About CacheGuard-OS

CacheGuard-OSOur core product CacheGuard-OS (Operating System) is an integrated solution based on a custom-hardened version of Linux built from scratch and especially designed to manage Web traffic. It integrates the best technology into a Ready to Use solution. The result is a powerful and turn-key solution that allows you to protect and optimize Web traffic traversing your Web infrastructure.

CacheGuard-OS features numerous Web Security and Optimization technologies in a single functional network equipment. Technologies like Proxy, IP Firewall, Bandwidth Shaping, Caching, HTTP Compression, URL filtering, Web Application Firewall and Web Malware filtering are all integrated into a unique Operating System with respect to a high level of integration. The Web Security issue can be fixed easily with CacheGuard-OS.

CacheGuard Machine Requirements

To implement the CacheGuard-OS in forwarding mode (to protect Web surfers) the most important factor is the total number of end-users. A capacity manager integrated to the OS tunes the appliance during the installation for the given number of users.

According to the the capacity management policy all end users are not connected at the same time but just 20 percent of them. For instance an appliance tuned for 100 end-users allows you to protect 100 not named users. So the appliance is tuned to run for 20 simultaneous users. Of course a burst of 100 simultaneous Web connections will be granted for a short period of time.

To implement the CacheGuard-OS in reverse mode (to protect Web servers) you should consider the number of simultaneous Web connections rather than the total number of users.

CacheGuard HW

For 100 end-users (20 simultaneous users), a typical hardware configuration is:

  • Architecture: x86/x64
  • CPU: Intel Core 2 Duo
  • RAM 4 GB
  • HDD: 200 GB
  • Network: 2 x Ethernet 100 Mbps NIC

For more users, choose a server with more RAM, CPU Core and HDD Storage Capacity. As a rule, add 1 GB of RAM and 75 GB of HDD Storage Capacity for every 50 users. For instance an appliance tuned for 200 users requires a machine with 4 CPU core, 6 GB of RAM and 350 GB of HDD Storage Capacity.

A CacheGuard Appliance runs better with several low storage capacity HDD configured as a RAID compared to a single high storage capacity HDD (CacheGuard-OS supports RAID 0, 1, 5, 6 and 10).

With CacheGuard you have the possibility to activate all integrated security and optimization features at the same time. Some features (like the HTTP real time Compression or the Antivirus) are more CPU intensive than others. The above given configuration is required when you intend to activate all available features at the same time. You probably need less hardware resources if you don’t need to activate all available features integrated into the CacheGuard-OS.

Note that CacheGuard-OS may be installed for a minimal number of users on a mini computer. The minimum hardware configuration for 5 users is as follows:

  • x86/x64 Architecture
  • CPU Intel Pentium IV
  • 128 MB RAM(*)
  • 12 GB HDD(**)
  • 2 x Ethernet 100 Mbps NIC

(*) With 128 MB of RAM, CacheGuard-OS can only be used as forwarding proxy and firewall. If you need to activate all features a minimum of 1 GB is required.
(**) With a 12 GB HDD, CacheGuard-OS can be installed without the persistent caching and logging. If you need to activate the persistent caching and logging a HDD of at least 16 GB is required.

CacheGuard-OS Licensing

CacheGuard LicensingCacheGuard-OS is the result of the aggregation of multiple Open Source Software (as OSI definition). All CacheGuard software components are subject to the GNU General Public License v3 while the aggregation of those components and other Open Source Software forming the CacheGuard-OS is licensed under the CacheGuard License Agreement.

Please note that integrating numerous services into an integrated ready solution leverages the implementation work, improves performances and reduces the TCO (Total Cost of Ownership) of the final solution.

CacheGuard Technical Features

Network

  • Network Appliance
  • Internet Gateway
  • Web Load Balancer
  • 802.1Q VLANs
  • Support of NTP
  • Traffic Shaping
  • DHCP Server
  • Caching DNS
IP security

  • Internal/External/Auxiliary zoning
  • Forwarding and Reverse Web Proxy
  • Transparent HTTP Proxy
  • Proxy chaining and parallel implementation
  • Access lists
  • IP Firewall with NAT and PAT
  • Blocking Synflood, Port Scan, Spoofing…
Web Security

  • URL Filtering with blacklists and white lists
  • Automatic blacklists updating
  • URL Filtering with regular expressions
  • Web Application Firewall (XSS, SQL Injection…)
  • Access Logging
  • LDAP & Kerberos AD© authenticating
  • SSL Terminator
  • SSL Mediator/Inspector
  • Antivirus at the Web Gateway
  • Antivirus as a service (for emails)
High Availability

  • RAID capabilities
  • Backup & Restore on spare machine
  • Ethernet link bonding
  • VRRP Redundancy
  • Multi WAN support
Web Optimization

  • Persistent Web caching
  • HTTP Compression
  • Web Cache sharing
  • Web Traffic QoS
Administration

  • CLI (Command Line Interface) configuration
  • Console port administration
  • Remote administration with SSH and HTTPS
  • Logging to remote SysLog servers
  • SNMP agent and trap generation