Let’s Virtualize Email Security!

Virtualization. Virtual Machine. Virtual Appliance. We keep on hearing these words over and over: they’ve been a recurring topic for a few years now. And it’s growing to the point where the Microsoft vs. Google fight now has a new contender: Microsoft vs. VMware⁽¹⁾.

So, what’s all the buzz about?

Lets take a typical SMB as an example.  The IT department most likely manages a series of services: Exchange, Active Directory, file sharing, web, FTP, firewall, email security, SQL databases, financial tools, support ticket system, knowledge base, marketing and sales CRM. Most of these services run on independent hardware servers. And with computer performance today, each of these physical servers is probably at least a Dual core 2+ Ghz with 4-8 GB RAM and a 250 GB hard disk (okay, you can still get a low-end Celeron 1.6 Ghz if you search hard). Add the redundant and backup plans, and you get a 5 to 20-server farm with several TB of additional storage for backups.  Upgrade and maintenance time and costs are directly proportional to the number of servers, and growing. And the worst part is: all these services don’t use more than 10% of the server farms resources. Totally overkill.

On the subway this morning, I overheard two IT managers talking about virtualization. One of them mentioned reducing his infrastructure from 50 servers to 6. He also said this contributed to lowering the ambient temperature by a significant amount, and allowed him to easily deploy some of his servers in various stages: prod, pre-prod, development.

That’s what this is about! Reducing your IT costs through optimization of resource utilization:

• – Regroup various servers and services into a single powerful hardware server with several VMs sharing the same physical resources
• – Scale your VMs up and down according to their resource requirements, company headcount, email volume
• – Reduce the number of hardware servers and thus reduce costs: electricity bills (power, cooling), rack and floor space, maintenance and upgrades (parts, labor)
• – Improve the turnaround: a new VM can be up and running within minutes, whereas a physical server takes hours or even days to setup
• – Streamline your software and security update processes since each VM runs as an independent server: installing the latest Windows patches or upgrading to IIS 7 on your web server VM will have no effect on your email security VM
• – Simplify backup and recovery plans
• – Increase security with independent VMs and an invisible host OS: each VM has its own service, a security breach in one service/VM doesn’t carry over to the other services/VMs and each service VM has less potential security risks than a single machine with multiple services.

And how does that apply to email security? Read the points above again. They all apply to email security gateways. They need to be able to scale up (or down) along your organizations headcount or email volume. They need backup and redundancy plans, streamlined update processes to maximize reliability, they need to be secure.

Why would you pay $5 to 20k for a hardware anti-spam appliance when you already have all the necessary computing power and resources in that rack full of barely utilized servers? (Many email security vendors are just pushing closed hardware with open-source inside). Instead of wasting that money for hardware you already have, you could get the top of the line email security software installed on a VM and expert support assistance to get things rolling smoothly.

Even server migration has become a well known and documented procedure. Tools already exist to convert a physical server into a virtual server.

What’s your experience? I’d love to hear about it because seriously, I can only think about good things when I think about virtualization.  Care to share?

• (1) http://www.nytimes.com/2009/08/31/technology/business-computing/31virtual.html