The AstroFlowGuard appliance is a combined bandwidth management system, a VPN gateway, an IDS, a firewall and a NAT device. Along with a nice reporting system, this package delivers an integrated and easy-to-manage interface with a good feature set. Being an appliance, as opposed to a software distribution, it can be less error-prone—for a cost.
These boxes have been shipping for several months now, and the company has several customers both large and small. This means the company has been improving its product and proving itself in trials and deployments. Offmyserver and NetSoft teamed up to bring this appliance to market, with NetSoft doing the software and Offmyserver bundling it with the hardware. Offmyserver isn't that new, either, as it is an employee buy-out of iXsystems, formerly BSDi. Because of this, there's experience and market understanding behind this product, and it shows.
The AstroFlowGuard system ships as an appliance, so you get a box, a few cables, a manual and the system. The hardware is based on a Pentium 4 processor and should fit nicely into a 19" rack. Be warned, though; it's got a noisy fan, comparable to a medium- or large-sized router or enterprise switch, so this isn't for an open equipment room.
Initially, you have two big options to configure the system. The first is to use the LCD front panel to configure basic services. Here you can configure the basic IP networking parameters (address, netmask and gateway) along with the enabling or disabling of services. You navigate with a small number of easy-to-use buttons, almost like a network printer. Alternatively, you can hook up a PS/2 keyboard and a VGA monitor and use a curses-based configuration menu. You get the same basic menu items with this option that you do with the LCD screen. There isn't a command-line option, but most of the reporting is done better in the GUI. I was surprised a serial console interface wasn't included.
Once you have the basics set up, you can begin the final setup stages using your Web browser. This process isn't as easy as it sounds. I couldn't get the system to respond to HTTPS until the firewall was disabled, but after that I didn't have much difficulty. The login and product navigation is straightforward, so you don't need to consult the manual much except for a few tasks.
Hardware-wise, the box for the AstroFlowGuard should be enough to manage anyone's network. The system comes with four to six 10/100bT interfaces, which should work for most networks. Gigabit Ethernet is not an option at this time. AstroFlowGuard also lets you break out a DMZ network and a management network, all on one device.
A likely scenario for deployment would be to rack the box and configure the management address for the system. Once that's done, you would log in to the UI and configure the networks for the system to route. There, you can begin setting up your network management and enforcing that policy through the VPN (for secure Internet endpoints), the firewall and the bandwidth monitor.
The traffic shaping module is one of the more novel features in this class of device. With it, you can set up per-host and per-service bandwidth caps, which can help make the best use of a small network pipe. For example, you can configure a 50% maximum for Web traffic with an optional 10%, if needed, for short bursts. If you find peer-to-peer communications are hogging bandwidth, you can shape that down as well. Finally, if downloads from the outside world are consuming bandwidth from a server you run, you can back that off too. The UI makes all of this management relatively easy, and the reporting interface helps you make those decisions quickly.
Under the hood is a Linux system, modified to boot without much issue or interaction, and various applications for network monitoring. These components include iptraf, rrdtool and Apache. This list probably gives the impression that you could build something like this for your own network, given an engineer or two for a few weeks. You probably could, but maintenance would be a consideration in this scenario.
Maintenance, then, is probably the biggest selling point for this product—AstroFlowGuard fairs very well in the build vs. buy comparison. Although it's based on open and available components, it would take some effort to build a system like this and work out the kinks, keeping it usable for a staff of administrators. Because of this, what at first appears to be free quickly consumes a lot of money and time.
AstroFlowGuard goes well beyond this point, however. By being an appliance through and through, it's a simple matter of loading the box in a rack and maintaining it from there. Even upgrades are painless. You simply select the upgrade option from the menu, it tells you what changed and you go to it—painless, and the upgrade to 1.002 happened without a hitch.
The price of AstroFlowGuard, under $6,500 US, puts it well below its competition. For a bandwidth appliance, you could use a Packeteer or similar product; there are various (and expensive) traffic monitors. VPN appliances also can be quite expensive. Firewalls have been known to be expensive at times, too, and finally, an IDS appliance typically costs this much without the other features. Although the price may seem a bit steep, for that amount of money you'd have difficulty finding an appliance that does one or two of these tasks.
One of those features typically found only in expensive commercial firewalls is the support for failover. Parallel AstroFlowGuard devices can communicate and detect when the other one has failed and begin routing around it. This is a very useful feature for networks that require high availability.
Overall, the feature list of the AstroFlowGuard makes sense as a network edge device. Most people deploy their IDS functionality here, and the other modules (bandwidth shaping and monitoring, VPN tunneling and firewalling) all make sense in a policy management device. This single box can meet the needs of various small- and medium-sized business networks in a single relatively easy-to-use package.
As of version 1.002, the on-line help for the product is solid and easy to navigate. It's task-based, as opposed to feature-based, so it's easy to use when you're actively trying to set up a new management rule.
|Dynamic DNS—an Object Lesson in Problem Solving||May 21, 2013|
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
- Dynamic DNS—an Object Lesson in Problem Solving
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- Using Salt Stack and Vagrant for Drupal Development
- New Products
- Drupal Is a Framework: Why Everyone Needs to Understand This
- Validate an E-Mail Address with PHP, the Right Way
- A Topic for Discussion - Open Source Feature-Richness?
- New Products
- Download the Free Red Hat White Paper "Using an Open Source Framework to Catch the Bad Guy"
- The Secret Password Is...
3 hours 57 min ago
- Keeping track of IP address
5 hours 48 min ago
- Roll your own dynamic dns
11 hours 1 min ago
- Please correct the URL for Salt Stack's web site
14 hours 13 min ago
- Android is Linux -- why no better inter-operation
16 hours 28 min ago
- Connecting Android device to desktop Linux via USB
16 hours 57 min ago
- Find new cell phone and tablet pc
17 hours 55 min ago
19 hours 23 min ago
- Automatically updating Guest Additions
20 hours 32 min ago
- I like your topic on android
21 hours 18 min ago
Enter to Win an Adafruit Pi Cobbler Breakout Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Pi Cobbler Breakout Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- 5-21-13, Prototyping Pi Plate Kit: Philip Kirby
- Next winner announced on 5-27-13!
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?