Affordable IT: All-In-One Gateways

Call them Swiss Army knives for your remote sites. All-in-one gateways are becoming all the rage for broadband SOHO and branch locations as combination LAN and WAN interconnect appliances.

Smaller than bread boxes, AIOs act as hubs or switches that interconnect devices in a small office and route you to a WAN or the Internet. Most come with standard Ethernet 10/100Base-T ports and a wireless access point for sharing resources ranging from computers and PDAs to print servers and storage systems. And by routing traffic through your DSL or cable modem, they share the external connection with the devices on the LAN, using a DHCP server/client and NAT (network address translation). If your ISP requires authentication, you can use the AIOs' PPPoE (Point-to-Point Protocol over Ethernet) feature. They also support secure VPN connections and provide a packet-filtering firewall function.

But you get what you pay for with these devices, which cost anywhere from $50 to $1,000. High-end AIO appliances, such as EmergeCore Networks' IT-100, come with more advanced features such as e-mail, file and print sharing, and FTP and HTTP services. You can also buy add-on services with antivirus, content-filtering and traffic-shaping features. Although AIOs come with basic log files, not even the high-end AIOs include advanced diagnostics and management, so troubleshooting can be tricky.

The Young Guard

AIO appliances come in a board, chip or module form factor and use a variety of processors. Although Intel's licensed ARM technology is the most prevalent processor in AIOs, the vendor's newer Xscale processor is making headway (CyberGuard's products use it), as is Toshiba's TX3927 (which SonicWall uses in its appliance). Other processors are Motorola's ColdFire (found in CyberGuard's appliances) and Philips' TriMedia (in 2Wire's product line). Neither of these processors is an industry standard, however.Nor is there a dominant code set on these devices. Most AIOs use Web browsers for administration, and few provide command-line access. In fact, many AIOs use firmware in ROM on a board, except for the ones with advanced services that include embedded operating systems such as Wind River's VXWorks and Linux (uCLinux).

But if all you want is the basics, don't fret over these technical specifications. Just make sure the AIO is compatible with your ISP's premise equipment, which could require DHCP, PPPoE or serial connections, depending on your connection and your ISP. Then check out the device's available physical ports and its feature sets (see chart at left).

And if you want e-mail, FTP and HTTP services, scrutinize the processing power and memory available on the device. You'll need more CPU speed and memory in addition to standard Flash memory for these services. Look at the amount of available SDRAM or DRAM memory available, too.

Basic AIOs come in a variety of port densities and data rates. The most prevalent for SOHO environments are the RJ-45 ports for Ethernet 10/100Base-T and a network interface for IEEE 802.11a, b or g WLANs. If you have a branch office, you may need other network ports and data rates, such as for ISDN and Gigabit Ethernet. Cisco Systems and NetGear, for instance, sell appliances with such additional network ports.You can also connect your PDA, printer or external hard drives to an AIO. Appliances such as NetGear's and 2Wire's support USB, while EmergeCore Networks' products support serial and parallel ports. It might be easier to configure peripheral devices on a PC and share them over a LAN, however, because the driver installation and updates are fairly straightforward. And if your gateway is on the fritz, you can still use local print and storage services.

These appliances don't ship in multiple colors, but at least make sure you get some nice lights with your unit. Their LED indicators should give you the basics on status, full/half duplex, 10/100 network connectivity and activity. You should be able to tell at a glance whether your gateway is getting a signal from your ISP, for instance.

Keep in mind, too, that these devices are still in their infancy, and the market remains volatile. Filanet, for example, maker of the InterJak 200, was bought out by uRoam, which was later snapped up by F5 Networks. When you choose a product, remember that AIOs are meant to solve a very basic network problem: to provide a gateway for accessing WANs such as the Internet and for preventing unauthorized LAN access.

AIOs are simple to set up. You don't need help from a Cisco-certified technician to configure a default route to your ISP. A Web browser and built-in appliance wizard can get you up and running in no time.

I took EmergeCore's IT-100 AIO for a test run in our Syracuse University Real-World Labs® to see just how easy these devices really are to work with. The IT-100 AIO worked mostly as advertised, but as with other AIO appliances, it doesn't provide you with a view of the diagnostic logs. It would be a lot easier if AIO vendors included a detailed diagnostic log file and system events with viewers, but most provide a basic log file. Others require you to send the logs to a central server.

Before you select an appliance, make sure you understand how to back up and restore it, as well as how to upgrade it. That way, your AIO won't become an administration and management burden.

If you're still not comfortable with the idea of configuring your own AIO, there's really no way around it: You can't outsource the device's administration. Even if you farm out the management and administration of your SOHO or branch office LAN and WAN, you still must buy or lease an AIO appliance. So give configuration your best shot.I recently tested an AIO from EmergeCore Networks in our Syracuse University Real-World Labs to determine its ease of set up and use. EmergeCore's IT-100 3.20 is marketed as "IT in a box," and for the most part, this is true.

The IT-100 has a Transmeta Crusoe TM5600 (533-MHz) processor and comes with 128 MB of SDRAM. There's a 20-GB hard drive as well as a 32-MB Flash Card. The wired network has five 10/100Base-T ports, one of which is the WAN uplink port. It also comes with two USB ports, as well as a serial and parallel port for peripherals.I had the appliance out of the box and onto the network in less than 25 minutes--still more time than it takes to plug and play a basic AIO gateway, because I enabled the advanced services that don't come in basic devices. After powering up, I accessed the gateway through a Web browser. A wizard walked me through the initial setup process of naming the system and defining both the wired and wireless LANs (each required a separate network).

Although the appliance bridges the two types of LANs, NetBIOS names don't traverse the bridge. So I had to use a device's IP address when I set up file and printer shares between the wired and wireless LANs.

The wizard provided an option for setting the SSID and an appropriate channel for the 802.11b access point. I also configured the interface to use 64- or 128-bit encryption WEP (Wireless Encryption Protocol). I added DHCP services to both interfaces so the computers could dynamically request an IP address whether or not they were directly plugged into the AIO device.

I set up a proxy server to control HTTP requests coming from the LAN. The proxy provided caching services for frequently requested Web sites. Setting up a secure VPN connection to the box using PPtP and L2TP/IPsec was easy, too. However, I found that the wizard 's basic choices for security (low, medium, high) mask the complexity of configuring a packet-filtering firewall.

I had to set up a domain for the advanced features, so I created my own domain for the IT-100 with DNS. However, most SOHO users will need to contract with a third party for a domain name. The IT-100 can support e-mail (POP3 and SMTP) and Samba file sharing, as well as host your Web site. The IT-100 includes its own Webmaster for building your home pages with templates.If you don't have on-site IT support, the IT-100 makes things easy for you with a clean Web interface. A status page lets you check on WAN/LAN/ wireless traffic, CPU and memory load, DHCP, e-mail, and the Web server.

But like other AIO appliances, the IT-100 doesn't let you view diagnostic logs. Initially, I had difficulty setting up Samba file sharing, e-mail and the new CRM (customer-relationship-management) interface. I had to solve the problem on my own, without a diagnostic file for troubleshooting.