Converged Infrastructure Implications for Email Security

What’s old is new again

Converged Infrastructure is a new name for a very old idea: getting compute, network, storage, and infrastructure management software in a fully integrated package, usually from a single vendor. In the old days, you bought minicomputer, mainframe or super computer infrastructure from a single vendor, be it IBM, Control Data, DEC, or Wang. The entire system was engineered to work together with a complete suite of software for managing the infrastructure. Interest in Converged Infrastructure solutions has been surging due to the demands of cloud computing.

Vendors like the Converged Infrastructure paradigm because it locks in customers on their solutions. No longer are IT buyers searching out best of breed infrastructure components from different vendors, and switching out commoditized components. Instead they are getting fully integrated suites from one vendor. Customers benefit from a superior management and orchestration software suite for the infrastructure that permits greater abstraction of the IT resources to a computing fabric suitable for cloud computing, where application workloads are managed, not servers.

Challenges to the dominant email security paradigm

The trend toward Converged Infrastructure has important implications for the email security IT infrastructure. Prior to the advent of cloud computing, the dominant paradigm for the delivery of email security infrastructure was the purpose-built email security appliance. This was a physical server with a pre-loaded software suite of email security applications including an MTA for routing email, anti-spam, anti-virus and possibly encryption. With the advent of cloud computing, in some cases, the infrastructure wxas migrated to a SaaS provider for Internet mail, however, there is still a place for an email security infrastructure for the management of internal email security. Once the data center is converted to a cloud computing paradigm on a Converged Infrastructure computing fabric, everything, including network addresses are now virtualized and potentially changeable, including the network topology. This makes the old paradigm for email security with physical appliances obsolete.

Enter the virtual appliance

The email security infrastructure must be virtualized along with everything else. Thus, the new paradigm is for virtualized appliances or enterprise software suites to implement email security. It is unlikely that enterprise software for email security will make a come-back after being displaced by email security appliances, because of the complexity, cost, and lack of vendors still in the business of email security enterprise software. Email security appliances displaced enterprise software because the software packages were costly to acquire and maintain, involved multiple vendors, and placed additional training burdens on IT staff. Appliances were a single vendor solution incorporating best-of-breed security software in an integrated package with lower training and maintenance requirements.

Virtual appliances bring the benefits of physical appliances: pre-integrated best-of-breed security software with a unified management infrastructure from a single vendor, but without the physical residence in the data center. The cloud now provides the compute infrastructure. Virtual appliances are managed like any application workload in a cloud. They are loaded into virtual machine containers and benefit from the entire underlying virtualization infrastructure for high availability and fault tolerance.

Remaining Challenges

There is one area where virtual email security appliances must adapt—adapting to network topology changes. Converged Infrastructure permits changes to the underlying network topology (as an enabler of cloud computing). Changes in network topology present a challenge to security infrastructure (an not just email security) that rely on IP addresses and network partitions to implement access to various applications and services. No vendor has yet integrated at the lowest level of the virtualization infrastructure to adapt to changes in network topology, but it is likely that vendors will eventually integrate to cloud infrastructure APIs to adapt automatically to those changes.

The Promise of Converged Infrastructure

Converged Infrastructure promises to bring an old paradigm to a new infrastructure that has the potential to bring new operational savings to the modern data center. Cloud computing permits the management of virtual workloads and rapid provisioning of resources for new applications. The virtual email appliance is a key component to the security infrastructure for the cloud and potentially will displace the previous email security paradigm of physical email security appliances.