Home Virtual Firewalls, Load Balancing Appliances Offered as Cloud Services

Virtual Firewalls, Load Balancing Appliances Offered as Cloud Services

There’s a very rapidly emerging class of smaller cloud service providers whose business model is to lease cloud services to a handful of customers. Imagine a small-town CSP that provides infrastructure to local banks and businesses, and who’s close enough to its customer to shake hands. These smaller CSPs are leasing cloud services from larger, upstream providers and reselling them to their nucleus of customers. With a cloud service model – presumably – these new businesses only pay for the quantity of service they’ve already sold.

That’s an intriguing business model, and one you might even be considering for yourself. But if the cloud were made up entirely of compute power and storage, it would indeed be just that easy. There are network availability services to think about as well, and up until very recently these services could only be provided through appliances. This morning, an early-stage, Santa Clara-based startup called Embrane announced immediate availability of cloud-based, virtual network appliances: specifically, virtual firewalls and load balancers to which CSPs may subscribe without purchase.

These virtual appliances are being marketed under the brand name “Heleos” (which Embrane writes with a small “h,” and which is not to be confused with a Microsoft Research project named “Helios”).

“Embrane’s distributed virtual appliance architecture redefines the way network services can be delivered by cloud providers,” reads a white paper published by Embrane this morning. “By decoupling network services from the underlying server and VM infrastructure, DVAs enable greater agility and higher scalability. Conceptually, one can think of a DVA as a virtual chassis that is instantiated across Compute Units. The DVA mimics the design principles of a physical appliance, yet has no actual physical dependencies. To the outside world, the DVA behaves like a physical device with distinctly-addressable network interfaces, management interfaces and application programming interfaces. Administrators can dynamically expand or reduce DVA capacity in minutes and in a transparent fashion, without reconfiguring hosts or VMs, re-hosting customers, or impacting management systems.”

This diagram above, which depicts the components that make up a Heleos DVA, makes more sense if you can imagine that it does not depict devices that are physically connected to one another, but instead – like other classes of devices in the cloud – virtual services running on commercial, off-the-shelf (COTS) hardware whose links are made feasible through IP addresses. The two busses are separate IP routes within this dynamically defined network. The “in-band” bus handles user traffic, while “out-of-band” is reserved for management and control data. The little “CU” cubes here are all compute units, which are provisioned inside Embrane’s cloud and scaled according to variable customer demand.

Data Planes Dispatchers (DSPs, in the lower corners) advertise their IP addresses to outside services, and steer data flow into and out of the virtual appliances, over the data plane units (DPs). The Data Planes Manager (DPM, up top) distributes policy and configuration data for the other CUs in the appliance. What you’re seeing here is a kind of firewall or load balancer that can be constructed on-the-fly with these “virtual Legos,” if you will – these virtual machines that can reside on any physical server and run under any hypervisor.

So is this the blueprint for a future set of Embrane services? As an Embrane spokesperson told RWW this morning… not exactly. The two services that Embrane currently offers – virtual firewall for site-to-site IPsec VPNs and applications-optimized load balancers – were created to meet current customer demands, the spokesperson said. “A DVA is really a container, and Embrane services could be inside it, or third-party services could be inside it.”

However, Embrane does envision Heleos being utilized by CSPs to deliver more sophisticated and specialized services under their own branding.

“Embrane’s goal is to be a network services platform company, not a network services company,” the spokesperson added. Then this was thrown in: “However, if the demand is for Embrane to continue to build services, then they will.”

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.