eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
OmniCluster Technologies inc.s SlotShield Firewall 3000, the first firewall on a card that eWeek Labs has seen, allows companies to save space and power by providing a complete firewall appliance in the form of a PCI card that easily plugs into installed server systems.
Although the SlotShield might not replace high-end Gigabit Ethernet firewall appliances for enterprise networks, eWeek Labs tests showed the SlotShield 3000, which shipped last month, could be a good fit for ISPs and hosting environments. Alternatively, the SlotShield 3000 can provide a means to secure internal server systems on a network.
An IBM spinoff, OmniClusters first release was the SlotServer 3000, designed to address the space and power-saving needs of ISPs and data centers. The SlotShield Firewall 3000 uses the same hardware component as the SlotServer and runs a hardened Red Hat Inc. Linux 7.0 kernel with Check Point Software Technologies Ltd.s Firewall-1 software suite on top. It can be installed on a host server system running Windows NT Service Pack 6, Windows 2000/XP, and Linux 2.2 or above.
Disk Jockeying
The SlotShield 3000 can operate in a headless and diskless fashion. It has no space to accommodate a hard disk and must run diskless using the host servers disk subsystem to store its operating system and data files. The SlotShield accesses the host systems hard disks during boot-up, running applications and storing data. A logical partition is set aside as a virtual drive for each SlotServer blade.We recommend installing the SlotShield in a host server with RAID to provide better data redundancy.
The SlotShields BusCluster system architecture provides a high-speed PCI network to facilitate communications between the SlotServers and the host server. The SlotServer has a Modular Network Interface Chip to provide a network interface to the host system via the PCI bus. This enables communications at close to Gigabit Ethernet speeds between SlotServers on different buses or between the host and the SlotServers.
There are some caveats to consider when implementing SlotServers and SlotShield PCI cards on a server. Organizations must install larger RAID disk subsystems on the host server to accommodate multiple SlotServer operating system images as well as data storage for the host system. Also, because the SlotServer has only heat sinks to dissipate heat and depends on the hosts fan systems for cooling, heating problems could arise as more SlotServers are added to the host. IT managers should ensure that there are enough fans to cool the system before adding more SlotServers to the host server.
The SlotShield requires licensing fees from Check Point, in addition to the hardware cost. Small businesses and remote offices can run the Check Point Small Office product, with licenses starting at $500. For hosting facilities and larger companies, the Check Point NG enterprise license starts at $2,000.
The SlotShield 3000 we tested, which had a 700MHz Pentium III processor with 512KB of Layer 2 cache, 512MB of small outline dual in-line memory module memory and three 10/100M-bps Ethernet interfaces, lists for $2,000.
The SlotShield is less expensive than firewall appliances such as WatchGuard Technologies Inc.s Firebox or Axent Technologies Inc.s Velociraptor but requires a host system. The SlotShield is more expensive than SOHO (small-office, home-office) firewall appliances, including the Celestix Aries 310, which cost $800 and also runs Check Point Firewall-1.
The SlotShield 3000 does not support Gigabit NICs, but a model with dual Gigabit NICs is in the works and should be available next quarter, OmniCluster officials said.
In tests, we easily installed the SlotShield 3000 in a Dell Computer Corp. PowerEdge 2450 host server running Windows 2000. After we installed the drivers for the host operating system, we used the VDM (Virtual Disk Manager) to load the Linux/Check Point image onto the SlotShield 3000 PCI blade. The SlotShield 3000 requires a 2GB virtual disk partition on the host server for the Linux operating system with the Check Point software.
The VDM is a useful tool and provides an easy way to provision the SlotServers with different operating system and application images. The VDM also provided a very useful console to administer our SlotShield system.
Technical Analyst Francis Chu can be reached at [email protected].
Executive Summary
: SlotShield Firewall 3000″>
Executive Summary: SlotShield Firewall 3000
|
USABILITY |
Good |
|
CAPABILITY |
Fair |
|
PERFORMANCE |
Fair |
|
INTEROPERABILITY |
Fair |
|
MANAGEABILITY |
Fair |
|
SCALABILITY |
Fair |
|
SECURITY |
Good |
The SlotShield Firewall 3000 allows IT managers to expand server systems from the inside to save space and power in hosting environments. The SlotShield provides a simple way to secure server systems from the edge and from within the network. The SlotShield 3000 can be a viable alternative to firewall appliances for small sites.
Cost Analysis
The SlotShield 3000 is priced at $2,000 and requires Check Point Firewall-1 licensing, which starts at $500. IT managers at smaller sites with lower budget constraints should also consider SOHO firewall appliances, many of which are in the same price range.
(+) Complete firewall solution in a compact PCI form factor; easy to set up and manage.
(-) Lacks Gigabit Ethernet support; rolling out a server with several SlotShield cards can be more expensive than buying a single firewall appliance.
Evaluation Short List
- Firewall/virtual private network appliances
- Low-end server blade systems
- www.slotshield.com/productpages/products.html