Products like DataPower (acquired by IBM), Reactivity (acquired by Cisco), Sarvega (acquired by Intel) and Layer7 have already made greater in-roads in terms of enterprise usage.
What are the real advantages of using these appliances? Since I have been exposed to DataPower, I can list them below:
- Security - especially for internet facing applications. Handles DOS attacks, XML and XSL threats at wire-speeds. Supports WS-Security, SAML and LDAP. It also provides fine-grained access control.
- Hardware based acceleration - Since SSL is, highly resource intensive, regular web servers like Apache or IIS can't handle large volumes of SSL connections. Datapower comes with an SSL accelerator and can easily handle large volumes. Datapower also compiles XSL stylesheets and runs the compiled code on hardware which gives it dramatic performance.
- Multi-protocol gateway - The X150, integration appliance from Datapower is a high-end version which includes multi-protocol gateway features besides security and routing capabilities. The multi-protocol gateway can talk multiple protocols (MQ, TIBCO EMS, FTP, HTTP, ODBC, SOAP based web services etc) and can act as an integration broker. The input and output can be text or binary and handles many data formats (XML, SOAP, Cobol copybook, SWIFT, EDI etc).
- Firewalls and Proxies - XML firewalls and web serivce proxies can be configured easily to achieve service virtualization.
I haven't learned much about the drawbacks of these appliances, although I can list a few, I would like others who have used these appliances to post some.
The drawbacks, atleast for Datapower, are as follows:
- Cost - X150 sells at $75,000 a piece. If the applications are primarily intranet based, one has to really justify the ROI on this piece of hardware.
- Machine limitations - If the anticipated load increases (heavy concurrent usage, in a shared environment) the machine might be overloaded and will be subjected to CPU and memory limitations. The appliances themselves run on a very lightweight OS (usually Linux based).
- No state and transaction management. The appliances, as of now, can't handle state and can't co-ordinate transactions (global). This may change in the future though and it might even threaten the existence of JEE servers.
- Difficult to pin-point bugs and may end up as a firmware upgrade, which might take a long time. I happen to remember an issue we faced with DNS resolution and it took several weeks for us to come up with a workaround, let alone a fix.
- Messaging support is not clean (i.e you don't find all the features of JMS as a sender and a consumer) and is limited. So one should be vary of using messaging support and should be done on a case-by-case basis.