Patrick Grey is here at VMworld and wonders if the vendors of virtual appliances will maintain and patch their OS, and if the ease of use of creating virtual appliances will lead to a spate of amateur, unmaintained appliances. I’m not sure this is any different than hardware appliances — the vendor simply has to commit to security updates to be a production-ready solution.
Virtualisation a security nightmare? The jury’s out….
It’s a great idea. If you’re ordering some sort of web hosting package, it’ll take you ten minutes to configure it on a system running VMWare’s ESX server technology. And because the operating system is only tasked with running the one application, it’s light and pre-optimised for an application specific deployment: Think of the TiVO — its application runs on a lean Linux base.
But there are some potential security issues.
Releasing a hardware appliance is costly, and that acts as a barrier to market entry for smaller and less experienced companies. Now that VMWare is making the development of virtual appliances cheap, every Tom, Dick and Harry will make a play for the market. It’s great for innovation, but there’s a drawback: those same Toms, Dicks and Harrys will have to maintain the underlying OS, which in most cases is a customised Linux distro.