|
How to Choose the Right UTM
Continued from page: 1
Wednesday, September 05, 2007
Remote or central office
The security requirement of remote and central offices are completely
different. In your central office you might be having an IT team but it's not
necessary that you will have a full-fledged IT team at your branches. So in case
of a branch office you require something which can be easily monitored remotely
and have an intuitive web interface with which you can do all the configurations
when needed and don't require a physical presence. So in that case while
deciding upon buying such devices make sure that the one which you are putting
at your branches doesn't require console connections, etc, frequently and most
of the configuration can be done from a remote NOC.
Additionally, in such a setup where you have a central NOC and multiple
branch offices you should also keep in mind how well the UTMs work together. So
for instance if you are planning to deploy a point to point VPN between your
central and branch offices you should keep in mind that the devices at both ends
are either from the same vendor or supports same sets of technologies and can
work seamlessly together. But as we have discussed above, going with the same
vendor can sometimes become too costly an affair. If you are planning to go with
some Open Source UTM, then be very careful while choosing and make sure that it
integrates perfectly with the UTM sitting at the central office.
While buying a UTM for your central location you should also keep in mind the
fail over options as well. For instance does it support active-active or
active-passive failovers? The difference is exactly as it sounds like. In
active-active fail over both the devices will work together and in case one is
down the other will take the complete charge. Where as in active-passive
mechanism one device will be the master and will be serving the network where as
the other will be just sitting idle and checking the status of the first one. In
case the first one fails it will take the charge.
In case of branch offices you should look for devices that have an additional
modem port with which you can dial into the device and configure it in case all
your WAN or Internet links are down.
 |
| Using this interface of Cyberoam UTM, one
can check the Net access log based on user name instead of IP address |
Proxy or not
Sometimes, a cache based proxy becomes essential. This not only gives you
better control over the Internet bandwidth, but also gives you a faster access.
Though, adding storage to UTM appliances, for caching, affects their cost and
compactness. Not surprisingly, most of the UTMs which we recieved came without
an in-built cache-based proxy. The devices that we received for review; either
had a small laptop hard disk for storing quarantined viruses and spam, or didn't
have a hard disk at all.
But the Open Source UTM software which we checked out had the option for
caching proxy. The reason is again clear. They are installed on commodity
machines and servers, wherein you can easily add required storage. So, if you
essentially need cache-based proxy, then you can either go for an Open Source
UTM or for a UTM plus proxy server combination. The choice is yours.
ADS or no ADS?
ADS or active directory integration is new functionality of today's UTM
devices. ADS integration means that the UTM device can actually capture data
based on usernames and not on IPs. Earlier, it used to be “192.168.1.1---total
download 100 MB”, but now with ADS integration it becomes “Ramesh---total
download 100 MB”. So, now you can do user-based monitoring, irrespective of the
IP of the machine from which he is accessing network. This kind of a setup is
very useful for environments where we have DHCP-based IP allocations.
 |
| A customized Linux distro for
UTMs can be installed on a machine with a large hard disk and can be used as
a UTM with in-built cache-based proxy |
Page(s) 1 2
|
