Layer 7 Virtualizes its SOA Security Appliance

Web services security gateway vendor Layer 7 Technologies has launched a soft appliance version of its SecureSpan XML firewall, running under VMware Player, Server or ESX. SecureSpan was previously available only as a hardware appliance; this release is aimed both at simplifying SOA deployments and extending Layer 7's reach into smaller enterprises that can't justify dedicated appliances.

Layer 7 is not the first SOA security gateway vendor to release its product as a virtual appliance; Vordel has been doing the same since earlier this year. However, virtualization was a much less significant step for Vordel because its VS3000 was already available as software designed to run on standard server hardware. Indeed, the Vordel appliance is simply a blade server preloaded with the software and optimized to run it.

In Vordel's view, the main benefit of hardware over software is simply additional resources: The Vordel VS3000 appliance gives the software its own dedicated server, rather than having to share CPU cycles with unneeded OS services and, potentially, other software.

Layer 7's SecureSpan box is also based on a blade server, but unlike Vordel's VS3000 it contains dedicated XML acceleration silicon from Tarari, making it a close competitor to Cisco Systems' Reactivity and IBM's DataPower.

VMware can't emulate the Tarari chip, so Layer 7's road to virtualization been slightly lengthened. But its effort seems worthwhile—adapting SecureSpan to run without the custom chip means Layer 7 can also launch a non-virtualized software version of the product, able to run on commodity hardware and competing directly with products from Vordel and Xtradyne.As we said in our June 2007 analysis of SOA infrastructure, the performance overhead of virtualization means that a virtual appliance can't match the performance of a dedicated blade server, let alone one with custom XML silicon. Near term, this means virtualized offerings are more likely to be used for testing and integration, though improvements in hardware—in particular, new hardware-assisted virtualization from Intel and AMD—will gradually make them more practical for large production deployments.

Unlike Vordel and Xtradyne, Layer 7 also makes other XML appliances intended for use deeper within a SOA. These would have less value as virtual appliances, as their main selling point is hardware acceleration of functions that can also be performed by other software, such as ESBs and SOA management suites.

Andy Dornan is a senior technology editor for Network Computing. Write to him at [email protected].