Ingram Micro New Zealand

Ingram Micro helps businesses fully realize the promise of technology™—helping them maximize the value of the technology that they make, sell or use. With its vast global infrastructure and focus on cloud, mobility, supply chain and technology solutions, Ingram Micro enables business partners to operate more efficiently and successfully in the markets they serve.

No other company delivers as broad and deep a spectrum of technology and supply chain services to businesses around the world. Founded in 1979, Ingram Micro’s role as a leader and innovator in technology and supply chain services has fueled its rise to the 69th ranked corporation in the FORTUNE 500®
Learn more

Menu
Physical or Virtual Firewall: What fits best for your environment?

Physical or Virtual Firewall: What fits best for your environment?

Infrastructure, security and network experts say the rise of virtualisation has most affected the way they design, protect and operate the systems that businesses depend on. Today, both physical and virtualised systems can coexist or be part of a strategy allowing service providers and system integrators to develop solutions that meet customer needs.

Infrastructure, security and network experts say the rise of virtualisation has most affected the way they design, protect and operate the systems that businesses depend on. Today, both physical and virtualised systems can coexist or be part of a strategy allowing service providers and system integrators to develop solutions that meet customer needs.

However, some security practitioners argue security appliances should only run on their own hardware so that they are isolated from vulnerabilities potentially affecting hypervisors or business programs sharing the same hardware as a security application.


Why go virtual?

When you consider the functionality of a virtualised security appliance such as a firewall or intrusion detection system, it is easier – and often more cost effective – to deploy multiple instances of the security appliance.

If you need to run a disaster recovery or secondary business continuity environment, the software can be installed on a virtual machine that is only activated when needed. Then you only pay licensing costs on the number of active instances of the security software which means while secondary environments are ready for action they aren’t attracting licensing fees for software that is not active.

If you have already invested heavily in building a virtualised environment, you may prefer to leverage that infrastructure rather than adding bespoke equipment to the mix. Many security applications can operate at acceptable performance levels on commodity hardware although it's not always the best solution for production environments. 

Virtualised environments also benefit from easier scalability as more appliances can be added quickly without more hardware. And the deployment of new security services can be automated for added efficiency. 

 

Competitive advantage of Physical appliance over Virtual

Despite the attractions of virtualised infrastructure there are cases where bespoke hardware is preferable. For example, many security-related activities work best on optimised hardware. While commodity computers can perform some tasks well, it may not be the case with more complex operations such as content inspection, decryption and virtual private networks. This is because purpose-built security appliances use custom chips and architectures that are optimised for specific workloads.

As security appliances are designed to be hardened (reducing the surface of vulnerability), issues such as privilege escalation are less likely to present a risk. However, some virtualisation software, such as a firewall, presents an attractive target to threat actors. If a hypervisor running security is attacked and breached hackers have an entry point to the business.

However, when security appliances are run on their own hardware, they can be controlled so inbound and outbound traffic is monitored and limited, If there is a breach elsewhere on the network, the likelihood of the security appliance also being compromised is reduced.

 

Why can't you have both?

There's a strong case for operating a hybrid security infrastructure that includes both physical and virtual systems. 

For example, low intensity tasks can be executed on commodity hardware in a virtualised environment while other tasks that are best executed on bespoke hardware can be deployed on specific appliances. 

When putting together disaster recovery and business continuity solutions, it may be advisable to run the primary system on optimised security appliances with backup systems installed, configured and ready to run on virtualised environments operating either in the cloud or on premises at secondary sites.

For growing businesses, a virtualised solution can make sense as it provides an easy upgrade path to purpose-made hardware. Assuming the business already has hardware capable of running virtualised services, products such as Fortinet's Virtual Next generation Firewall can be installed on a virtual server.

When the business grows and requires an appliance to keep up with changing needs, there is an easy upgrade path that allows the business to migrate its firewall rules and configuration easily to the new appliance. 

It also means skills and expertise built up within the business still be leveraged. 

In larger businesses, where there is a main office that supports smaller satellite workplaces, often use dedicated security appliances at the core with virtualised systems in the smaller offices. 

Service providers can also offer virtualised services to customers, providing an option to access security services within their hosted virtual environments. 

For service providers and technology professionals, the rise of the virtual machine has delivered many benefits. But the security business has been more conservative in its adoption. There are many opportunities where virtualised security appliances can either complement physical appliances or offer a cost effective way to support the security needs of specific clients. 

Contact Ingram Micro to find out more.



Read more from Ingram Micro:


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments