Understanding the hardware requirements of Untangle NGFW_Untangle Network Security-QQ阅读男频都市网

上QQ阅读APP看书，第一时间看更新

Understanding the hardware requirements of Untangle NGFW

Untangle NGFW is a software that can be installed on a standard Intel/AMD-compatible hardware, or can be delivered preinstalled on hardware appliances. Understanding the hardware requirements for Untangle NGFW is necessary to build/select the right server that can perform well without any latency or performance degradation.

In this section, we will cover the different available appliances provided by Untangle, Inc. We will also review the minimum and recommended hardware requirements to build your own Untangle NGFW box. Later, we will discuss the ability to install Untangle NGFW on VM. Finally, we will review the modules' effect on the CPU, RAM, and disk I/O, and how we can tweak them.

Untangle NGFW appliances

Untangle NGFW appliances come in many classes based on the expected number of users and workloads. Buying an Untangle NGFW appliance removes the headache of choosing the right hardware to be used in building your Untangle NGFW server. By using an Untangle NGFW appliance, you also guarantee that your server will perform well under the rated user count.

Untangle, Inc. offers its appliances with the free or the complete package. When you buy an appliance with the complete package, you will pay for the hardware and the subscription in the first year, and for the subscription only in the later years.

Untangle NGFW appliances come with a one year warranty; this could be extended to two or three years for additional money. Also, you can get a cold spare for additional money. The cold spare is another Untangle NGFW appliance that will reside inside your company's offline waiting for your primary appliance to fail. When the primary appliance fails, you can get the cold spare online and move the license to it so that it can protect your network instead of the failed appliance.

You can buy appliances from Untangle, Inc. or from the third-party hardware vendors. For more information about the official appliances, visit http://www.Untangle.com/appliances, and for the third-party vendors, visit http://wiki.Untangle.com/index.php/3rd_Party_Hardware_Vendors. The following table shows the specifications of the available Untangle NGFW appliances:

Building your Untangle NGFW box

Unlike the case of the hardware appliances, it's your job to determine the hardware specifications when you want to install the software on a dedicated box. Generally, Untangle NGFW requires a dedicated PC with a CD/DVD drive or USB ports and at least two NICs. The following table shows the minimum and recommended hardware specifications for the Untangle server:

Note that even if you used the recommended specifications mentioned in the preceding table, you may suffer performance degradation with the high workloads and user count. So, as a best practice, follow the same hardware specifications used in the appliances.

Note

Make sure that you don't have any data that is important or not backed up on the hard disk where you will install Untangle NGFW, as it will format the hard disk.

Virtualizing your Untangle NGFW

You can install Untangle NGFW inside a virtual machine (VM) with no performance or functionality issues as long as you follow the recommended hardware requirements. However, Untangle will not support you with any issues related to the hypervisor misconfiguration, but it will support you with the Untangle system itself.

Note

To learn how to install VMware tools on your Untangle NGFW VM, visit http://forums.untangle.com/hacks/34393-updated-way-installing-vmware-tools-untangle-v10-esxi-5-1-5-5-a.html.

In addition, Untangle, Inc. offers a virtual appliance that can be imported directly to your hypervisor. The virtual appliance can be downloaded from import it to the ESXi server, visit http://wiki.Untangle.com/index.php/Untangle_Virtual_Appliance_on_VMware.

Note

While the virtual appliance could be used with type 2 hypervisors such as VMware Workstation and Oracle VirtualBox, it's practical to use them only with type 1 hypervisors such as VMware ESXi and Citrix Xen server.

Tweaking your Untangle NGFW

The main factors of server performance are CPU, memory, and disk I/O. This section will discuss the effect of each factor on Untangle NGFW performance. In addition, this section will show you the resource utilization by each Untangle module.

While CPU clock speed and power are important factors, they are the least important factors to consider when dealing with Untangle NGFW. A fairly underpowered CPU could be used to run large sites if you have enough memory and disk I/O. Increasing the CPU speed and number of cores would help to increase Untangle NGFW performance but not to the same point if we increased the memory and disk I/O.

Tip

Intel Atom processors don't have enough power for Virus Blocker, Spam Blocker, and VPN modules.

The running applications and the in-process data are placed in memory. If you are in shortage of memory, Untangle NGFW will keep the current data in process in the RAM and will swap any other data to the hard disk; when it needs something from the swapped data, it will move it to the RAM and swap the other set of data. So, you'll see consistent swapping, or in other words, bad performance and many pauses.

Disk I/O is the most important factor and is the real bottleneck for many implementations. Untangle NGFW does not use flat logfiles; instead, it uses a database to store the logfiles, which dramatically increases the disk I/O especially when generating a report. For example, if you have a 16 core CPU and 16 GB of RAM but a slow hard disk, you'll get bad performance.

Note

While RAIDs could be used to increase disk I/O and for reliability, it's uncommon to use RAIDs with Untangle NGFW. Untangle NGFW doesn't support software RAIDs. In addition, because it's based on Debian, only reputable hardware RAID controllers can be used; common RAID controllers on motherboards won't be accepted by Untangle NGFW.

In addition, the price of the external RAID controller and the additional hard disks could be used to buy a better hard disk.

Also, the time required to rebuild your server after RAID failure is similar to the time required to rebuild the server from backup after a single disk failure.

In short, use plenty of the three resources while you can, and consider buying an SSD as they have greater disk I/O.

Further tweaking can be done if you understand the utilization of resources by each Untangle NGFW module. Tweaking performance can be done by disabling the application or buy reconfiguring its settings. For example, if you have shortage of memory, disable Web Filter, and if you have shortage of CPU and you have configured Virus Blocker to scan incoming image files, disable this option. The following table shows the resource utilization caused by the Untangle platform and the different applications: