About CacheGuard-OS

CacheGuard-OS is a Linux based Operating System built from scratch and especially designed to Secure and Optimize the network traffic. Once installed on a machine, CacheGuard-OS transforms that machine into a powerful and easy to handle UTM (Unified Threat Management) & QoS (Quality of Service) appliance.

Great care has been taken by CacheGuard-OS developers to select the best  technologies to integrate into CacheGuard-OS to get a robust and trustworthy UTM & QoS solution. CacheGuard-OS integrates technologies such as firewall, VPN IPsec, web proxy and reverse proxy, web gateway antivirus, URL filtering, SSL inspection, SSL offloading, access logging, bandwidth shaping, web caching, HTTP compression, WAF (Web Application Firewall) and web application load balancing.

CacheGuard Screenshot Dashboard

What makes CacheGuard-OS an innovative solution is that with CacheGuard-OS all those integrated technologies consistently work together as a whole and form a functional and easy to handle UTM & QoS manager appliance. This is much different than having various separated technologies installed on a Linux box and have to deal with complex configurations to make them work together. To offer that consistency about 100 000 lines of code have been written to develop CacheGuard-OS. With CacheGuard UTM & QoS appliance the complexity is not visible and remains under the hood. All you have to do is to turn on the key and enjoy.

Machine Requirements

CacheGuard-OS is distributed in both x86 (32 bits) and x64 (64 bits) CPU compatible versions and can run on almost all x86/x64 machines made by well-known manufacturers such as HP, Dell and IBM and hypervisors such as VMware and Microsoft Hyper-V. The machine resource requirements mainly depend on the number of users to support and the CacheGuard Functions to you need to activate.

Depending on the number of users to support and available machine resources, CacheGuard-OS is tuned during the installation to run as effective as possible. To do so, CacheGuard-OS assumes that all forwarding users are not simultaneously active but only 20% of them. By simultaneous or active users we mean users that generate traffic contrary to concurrent users who can be connected but not active. The total number of forwarding users and the number of simultaneous reverse users to support are the most important inputs that should be specified during the installation.

For 100 forwarding users (20 simultaneous users) and/or 20 simultaneous reverse users, a typical hardware configuration could be:

  • CPU: 4 cores
  • RAM: 6 GB
  • HDD: 200 GB
  • NIC: 2 x Ethernet

For more users, choose a machine with more RAM, CPU Cores and HDD Storage Capacity. As a rule of thumb, add 1 GB of RAM and 1 CPU core for every additional 50 forwarding users and/or 10 simultaneous reverse users. You can also add 75 GB of HDD Storage Capacity for every additional 50 forwarding users. Regarding the choice of the storage device, please note that CacheGuard-OS runs better with several low storage capacity HDD configured as a RAID compared to a single high storage capacity HDD. CacheGuard-OS innately supports software RAID 0, 1, 5, 6 and 10 by using 3% of the CPU resources only.

With CacheGuard-OS you have the possibility to activate almost all integrated security and optimization fuinctions at the same time on the same machine. Some functions like the HTTP real time compression and the antivirus are more CPU intensive than others. The machine configuration given above allows you to activate all available functions at the same time. You will probably need less hardware resources if you don’t need to activate all available functions at the same time.

Note that it is possible to install CacheGuard-OS on a mini computer configured for 5 users and implemented as a firewall and/or forwarding proxy only. The minimum hardware configuration for 5 users is as follows:

  • x86/x64 Architecture
  • CPU Intel Pentium IV
  • 256 MB RAM(*)
  • 12 GB HDDf
  • 1 x Ethernet 100 Mbps NIC
  • 1 USB port + USB/Ethernet Adapter

(*) With 256 MB of RAM, CacheGuard-OS can be implemented as a firewall and/or forwarding proxy only. If you need to activate all functions, on a x86 based machine a minimum of 2 GB is required. (**) With a 12 GB HDD, CacheGuard-OS can be installed without the persistent caching and logging. If you need to activate the persistent caching and logging a HDD of at least 16 GB is required.

CacheGuard-OS Licensing

CacheGuard-OS is the result of the mere aggregation of various Open Source software (as OSI definition) and Open Source software developed by CacheGuard Technologies Ltd. All software developed by CacheGuard Technologies Ltd are subject to the GNU General Public License v3 while the mere aggregation of software developed by CacheGuard Technologies Ltd and third parties software forming CacheGuard-OS is licensed under the CacheGuard License Agreement. A CacheGuard UTM & QoS appliance is also licensed under the CacheGuard License Agreement.

Open Source software note
At Technologies Ltd we consider that Open Source software are more reliable and more trustworthy than opaque source software. This does not mean that there are no vulnerabilities at all in Open Source software but with Open Source software you get the warranty that vulnerabilities can be disclosed and resolved more easily and more promptly (by millions of Open Source developers around the globe who have an open access to source codes). The OpenSSL heartbleed vulnerability that has been disclosed and resolved in March 2012 is just an example. That’s why we distribute CacheGuard-OS as an Open Source software.

CacheGuard UTM & QoS Technical Functions

CacheGuard-OS Network Optimization

  • Network Appliance
  • Internet Gateway
  • Web Load Balancer
  • 802.1Q VLANs
  • Support of NTP
  • Traffic Shaping
  • DHCP Server
  • Caching DNS
CacheGuard-OS IP security

  • Internal/External/Auxiliary zoning
  • Forwarding and Reverse Web Proxy
  • Transparent HTTP Proxy
  • Proxy chaining and parallel implementation
  • Access lists
  • IP Firewall with NAT and PAT
  • IPsec VPN in Site to Site or Remote Access modes
  • Blocking Synflood, Port Scan, Spoofing…
CacheGuard-OS Web Security

  • URL Guarding based on URL blacklists and white lists and regular expressions
  • URL Guarding Policies based on access time, IP and LDAP requests
  • Automatic blacklists updating
  • Web Application Firewall (XSS, SQL Injection…)
  • Access Logging
  • LDAP & Kerberos AD© authenticating
  • SSL Terminator
  • SSL Mediator/Inspector
  • Antivirus at the Web Gateway
  • Antivirus as a service (for emails)
CacheGuard-OS High Availability

  • RAID capabilities
  • Backup & Restore on spare machine
  • Ethernet link bonding
  • VRRP Redundancy
  • Multi WAN support
CacheGuard-OS Web Optimization

  • Persistent Web caching
  • HTTP Compression
  • Web Cache sharing
  • Traffic Shaping
CacheGuard-OS Administration

  • CLI (Command Line Interface) configuration
  • Console port administration
  • Remote administration with Web GUI and SSH
  • Logging to remote SysLog servers
  • SNMP agent and trap generation

You cannot copy content of this page

Scroll to Top