Hardware Appliances: Anathema to SOA?
SOA promises to bring increased agility to business, but it seems that there is a philosophical conflict between purpose-built hardware appliances and the design principles around SOA. Typically, hardware appliances have been used as XML Firewalls or Web Services Security gateways to provide trust enablement, authentication, perimeter defense, and XML acceleration functions to a partner B2B scenario. The problem here is that providing this in a "mysterious black box" seems odd to me.
In particular, we can break down the concept of SOA Agility into four components: Network Performance Agility, Business Processing Agility, Development Agility, and Security Agility.
Network performance agility is the ability of the network infrastructure to closely match the necessary architecture for the deployed services. Business processing agility is the capability of the services to match the business mediation or required business processes. Development agility is the capability of the SOA infrastructure to support a distributed development team across geographic boundaries (typical of modern enterprises), and finally, security agility is the capability of the infrastructure to support changing security standards, evolving threats, and an "open" process for security analysis.
It seems that purpose built appliances from companies like Vordel or IBM DataPower represent an opposing force for each one of these SOA Agility areas. We can summarize SOA Agility, its aspects, and how hardware appliances seem opposed to SOA Agility in the following table:
Requirement | Hardware Appliance | Explanation |
Network Performance Agility | X | Fixed NIC ports - supporting larger networks means buying more proprietary appliances. High Data center Costs - High TPS/Watt Usage over general purpose servers. Low Reusability Potential - Old appliances must be discarded or returned to the vendor, unlike general purpose servers which can be reused. Lack of Virtualization - Appliances have no capability to take part in data center efficiencies achieved through virtualization. |
Business Processing Agility | X | Non-extensible - Impossible to add custom business processing on the appliance without a new feature request or vendor upgrade (possible hardware upgrade). Lagging Standards Support - Keeping up with all of the latest standards requires a full-cycle hardware upgrade |
Development Agility | X | High Development Costs - Distributed development teams require additional high cost (generally $50K - $60K) appliances just for application development. The cost of the appliance approximates the cost for the developer! Serialized Development - Due to their high cost, development teams must often share a small number of appliances, cutting down efficiencies for business agility |
Security Agility | X | Guaranteed Standards Lag - Latest security standards on hardware must wait for a full-cycle upgrade. Guaranteed O/S Security Lag - New security vulnerabilities in the underlying O/S actually running the appliance mean the customer must rely on the vendor for a patch. Inflexible Security Model - Additional monitoring, security and maangement software can't be added to the hardware appliance due to its "closed" nature. Security by Obscurity - Because appliances are proprietary black boxes its often not clear how security policies such as key management or user accounts are really handled. Did the vendor put in a back-door for management or support purposes? Who knows? |
Rather than a hardware appliance, why not just achieve the same thing with specially optimized software that supports SOA agility?