 |
| Search Developer site |
|
|
 |
|
|
 |
 |
Intel® Reference Design Helps eSoft Build "Firewall with a Future"
Summary
Firewall security and virtual private network (VPN) technology is becoming a key issue for small to mid-sized businesses. This case study shows how a software company used the Intel® 810 Value Communications Appliance Reference Design to help create an extensible new firewall/VPN appliance, moving from cardboard model to production in less than six months.
Background
eSoft is a leading provider of broadband software and services and widely known in the OEM community for its redphish* Linux-based Internet appliance software. For the past six years, eSoft has also provided a family of Internet hardware products, including the InstaGate EX* firewall/VPN appliance. Selling through value-added resellers, the company focuses on what it terms the "small to medium enterprise" (SME) market segment.
The Challenge
Software is the core competency at eSoft. They had the software that the market needed but with their new appliance they were looking for a design where they could increase processor performance in the future, without raising the price point of the product. Simply put, they were a software company with a hardware challenge.
The Solution
The Intel 810 Value Communications Appliance Reference Design.
Design Objectives
How the company approached the challenge of designing a new firewall appliance:
- eSoft wanted to launch a new Internet security product called the InstaGate EX2* that would be designed from both the software and hardware perspective for long life and low total-cost-of-ownership. To meet these objectives, the new design would need to support eSoft's extendable and modular SoftPak* software architecture. SoftPak modules for firewall policy management, anti-virus protection, Web filtering, reporting and other functions are directly downloadable over the Internet. The modules are designed to self-install on the appliance.
- In addition, the InstaGate EX2 would need highly scalable processing performance and remote software upgrade capability.
- Finally, the new appliance would need to feature a 1U chassis for high-density rack mount applications. It should also be easy to install and affordable enough to appeal to entry-level customers.
A key consideration for eSoft was to avoid reliance on an "off-the-shelf" design that could be subject to end-of-life limitations of component hardware. By combining embedded life cycle hardware building blocks with extensible software, eSoft's new appliance could then help business customers avoid the considerable cost of replacing their entry-level firewall equipment in order to support additional users or add new security functions.
 |
|
 |
|
|
|
|
"For our customers, not having to swap-out hardware is a major cause of celebration."
Bob Hartman
Vice President of Engineering, eSoft
|
|
|
|
|
|
|
|
 |
|
 |
|
|
|
|
|
|
|
|
|
Competitive Analysis
Mr. Hartman notes that Intel building blocks played an important role from the beginning of the design effort.
|
|
|
|
|
|
|
"From the start of the project, we felt the Intel® Celeron® processor would give us an advantage. It is clear that Intel quality and reliability increase the perceived value of our products in the minds of our customers."
Bob Hartman
Vice President of Engineering, eSoft
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
From Cardboard to Production in Six Months
With the increasing speeds of the processor and the processor's front-side bus (FSB), design, testing, and simulation can be complex. Intel supplied "cookbook design rules" that enabled eSoft to quickly implement a reliable board design, saving money and hardware engineering effort. Intel's collateral kit also enabled eSoft to reduce debug time.
|
|
|
|
|
|
|
"This program literally went from a cardboard model to production in under six months. We have hardware expertise in-house, but a significant issue for us was that we did not need to add technical people for this project."
Bob Hartman
Vice President of Engineering, eSoft
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The Intel 810 Value Communications Appliance Reference Design that eSoft implemented included an Intel Celeron processor at 566 MHz, Intel 810 chipset, 64 Mbytes of SDRAM, two 10/100 Ethernet ports, two USB ports, a 10.2 Gbyte hard drive (the reference design supports up to four ATA66 hard drives), in a small form factor board. The reference design included a 65-watt "brick style" power supply.
|
|
|
|
|
|
|
"For a company of our size, specializing in software, we could not have done this without Intel's reference design. Creating a motherboard for yourself can be a scary thing. The reference design gave us a level of confidence."
Bob Hartman
Vice President of Engineering, eSoft
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Hartman explains that design began with the Intel Celeron processor at 333 MHz, but that eSoft ultimately settled on the Celeron processor at 566 MHz. Moving up to the faster processor was made possible by the flexible board design features of the reference design.
|
|
|
|
|
|
|
"The PGA 370 socket and flexible board design enabled eSoft to scale the design up to 800 MHz if future requirements dictate. From a software perspective, the combination of the 810 chipset, the Celeron processor at 566 MHz and memory supported by the reference design gave us plenty of performance, with a lot of headroom for growth."
Bob Hartman
Vice President of Engineering, eSoft
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
eSoft made design modifications such as adding DIMM memory to help minimize bill-of-materials costs, relocating the chassis fan, adding a PCI-based "DMZ port" for secure extranet services. The design was implemented in an 8-1/2" x 11", 1U chassis that is equally suitable for small footprint customer premises equipment or high-density rack installations in service provider locations.
As a general rule, communications appliances are required to support integer math processing only. Since it does not have VGA display requirements and does not need to support floating-point processing, the Intel Communications Appliance Reference Design exhibits low thermal dissipation characteristics. While the eSoft design incorporated a fan sink for cooling, it could have been implemented with a chassis fan only and a passive solution for the CPU.
The InstaGate EX2*
The InstaGate EX2 firewall/VPN appliance, designed for expansion from two to as many as 250 users, is designed to meet the immediate firewall and VPN requirements, while enabling end-users to easily upgrade functionality by adding eSoft's SoftPak tools and services.
In addition to firewall functions, the InstaGate EX2 appliance provides Web-based management capabilities, remote-user VPN support, and network management functions and supports print, file, mail and intranet Web services.
|
|
|
|
|
|
|
"When we show our OEM customers the software and the coolness of the hardware, their jaws hit the floor. They say 'How much?' which is quickly followed by 'How soon can we get it?' This is a far different reaction than we ever got before, a real advantage over what we saw just six months ago."
Bob Hartman
Vice President of Engineering, eSoft
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Hartman says the embedded life cycle support of Intel components has helped eSoft meet its design goals.
|
|
|
|
|
|
|
"One thing we used to have trouble answering was the question 'How long will it be available?' When you can answer 'three to five years' this issue simply goes away."
Bob Hartman
Vice President of Engineering, eSoft
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
eSoft's Modular Software Model
They started with an all-in-one design but then evolved to a 'pick-and-choose' model that can grow with customers over time as new technologies become available.
|
|
|
|
|
|
|
"The software is based on Red Hat* Linux. Installable modules become a part of the software. This enables an end-user to pick and choose what runs on their appliance at any given time. Customers are looking for an a la carte approach. They can select a firewall/VPN appliance now and add other capabilities later."
Jay Rollings
Vice President of Operations, eSoft
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Conclusion
OEMs of Internet firewall equipment know eSoft as a provider of innovative and extensible software modules for broadband security. The company has also developed its own line of InstaGate EX firewall appliance products. For its next-generation product, the InstaGate EX2 appliance, eSoft had the goal of maintaining the benefits of an Intel-based platform, while avoiding the end-of-life issues that can affect off-the-shelf hardware designs. At the same time, eSoft needed a scalable hardware design with a long product life cycle that could support its extensible SoftPak software architecture, while maintaining a price point suitable for entry-level users.
By basing its development effort on the Intel 810 Value Communications Appliance Reference Design, eSoft met its design goals, moving quickly from the concept stage to production. Working with Intel enabled eSoft to complete a high performance board design without adding to its in-house engineering staff.
|
|
|
|
|
|
|
"I would say Intel was instrumental in helping us meet our cost targets."
Jay Rollings
Vice President of Operations, eSoft
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Home Computing
