Application Deployment Featured Article

Deploying Next-Gen Appliances? Follow Rule No. 1: Use a Hardened, Secure Linux OS

November 02, 2009


With the buildout of new cloud application architectures and improved server-virtualization capabilities, enterprise software developers have many platform options on which to deliver their application.
But often times, these developers don’t know how their development choices impact these delivery methods. To address this issue, technology partners NEI and rPath teamed up to create the white paper “Top Five Considerations for Deploying Next-Gen Appliances.”  
“This white paper helps software developers and OEMs understand the subtle but important benefits of a hardened appliance,” said Peter Predella, director of marketing for NEI. “It explains why the return on investing some time to optimize the operating system is so significant.”
To start, OEMs and software developers in the market for next-gen appliances should consider the benefits of not choosing out-of-the-box solutions, and instead get back to basics: A hardened, secure Linux operating system has been stripped down to the bare minimum needed to run the application ensures security and performance. This, according to NEI and rPath, is a better alternative to out-of-the-box, or “bloated,” operating systems, which are slower and more open to security threats.
“We look at the appliance model as being very flexible way to deploy software where the OEM as a software vendor has more control over that deployment,” Mike Slatery, director of software development for NEI, told TMCnet. “The advantage that we see with the appliance around the hardened operating system is you’ve tuned it performance wise, you’ve minimized it, you’ve made it more secure, and so there’s less to keep up to date. By doing work up front, you’ve made your job post-deployment easier.”
The hardened, or stripped down, Linux OS contains what NEI and rPath call “Just Enough Operating System” or JeOS. The customized OS is built up from the “kernel,” resulting in an OS that accommodates each developer’s specific application, free of excess baggage in a commercial distribution. Having this smaller footprint means there’s less to keep updated and less drag than with a general-purpose OS.  
“In general, what you’re doing is planning around performance and what you really need,” Slatery told TMCnet.
Because it’s based on this bare-bones Linux OS structure, NEI’s appliance model can be tailored more easily when it comes time to construct the hardware that will serve as the basis for applications, according to the white paper.
“Just enough operating system – that’s really what you’re striving for. What that means is that the operating system that you require for your application to work and no more, Slattery told TMCnet. “The conventional approach is to take a general purpose OS and prune items you don’t need which is tedious and time consuming work seldom resulting in the smallest footprint possible. The alternative approach that we use is we begin with the smallest entity that you can, the kernel, and from there add only those packages that are required for that application to run. The result is the smallest footprint possible for the application to function properly”
This is the first article in a series addressing the most crucial considerations for deploying next-generation appliances.

Marisa Torrieri is a TMCnet Web editor, covering IP hardware and mobility, including IP phones, smartphones, fixed-mobile convergence and satellite technology. She also compiles and regularly contributes to TMCnet's gadgets and satellite e-Newsletters. To read more of Marisa's articles, please visit her columnist page.

Edited by Marisa Torrieri

Featured Case Study

UNICOM Engineering Helps Bandura®, a TechGuard Security® Company, Expand Globally
Bandura® is a wholly owned subsidiary of Techguard Security®, which provides technologies and services that protect critical networks from cyber attack. Its flagship product, developed by TechGuard, is the PoliWall® appliance, a hardware device that sits between firewalls and edge routers to stop threats at the network edge by blockingmalicious traffic...

Featured Webinars

Featured Datasheets

S-1600 R3 High Reliability, Single CPU Systems
UNICOM Engineering’s S-1600 R3 offers high-reliability in a single CPU package...

E-1800 R3 - High-Reliability, Medium-Density Communications Systemss
UNICOM Engineering’s E-1800 R3 communications appliance delivers the industry’s best combination of high-performance and high-reliability for medium density applications...

N-2500 R5 - Next Generation Carrier-Class Application Platform
UNICOM Engineering’s N-2500 R5 Carrier Grade Server combines performance, ruggedness, reliability, and long life in a NEBS-3 and ETSI-compliant 2U chassis...

Popular Articles