due to their high cost, development teams must often share a small number of appliances, cutting down efficiencies for business agility
Security AgilityX Guaranteed Standards Lag - Latest security standards on hardware must wait for a full-cycle upgrade. Guaranteed O/S Security Lag - New security vulnerabilities in the underlying O/S actually running the appliance mean the customer must rely on the vendor for a patch. Inflexible Security Model - Additional monitoring, security and maangement software can't be added to the hardware appliance due to its "closed" nature. Security by Obscurity - Because appliances are proprietary black boxes its often not clear how security policies such as key management or user accounts are really handled. Did the vendor put in a back-door for management or support purposes? Who knows?

Rather than a hardware appliance, why not just achieve the same thing with specially optimized software that supports SOA agility?

Posted by Blake Dournaee on 11:46 AM


WMUD962P said...

Wow, Fantastic article, it’s so helpful to me, and your blog is very good,


About Me

My photo
I have been working in the XML/SOA and security space for about 10 years. I currently work at Intel Corporation in their software group. I wrote the first book on XML Security and am a co-author of SOA Demystified from Intel Press. My interests are an eclectic mix of computing, security, business, technology and philosophy