OmniCluster Technologies inc.s SlotShield Firewall 3000, the first firewall on a card that eWeek Labs has seen, allows companies to save space and power by providing a complete firewall appliance in the form of a PCI card that easily plugs into installed server systems.
Although the SlotShield might not replace high-end Gigabit Ethernet firewall appliances for enterprise networks, eWeek Labs tests showed the SlotShield 3000, which shipped last month, could be a good fit for ISPs and hosting environments. Alternatively, the SlotShield 3000 can provide a means to secure internal server systems on a network.
An IBM spinoff, OmniClusters first release was the SlotServer 3000, designed to address the space and power-saving needs of ISPs and data centers. The SlotShield Firewall 3000 uses the same hardware component as the SlotServer and runs a hardened Red Hat Inc. Linux 7.0 kernel with Check Point Software Technologies Ltd.s Firewall-1 software suite on top. It can be installed on a host server system running Windows NT Service Pack 6, Windows 2000/XP, and Linux 2.2 or above.
The SlotShield 3000 can operate in a headless and diskless fashion. It has no space to accommodate a hard disk and must run diskless using the host servers disk subsystem to store its operating system and data files. The SlotShield accesses the host systems hard disks during boot-up, running applications and storing data. A logical partition is set aside as a virtual drive for each SlotServer blade.We recommend installing the SlotShield in a host server with RAID to provide better data redundancy.
The SlotShields BusCluster system architecture provides a high-speed PCI network to facilitate communications between the SlotServers and the host server. The SlotServer has a Modular Network Interface Chip to provide a network interface to the host system via the PCI bus. This enables communications at close to Gigabit Ethernet speeds between SlotServers on different buses or between the host and the SlotServers.
There are some caveats to consider when implementing SlotServers and SlotShield PCI cards on a server. Organizations must install larger RAID disk subsystems on the host server to accommodate multiple SlotServer operating system images as well as data storage for the host system. Also, because the SlotServer has only heat sinks to dissipate heat and depends on the hosts fan systems for cooling, heating problems could arise as more SlotServers are added to the host. IT managers should ensure that there are enough fans to cool the system before adding more SlotServers to the host server.
The SlotShield requires licensing fees from Check Point, in addition to the hardware cost. Small businesses and remote offices can run the Check Point Small Office product, with licenses starting at $500. For hosting facilities and larger companies, the Check Point NG enterprise license starts at $2,000.
The SlotShield 3000 we tested, which had a 700MHz Pentium III processor with 512KB of Layer 2 cache, 512MB of small outline dual in-line memory module memory and three 10/100M-bps Ethernet interfaces, lists for $2,000.
The SlotShield is less expensive than firewall appliances such as WatchGuard Technologies Inc.s Firebox or Axent Technologies Inc.s Velociraptor but requires a host system. The SlotShield is more expensive than SOHO (small-office, home-office) firewall appliances, including the Celestix Aries 310, which cost $800 and also runs Check Point Firewall-1.
The SlotShield 3000 does not support Gigabit NICs, but a model with dual Gigabit NICs is in the works and should be available next quarter, OmniCluster officials said.
In tests, we easily installed the SlotShield 3000 in a Dell Computer Corp. PowerEdge 2450 host server running Windows 2000. After we installed the drivers for the host operating system, we used the VDM (Virtual Disk Manager) to load the Linux/Check Point image onto the SlotShield 3000 PCI blade. The SlotShield 3000 requires a 2GB virtual disk partition on the host server for the Linux operating system with the Check Point software.
The VDM is a useful tool and provides an easy way to provision the SlotServers with different operating system and application images. The VDM also provided a very useful console to administer our SlotShield system.
Technical Analyst Francis Chu can be reached at email@example.com.