whitepaper

from networking dilemmanetworking success

to

AbstractIn today’s hyper-competitive environment, the small business owner/manager faces a strategic dilemma:

• to embrace the Web and other networking technologies, with all their opportunities and risks, or• to preserve the status quo because of the fear of costs and security risks.

The visionary’s response to this dilemma is to forge ahead, ignoring the pitfalls, recognizing that incorporating networking technologies into core business processes may be crucial to the future growth and survival of the business. The conservative businessperson might not make a decision until the costs and risks are understood and manageable. Fortunately, there is a new breed of product, called the Internet server appliance (or thin server) that can help satisfy both the visionary and the conservative.

Purchasing a thin server appliance can meet the needs of small business for Internet connectivity without breaking the budget, and without introducing security risks. In fact, a superior server appliance will provide much more in the way of networking services than basic Internet connectivity, while enhancing security (by actively protecting information assets from electronic intruders), all at a very reasonable total cost of ownership. This white paper demonstrates why a server appliance ought to be the keystone technology in the Internet strategy of any small business, and what criteria to apply when making a purchase decision.

www.newlix.com

Internet Server Appliances for Small Business

Newlix Corporation1051 Baxter Road • Suite 21Ottawa Ontario • K2C 3P1

tel (613)225.0516 • fax (613)[email protected]

newlix corporation 2

Table of Contents

Abstract 1

Table of Contents 2

The Networking Dilemma 3How does this relate to my business?........................................................................................................................ 4Scenario 1: No Local Area Network (LAN) ............................................................................................................. 4Scenario 2: Computers connected to LAN, without a gateway........................................................................... 5Scenario 3: Computers connected to LAN, with a gateway ................................................................................. 6Understanding the Problem.......................................................................................................................................... 7What’s the solution?....................................................................................................................................................... 7

Framework for a Solution 8Table 1. Requirements Analysis Outline ..................................................................................................................... 8Business goals................................................................................................................................................................... 8Success factors................................................................................................................................................................. 9Business processes.......................................................................................................................................................... 9Business activities............................................................................................................................................................ 9Communications infrastructure.................................................................................................................................10Networking requirements ..........................................................................................................................................10Table 2. Business Needs and networking Technology ...........................................................................................11Characteristics of a solution ......................................................................................................................................12Business-driven characteristics ..................................................................................................................................12Technology-driven characteristics.............................................................................................................................12Characteristics in detail ...............................................................................................................................................12

Options for Networking Success 17Categories of solutions................................................................................................................................................17Which category is best for small business?.............................................................................................................20Table 3. Comparison of Internet connections Solutions......................................................................................20Table 4. Cost-effectiveness of Internet Connection Solutions ...........................................................................21The Newlix Offi ceServer Solution............................................................................................................................21Table 5. Characteristics of the Newlix Offi ceServer ............................................................................................22

Conclusion 23

Glossary 24

Suggested Additional Reading 27

v-00-06-19


The Internet is also enabling entirely new kinds of businesses that provide value-added services, such as professionally managed, targeted knowledge brokering, to individuals or other businesses.

For example:

• Courier companies provide up-to-date shipment tracking to customers via the Web to cut costs.• Manufacturers are involving suppliers and partners in cross-enterprise supply-chain management to optimize

manufacturing schedules and reduce inventories.• Engineering teams are improving productivity and overcoming geographical separation using distributed

collaboration tools.• Specialized information services are alerting clients to current events that affect their business decisions.

All of these business applications are based an a small set of basic networking services, such as the Web, e-mail, local area networking (LAN), and wide area networking (WAN). These in turn depend on securely and reliably connecting people (via their computers) to each other and to the global Internet.

Driving forces

Competitive and bottom-line pressures are driving businesses to deploy Internet technology in order to communicate more effectively, both externally and internally. At the same time, businesses must protect their information assets and man-age costs. Each business is at the focal point of these forces, and must meet them head-on to survive and grow—achieving “networking success”. The technological foundation of networking success is secure and reliable connectivity.

For the small business (1 to 100 employees), networking costs are a signifi cant issue, both for initial investment and for ongoing maintenance. Security is the other big issue; ensuring the integrity and confi dentiality of the information assets of the business and of its clients is fundamental to its survival. In the past, typical solutions were either:

• highly secure, but at a prohibitive cost for small business, or• low-cost initially, but inadequate and expensive to maintain

Thus, the potential purchaser was forced to choose between security and cost. This white paper shows how to avoid both overly expensive and inadequate solutions by examining the problems and pitfalls of connecting to the Internet, and proposes a cost-effective solution for a small business to achieve networking success.

the networkingdilemma

The Internet explosion is driving all businesses, large and small, to rethink their communications strategy. Although

public relations and marketing form an important part of the strategy, it goes well beyond that. Businesses are creating

value and increasing their competitiveness by linking their customers, suppliers, partners, and employees into their core

business processes using Internet technology to create dynamic, collaborative communities (intranets and extranets).


How does this relate to my business?

The small business owner/manager may be faced with computer users demanding faster, more convenient Internet access (or perhaps any access at all) so that they can do their jobs more effectively. Some of them may be highly skilled professionals who could cover more information in their research in less time (thus generating more revenue) if they had high-speed Internet access for Web browsing and e-mail. However, the cost of a dedicated high-speed connection for each user might be prohibitive. The typical solution is to share a single high-speed connection among many users through a gateway system. Therefore, the costs and risks associated with shared Internet access must be considered carefully before any purchasing decision is made.

The following scenarios are typical of approaches that have been tried for providing basic Internet access to small businesses. They give some insight into the drawbacks of the ‘obvious’ solutions.

Scenario 1: No Local Area Network (LAN)

Confi guration:

• One or more disconnected (standalone) computers.• No Internet access yet, or Internet access (typically dialup) on individual computer(s).

Advantages:

• Standalone operation can reduce or slow down the spread of computer viruses.• Potential intrusion by hackers is restricted to machines with Internet access.• No network administration required.

Problems:

• Diffi cult to share computer resources (e.g. hard disk space, printers).• Cost of giving Internet access to additional users (typically requires additional telephone lines).• Cost of simultaneous connections (one per user, but each connection is typically idle most of the time).• Security: no protection from unwanted intrusion while online, unless each machine with Internet access

has personal fi rewall software installed.

Internet

dial-upmodem

PC PC PC PC

non-permanent connectionpermanent connection to cable, telephone (DSL), or wireless network

high-speedmodem (typical)

Security note: Each computer with Internet access is vulnerable to attack when connected.


Confi guration:

• Users sharing disk space, printers, and other resources.• Internet access via modem on individual computers, or a shared modem pool.

Advantages:

• More cost-effective use of resources by sharing over the LAN.• Modem pool can reduce costs by sharing outside telephone lines.

Problems:

• Costs of Internet access for multiple users (similar to stand-alone case).• Security: unwanted intrusion can affect all computers on the LAN, unless each machine with Internet

access has personal fi rewall software installed.

Scenario 2: Computers connected to LAN, without a gateway

sharedmodem pool

Internet

PC

PC

PC

LAN server

LAN

Security note: Every computer on the LAN is vulnerable to attack when any computer is connected.


Confi guration:

• Users sharing computer resources via the LAN server(s).• Internet access is also shared (over a single telephone line or cable connection) using Internet connection

sharing (gateway) software installed on one computer.

Advantages:

• Cost-effective: access cost is shared, and PC gateway software is free or inexpensive.• Security: single point of connection to the Internet; only the gateway needs to be secured.

Problems:

• Inexpensive gateway software may be unreliable.• Security: intruders can attack all computers on the LAN, unless there is also a fi rewall at the gateway.• Reliable, dedicated gateway/fi rewall systems tend to be expensive, considering initial cost and

maintenance/upgrades.• Total cost of ownership can be high, depending on level of expertise required to maintain the gateway/fi rewall.

Scenario 3: Computers connected to LAN, with a gateway

high-speed modem (typical)

Internet

PC withgateway software

PC

PC

LAN server

LAN

Security note: Every computer on the LAN is vulnerable to attack, unless the gatewayis secured with a firewall.

Note: Gateway function could be located on a LAN server, instead of separate PC's as shown.


What’s the solution?

Is there a solution that is reliable, functionally complete, and easy on the budget, considering the total cost of ownership? The answer, of course, is yes. It’s called an Internet server appliance (or thin server), and the Newlix Offi ceServer is the leading product in that category.

The remainder of this white paper explores a path to networking success, while avoiding the pitfalls and shortcomings of approaches that are not suitable for small business. It begins with principles that apply to any business, and leads to the Newlix Offi ceServer as the ideal solution for small business. The following sections are best read in order, but some can be skipped to get to a particular topic:

• First, a requirements analysis explains the need for network connectivity and related services, such as e-mail.• Second, the networking requirements in combination with the needs of small business determine the important

characteristics of a networking solution.• Next, an analysis of four categories of solutions with respect to the characteristics leads to the conclusion that the

server appliance category is the most appropriate for a small business.• Finally, an analysis of the Newlix Offi ceServer positions it as the leading candidate in the server appliance category.

Understanding the Problem

Unfortunately, none of these scenarios represents a viable solution for Internet connectivity for small business, with the possible exception of Scenario 1 for a one-person, single-computer offi ce. With multiple computers at a work site, it makes sense to install a LAN to enable sharing of computer resources, including the Internet connection. Although gateway and fi rewall software is inexpensive and readily available for personal computers (PCs), there are some serious shortcomings with this “roll your own” approach:

• Reliability: personal computer operating systems typically do not provide the level of continuous availability required of a gateway, even for a small business. As the business evolves to embed networking into its core business processes, the level of networking availability will become a key factor in the performance of the business.

• Functionality: gateway software for personal computers typically performs only basic Internet connection shar-ing. Separate products must be selected and installed for a fi rewall, e-mail, a Web server, and other essential services. Even then, the resulting solution typically won’t support remote and mobile users. Nor will it allow multiple work sites (each with their own LAN) to be linked as if they belonged to one large LAN. Lack of support for these wide area networking (WAN) requirements may present obstacles to future growth of the business.

• Total Cost of Ownership: although the initial purchase cost for the gateway and related software may be reasonable, the ‘hidden’ costs for installation, confi guration, and (most importantly) ongoing administration of the complete suite of software may be prohibitive. Depending on the particular operating system running on the gateway computer, a highly skilled network administrator might be required, even to perform basic tasks such as adding a new computer to the LAN, or adding a new e-mail account.

It’s obvious from these shortcomings that a seemingly straightforward approach to Internet connectivity could lead to an inadequate solution, or one with very high ongoing costs, or both. The small business owner/manager is caught between the driving forces for greater network connectivity, and the absolute business need to avoid inadequate, high-cost solutions.


Before looking at possible networking solutions, every business should examine its communication needs. Time and money are scarce resources that should not be wasted by jumping into a ‘solution’ that does not meet the needs of the business, or one with a high total cost of ownership. All businesses today are under tremendous pressure to do more with less, so it makes sense to consider the business requirements for networking, in order to arrive at a cost-effective solution.

A thorough requirements analysis itself can be a costly process. So this white paper derives some common needs and networking requirements that apply to all businesses, by starting with some basic principles. The requirements analysis follows the outline shown in Table 1, proceeding from left to right, and from top to bottom. The business drivers produce the corresponding requirements in the same row of the table.

REQUIREMENTSBUSINESS DRIVERSQUESTION

Why does a business exist?

How are goals achieved and success factors supported?

What functions are performed?

What does a solution look like?

Goals

Processes

Activities

Business-drivenCharacteristics

Success factors

CommunicationsInfrastructure

Networking Requirements

Technology-drivenCharacteristics

Table 1. Requirements Analysis Outline

Business goals

A business exists to create wealth by adding value in the delivery of products or services. It may have secondary goals such as improving the living standards of its employees or contributing positively to the community. However, it must continually deliver added value in order to achieve long-term viability and to achieve its secondary goals, especially in today’s hyper-competitive environment. Very simply, the ultimate goal of every business is: “Add value or die!”

framework fora solution


Success factors

Businesses that are successful in adding value over the long term tend to adopt a culture that promotes winningbehavior patterns such as:

• focus—clearly communicated objectives for the entire enterprise, business units, and project teams• delegation—pushing down accountability and decision-making, and eliminating management layers• specialization—each individual contributing to the mission in the most effective way• sharing—pooling of scarce assets, resources, and knowledge• learning— improving processes based on past experience (shared knowledge)• adaptability—creating new processes to continue adding value in a changing business environment

These businesses attract ideas, employees, customers, and capital to deliver a better, cheaper service or product, thereby achieving long-term competitive advantage. They have adopted practices and technologies that embody and support the success factors.

Business processes

Business practices and communications technologies adopted by successful businesses have now converged in the form of networked business processes and applications. The following are examples of business applications that embody networked (or web-centric) business processes:

• Web publishing • Marketing programs—such as free newsletters, discussion groups, promotions, lead generation • E-commerce—purchasing over the Internet • Sales management—distributed access to customer and prospect databases • Customer care—support and guidance before and after the sale • Collaborative development (of programs and products) with partners • Telecommuting—remote and mobile employees; virtual corporations • Supply-chain management—with suppliers and partners • Competitive research— information agents that fi nd and deliver relevant information • Finance and administration—distributed budget preparation and monitoring • Employee recruiting and retention—external and internal Web sites with application and resume submission,

incentive programs, etc.

Clear, meaningful objectives and a culture committed to promoting carefully chosen success factors are critical elements for the success of a business. But to operate a modern business according to these principles, a high-quality communications infrastructure is required. Excellent communications will support the culture and the convergent, networked business processes that will help the business achieve its objectives.

Business activities

In order to determine specifi c requirements for a high-quality communications infrastructure, let’s look at some of the business activities that are common to networked business processes, and that support the critical factors for success. Regardless of the type of business, every organization performs at least some of the following activities:

• information gathering• information dissemination (publishing)• purchasing products and services• selling products and/or services• direct correspondence with external contacts• internal correspondence• sharing information internally to improve productivity and foster teamwork (to produce better proposals, for example)• sharing tangible assets within workgroups to reduce costs• sharing information selectively with external contacts (suppliers, customers, contractors, remote employees)

These activities all have one common characteristic. They depend on timely and high-quality communications, both within the organization, and within the larger sphere of its external contacts.


Communications infrastructure

Businesses are turning increasingly to Internet technologies to support and enhance their communication-dependent activities, for good reason. The Internet is a very rich and ubiquitous communication medium, built on a costly, high-bandwidth infrastructure that would be beyond the means of any single corporation, organization or government to duplicate. Furthermore, the infrastructure and the Internet services are constantly being upgraded by the combined effort of many individuals and groups. It was also designed from the beginning to be a shared medium, with a low intrinsic cost for each individual message. It’s no wonder that large and small businesses want to exploit this medium. Internet technology enables communication solutions that are equally cost-effective for businesses of all sizes.

Given the design of the Internet, it should have put small businesses on an equal footing with large corporations. However, until recently, cost-effective solutions that provided basic Internet connectivity and networking services (without requir-ing a skilled network administrator) did not exist. Now, Internet server appliances have lowered the entry barrier to networking success for small business.

Networking requirements

The world of networking and the Internet can be a very confusing place. Although some or all of the following networking requirements might be presented as partial networking solutions, in fact, all of them have their place. This white paper places them into perspective:

• Web access for information gathering (business intelligence, research), purchasing• Web presence for marketing, customer support, e-commerce• E-mail to stay in touch with prospects, customers, suppliers, partners and investors• Internal e-mail to facilitate internal communication• LAN support for sharing internal information and computer resources

What about mobile employees and remote work sites?

Mobile and remotely located employees need to exchange information with co-workers at a central location, or share central resources. They need to operate as if connected to the central offi ce LAN, to share fi les and printers, to run business applications, or anything else that a user directly connected to the LAN can do. Therefore, there is a need for secure wide area networking (WAN) services. These can be provided by telephone dialup service at the gateway, or by a secure virtual private network (VPN) connection between the gateway and a remote computer through the Internet.

In the case of a distributed business with a central offi ce and one or more remote offi ces, business activities require a high level of communication and information sharing among the work sites. So there is a requirement to connect two or more LANs together into a WAN. This should be transparent to the users, so that the users appear to be all connected to the same LAN. This can be accomplished if there is a gateway at each site with secure, high-throughput VPN services.

Increasingly today, all businesses are partnering with customers, suppliers, and other external contacts in their business activities. Thus, there is a requirement for networking between businesses, often referred to as business-to-business (B2B) networking, or e-business. This implies treating the external contact as if it were a remote work site, but with special access restrictions to share only the required applications and information. This scenario again requires WAN services and the underlying VPN technology.

As a business extends its activities to include remote employees, remote work sites, and external contacts, the following additional requirements appear:

• WAN support to extend LAN services to remote/mobile users and branch offi ces• WAN extended to support external contacts, with appropriate access controls


Networking services

The following table shows how communication-intensive business processes drive the requirements for networking technology and services.

In summary, a networking solution that satisfi es the needs of business today and into the future will provide:

• Internet access to support Web browsing and fi le downloading• Web and fi le transfer (FTP) servers• connectivity to line-of-business (LOB) application/data servers• e-mail services, both external and internal• LAN services, for sharing both information and computer equipment• WAN services, to extend sharing to remote/mobile users, branch offi ces, and partners• secure, high-throughput VPN capability, encompassing encryption, authentication, and access control• fi rewall protection for the LAN

Information gathering

Information disseminationMarketing & public relations

Purchasing

Selling

Correspondence

Sharing tangible resources

Sharing information assets

Retention of assetsConfidentiality

NETWORKING SERVICES

Web accessFile download

Web presenceWeb publishing

Web accessFile download

Web e-commerceInternet e-business

External e-mailInternal e-mail

Shared disk storageShared printersShared CD drivesShared documentsShared databasesShared applications

Network security

Internet gateway

Web serverFile transfer services

Internet gatewayConnectivity to LOB servers

Web & related serversConnectivity to LOB servers

External e-mail servicesInternal e-mail services

LAN servicesWAN (VPN) services

LAN servicesWAN (VPN) services

Firewall protectionSecure VPN

NETWORKINGREQUIREMENTSBUSINESS ACTIVITIES

Table 2. Business Needs and Networking Technology


For a small business, it is essential to provide all these services in a single package to minimize costs. Such a solution is sometimes called a gateway, although it embodies much more than sharing access to an external network.

Security is an underlying requirement for all networking services. Low initial purchase and ongoing maintenance costs are also key requirements. We’re talking about a secure, fully functional gateway with low total cost of ownership. Additionally, there are other desirable characteristics of an ideal solution for small business that must be factored into any purchase decision.

Characteristics of a solution

The business and technology requirements for networking success lead directly to a set of characteristics against which potential solutions can be compared. The pattern of the requirements analysis suggests breaking the list down into business-driven and technology-driven characteristics.

Business-driven characteristics

• Security—protection of confi dential information and computer resources from electronic intruders• Initial cost—within fi nancial means of small business• Simplicity— installation and ongoing maintenance without requiring a trained computer administrator, to

minimize operating costs• Functionality—connectivity and networking services to support business processes and activities

Technology-driven characteristics

• Reliability—high availability, because Internet access often becomes critical to business operations• Throughput—Internet access speed constrained only by the bandwidth of the physical connection• Compatibility—with popular personal computer systems and networking environments• Support— for both the software and hardware [something that purchasers often overlook]

Characteristics in detail

Let’s take a closer look at each of the characteristics in turn. The following discussion is quite technical. It’s aimed at those familiar with networking concepts, such as system administrators and power users. If you’d like to skip over the technical details, you can resume reading with one of the following topics:

• the four categories of solutions that are available today, and why the server appliance category is the most appropriate for a small business

• the Newlix Offi ceServer, the leading candidate in the server appliance category

Security

Protecting the electronic information assets of a business from unauthorized access and accidental loss is a mandatory business requirement. It’s a multi-faceted problem that calls for comprehensive security and recovery plans, which are outside the scope of this white paper. Furthermore, achieving 100% protection is impossible. However, it is possible to make it extremely diffi cult for electronic intruders to penetrate your LAN from the Internet, satisfying a key part of any security plan.


Any host that is ...permanently connected (to the Internet) will typically be scanned and probed several times per day. In fact, during peak periods, malicious activity at the level of thousands of packets per day has been recorded...

Placing a secure gateway between your LAN and the Internet will provide a high degree of protection. A secure gateway includes a fi rewall, and together they use some combination of the following techniques:

The gateway (sometimes called a dual-homed bastion host) is the only connection between the external Internet and the internal LAN, and only the fi rewall software is responsible for allowing requests and data (in the form of network packets) to fl ow between the internal and external networks. The gateway computer acts as a proxy for the internal computers that require Internet services. The fi rewall can block packets that do not satisfy certain preset security parameters.

Network Address Translation (NAT) allows multiple computers to share a single Internet connection without revealing their identity to the external Internet. The sharing machines communicate with each other and with the NAT gateway computer using private network addresses. For traffi c to the external Internet, the NAT service translates all private addresses to its network address, while keeping track of which packets belong to which computer. Since the external Internet sees only the single network address of the NAT fi rewall computer, there’s absolutely no way for Internet scanners to reach past it. This creates a high degree of security for the machines “behind” the NAT gateway. Note that the NAT computer is accessible from the Internet and needs to be protected, by stealth technology for example. [The preceding was adapted from Steve Gibson’s Shields Up! FAQ.

Bi-directional NAT protects internal computers that provide Internet services such as e-mail. The fi rewall can redirect requests originating from the Internet to a protected server behind the NAT gateway, while preserving the external (IP) address of the originating Internet host. This capability, sometimes called “reverse proxy” or “port forwarding”, places any confi dential data required by the server behind the protection of the fi rewall.

Stealth technology makes the gateway computer fully or partially “invisible” to other computers (hosts) on the Internet. When an Internet host requests a connection, it never gets a response back, except when requesting specifi cally enabled services such as HTTP (to the web server), SMTP (for e-mail), and FTP (for fi le transfer). This prevents would-be Internet intruders from exploiting potential weaknesses in unneeded networking ser-vices, while at the same time allowing computers on the internal LAN to connect to any Internet site. Stealth technology is sometimes also called port blocking, because it operates by refusing to respond to Internet packets that request a connection to any TCP or UDP port, except for those associated with enabled services.

A port scanning inhibitor is a feature that briefl y disables access to the gateway from an Internet host that tries to perform a port scan on the gateway. Port scanning is a technique used by would-be intruders to detect Internet hosts that might be susceptible to future attack. Inhibiting port scans complements stealth technology by making the gateway effectively “invisible” to Internet hosts that are probing it for weaknesses.

Packet fi ltering looks at each packet entering or leaving the LAN and accepts or rejects it based on preset rules. Packet fi ltering is fairly effective and transparent to users, but it is diffi cult to confi gure.

An application gateway applies security mechanisms to specifi c services, such as an FTP server. This is very effective in protecting certain services from abuse, but must be combined with other techniques for more complete security coverage. This type of gateway can impose a performance degradation.

A circuit-level gateway applies security mechanisms when a TCP or UDP connection is established. Once a valid connection has been allowed, packets can fl ow between the hosts without further checking.


An effective gateway/fi rewall combination provides essential protection from would-be intruders intent on compromising Internet hosts for malicious purposes such as:

• defacing Web sites with graffi ti• illegally obtaining confi dential data (credit card numbers, or personal identities, for example)• deleting data• installing “trojan horse” software to enable launching attacks on other Internet hosts

These attacks are invariably preceded by various types of automated port probes and scans that seek to identify vulnerable hosts. Any host that is connected to the Internet for more than a few minutes is likely to be scanned or probed by one or more of these automated scanning tools, and any host that is permanently connected (to DSL or cable services, for example) will typically be scanned and probed several times per day, from various hosts that could be located anywhere around the globe. In fact, during peak periods (such as school holidays), malicious activity at the level of thousands of packets per day has been recorded, all directed at a single home computer. The most effective fi rewall is one that keeps your gateway computer off the lists of “interesting” (read vulnerable) hosts compiled by the scanning tools, by making it invisible to them with stealth technology.

No matter how effective a fi rewall might be, remember that it is just a fi rst line of defense in protecting private informa-tion. A comprehensive security plan would call for the encryption of highly sensitive data for storage and transmission, as well as other security measures.

Virtual private networks (VPNs) introduce additional security issues, which this paper does not fully explore. However, it is important to recognize the three features which must be present to secure a VPN against unwanted intrusion:

• authentication, to ensure that only authorized users can join the private network• access control, to control which network resources (such as fi les) are accessible to certain users• encryption, to prevent interception and modifi cation of private data as it travels over a public network

Initial cost

The cost of purchasing a solution must be within the fi nancial means of the business. Factors that affect the cost include:

• the complexity of the hardware and software• the degree of proprietary vs. off-the-shelf hardware and software• the size of the market and level of competition among vendors

For a low-cost solution for small business, look for one that bundles the basic networking services listed earlier in a single box. However, look beyond the initial purchase cost at the total cost of ownership, which is heavily infl uenced by the next characteristic, simplicity.

Simplicity

A truly simple solution will encapsulate complex technology so as to minimize the costs of installation and ongoing administration. The networking services should be tightly integrated, presenting a simple, straightforward interface to the customer. Installation, confi guration, and ongoing administration should be simple enough to be performed by anyone, as opposed to a highly trained network administrator. In fact, ongoing administration should be limited to adding the occasional new e-mail account.


Whether in-house or outsourced, network administration services are costly. Even if the business is large enough to have full-time network administration staff, they are often already overworked administering the existing network. So a networking solution that can be installed and administered by existing staff without a signifi cant time burden, and without additional training, will minimize operating costs. Together with a low initial cost, this will result in a low total cost of ownership.

Functionality

The ideal solution will provide all the networking services described earlier. In addition, it should provide a reverse proxy capability, so that some of the services or other networking applications can be delivered on powerful application servers behind the fi rewall. For example, a particular business may want to provide e-mail by running Microsoft Exchange on a Windows NT server, or host a set of web sites on a Unix computer.

Reliability

As a business incorporates networking into its everyday activities, it will increasingly depend on Internet connectivity for normal operation. Indeed, when networking becomes part of core business processes, such as customer relationship management, the dependence becomes critical. So the network gateway must provide a very high level of availability. The acceptable level depends on the individual business, but it’s not unreasonable to expect availability greater than 99.9% (excluding scheduled maintenance), which translates to less than one hour of downtime per month. In addition to being highly available, the gateway must reliably mediate traffi c between the external Internet and the internal LAN, without misdirecting or losing packets, even under heavy traffi c conditions.

Just as with the issue of security, overall network reliability depends on more than just the gateway server. The ability to manage a computer network to meet availability targets also depends on other factors that are outside the scope of this white paper, including:

• backup and restore procedures• availability of technical support• backup power systems• redundancy of critical components and systems• redundant or standby Internet connections• a disaster recovery plan

As a business grows in size and dependence on networking, these issues must be addressed through training, hiring, or outsourcing.

Throughput

High throughput (measured in terms of bytes and packets per second passing through the gateway) is desirable, in order to minimize waiting time for internal (LAN) and external (WAN and web) users. The gateway/fi rewall combination should impose no noticeable overhead, compared to a standalone connection. With multiple users, it should achieve throughput close to theoretical maximum bandwidth for the type of connection. With a high-speed (DSL or cable) connection, users should notice no degradation in throughput compared to a private connection to the same ISP, unless multiple users are simultaneously transferring (downloading) large fi les.


Compatibility

A small business cannot afford to re-confi gure the existing computers and network to suit the requirements of a newly purchased gateway. So the gateway should inter-operate with all the types of computers found on a LAN, and with the networking infrastructure itself. Inter-operability has several aspects:

• When connected to the LAN, the gateway must not disrupt the operation of computers (both users’ workstations and servers) already on the LAN.

• The gateway should permit Internet and LAN services to be provided by servers on the LAN, even if it can provide those services itself. For Internet services, it should have a confi gurable reverse proxy feature to forward Internet requests to the appropriate server on the LAN.

• Adding a new computer to the LAN should be a “plug-and-play” operation, at least for popular personal computers. In this context, “plug-and-play” means that the new computer needs little or no manual confi gura-tion to use LAN and Internet services after it is plugged into the LAN.

Support

The level of technical support available must be considered when selecting any device involving complex technology, even more so in the case of a gateway product whose reliability will become a critical factor in the operation of the business. Some of the factors to be considered are:

• the reputation of the vendor for customer support• the availability of secondary suppliers of support services• the architectural approach -- proprietary, closed system vs. an open system

There are support advantages to the customer with an open system architecture, namely easier access to a pool of people (such as existing staff, independent contractors, or professionals employed by IT outsourcing fi rms) with maintenance skills for the hardware and software components.


Categories of solutions

The available solutions fall into four categories, based on cost and overall performance:

• high-end• mid-range• low-end• network server appliances

Each category has some signifi cant attributes in terms of the characteristics. The following analysis does not address all the characteristics for each category. However, Table 3 presents a complete picture of characteristics by category in summary form.

Generally speaking, you get what you pay for—higher overall performance costs more. However, the network server appliance occupies a unique position in the cost/performance space of solutions, as shown in Table 4.

options fornetworking success

Having derived a set of criteria for networking success, in the form of desirable characteristics of a gateway solution for

small business, it’s now possible to examine some options. An analysis of the available solutions leads to a category (the

server appliance), and a specifi c product (the Newlix Offi ceServer) that best fi t the characteristics.

High-end solutions

Target market: large enterprises with distributed workgroups, ASPs, ISPs, high-traffi c Web portals Security: very high, if confi gured and administered correctly Initial cost: very high, upwards of US $20K; multiple computers may be required Simplicity: very complex; installation and maintenance requires highly skilled network administrators Functionality: • incomplete offering of networking services; integration of multiple products and

servers required;• typically provide remote management of multiple sites for enterprise-level scalability

Reliability: very high; typically have hardened operating systems Throughput: extremely high; well-suited to high-traffi c situations Support: some products include custom hardware that may limit availability of support Example products: Sun Microsystems SunScreen family of products Summary: not suitable for small business, due to high total cost of ownership


Low-end solutions

Target market: small offi ce and home offi ce (SOHO) Security: adequate if stealth personal fi rewall installed Initial cost: low. Possible confi gurations include:

• PC + personal OS + software components (often shareware) • SOHO router/fi rewall + software components

Simplicity: better than mid-range; networking experience required to select, install, and maintain software Functionality: • no single product provides all networking services

• some OSs include basic gateway (Internet connection sharing) software • VPN functionality not widely available

Reliability: likely to be a problem, depending on reliability of underlying OS and networking utilities Throughput: moderate, adequate for a few users Support: uneven level of support from vendors; 3rd party and Web resources available Example products: • Microsoft Windows 98 with Internet Connection Sharing + personal fi rewall + web/FTP/e-mail

servers etc. • Linksys EtherFast Cable/DSL Router + LAN server + web/FTP/e-mail server(s) etc. • WatchGuard Firebox SOHO (or Telecommuter) + LAN server + web/FTP/e-mail server(s) etc. • PC + Linux OS + networking utilities Summary: • Generally not suitable for small business, due to high installation & maintenance costs for a

complete solution (OS and networking skills required). • Router/fi rewall appliances are excellent security products, but don’t provide basic networking

services. • Linux is a low-cost, reliable OS, and networking utilities provide complete functionality, but

confi guration and maintenance require special skills.

Mid-range solutions

Target market: single worksites of small - to medium-scale enterprises Security: high, typically a proxy with packet fi ltering, sometimes with NAT Initial cost: moderate, typical confi guration: desktop PC or server + workgroup OS + software components Simplicity: complexity based on underlying OS and level of integration of software components; trained

network administrators requiredFunctionality: • integration of multiple products may be required

• reverse proxy may be available Reliability: may be a problem, depending on reliability of underlying OS Throughput: high, but less than high-end, due to general-purpose OS Support: 3rd party services available, depending on popularity of underlying OS and hardware Example products: Microsoft Windows NT or Windows 2000 with Proxy Server, Internet Information Server, etc. Summary: marginal for small business, due to high total cost of ownership


Target market: small - to medium-scale business Security: high to very high, depending on type of fi rewall and VPN security mechanisms Initial cost: low; may be slightly higher than low-end solution Simplicity: a key criterion for this category, resulting in low total cost of ownership Functionality: check product features and specifi cations; some might not include all networking services Reliability: very high; typically have hardened operating systems (OS) Throughput: very high; networking software and OS tuned for gateway function Support: 3rd party services available (in addition to vendor, resellers) for products with open architecture Example products: • Cobalt Qube

• IBM Whistle InterJet II • Netmax Professional • Newlix Offi ceServer

Summary: • Combines the best features of other solutions in a package suitable for small business. • Consists of a single box pre-confi gured and optimized for specifi c networking services.

Network server appliances

high-speedmodem (typical)

dial-upmodem

Internet

PC

PC

LAN

Security note: The LAN is protected behind the firewall of the server appliance.

LAN server

thin serverappliance

dial-inconnection

Macintosh


CATEGORY/ CHARACTERISTIC

Security

Initial cost

Simplicity

Reliability

Throughput

Functionality

Compatibility

Support

HIGH-END

very high

high

very complex

very high

extremely high

incomplete

moderate to high

vendor, resellers

MID-RANGE

high

moderate

complex

moderate

high

incomplete

high

vendor, resellers

LOW-END

high with firewall

very low

moderate

moderate to low

moderate

incomplete

depends on products

vendor, minimal in some cases

SERVER APPLIANCE

high to very high

low to very low

simple

very high

very high

moderate to complete

high to very high

vendor, resellers, 3rd party (if open architecture)

Table 3. Comparison of Internet Connection Solutions

To make sense of this comparison, consider the two key factors:

• total performance—a combination of security, reliability, throughput and functionality• total cost of ownership—a combination of initial and ongoing costs

Which category is best for small business?The following table summarizes the characteristics for all categories:


The Newlix Offi ceServer Solution

The Newlix Offi ceServer is a network server appliance delivering fi rewall-protected Internet access (over a single Internet connection) and networking services for an entire LAN at a very modest total cost of ownership. It is a “plug-and-play” networking solution, meaning that any new PCs or workstations added to the LAN automatically receive Internet access and networking services.

The Newlix Offi ceServer excels in each of the characteristics of an ideal networking solution:

Security:

• A dual-homed gateway incorporating a stealth fi rewall with network address translation, reverse proxy, and port-scanning inhibitor features.

• VPN with authentication, access control, and encryption to IPsec standard for WAN services. • Microsoft VPN with PPTP encryption for dialup or Internet connections from a single PC to a LAN.

Initial cost:

• Low; complete package costs about the same as a desktop PC. • Often bundled with Internet access, for example, the IPC NewMega Offi ce Server.

Simplicity:

• Like any appliance, no specialized skills required to achieve successful operation. • Windows Monitor program provides visual indication of server status, and simple server control functions. • True “plug-and-play” capability for installation of both Newlix Offi ceServer and LAN clients. • Confi guration and administration via Web browser, interacting with user-friendly server administration application. • Designed to be almost administration-free; administration typically confi ned to adding e-mail accounts for new users.

The high-end systems are not appropriate for small businesses due to high initial and ongoing costs. Mid-range systems may provide adequate performance in some areas, but do not provide expected reliability, and have high ongoing costs for system administration. Low-end solutions are a dubious choice because of inadequate performance and ongoing costs. The server appliance category provides the most cost-effective solution for small business, with total performance approaching that of the very expensive high-end systems, and total cost of ownership no more than that of the low-end.

Table 4. Cost-effectiveness of Internet Connection Solutions

High performance

Medium performance

Low performance

Performance vs.TCO

server appliance

low-end solutions

LowTCO

mid-rangesolutions

ModerateTCO

high-end solutions

High to very high TCO

Combining the characteristics and ratings into total performance and total cost of ownership (TCO) yields the following:


Compatibility:

• Supports LAN clients such as NetWare, Windows 95/98, Windows NT/2000, Unix/Linux, and Appletalk. • DHCP server automatically confi gures new LAN clients, unless another DHCP server already exists on the LAN.

Support:

• Available from Newlix partners, who have established support networks for their products. • Software upgrades directly from Newlix, and registered partners. • Third-party resources (products and services) available for Intel-architecture PCs and the Linux operating system.

The following table summarizes the ratings of the Newlix Offi ceServer appliance.

Functionality:

• Complete offering of networking services—dual-homed gateway, caching proxy server (transparent to clients), Web and FTP servers, Internet and internal e-mail, LAN server, remote dialup access, secure VPN, all in a single package.

• Supports dialup (standard modem) connections, as well as cable, ADSL, ISDN, and any router connection.

Reliability:

• Very high, based on proven Linux operating system, hardened and optimized for delivering networking services. • Can operate for years without a system software failure. • Disk mirroring ensures uninterrupted operation in the case of a single disk failure. • Software upgrades can be performed without rebooting server, or interruption in service to LAN clients.

Throughput:

• Limited only by bandwidth of the Internet connection, with low-end Pentium-class PC. • Server software consumes minimal overhead. • Supports multiple concurrent Internet connections with no noticeable degradation in speed.

The Newlix Offi ceServer’s ratings refl ect its high overall performance and low total cost of ownership (TCO), placing it high in the desirable (upper left) square of the cost-effectiveness matrix (Table 4). This is the “sweet spot”, where an informed purchasing decision can leverage a modest investment to achieve a level of networking capability previously unavailable to a small business.

Security very high

Initial cost low

Simplicity appliance-level

Reliability very high

Throughput very high

Functionality complete

Compatibility very high

Support resellers, 3rd party

CHARACTERISTIC RATING

Table 5. Rating the Newlix Offi ceServer


Of course, purchasing and installing a network appliance is only part of a networking and Internet communication strategy, albeit the fundamental piece of technology required. Purchasing a Newlix Offi ceServer will not magically produce an award-winning, revenue-generating Web site, for example, but it can provide the Internet connectivity and networking services required by small businesses at a reasonable total cost of ownership. It will solve the immediate problem of connectivity without creating new headaches.

The competitive pressures to increase market share and/or profi tability are driving businesses to adopt networking technology as a key part of their business strategy. The perceived urgency to get a foothold in the global marketplace created by the Internet may dictate moving ahead with implementation before the network communication strategy is complete. The Newlix Offi ceServer characteristics ensure a growth path for the future, so you can purchase it with confi dence, even if you don’t have a fully developed Internet strategy. You can count on the Newlix Offi ceServer to deliver basic networking services with excellent security now, and additional services as your strategy evolves. This is networking success, now and for the future.

For additional information about the Newlix Offi ceServer, please visit the Newlix website at www.newlix.com.

The Newlix Offi ceServer, the leading product in the Internet server appliance category, is the ideal candidate to fi ll

the needs of small business for networking services. It provides the best answer to the networking dilemma for the

small business owner/manager:

How can my business start embracing the Internet without jeopardizing its fi nances and information assets?

conclusion


Application Service Provider (ASP)

An ASP is a fi rm that manages and distributes software-based services and solutions to customers across a wide area network (typically over the Internet) from a data centre.

Dial-up access

Dial-up access, in the Internet context, refers to connecting a computer with a modem to a network over the public telephone network. In general, dialup or dial-in refers to connecting two devices (typically computers) with modems over the telephone network.

Digital Subscriber Line (DSL)

A DSL is a family of technologies (such as ADSL, SDSL, HDSL, collectively called xDSL) that use sophisticated modula-tion schemes to pack data onto copper wires. They are sometimes referred to as last-mile technologies because they are used only for connections from a telephone switching station to a home or offi ce, not between switching stations.

Disk Mirroring

Disk Mirroring is a technique for improving the availability of a computer system, whereby data is written to two duplicate disks simultaneously. This way, if one of the disk drives fails, the system can instantly switch to the other disk without any loss of data or service.

Dynamic Host Confi guration Protocol (DHCP)

A DHCP provides confi guration parameters to Internet hosts. DHCP consists of two components: a protocol for delivering host-specifi c confi guration parameters from a DHCP server to a host, and a mechanism for allocation of network addresses to hosts. [from Droms, R., “Dynamic Host Confi guration Protocol”, IETF RFC 2131, March 1997]

Firewall

A Firewall is a system designed to prevent unauthorized access to or from a private network. A fi rewall is frequently used to prevent unauthorized Internet users from accessing a local area network (LAN). All messages entering or leaving the LAN pass through the fi rewall, which examines each message, and blocks those that do not meet the specifi ed security criteria.

FTP—see Internet Protocol.

Gateway

A Gateway is a combination of hardware and software that links two different types of networks. The term dual-homed gateway emphasizes that a gateway system resides on, and is addressable from two different networks.See also router.

HTTP—see Internet Protocol.

Integrated Services Digital Network (ISDN)

An ISDN is an international communications standard for sending voice, video, and data over digital telephone lines or normal telephone wires.

glossary


Internet

The Internet is a global network of networks connecting many millions of computers. Each Internet computer, called a host, is independent. Its operators can choose which Internet services to use and which local services to make available to the global Internet community. Internet hosts exchange information in a standard way, using Internet protocols.

Internet Protocol (IP)

IP is the fundamental protocol (or standard format) for transmitting control information and data between two Internet hosts. IP specifi es the format of packets and the addressing scheme. Most networks combine IP with a higher-level protocol called Transport Control Protocol (TCP), which establishes a virtual connection between a destination and a source. The combination of TCP with IP is referred to as TCP/IP. Other Internet protocols based on IP or TCP/IP include:

• File Transfer Protocol (FTP)—the protocol used on the Internet for sending fi les between hosts

• Hypertext Transfer Protocol (HTTP)—the underlying protocol of the World Wide Web

• Point-to-Point Tunneling Protocol (PPTP)—supports the creation of VPNs over the Internet.

• Simple Mail Transfer Protocol (SMTP)—a protocol for sending e-mail messages between servers

• Universal Datagram Protocol (UDP)—a connectionless protocol used primarily for broadcasting messages.

Internet Protocol security (IPsec)

IPsec is an architecture (including protocols and algorithms) for providing security services such as authentication and encryption at the IP packet level. IPsec is a viable basis for implementing secure VPNs over the Internet.

Internet Server Appliance

An Internet Server Appliance is a networking device (sometimes called a thin network server) that mediates traffi c between a group of computers on a local area network and the Internet. It provides some or all of the services expected of a network server (such as resource sharing, e-mail, and Web/FTP service). However, being an appliance, it is very easy to install and operate, requiring no special skills to confi gure or maintain its operation.

Internet Service Provider (ISP) or Internet Access Provider (IAP)

An ISP is a company that provides access to the Internet.

Line-Of-Business (LOB)

LOB pertains to the revenue-generating processes of a business, such as order-entry, billing, and customer relation-ship management.

Local Area Network (LAN)

A LAN is a computer network that spans a relatively small area. Most LANs are confi ned to a single building or group of buildings, and a single organization.

Operating System (OS)

An OS is the most important program that runs on a computer. Every general-purpose computer must have an operating system in order to run other programs. An operating system handles input and output operations on behalf of other programs, and ensures that different programs and users on the system do not interfere with each other. The OS is also responsible for security, ensuring that unauthorized users do not access the system.


Packet

A Packet is a piece of a message transmitted over a packet-switching network, such as the Internet. In IP networks, packets are often called datagrams. Packets are transmitted individually and can even follow different routes to the destination. Once all the packets forming a message arrive at the destination, they are recompiled into the original message.

PPTP—see Internet Protocol.

Port

A port is a logical connection point for IP traffi c directed to a computer. A port is identifi ed by a unique integer, and is related to a specifi c Internet service, such as a Web or FTP server.

Port Scan

A Port Scan is a technique for identifying a networked computer that might be vulnerable to attack, whereby another computer on the network (typically on the Internet) tries to connect to the subject computer at different port numbers in rapid succession. This type of behavior is usually interpreted as an indicator of malicious intent.

Router

A Router is a packet-switching device that interconnects two or more networks at the level of the network protocol (IP, for example). Internet routers discover and maintain information about the topology of the network, and make packet forwarding decisions based on minimum cost criteria. They also perform certain network management functions.

SMTP—see Internet Protocol.

Total Cost of Ownership (TCO)

TCO is a very popular buzzword representing how much it actually costs to own a device (such as a PC). The TCO includes: the original cost of the computer and software, hardware and software upgrades, technical support, maintenance, and training.

UDP—see Internet Protocol.

Virtual Private Network (VPN)

A VPN is a network created by partitioning a shared underlying communications medium in a way that ensures privacy. For example, there are a number of systems that enable the creation of private networks using the Internet as the medium for transporting data. These systems use encryption and other security mechanisms to ensure that only authorized users can access the network and that the data cannot be intercepted. IPsec includes a set of such security mechanisms.

Wide Area Network (WAN)

A WAN is a computer network that spans a relatively large geographical area. Typically, a WAN consists of two or more local-area networks (LANs). The largest WAN in existence is the Internet.

World Wide Web

The World Wide Web is a rich and vast information medium consisting of multimedia documents delivered on demand by certain Internet servers (called Web servers). The documents can reference other Web documents (via hyperlinks), and can include words, images, drawings, animation, and audio/video clips. Applications (called Web browsers) are available for all types of personal computers that enable users to view the multimedia content and to follow hyperlinks (an experience often called Web surfi ng).


Curtin, M & Ranum, M., “Internet Firewalls: Frequently Asked Questions”, revision 9.4, 25 November 1999 [an introduction to fi rewalls, with practical implementation suggestions]

Dyson, E., Release 2.1: A Design for Living in the Digital Age, Broadway Books, 1998, ISBN 0-7679-0012-X [an exploration of the impact and responsibility of using the Internet and other digital technologies; see Chapter 10for a discussion of security issues.]

Gibson, S., “Internet Connection Security for Windows Users”, Gibson Research Corporation

Hurwicz, M., “A Virtual Private Affair”, Byte magazine, July 1997 [covers the technological and business issues related to implementing VPNs]

Huston, G., ISP Survival Guide, chapter 12, “Virtual Private Networks”, Wiley, 1998, ISBN 0471314994

IBM Corporation, “Enabling Your Network for e-business”, 1999 [An introduction to networking, and the IBM approach to networking success.]

Newman, D., “Lab Test: Super Firewalls!”, Data Communications magazine, 21 May 1999 [comparison of high-end fi rewall systems]

Kent, S. & Atkinson, R., “Security Architecture for the Internet Protocol”, IETF RFC 2401, November 1998 [discusses IPsec, including AH and ESP traffi c security protocols.]

Semeria, C., “Internet Firewalls and Security: A Technology Overview”, 3Com Corporation, 1996

Newlix Offi ceServer Features & Benefi ts

Newlix Offi ceServer Frequently Asked Questions

suggestedadditional reading

whitepaper

Design

wide area networking

remote work sites

local area network

quality communications infrastructure

world wide web

core business processes

network address translation

virtual private networks