-Specific Security Method #3 -- Security Blades"> Security Blades are internal embedded appliance systems in PCI card format with firewall & VPN software installed. One example is OminClusters SlotShield (Editors Note: the author of this story is Vice President and Chief Technical Officer of OmniCluster). Advantages:
For more information on the burgeoning server blade market, check out the list of articles at the recently-formed Server Blade Trade Association Website. Also, take a look at the Server Blade Summit Website.
- Security Blades are totally independent of the system that they protect as truly independent systems with their own CPU, RAM, and network interfaces. No dependence on the servers OS. No cycles are given up from server performance.
- May operate from Flash Disk, a disk connected to the IDE connector of the blade, or a portion of the host disk.
- They are compact, in the form of a PCI card that operates inside the server.
- Typically replace a NIC card in server no infrastructure impact
- Industry standard PCI, operating system, and application foundation
- As independent systems, the firewall and server may be on dissimilar OS foundations, facilitating optimal choice of firewall and server software.
- Security Blades provide the function of an external firewall box without additional external wiring.
- Can be used with no data connection to the host, where data flows through external ports only drawing only power from the host
- Alternately, they may share the hosts disk, a mode called Diskless operation, for easy setup and management
- With diskless configurations, there are no additional points of failure. The security blade operates from a portion of a common host or SAN disk system. The common disk system stores a disk image that is boots and swaps as required, just as with a local disk device. Because it is centralized, the disk image is easily replaced and upgraded remotely
- Security Blades can be managed, reset, and restarted remotely.
- Because the Security Blade is internal to the server, there are no unprotected external interfaces external to the server.
- Except where hot-plug PCI is supported, power must be interrupted to the protected system for the appliance blade to be installed.
- Unless operated with no data connection to the host, drivers must reside on the host system
- Operation with physical disks requires a spare bay in the host, and becomes another point of failure
- Draws power from the host system
- Requires 2 GB of available disk space
- Requires a full length PCI socket a problem in a system with no spare full-length slots