Linux Network Appliances

As networking becomes increasingly pervasive, the amount of effort needed to manage general purpose servers makes their use less attractive. Now, an easier way to network has emerged.

Appliances Illustration (5)

There has been a recent explosion of network appliance-based
products, ranging from Web servers and caching Web proxies to file servers and
firewalls. But what exactly is a network appliance and why are many industry
analysts proclaiming that Linux will be successful in this market?

An appliance is a network server much like a traditional NT or UNIX server.
But, rather than operating as a general purpose server, network appliances, also
known as “thin servers”, are usually dedicated to one task.

Dataquest defines a thin server as:

“a specialized, network-based hardware device used by businesses, and
designed to perform a single or specialized set of server functions. It is
characterized by running a minimal operating architecture, and client access is
independent of any operating system or proprietary protocol. The device is a
‘closed box,’ delivering extreme ease of installation and minimal maintenance,
and can be managed remotely from a Web browser.”

– The Gartner Group (http://www.dataquest.com)

As noted in the preceding quote, one of the main benefits of network
appliances over traditional servers is ease of installation and use. Most can be
configured and maintained using simple “fill-out-forms” in an ordinary Web
browser like Netscape. Others use a simple client/server application designed
specifically for the configuration and maintenance of that appliance. All aspects
of the appliance are configured from that one interface, whereas in a traditional
server, networking might be configured with one tool, and event logging with a
completely different tool. In addition to easing the set-up process, the
integrated Web based configuration model also simplifies the ongoing
administration and maintenance of the network appliance.

The fact that network appliances are largely self-contained devices
contributes much to their ease of configuration. While traditional servers are
able to support a vast array of peripherals and third party software, network
appliances are limited to a small subset of expansion options. This allows the
appliances to focus on ease-of-use for the tasks they do perform. For example,
rather than supporting a multitude of third party network adapters like a
traditional server, networking is built into an appliance, and the appliance’s
software comes pre-configured to use it.

Many other factors contribute to the easy installation and maintenance of
network appliances. For example, those that are equipped with a hard disk come
with all the necessary software pre-installed and mostly pre-configured. The
remaining configuration tasks are often child’s play.

One such “hard disk equipped” server is the “Cobalt Qube” by Cobalt Networks
(formerly Cobalt Microserver). To get a Qube up and running, you only need to
attach it to the network and assign it an IP address. The Qube has simplified
this by allowing users to set its IP address and host name using some buttons and
an LCD on the back of the box.

For those appliances which have no hard disk, set-up is even simpler. Enter a
few configuration parameters, and let it run. With so little chance of
configuring it improperly, there is a greater chance that it will work properly
the first time, and keep working properly indefinitely. A less advanced appliance
might have a set-up scheme more like that of a router or other traditional
networked device, but in any case, an appliance can usually be up and running on
the network in less than 20 minutes.

The last key ease-of-use feature network appliances specialize in is remote
management. They are built from the ground up with remote management capabilities
in mind. The ability to configure or maintain the server using a consistent
interface from any location with an Internet connection and a Web browser greatly
eases the tasks of administration.

Linux for Appliances

So what do network appliances have to do with Linux? Well, because of the
robust and compact Linux kernel, a number of network appliance designers have
chosen Linux as their operating system.

The kernel, which is the heart of the operating system, provides the
interface between the computer hardware and the applications. While the Linux
kernel is compact, it is also tremendously flexible, and supports a large number
of platforms and peripherals. The ability to customize the Linux kernel to match
the specific appliance hardware and peripherals makes it the ideal OS for
manufacturers to base their products on.

Also, the Open Source licenses under which the Linux kernel and a majority of
other Linux software are released make it easy for appliance manufactures to
build customized software on a solid foundation. This, coupled with the fact that
the source code is available to all, makes the software easy to customize — the
only stipulation being that the customized software also be made available under
the terms of the GNU General Public License (GPL).

The number of developers contributing to both the Linux kernel and other Open
Source Software projects is large and growing steadily. This trend in software
development has important ramifications for appliance manufacturers. As more
people contribute new software and ideas to Open Source projects, their
reliability and feature sets will increase. These benefits will then be quickly
realized by the network appliances.

In many cases, features added to Open Source projects show up in products
that use the software almost immediately. Often, all that is required for the
manufacturer to incorporate a software update is some customization to the user
interface followed by a small amount of testing and debugging. This means
companies which build products on Open Source Software can add new features and
bug fixes with little effort. This allows these companies to focus on simplifying
the configuration and administration of their devices.

Using Linux as the core for a network appliance allows the manufacturers and
their OEM partners to easily port new software to the appliance. This is due to
the industry standard POSIX Application Programming Interfaces (APIs) used in the
Linux kernel. In addition, most of the more common network applications, such as
the Apache Web server, already run on Linux.

Many companies believe the business model for Open Source-based products to
be somewhat unclear. Most still believe that in order to be successful, their
software must be kept as a very closely guarded trade secret. This myth is being
partially dispelled by companies such as Netscape as they embrace the Open Source
model. The network appliance manufacturers seem to be creating yet another Open
Source business model. By embedding Linux and Open Source software in their own
hardware, they are creating highly salable products and clear revenue

A quick look at three Linux-based network

Cobalt Networks, Corel Computer, and WatchGuard Technologies have all chosen
Linux as the foundation for their network appliances. Here we will look briefly
at the Corel’s NetWinder, Cobalt’s Qube 2, and WatchGuard’s Firebox II. Each of
these products comes with custom hardware manufactured by the respective company.
It is also worth noting that each one of these products runs on a different
processor architecture. The ease with which the Linux kernel can be ported from
one architecture to another makes it the perfect choice for network

Each of these products are based on the 2.0 series of the Linux kernel. In
the future, more products will be based on the recently released 2.2 kernel. To
understand why these products do not yet use the latest kernels, one must
understand Linux kernel development. The kernel version numbers are such that
even numbered minor releases represent a stable feature set, while odd numbered
minor releases represent cutting edge development. In order to base these
products on the 2.2 kernel, they would have needed to run on 2.1 kernels first.
Since the 2.1 kernel was a development kernel, these companies did not wish to
base their products on an “unstable” development kernel. Thus they decided to use
the stable 2.0 kernel.

This model is great for companies trying to build products on top of Linux.
By sticking with a stable kernel version products can be stabilized quickly and
released. As new critical features become available in the development releases,
companies can back port them into the stable releases and use them in their

Appliances Qube (w/s)

Cobalt Qube 2

If nothing else, Cobalt’s Qube can certainly be called a trendsetter when it
comes to style. Fortunately, it is much more than just good-looking. The Cobalt
Qube 2 is quite literally a seven-inch cobalt blue cube, with a hip neon green
light in the front. It is the only second generation server appliance in its

The Cobalt Qube 2 is an ideal Internet server appliance for small to medium
businesses. It comes pre-configured with an e-mail server, Apache 1.3 Web server,
a Domain Name Server (DNS), DHCP server, NAT, a basic packet filter firewall,
discussion group software, a search engine, and SMB and AppleShare®
compatible file services. For e-mail, the SMTP, IMAP, and POP protocols are
supported, while Apache provides an HTTP 1.1 compatible Web server. An optional
$99 SSL module allows the Cobalt Qube 2 to be used for eCommerce

On the back there are two RJ45 network jack, a serial port, a small LCD, and
a few buttons. The buttons allow you to configure the IP address of the Qube. The
LCD displays the IP address, as well as a brief status report of what is
currently happening in the box. This feature makes the Qube stand out in terms of
ease of use. You simply plug it into the network and turn it on. It obtains its
networking parameters automatically if there is a DHCP server present on the
network. You can use the keypad at the back to enter the IP address manually if
there is no DHCP server present. From then on you can configure everything else
from a standard Web browser like Netscape.

Users have the choice of using the Qube 2 to connect to the Internet through
a low-cost, dialup-on-demand modem using the serial port or higher-speed ISDN,
frame relay, fractional T1, or T1 routers using the second Ethernet port.

The Cobalt Qube 2 has a 250MHz MIPS processor, and supports 16MB to 64MB of
RAM and 3.2GB to 10.2GB of disk. It comes with two 10/100 Mbps Ethernet port, and
has one PCI expansion slot for future expansion. Pricing for the Cobalt Qube 2
starts at $999. Cobalt also sells several otherversions of server appliances: the
Cobalt RaQ — a hosting server for ISPs, the Cobalt Cache — caching appliance,
and the NASRaQ — a network attached storage server supporting SMB and

Appliances NetWinder(w/s)4

Corel NetWinder

The Corel NetWinder is an appliance that comes in five different
configurations. All NetWinders are based on a 275 MHz StrongARM RISC processor,
which is ideal for low power consumption environments, and come with 32 or 64 MB
of RAM and a 2, 4, or 6 GB hard drive. They also come with two Ethernet
interfaces, a 10Mbps and a 10/100 Mbps, illustrating that these are clearly
network-ready devices.

The NetWinder WS is designed to be a Web server and comes loaded with Perl
for CGI scripting, the Apache Web server, FTP, TELNET, and DNS services. The
NetWinder GS is designed for the workgroup environment and can provide e-mail
services and HTML authoring. The NetWinder RM is a rack mount, two of which fit
in the space of a single rack mount. The NetWinder DM is a development machine
that comes with programming and development tools. Finally, the Net-Winder LC is
the business-class Linux Computer. It comes loaded with X, KDE, Netscape
Communicator, and WordPerfect 8. The Netwinder LC also comes with Sun’s Java VM.

Appliances Firebox(w/shad)

Watchguard Firebox II

The WatchGuard Firebox II is a network appliance providing firewall services
– logging, virtual private networking, packet filtering, application proxying,
user authentication, and network address translation.

As a dedicated secure network gateway, the Firebox uses a minimal Linux
installation — there are no user accounts, shells, or application servers (e.g.,
Web or email servers), nor is it possible to load custom software onto the
appliance. All functionality and configuration is loaded from an internal flash
RAM — there is no hard disk or floppy drive. These features keep the Firebox
more reliable and secure than a standard Linux machine.

The Firebox is managed through an encrypted network connection by a graphical
user interface on a local or remote Windows NT/95/98 workstation. (A release of
the Linux version of the GUI is expected by the end of the year.) Initial
configuration is done over a serial cable using a setup application.

The Firebox II runs on an Intel x86 processor, and comes with 64MB of RAM and
8MB of flash RAM. It has three 10/100Mbps Ethernet ports, which can be used to
separate an internal trusted network from an untrusted network (e.g., an Internet
connection). It also provides a separate network segment with specific security
policies to support public servers for Web, e-mail, FTP, etc.

The Future of Linux network appliances

The future of Linux-based network appliances is promising. On the hardware
front, Intel is pushing an initiative to standardize hardware for the appliance
market. Although this initiative has yet to bear fruit, it signifies that the
appliance market is maturing. This should eliminate the high start-up costs of
developing new hardware. Additionally, by allowing software developers to target
a particular hardware configuration for their software, this should enable more
developers to specialize in appliance software. When the hardware becomes more
standard, the software quickly follows.

Network appliance manufacturers can clearly benefit from some form of
standardization. For example, many of the current Linux based network appliances,
like Corel’s NetWinder, use a standard RedHat distribution. But, for more
specialized appliances like the WatchGuard Firebox, which have no hard disk, this
model will not work. These appliances need to boot from FlashROM using a
customized mini-distribution. Additionally, remote network administration of the
Firebox is mandatory since it must be configured from another machine. With more
standards in place, less effort need be expended creating the customized hardware
and software. This would again allow more effort to go towards creating the most
simple and easy to manage devices possible.

As networking becomes more and more ubiquitous, the enormous amount of effort
required to feed and care for general purpose servers will become less and less
attractive. As this continues to happen, corporations and individuals will find
the reduced administration of network appliances worth investing in. Thus, as
network appliances become more refined, there will be a gradual shift towards
these devices. It seems that Linux has established a beachhead for itself as the
operating system of choice for network appliances.

Chris Boscolo is Manager of Security technologies for WatchGuard Technologies
Inc. He can be reached at chris.boscolo@watchguard.com.

Comments are closed.