Initial Thoughts: Netgate Hamakua

In this post I would like to share some of my initial thoughts of the Netgate Hamakua. We were looking for a 1U half depth rack mount system to run pfSense 1.2.3 on. Although we haven’t mentioned it much here on the blog, we love working with pfSense. PfSense is a fork of the m0n0wall project and is based on FreeBSD. I have pfSense running on everything from discard eMachine workstations to multi-thousand dollar rack mount servers, and everything in between.

We have pfSense embedded running on a number of ALIX based Netgate m1n1wall 2D3’s and it is an excellent combination of lower power and stable performance. When it came time to migrate from a VM based install to hardware in our rack we looked to Netgate. We went with the rack-mount version of the Hamakua and purchased the optional VGA break-out cable. The Hamakua has room for a 2.5″ HDD drive which is an excellent option if you need that sort of thing. It is important to note that the embedded installation of pfSense does not output any data to the VGA port. So if you are running embedded you will see the initial POST / BIOS phase of the boot and then thats it. This is due to the fact that the embedded install is targeted mainly for lower power devices that use serial for display output.

From what I have been able to gather from books, forums, and #pfsense on Freenode, it is obvious that key developers of the pfSense project test on this hardware extensively. And for good reason, its a great platform: 1U, 16W power consumption, 1GHz CPU, and 5 NIC’s/interfaces. You can find great documentation on the pfSense site regarding embedded and full installations for this unit. Long story short, they use it and develop on it, it will be around for awhile.

We are anticipating an upgrade from our current DS3 connectivity to 1Gbps and wanted to have something that make at least some use of the new line. For this reason we did some basic performance testing using our 2900 ZFS test box and another similarly spec’d server. While running large data transfers between two individual 1Gbps interfaces we were able to max the system at roughly 250Mbps throughput. This is right inline with the sizing guide in the pfSense book. The appears to be a limitation of the 1Ghz processor. Be sure to take a look at the pfSense book for sizing and throughput requirements, it is quite helpful in this regard in addition to others.

One thing that is worth mentioning is the heat that this thing generates. During heavy testing and average daily use, a large amount of heat was being displaced. The top of the unit is basically a heatsink and it does its job well. Because of this, it will certainly be going on the top of our rack due to ventilation concerns. I beleive that this design is pretty solid and it would most likely take the abuse without batting an eye, but I didn’t want to risk burning this one out.

To conclude, if you need a rack mount system that will run pfSense, is well supported by the community, and you don’t need to cross the 250Mbps barrier, this may be the unit for you. This is the second model of device that we have purchased from Netgate, and as always we weren’t disappointed. If you need something a bit less performant and easier on the budget, be sure to check out the Netgate m1n1wall 2D3/2D13. It has 3x100Mbps ports and gets the job done well.


Open Source Everyday – Firefox

One open source tool I use everyday is Firefox web browser from Mozilla. Currently on version 3.5, Firefox is perhaps the main alternative to Microsoft Internet Explorer. Now with the release of IE8 and the significant resources impact on many machines, there is an even stronger demand for a stable, easy-to-use web browser.
The open source security process that Mozilla implements for Firefox results in faster bug-fix and a quicker response to network wide threats. This is real security for the user. According to the Brian Krebs, Washington Post, 1/4/2007 blog post “Internet Explorer users Unsafe for 284 Days in 2006”, Firefox users only had nine days of risk. This is a huge difference! Security is the top priority for Firefox coders.
Comparisons such as installation file size show that Firefox i smuch more compact as well. Firefox 3.5 is a 7.7MB download, while IE8 for Windows XP weighs in at 16.1MB, more than twice the size. Firefox will also run in a portable mode from a thumb drive or other removable storage. This is excellent for travelers who like to carry favorites lists with them. All data is stored on the thumb drive when browsing, which also increases user privacy and security.

As a Network Manager I use Firefox for managing Cisco networking devices, as I have often experienced errors using IE in the past. Firefox connects to the device every time.

Firefox Resources:
Firefox Tweak Guides
Download Firefox
8 Easy Firefox Tweaks for Super Fast Web Browsing

TrueCrypt – Drive Encryption

I recently replaced my laptop and decided to encrypt the hard drive. I use Absolute Computrace for system recovery if lost or stolen, but this does not protect the data. Security experts recommend using encryption with recovery tools. The point of this is that if the hard drive is removed from the system with the recovery tool installed, the data can be accessed without activation the recovery features when reported missing.
After checking out several proposals for enterprise encryption packages, I remembered I had used TrueCrypt to encrypt a thumb drive. It worked great for that purpose so I gave it a shot on my new laptop.
Version 6.2a download is very quick (3.04MB) for Windows Vista/XP/2000. There are also options for Mac OS X and OpenSUSE and Ubuntu Linux distros. As with most open source tools, source code is easily obtained from the website as well.
Installation was painless and I was quickly ready for encryption. There are a couple of options at this point: encrypt entire drive including system partions, etc. or create and encrypted folder on the drive for critical data. This option will show a file on the directory listing that cannot be accessed without the password key that you generate. (NOTE: without the key (or Rescue Disk) the company website claims that there is no way to access data.) For key generation, I used a random tool I found on a Google search. Link is at the bottom. I created a recommended twenty character key. I chose to encrypt the entire hard drive. I followed all of the instructions, including backing up my few data files and proceeded with encryption. This took approximately five hours for a 160GB drive that is 30% full. Make sure you have plenty of power available and don’t need to use the system. Power failure during encryption will lead to data loss. The encryption completed, I rebooted, entered my key and XP loaded right up.
So far I have noticed two performance hits; system hibernate, XP completely locked up on recovery and I had to power cycle. I had the same issue copying 30GB of data to the laptop from a network share. Twice XP completely locked up. Other than that, normal operations seems to be fine.

So once again, an open source tool fits the need! Password Generator)

5 Open Source Sites For Business Tools

It can be challenging to find business tools if you do not know where to start looking. Here is a list of some of the tools I have used. These sites all offer free or very low cost tools.

  1. OpenSource – Repository of info for the Open Source Initiative. Has current news, projects, etc.
  2. Openfiler – Excellent network storage operating system. Converts any old server into FREE storage. Supports industry standard storage protocols. High availability clustering and replication.
  3. Asterisk – Open Source PBX and telephony platform. Packed with many features critical to day-to-day business operations. Available as standalone installation, clustering, VMware appliance. Supports IP softphones and IP desk phones. Can be integrated with existing PBX equipment.
  4. Nagios – Enterprise network monitoring and reporting. Very flexible. Supports monitoring of Windows, linux, Unix, networking devices, printers, etc.
  5. Nessus – Security scanner for Windows, linux, Unix. Can be used for remote external intrusion testing. Scan reports will offer suggestions for increasing security based on findings.