The AstroFlowGuard appliance is a combined bandwidth management system, a VPN gateway, an IDS, a firewall and a NAT device. Along with a nice reporting system, this package delivers an integrated and easy-to-manage interface with a good feature set. Being an appliance, as opposed to a software distribution, it can be less error-prone—for a cost.
These boxes have been shipping for several months now, and the company has several customers both large and small. This means the company has been improving its product and proving itself in trials and deployments. Offmyserver and NetSoft teamed up to bring this appliance to market, with NetSoft doing the software and Offmyserver bundling it with the hardware. Offmyserver isn't that new, either, as it is an employee buy-out of iXsystems, formerly BSDi. Because of this, there's experience and market understanding behind this product, and it shows.
The AstroFlowGuard system ships as an appliance, so you get a box, a few cables, a manual and the system. The hardware is based on a Pentium 4 processor and should fit nicely into a 19" rack. Be warned, though; it's got a noisy fan, comparable to a medium- or large-sized router or enterprise switch, so this isn't for an open equipment room.
Initially, you have two big options to configure the system. The first is to use the LCD front panel to configure basic services. Here you can configure the basic IP networking parameters (address, netmask and gateway) along with the enabling or disabling of services. You navigate with a small number of easy-to-use buttons, almost like a network printer. Alternatively, you can hook up a PS/2 keyboard and a VGA monitor and use a curses-based configuration menu. You get the same basic menu items with this option that you do with the LCD screen. There isn't a command-line option, but most of the reporting is done better in the GUI. I was surprised a serial console interface wasn't included.
Once you have the basics set up, you can begin the final setup stages using your Web browser. This process isn't as easy as it sounds. I couldn't get the system to respond to HTTPS until the firewall was disabled, but after that I didn't have much difficulty. The login and product navigation is straightforward, so you don't need to consult the manual much except for a few tasks.
Hardware-wise, the box for the AstroFlowGuard should be enough to manage anyone's network. The system comes with four to six 10/100bT interfaces, which should work for most networks. Gigabit Ethernet is not an option at this time. AstroFlowGuard also lets you break out a DMZ network and a management network, all on one device.
A likely scenario for deployment would be to rack the box and configure the management address for the system. Once that's done, you would log in to the UI and configure the networks for the system to route. There, you can begin setting up your network management and enforcing that policy through the VPN (for secure Internet endpoints), the firewall and the bandwidth monitor.
The traffic shaping module is one of the more novel features in this class of device. With it, you can set up per-host and per-service bandwidth caps, which can help make the best use of a small network pipe. For example, you can configure a 50% maximum for Web traffic with an optional 10%, if needed, for short bursts. If you find peer-to-peer communications are hogging bandwidth, you can shape that down as well. Finally, if downloads from the outside world are consuming bandwidth from a server you run, you can back that off too. The UI makes all of this management relatively easy, and the reporting interface helps you make those decisions quickly.
Under the hood is a Linux system, modified to boot without much issue or interaction, and various applications for network monitoring. These components include iptraf, rrdtool and Apache. This list probably gives the impression that you could build something like this for your own network, given an engineer or two for a few weeks. You probably could, but maintenance would be a consideration in this scenario.
Maintenance, then, is probably the biggest selling point for this product—AstroFlowGuard fairs very well in the build vs. buy comparison. Although it's based on open and available components, it would take some effort to build a system like this and work out the kinks, keeping it usable for a staff of administrators. Because of this, what at first appears to be free quickly consumes a lot of money and time.
AstroFlowGuard goes well beyond this point, however. By being an appliance through and through, it's a simple matter of loading the box in a rack and maintaining it from there. Even upgrades are painless. You simply select the upgrade option from the menu, it tells you what changed and you go to it—painless, and the upgrade to 1.002 happened without a hitch.
The price of AstroFlowGuard, under $6,500 US, puts it well below its competition. For a bandwidth appliance, you could use a Packeteer or similar product; there are various (and expensive) traffic monitors. VPN appliances also can be quite expensive. Firewalls have been known to be expensive at times, too, and finally, an IDS appliance typically costs this much without the other features. Although the price may seem a bit steep, for that amount of money you'd have difficulty finding an appliance that does one or two of these tasks.
One of those features typically found only in expensive commercial firewalls is the support for failover. Parallel AstroFlowGuard devices can communicate and detect when the other one has failed and begin routing around it. This is a very useful feature for networks that require high availability.
Overall, the feature list of the AstroFlowGuard makes sense as a network edge device. Most people deploy their IDS functionality here, and the other modules (bandwidth shaping and monitoring, VPN tunneling and firewalling) all make sense in a policy management device. This single box can meet the needs of various small- and medium-sized business networks in a single relatively easy-to-use package.
As of version 1.002, the on-line help for the product is solid and easy to navigate. It's task-based, as opposed to feature-based, so it's easy to use when you're actively trying to set up a new management rule.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- Stunnel Security for Oracle
- The Firebird Project's Firebird Relational Database
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- SUSE LLC's SUSE Manager
- Managing Linux Using Puppet
- My +1 Sword of Productivity
- Non-Linux FOSS: Caffeine!
- Google's SwiftShader Released
- SuperTuxKart 0.9.2 Released
- Doing for User Space What We Did for Kernel Space
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide