Linux Leaps Into Appliances

operating system Linux edge

Server appliances dedicated to such functions as firewalls and SSL/VPNs are swimming in Linux, usually a version that has been tweaked, tuned and tailored by the individual box vendor. Sun has its iForce VPN/firewall appliance, whose Linux core it credits with enabling subsequent server reprovisioning. EmergeCore Networks has built its business around an all-in-one networking and security appliance that happily counts Linux as its foundation. And Aventail's security units run a component-created breed of Linux that CEO Chris Hopen likens to a Debian distribution of the OS.

Why Linux? Unanimously, vendors say it's priced best--free--is most malleable and is not dictated by the scheduling of security patches and updates so common to Windows.

"I think Linux gives us, in the embedded world, the ability to control the operating system without it controlling us," says Dave Brown, CEO of EmergeCore Networks, Boise, Idaho.

So what's in it for VARs? For one, the appliances themselves offer a low-cost, turnkey solution to sway customers, especially those in the SMB market.

One group to exploit Linux to its advantage is third-party ISVs. By writing embeddable applications based on Linux, ISVs offer appliance vendors best-of-breed software to build directly into the box. Aventail, for one, partners extensively with ISVs to gain software functionality that lies outside its own core expertise. Aventail's EX-1500 SSL VPN appliance runs on a Linux platform the company has assembled out of various components available on the open-source developer site (www.component.org). As it happens, however, Aventail at times needs specific software functionality outside the scope of the public domain to do such things as enable integration of the appliance to back-end systems. It then turns to ISVs such as RSA Security or Npoint Control.

"One advantage of using Linux is that there are other vendors--our partners--that create software certified for certain kernel versions," Aventail's Hopen says. "We take it, recertify it on our distribution and integrate it into the platform. It gets you closer to the 'God-box' that does it all."

That said, VARs are in near-universal agreement that these appliances should not be tinkered with beyond configuration and management.

"As a VAR, I would never entertain the idea of telling a customer to run anything on a Linux appliance beyond what it is suited for because of the vulnerability or instability they could create," says Aubrey Brown, president and CEO at systems integrator Corsa Network Technologies.