Celestix Boole Server Appliance: An Easy Implementation


Celestix Boole Server Appliance 4200



When a company needs to protect data from file-level leakage, we can imagine few solutions easier to implement than the Boole Server Appliance 4200 from Celestix Networks. The security server maker in mid-February began shipping the 1U device, which implements the Boole Server military-grade tokenless security platform atop Windows Server 2008 Embedded.

The product is the result of an agreement reached in August with Sunfive S.A., creator of the Boole Server platform.

Celestix recently sent a unit to the CRN Test Center for a look. What we found was a handsome device that's as easily configured from any Web browser as from the jog dial on the unit's front panel. If you haven't seen a jog dial before, we think you'll agree that it's a clever and time-saving feature that's as simple as it is suitable to task.

Like an the large volume knob on an audio receiver, the jog dial feels comfortable to the touch as it swirls quickly through menus and makes selections when pressed. At minimum, the dial is used to set at least one IP address to allow the browser to gain access or to display the IP address assigned by DHCP, if present.

Once inside the browser interface, BSA presents concise, icon-driven menus that are intuitive and easily navigated. Many functions are are implemented with HTML, though some require Microsoft's in-browser (or stand-alone) RDP client, which means IE and ActiveX.

Functions implemented in HTML include all those on the quick setup page, where first-time administrators will make quick work of initial configuration. Those first steps include configuring the server name, domain membership, alerting, and additional Gigabit Ethernet ports.

Next: Setting Up A Security Layer

Boole Control Panel



The unit has six network interfaces in all, but only port 0, connecting to the LAN, is required to get started. One interface can optionally connect to an internet router, and as many four remaining ports can be designated for use on a perimeter network (DMZ) for an extra layer of security.

The beauty is the Boole Server is that it stores security profiles for each file within the file itself. This permits a different level of security to be applied on a file-by-file basis and for that security to follow the file wherever it goes. So for example, if a Boole-secured file somehow escapes the firewall, it cannot be accessed unless it's within reach of a Boole Server that can authenticate the user and grant access.

The solution employs 2048-bit two-factor encryption for in-transit files as well as for files in storage systems; most systems are supported. Additional access limits can be based on length of time, time of day, password, number of attempts, and so on. Files also may be affixed with a watermark for forensics identification. Copying to CD and USB drive can be disabled, as can file printing and screen capture capabilities.

To test these capabilities, we added the appliance to the CRN Test Center domain and logged in using an existing administrative account. After a required reboot, the appliance came up as part of our lab domain. After entering the Boole Server license key and updating the software, it was ready to begin protecting files.

To begin, use the Boole Server control panel to create at least one Boole group to facilitate file management. Here you can activate rules for viewing permissions and force users to periodically change their passwords. The next step is to add users. Naturally, the BSA is Active Directory-aware since it's a Windows 2008 server. This simplifies not only its integration with users but also with the storage volumes they have access to. Once users are added to a Boole group, they can begin managing their files securely. There's also a guest provision, which can grant access indefinitely or for a particular period of time.

We did find a few negatives about the Celestix BSA, only one of which we'd characterize as major: browser sessions don't appear to time out. Even after physically disconnecting the laptop we used to test BSA administration and leaving it that way overnight, the BSA happily displayed the same screen when reconnected to the laptop. The Boole Server screens do timeout, however, as do stand-alone and in-browser RDP sessions.

For its easy of use, the CRN Test Center recommends the Celestix BSA 4200, which is designed for the small office or branch with as many as 100 users and up to 1TB of storage. List price for 100 users is $8,999 plus $104.50 per year. It's available through Ingram Micro and Securematics.