Here’s a new thought on a known aspect of appliances. Appliances, being purpose-built for a single task, are usually simpler to configure and maintain than a generic compute server. Virtual appliances (1) are easier to deploy but (2) in some cases may have a reduced performance profile because, well, they aren’t on dedicated network hardware.* Making lemonade out of any performance hit may simplify and reduce interdependencies in your network. Instead of one complicated config file on your firewall with all application traffic flowing through it, just fire up one virtual firewall per app and configure your network accordingly. There are both commercial and open source firewalls in the Virtual Appliance Marketplace, most with a very small footprint.
None of these will run as fast in a vm as they will in an engineered hardware appliance, where they could conceivably achieve wire speed of 100 mbps or even 1 gbps, instead of a vm’s more typical 25-50 mbps. But then again, it’s rare that most applications ever see that much demand for their services — under 20 mbps is more typical. In fact, there are cases where the traffic from many applications are forced through a single hardware appliance “because it’s there,” when a more logical network topology would separate the traffic and give each application its own appliance. For example, firewalls sometimes have extremely complex configurations because they manage security for many different applications in a single box, when they could be more easily managed with one firewall per application. Disaggregate the traffic and you may reduce complexity and configuration errors, while lowering the traffic rates to levels more suitable for a virtual appliance. As cores become more numerous in servers, it may become more appealing to use them for network functions, replacing hardware and cabling with software.