Disaster Recovery for Network security devices uisng Virtualization

Network security appliance running as a Virtual appliance on a dedicated physical machine has many advantages. One advantage is LAN Bypass functionality.

Another advantage of Virtualization in network security appliances is clearly seen in Disaster recovery and Business continuity scenarios (DR/BC).

Every network component including network security devices msut be considered in Disaster Recovery (DR) planning. There are two key concepts used in DR world - Recovery Point Objective (RPO) and Recovery Time Objective (RTO). They are not self explanatory. If you are confused by those terms, you are not alone. RPO is the amount of time between last backup/replication point and failure point. RTO is the time between failure and recovery. DR efficiency is typically measured by RPO and RTO. Lesser values indicate better DR efficiency.

There are multiple approaches to achieve DR/BC. Selection of an approach is typically evaluated based on business requirements. Products are selected based on the approach chosen by businesses. Some of the approaches, typically used, in physical security appliances are

• Backup and Restore : Security appliances provide facility for administrators to take backup of the configuration. They also provide facility to restore the previously backed configuration. Since configuration change is done by administrator, he/she can take backup immediately, there by making RPO value 0. When there is any disaster, recovery involves getting new appliance and restoring the configuration. RTO is directly depends on the amount of time it takes to get the new appliance. It could be days to a week. It is also possible that the vendor may not be selling those appliances. In those cases recovery involves buying new product and doing fresh configuration. In these cases, it can take even more time for complete recovery.
• Replication: Replication is similar to Backup, but replication typically happens without user intervention. In security appliances, replication approach may not provide any added advantage as configuration is only thing that needs to be kept in safe place. Typically configuration is done by administrator. So, providing manual option of taking backup and putting in a safe place is good enough. Replication require duplicate setup in a safe place and it is expensive. There is no doubt that replication is needed for business Servers, where the content keeps changing with the time and the content is very important. Think of merchant applications where the ordering information is critical. Even in security appliances too, if log messages are important for business, then replication method can be applied to log database.
  

As discussed above, network security appliance recovery might involve procuring new box. Many complications can come in play. Security vendor might have 'End Of Life'ed the product with newer hardware/software. Security vendor company might have closed the shop. Security vendor might have updated the product with newer firmware. In all these cases, the saved configuration might not be useful. It may require procuring newer product and reconfiguration of the product from scratch. This increases the recovery time.

Network security appliance as a VA running on standard hardware eliminates above problems and makes RTO very small.

VMWare/Xen technology allows backing up the complete VA. VA includes OS, security application and configuration. VA can be backed up at the safe place. Disaster recovery involves:

• Procuring generic hardware (PC based hardware normally).
• Getting VA from secure place.
• Bringing up.

Summary: Network security VA provides one DR/BC advantage over physical security appliance.