CacheGuard OS Appliance

About CacheGuard-OS

CacheGuard-OS is an appliance oriented OS (Operating System) and our core product. Once installed on a bare metal or virtual machine, CacheGuard-OS transforms that machine into a powerful and easy to handle Web Gateway appliance within minutes. CacheGuard-OS is built from scratch over a custom-hardened Linux operating system and is especially designed to process the Web traffic. It integrates the best technologies into a turn-key solution that allow you to quickly Secure and Optimize your Web traffic without the hassle of integrating various technologies and security layers yourself.

CacheGuard-OS embeds technologies such as Gateway Antivirus, URL Guarding, Web Proxy, Reverse Proxy, Firewall, SSL Inspection, Kerberos Authentication, Access Logging, Bandwidth Shaping, Web Caching, HTTP Compression, WAF (Web Application Firewall), Web traffic Load Balancing (and many others). Those technologies all together address all your needs in terms of Web Security and Web traffic Optimization. What makes CacheGuard-OS an innovative solution is that all those technologies consistently work all together as a whole and form a powerful and easy to handle solution. This is much different than having various technologies installed on a Linux box but without any consistency between each individual technology.

Machine Requirements

CacheGuard-OS is distributed in both x86 (32 bits) and x64 (64 bits) CPU compatible versions and can run on almost all x64 machines made by well-known manufacturers such as HP, Dell and IBM and hypervisors such as VMware and Microsoft Hyper-V. The machine resource requirements mainly depend on the number of users to support and the CacheGuard Functions to you need to activate for your Security and/or your traffic Optimization.

Depending on the number of users to support and available machine resources, CacheGuard-OS is tuned during the installation to run as effective as possible. To do so, CacheGuard-OS assumes that all forwarding users are not simultaneously active but only 20% of them. By simultaneous or active users we mean users that generate traffic contrary to concurrent users who can be connected but not active. The total number of forwarding users and the number of simultaneous reverse users to support are the most important inputs that should be specified during the installation.

For 100 forwarding users (20 simultaneous users) and/or 20 simultaneous reverse users, a typical hardware configuration is:

• Architecture: x86/x64
• CPU: Intel Core 2 Duo
• RAM 4 GB
• HDD: 200 GB
• 2 x Ethernet 100 Mbps NIC

For more users, choose a machine with more RAM, CPU Cores and HDD Storage Capacity. As a rule of thumb, add 1 GB of RAM and 1 CPU core for every additional 50 forwarding users and/or 10 simultaneous reverse users. You can also add 75 GB of HDD Storage Capacity for every additional 50 forwarding users. Regarding the choice of the storage device, please note that CacheGuard-OS runs better with several low storage capacity HDD configured as a RAID compared to a single high storage capacity HDD. CacheGuard-OS innately supports software RAID 0, 1, 5, 6 and 10 by using 3% of the CPU resources only.

With CacheGuard-OS you have the possibility to activate almost all integrated security and optimization fuinctions at the same time on the same machine. Some functions like the HTTP real time compression or the antivirus are more CPU intensive than others. The machine configuration given above allows you to activate all available functions at the same time. You will probably need less hardware resources if you don’t need to activate all available functions at the same time.

Note that it is possible to install CacheGuard-OS on a mini computer configured for 5 users and implemented as a firewall and/or forwarding proxy only. The minimum hardware configuration for 5 users is as follows:

• x86/x64 Architecture
• CPU Intel Pentium IV
• 256 MB RAM^(*)
• 12 GB HDD^(**)
• 1 x Ethernet 100 Mbps NIC
• 1 USB port + USB/Ethernet Adapter

^{(*) With 256 MB of RAM, CacheGuard Web Gateway can be implemented as a firewall and/or forwarding proxy only. If you need to activate all functions a minimum of 1.5 GB is required.
(**) With a 12 GB HDD, CacheGuard-OS can be installed without the persistent caching and logging. If you need to activate the persistent caching and logging a HDD of at least 16 GB is required.}

CacheGuard-OS Licensing

CacheGuard-OS is the result of the mere aggregation of various Open Source software (as OSI definition) and Open Source software developped by CacheGuard Technologies Ltd. All software developped by CacheGuard Technologies Ltd are subject to the GNU General Public License v3 while the mere aggregation of software developed by CacheGuard Technologies Ltd and third parties software forming CacheGuard-OS is licensed under the CacheGuard License Agreement.

Open Source software note
At Technologies Ltd we consider that Open Source software are more reliable and more trustworthy than opaque source software. This does not mean that there are no vulnerabilities at all in Open Source software but with Open Source software you get the warranty that vulnerabilities can be disclosed and resolved more easily and more promptly (by millions of Open Source developers around the globe who have an open access to source codes). The OpenSSL heartbleed vulnerability that has been disclosed and resolved in March 2012 is just an example. That’s why we distribute CacheGuard-OS as an Open Source software.

CacheGuard Technical Functions