Net-Gateway Appliance Platform Overview
Forefront Optimized "Turn-Key" Appliance Solution
Iron Networks Forefront appliances are purpose-built, high performance hardware devices integrated with Iron Networks designed Oneface system management tools and Microsoft Forefront Edge Security Software Solutions.
Security Hardened Appliance Platforms for Microsoft Forefront Network Edge Solution Delivery
Our Net-Gateway appliance platforms for Microsoft Forefront Security solutions are designed for organizations that want an integrated leading edge hardware, security and software service offering from Microsoft on an optimized hardware platform. These platforms offer best-of-breed Microsoft Forefront Edge security packaged with Iron Networks’s, security hardened system, performance tuned platform, value added OneFace technology, and world-class support.
Iron Networks powered system and hardware management software provides a complete integrated solution for Microsoft Forefront Threat Management Gateway (TMG) and Unified Access Gateway (UAG) and Direct Access (DA) edge security software suites. We have net Gateway models that can be deployed either as standalone units, or as fully redundant, highly available arrays. Our standard business edition appliances are deployed as a standalone device and enterprise edition appliances can be deployed as a standalone device or high-availability (HA) devices with network load balancing (NLB) in a large clustered array for optimal service resiliency.
Purpose-Built for Optimum Performance and System Reliability
Iron Networks offers a wide range of hardware configurations, each of the models are pre-configured with most optimized hardware components and system management tools to meet our customers unique business requirements. Configurations are fine tuned to deliver various levels of system performance, capacity, scalability and availability required to meet the requirements of small to large size business, small to large size enterprise and branch offices.
Iron Networks platforms running Microsoft Forefront Edge Security systems provide the security and management benefits of special purpose hardware products, and provide the familiar management interfaces of other Microsoft technologies. Security appliances often have special purpose hardware specific to network security. Appliance products running Microsoft Embedded Edge Security technologies have the following unique advantages:
The Net-Gateway Platform Appliance Advantage
Each security appliance has various software and hardware components installed and integrated. This configuration is then carefully tuned and hardened to maximize the security posture of each system. This hardening is exhaustive, costly and difficult to provide in general IT hardware and software only implementations, but imperative on edge security devices.
Iron Networks has the lowest total cost of ownership as compared to traditional software alternatives. The Iron Networks appliance-based architecture eliminates many of the costs of traditional systems management including software and hardware procurement, installation, off-site training, and the resources required for ongoing upgrades, system maintenance and technical support. Our appliance advantage offers security hardened configurations for smooth “Out-Of-the-Box” experience.
Iron Networks delivers Integrated “Turnkey” Appliance Solutions:
Iron Networks Networks, an ISO 9001:2000 company, is a provider of mission critical network edge security infrastructure solutions. Unlike alternatives that are simply based on proprietary or general-purpose server hardware, our appliances are designed for highest reliability, optimized for maximum performance, and manufactured to exact quality specifications. You can trust Iron Networks Net-Gateway appliances to deliver the most reliable and comprehensive Forefront solutions.
Net-Gateway Appliance Platform Key Features & Benefits
Iron Networks Net-Gateway Hardware Platform Key Features and Benefits:
The Iron Networks Net-Gateway appliance family supports a wide range of models, each of the models are right-sized to meet the unique business requirements of our customers. Our appliances deliver the performance, capacity, and availability required in each environment; from the smallest branch office, to the largest enterprise datacenter, including:
- Multi-Core 64-bit architecture for high-performance network security: Iron Networks platform design includes multi-core x86 architecture, high-speed processor cache, larger memory and multi lane PCIe bandwidth, designs for maximized performance, scalability and reduced power consumption. This provides accelerated deep packet inspection and content protection against ever evolving complex attack in real time from both inside and outside the network perimeter.
- Enterprise grade high availability: Iron Networks solutions take system fault tolerance and failover to a new level for core network security service appliances. Our appliances offer:
- Hardware availability thru components level redundancy of disks, power supplies and fans.
- Windows operating system availability through system image redundancy and online PiT snapshot recovery system.
- Network level system availability thru network load balancing and fail-over systems.
- High copper and fiber network port density: The high port-density Gigabit Ethernet interfaces provide the performance and operational flexibility and redundancy required to secure a high-availability network infrastructure, along with economies of scale needed by large companies, enterprise, data centers, and service providers.
- Embedded high performance SSL acceleration hardware for 100% TCP/IP Offload: High performance hardware SSL acceleration co- processor from Cavium helps reduce CPU workload and provides following benefits:
- Shorter response time delay: The reduction in CPU load results in reduced delay for each of the individual clients.
- Increased burst rate thru faster SSL handshake: It can support 100’s of new concurrent logins per second. It provides significant burst rate performance gain and system stability over software-only solutions.
- Increased Peak Time Performance: Reduced CPU workload helps increases the number of transaction each of the appliance system can process.
- Increased Security: Server private keys are stored in write-only flash devices embedded into the Cavium processors as oppose to storing it on hard disk drives, making unauthorized access more difficult.
- HSM certificate management: HSM hardware provides a certificate repository and generation facility. Certificates can be compromised if a system is compromised, unless the certificates are generated and stored in these special hardware components.
- Integrated security audits: Iron Networks appliance systems are built with security best practices in mind. Various software add-ons, hardware components and system configurations will change a system profile; each of image versions is systematically packaged, tested for reliability and receives complete security audit on an ongoing basis by our security system experts.
Iron Networks Oneface® System Management Platform Key Features and Benefits:
The Iron Networks Oneface Management System suite provides a pre-integrated management system for any sized appliance implementation from a single appliance installation to a distributed enterprise with a widely distributed number of systems.
- Embedded Recovery Manager - Appliance Recovery and Remote Management System (ARRMS): ARRMS is an embedded operating environment built into all Iron Networks systems and allows the administrator to provide offline system management and maintenance to the appliance hardware and software image. The embedded ARRMS operating environment functions completely independently of the main appliance hardware and software environment. The appliance can boot using ARRMS into “maintenance mode” where the administrator has full BIOS-level access to the hardware and software environments, even with the appliance operating system shutdown or the hardware powered off. It provides services such as:
- Appliance System Configuration to manage server network port, lights-out management iKVM port, network shares and hardware diagnostics services
- Appliance Image Management to manage online PiT system OS recovery, multi image backups, restores, factory default reset and bare-metal appliance reset services.
- Lights-Out-Management (LOM) Manager - Remote Appliance Hardware Management System: Iron Networks appliance LOM functionality is embedded into most of the Iron Networks platforms, and comes complete with network and serial ports to provide rich and secure SSL web-based “out of band” BIOS-level remote management functionality. It provides full “in-front-of-the-server” remote server management experience from practically anywhere in the world through a web GUI interface which includes remote KVM access , system power on/off/reboot, full integration with ARRMS manager and storage media access, system console access, comprehensive health monitoring and notifications user rights and access management support for LDAP and RADIUS.
- LCD Manager – Headless Appliance Deployment System: Appliance systems include LCD hardware and software which allows simple installations without connecting keyboard, mouse and video monitors. This greatly simplifies installs, including remote installs without local IT support.
- Oneface® Integrated Windows System Manager: Iron Networks designed management MMC based UI to administer one or multiple Iron Networks systems from a single interface. This system centralizes and simplifies the management and deployment of the Iron Networks hardware and software systems including network configurations, TMG rule wizards, Microsoft clustering management, and other 3rd party security packages. Key Oneface Windows System Manager components include:
- Hardware Failover Manager
- Backup Manager
- Security Manager
- Component Manager
- Update Manager
- Configuration Manager
- Alert Manager
- SNMP Agents Support
- Lightweight Enterprise Manager
- Support for Microsoft System Central and Similar Enterprise Management Systems: The Iron Networks systems include SNMP protocol support with custom configurations for HP Openview and Microsoft Systems Center PAKs. This SNMP support provides direct integration with Enterprise Management systems in use by nearly all large enterprise IT departments.
Oneface Embedded Recovery Manager
Embedded Field Recovery Manager - Appliance Recovery and Remote Management System (ARRMS)
ARRMS is an embedded operating environment built install Iron Networks systems and allows the administrator provide offline system management and maintenance the appliance hardware and software image. The embedded ARRMS operating environment functions completely independent of the main appliance hardware and software environment. The appliance can boot using ARRMS int"maintenance mode" where the administrator has full BIOS-level "out-of-band" access the hardware and software environments, even with the appliance operating system shutdown or the hardware powered off.
ARRMS provides the administrator a fully functional maintenance and management environment without the need for recovery CD utilities or for the IT personnel tbe located anywhere near the appliance hardware. This gives IT departments a powerful management environment for centralized IT operations or provide management remote "branch" office environments without local IT support.
Key Features and Benefits
- Online, Quick Point in Time (PiT) snapshot Backups and Recovery
- AARMS includes an embedded backup system providing VSS compliant online backups. Backups can be scheduled both a hardware embedded backup providing "Last Known Good Configuration" rollbacks, and remote network locations providing Disaster Recovery services.
- VSS compliance provides snapshot integrity for online backups of "in-motion" file systems and the SQL logging and management databases
- Backups remote file systems allow full system backups tbe scheduled for each appliance, and merged in the normal IT backup infrastructure.
- Bare Metal Restore: System hardware replacement or upgrades: ARRMS facilitates complete hardware replacements in the field, migrating the operating environment for "bare-metal-recovery" or replacement hardware systems. Each appliance can be completely re-imaged "in the field" easily by the local IT staff with a single mouse click
- System Configuration and Management Functionalities:
- System Info - Static display of hardware and software versions and configuration details
- Network Config - Allows the IT Administrator configure network interfaces with IP Addresses, routes, etc.
- Network Shares - The IT Administrator can attach remote shares make offline ad-hoc backups as well as restore the appliance from remote network share backups
- HW Diagnostics Tools - Built-in utilities for diagnostics and repair of the system
- License Info- interrogates the system retrieve license and asset details as well as installed Microsoft embedded server software license keys
- Updates - Software downloads and updates can be applied while the main operating environment is down via this facility
- High Availability, Fail-Over Option (sold separately): ARRMS provides the foundation for High Availability or for near real-time failover ta standby appliance. The appliances have dedicated LAN port which can be cabled as a failover pair for the models where native windows HA/NLB is not available.
Embedded system environment:
ARRMS runs on a dedicated hardware embedded flash drive, which allows maintenance tbe performed on all aspects of the appliance, including bare-metal-recovery by replacing and reformatting the hard drives and other hardware components
- WinPE 2.0 operating environment: ARRMS run the Windows Vista Pre-Install Environment, which is a light-weight embedded version of Microsoft Vista. This provides a rich and flexible environment the administrator manage the system using familiar Windows commands
- Full GUI interface with windows CLI support: ARRMS provides a Windows GUI environment providing a rich and easy use environment. Supports the major Windows Management utilities including almost any Windows command line utilities; these commands can be used directly by the administrator for more advanced configurations and system interrogations
ARRMS Access Options: Local, Remote over internet and Headless via LCD
Iron Networks ARRMS supports multiple access options for advanced, flexible and efficient administration of appliance systems. In addition local access via keyboard, video and mouse, it can be accessed through remote LOM based iKVM (KVM over IPMI) or via the LCD screen and keypad.
- Full Web-based Lights-Out management (LOM) for remote operations: AARMS provides LOM configuration management assistance. LOM functionality is embedded in most of the Iron Networks platforms, and comes complete with network and serial ports provide
- Rich and secure SSL web-based "out of band" BIOS-level remote management functionality.
- Complete "in-front-of-the-server" remote server management experience from practically anywhere in the world through a web GUI interface providing remote KVM access.
- System power on/off/reboot,
- Full integration with ARRMS manager and storage media access, system console access,
- Comprehensive health monitoring and notifications
- User rights and access management support for LDAP, RADIUS and Active Directory
- LCD based Headless deployment option:
ARRMS is available via a simple LCD interface so the appliance can be managed, repaired and upgraded via a simple LCD menu interface. This provides a simple monitoring and management environment without an attached monitor and keyboard for
- Quick administrative tasks
- Remote operation in remote or branch locations without local IT support
Oneface LOM (Lights-Out Management) Manager
Integrated LOM Manager - Out-Of-Band, web based remote appliance management system
Iron Networks appliance LOM functionality is embedded into most of the Iron Networks platforms, and comes complete with network and serial ports to provide rich and secure SSL web-based "out of band" BIOS-level remote management functionality. It provides full "in-front-of-the-server" remote server management experience from practically anywhere in the world through web GUI interface.
LOM is iKVM/ IPMI v2.0 compliant and offers following benefits:
- Out of Band management:
Administrator can access the appliance, power the system on or off, and perform other advance level system maintenance function.
- Remote Storage Media Support:
Remote access to internal and external CD/DVD media, appliance ISO image
- Remote access to ARRMS manager interface:
LOM provides remote access to the ARRMS manager for easy management of network port and shares configuration, troubleshooting, system appliance image backups/recovery/restore/upgrade and other supported functionalities.
- iKVM (Keyboard/VGA/Mouse support over IP) Support:
System console redirection for remote web access and remote keyboard, video and mouse access via web console
- Rich enterprise system standard support:
It supports IPMI, SSL, and SNMP traps for easy enterprise system integration
- User Rights and access management:
LDAP and RADIUS
- Health Monitoring and Notification:
Comprehensive health monitoring of over 100 system parameters and Email/SMTP notification alerts for hardware errors and faults.
Oneface™ Windows System Manager
The Iron Networks Oneface™ Management System provides a pre-integrated management system for any sized appliance implementation from a single appliance installation to a distributed enterprise with any number of systems. Oneface™ is Microsoft Windows MMC 2.0 based. This makes Oneface™ completely compatible with the Microsoft Management infrastructure and extendable with other Microsoft MMC snap-ins.
The Iron Networks OneFace™ Management System central console is a centralized management dashboard that can manage one or more local or remote appliances. The console manages the configuration, upgrades, monitoring and management of each appliance from a central location. Oneface™ can also plug directly into Enterprise SNMP management systems such as HP Openview or Microsoft Systems Center.
The OneFace™ Windows System Management Console has a rich and robust set of features including:
High Availability and Fault Tolerance Manager – Oneface™ provides support and management for Microsoft clustering and for the Iron Networks proprietary and inexpensive Fault Tolerant “Warm Standby” technology. The Warm Standby technology provides an automated active/passive technology, where the active system is replicated to a redundant hardware appliance. This provides for a redundant and secure fault tolerant system without the costs associated with purchasing multiple licenses in active-active configurations.
Backup Manager – Several backup options are available to provide Point-in-Time snapshot backups of the entire appliance system, either internally to the appliance, or to remote network servers. The backup snapshots provide guaranteed disaster plan contingencies or for simple roll-backs of system configurations to a “Last Known Good State”.
Embedded System Manager (ARRMS) – The Embedded System Manager works in conjunction with the Backup Manager to provide offline recovery and snapshot roll-back services. This system provides full access to the hardware and software components by a remote administrator.
Security Manager – Each appliance runs internal monitoring systems to remove the possibilities of security vulnerabilities due to configuration or other security compromises.
Component Manager – Iron Networks products have numerous 3rd party integrated software add-ons which greatly extend the capabilities of each appliance. These add-ons include QOS, content management, WAN Optimization, reporting and many other components. The Component Manager allows the customer to add or remove components as desired.
Update Manager – The Update Manager provides ongoing monitoring of new software patch releases and provides an integrated patch management system for the entire appliance from drivers, OS to all installed application systems.
Configuration Manager – The Configuration Manager allows the administrator to manage one or more appliance configurations including network, operating system and operational configurations from a central management station.
SNMP Agents – the Iron Networks integrated SNMP agent plugs directly into SNMP or SYSLOG management systems using standard protocols used to manage Enterprise Class servers and network devices.
Lightweight Enterprise Manager – Iron Networks provides an SNMP network management system pre-integrated with the hardware, operating system and application products. This provides a turnkey management dashboard out-of-the-box.
Iron Networks Oneface Management System integrates hardware and software management into a cohesive management system. This provides a integrated Enterprise Class management system without enterprise cost and staffing requirements.