The first time I heard of a VMware virtual appliance was in 2006. Until that time, we approached each virtual machine...
as a complete and generic instance of an operating system that had to be created and tuned to the needs of your applications. Then you had to install the application itself into the virtual machine.
A VMware virtual appliance eliminates all of that by offering a virtual machine (VM) that is preconfigured with just enough of an operating system and the required application and its dependencies. Just download the VM, put it on your host and power on. Only a few items need to be configured, such as an IP address, a password and of course, the settings of the application itself.
Why a VMware virtual appliance is good
The use of virtual appliances has picked up since 2006. More and more applications -- especially ones from VMware -- have been made available as virtual appliances. And even better: Some applications by VMware are available only as appliances, such as Horizon Workspace. Why is that better? Because it simplifies the setup of complex systems. It saves administrators a lot of time when they don't have to worry about the enormous list of dependencies and configuration items that are sometimes required for applications.
Looking at Horizon Workspace, if it were a regular Windows-based installation, our setup list would contain multiple Windows servers, database server, Web servers, identity providers and file sharing -- each with its own specific configuration and dependencies. Compare this to the bundle of five appliances that are deployed in one process in under an hour, and the benefits are clear.
You might say that it's not a big deal to install all the components. But what about the problems that you run into during installation? What about dependencies that conflict or steps that are not documented fully or not properly interpreted? The Internet is full of forum posts by administrators asking for help when they're setting up applications on servers. An appliance eliminates those problems because everything has been prepared by the vendor.
The problem with virtual appliances today
Does that mean that there are no drawbacks? Absolutely not. There are always things to worry about, and there is also room for improvement.
First, we need more consistency. All the virtual appliances VMware offers come with default user names such as root or admin, and with a range of default passwords such as vmware, default or changeme. In a few of the newer appliances, this has changed, and you will need to provide a password in the OVF deployment wizard.
This is a good approach, VMware. Now if only all your virtual appliance builders follow the same rules.
Virtual appliance management needs conformity
Another inconsistency is the management port for the VMs, but VMware is on the right track. Most appliances can be managed via a Web browser on port 5480. But there are a few exceptions, such as the vSphere Data Protection appliance. However, when you boot an appliance, it tells you where to go to manage it.
We need dashboard to be in the driver's seat
The biggest challenge with virtual appliances in the near future will be manageability. Administering all the machines with their individual consoles and configuration webpages will become a problem when you deploy a large number of them. A central dashboard for managing appliances would be a good idea -- not only to have a good inventory of the machines and to be able to configure the settings from a consistent central location, but also to create a consistent configuration of all the VMs.
Appliances should use the same time server -- or not: It all depends on what you want to configure. A handy feature would let us change the password for all appliances from one location. Another helpful capability would be a way to check the status, version and health of the appliances.
Centralized configuration is also important from the security aspect. We might decide we need a firewall inside the appliances and want to enable it from a central location. Or we need to make sure some services are disabled on all appliances. For all such issues, a virtual appliance dashboard would be very welcome.
Virtual appliance also comes packaged with security concerns
A key difference when you're deploying virtual appliances compared to installing your own operating system and applications is that you don't really know what is inside the appliance. Which components have been installed? Which services are running? Are those services protected by a firewall? Are the latest patches for vulnerabilities installed?
Answers to these types of questions are important in determining whether you are still compliant when you deploy appliances. With a dashboard, this information could be available in a central location. Organizations want not only to know whether there are security or compliance issues, but also to be able to address those issues, preferable from a centralized location.
More appliances, please
VMware is on the right track with its appliance strategy, but some consistency would be much appreciated. Once that is taken care of, VMware hopefully will provide even more appliances. How nice would it be if an Update Manager appliance eliminated the need for a Windows server when you already have the Linux-based vCenter appliance? And how nice would it be if a VMware View deployment could be created with just a few appliances instead of having to install Windows servers with the needed applications and databases?