News Archive (1999-2012) | 2013-current at LinuxGizmos | Current Tech News Portal |    About   

Giant firewall runs Linux

Oct 30, 2007 — by Eric Brown — from the LinuxDevices Archive — 37 views

Crossbeam Systems has started shipping a massive chassis-style, “unified threat management” (UTM) system based on an open Linux OS. The X-Series UTM server runs the company's Linux-based “XOS” OS, and targets highly scalable firewalls and other security applications for large data centers and service… providers.

Spread the word:
digg this story

The X-Series UTM competes with high-end UTM systems such as Juniper Networks's SSG, but is more open, thanks to a Linux-based OS, Crossbeam says. The company's “XOS” Linux implementation is claimed capable of “seamlessly” unifying the resources of up to 100 separate processing cores spread out over up to 14 blades, enabling admins to tune available resources for optimal processing of specific individual traffic streams.

There appear to be three X-Series models, including a half-size 7-slot X45 model, a full 14-slot X40 model, and a 14-slot X80 model with optional 48-volt power supply (typical of telecom carrier infrastructure).


Crossbeam X45, X80, and X40 models

Each X-Series chassis can be populated with various mixes of control, data, and application processing blades, in order to achieve the desired performance. The application processing blades can be configured singly or in groups to provide services such as XML transformations, firewalling, content filtering, IDS (intrusion detection), URL filtering, AV (audiovisual) proxy serving, and so on.


Crossbeam Xseries architecture

The X-Series blades include:

  • NPM-8600 — network processor module based on 64-bit MIPS cores and FPGA-based NPUs (network processor units); said to support up to eight 10Gbps or 40 1Gbps Ethernet interfaces
  • APM-8600 � application processor module based on Intel Xeon processors
  • CPM-8600 � control processor module based on Intel Xeon processors, with support for dual SATA drives in a RAID configuration

The X-Series devices are managed via a web browser interface served up by the control module. The interface offers a “virtual representation” of the system, as shown in the screenshot below.


Crossbeam XSeries control interface

XOS is described as a “hardened” version of Linux that can run from disk or flash. It appears to use a proprietary IPC (interprocess communications) protocol called “X-Stream” (no pun intended, we're sure). There's also some kind of virtualization layer aimed at abstracting applications, interfaces, and networks.

According to Crossbeam, the 8600 enables huge costs savings from consolidating smaller content security farms. It also enables data centers to seamlessly integrate combinations of Layer 2 transparent and Layer 3 proxied or terminating applications, helping to simplify troubleshooting and reduce “appliance sprawl.” Its RAID-mirrored on-board storage and separately switched high-speed control plane are ideal, says Crossbeam, for content and other Web-based applications that need both local- and off-box network storage. Latency as low as fifty microseconds is touted as adequte for VoIP application processing. The company boasts support for “all major network security categories,” including firewalls, VPNs, content filtering, and Web application protection software such as malware scanning.

Marketing VP Throop Wilder stated, “Crossbeam continues to provide the only open, enterprise-class security platform.”

Availability

The 8600 X-Series is available immediately. Pricing was not disclosed.


 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.



Comments are closed.