About CacheGuard-OS

CacheGuard-OSCacheGuard-OS is an appliance oriented OS (Operating System) and our core product. Once installed on a bare metal or virtual machine, CacheGuard-OS transforms that machine into a powerful and easy to handle Web Gateway appliance within minutes. CacheGuard-OS is built from scratch over a custom-hardened Linux operating system and is especially designed to process the Web traffic. It integrates the best technologies into a turn-key solution that allow you to quickly Secure and Optimize your Web traffic without the hassle of integrating various technologies and security layers yourself.

CacheGuard-OS embeds technologies such as Gateway Antivirus, URL Guarding, Web Proxy, Reverse Proxy, Firewall, SSL Inspection, Kerberos Authentication, Access Logging, Bandwidth Shaping, Web Caching, HTTP Compression, WAF (Web Application Firewall), Web traffic Load Balancing (and many others). What makes CacheGuard-OS an innovative solution is that all those technologies consistently work all together as a whole and form a powerful and easy to handle solution. This is much different than having various technologies installed on a Linux box but without any consistency between each individual technology.

Machine Requirements

CacheGuard-OS is distributed in both x86 (32 bits) and x64 (64 bits) CPU compatible versions and can run on almost all x64 machines made by well-known manufacturers such as HP, Dell and IBM and hypervisors such as VMware and Microsoft Hyper-V. The machine resource requirements mainly depend on the number of users to support and CacheGuard Features to activate.

Depending on the number of users to support and available machine resources, CacheGuard-OS is tuned during the installation to run as effective as possible. To do so, CacheGuard-OS assumes that all forwarding users are not simultaneously active but only 20% of them. By simultaneous or active users we mean users that generate traffic contrary to concurrent users who can be connected but not active. The total number of forwarding users and the number of simultaneous reverse users to support are the most important inputs that should be specified during the installation.

CacheGuard HW

For 100 forwarding users (20 simultaneous users) and/or 20 simultaneous reverse users, a typical hardware configuration is:

  • Architecture: x86/x64
  • CPU: Intel Core 2 Duo
  • RAM 4 GB
  • HDD: 200 GB
  • 2 x Ethernet 100 Mbps NIC

For more users, choose a machine with more RAM, CPU Cores and HDD Storage Capacity. As a rule of thumb, add 1 GB of RAM and 1 CPU core for every additional 50 forwarding users and/or 10 simultaneous reverse users. You can also add 75 GB of HDD Storage Capacity for every additional 50 forwarding users. Regarding the choice of the storage device, please note that CacheGuard-OS runs better with several low storage capacity HDD configured as a RAID compared to a single high storage capacity HDD. CacheGuard-OS innately supports software RAID 0, 1, 5, 6 and 10 by using 3% of the CPU ressources only.

With CacheGuard-OS you have the possibility to activate almost all integrated security and optimization features at the same time on the same machine. Some features like the HTTP real time compression or the antivirus are more CPU intensive than others. The machine configuration given above allows you to activate all available features at the same time. You will probably need less hardware resources if you don’t need to activate all available features at the same time.

Note that it is possible to install CacheGuard-OS on a mini computer configured for 5 users and implemented as a firewall and/or forwarding proxy only. The minimum hardware configuration for 5 users is as follows:

  • x86/x64 Architecture
  • CPU Intel Pentium IV
  • 128 MB RAM(*)
  • 12 GB HDD(**)
  • 1 x Ethernet 100 Mbps NIC
  • 1 USB port + USB/Ethernet Adapter

(*) With 128 MB of RAM, CacheGuard Web Gateway can be implemented as a firewall and/or forwarding proxy only. If you need to activate all features a minimum of 1.5 GB is required.
(**) With a 12 GB HDD, CacheGuard-OS can be installed without the persistent caching and logging. If you need to activate the persistent caching and logging a HDD of at least 16 GB is required.

CacheGuard-OS Licensing

CacheGuard LicensingCacheGuard-OS is the result of the mere aggregation of various Open Source software (as OSI definition) and Open Source software developped by CacheGuard Technologies Ltd. All software developped by CacheGuard Technologies Ltd are subject to the GNU General Public License v3 while the mere aggregation of software developed by CacheGuard Technologies Ltd and third parties software forming CacheGuard-OS is licensed under the CacheGuard License Agreement.

Open Source software note
At Technologies Ltd we consider that Open Source software are more reliable and more trustworthy than opaque source software. This does not mean that there are no vulnerabilities at all in Open Source software but with Open Source software you get the warranty that vulnerabilities can be disclosed and resolved more easily and more promptly (by millions of Open Source developers around the globe who have an open access to source codes). The OpenSSL heartbleed vulnerability that has been disclosed and resolved in March 2012 is just an example.

CacheGuard Technical Features

Network

  • Network Appliance
  • Internet Gateway
  • Web Load Balancer
  • 802.1Q VLANs
  • Support of NTP
  • Traffic Shaping
  • DHCP Server
  • Caching DNS
IP security

  • Internal/External/Auxiliary zoning
  • Forwarding and Reverse Web Proxy
  • Transparent HTTP Proxy
  • Proxy chaining and parallel implementation
  • Access lists
  • IP Firewall with NAT and PAT
  • Blocking Synflood, Port Scan, Spoofing…
Web Security

  • URL Guarding based on URL blacklists and white lists and regular expressions
  • URL Guarding Policies based on access time, IP and LDAP requests
  • Automatic blacklists updating
  • Web Application Firewall (XSS, SQL Injection…)
  • Access Logging
  • LDAP & Kerberos AD© authenticating
  • SSL Terminator
  • SSL Mediator/Inspector
  • Antivirus at the Web Gateway
  • Antivirus as a service (for emails)
High Availability

  • RAID capabilities
  • Backup & Restore on spare machine
  • Ethernet link bonding
  • VRRP Redundancy
  • Multi WAN support
Web Optimization

  • Persistent Web caching
  • HTTP Compression
  • Web Cache sharing
  • Traffic Shaping
Administration

  • CLI (Command Line Interface) configuration
  • Console port administration
  • Remote administration with Web GUI and SSH
  • Logging to remote SysLog servers
  • SNMP agent and trap generation
Scroll Up