ASG Appliances: Hardened Version with Flash RAM
Providing ultimate reliability and recovery, If Astaro OS and configuration files can be stored on a non-volatile solid-state disk or RAM. In the event of a hard disk failure, the solid-state disk or RAM allows the system to continue its operations.
It is secondary that a System recovery be a matter of installing a new hard disk and initiating the recovery if hot swappable HDD option be available also to lower models to the likes of ASg525 and 625. The system automatically restores itself to normal operating state.
the appliances aren't made for end user serviceability. HA is very license friendly now so a second one is not totally unaffordable. If you want the ability to change out the hdd's yourself rolling your own hardware is the ticket there.
I think looking at the cost keeping both SSD for Astaro OS and HDD for logging is possible.
Again most of the competition UTM have a seperate HDD for logging.
Use of SSD will be highly beneficial to keep the operations running compared to current HDD devices with single HDD (not ASG525 & 625) so a more satisfied customer that his ASG is up and running even when the HDD is failed and waiting for an RMA,
Well Astaro can only send a HDD in case of HDD failures and no need to completely ship a full unit.
I think there are a lot of technology benefits and cost savings as well if you add up to it.
yes they are "cloud based" but those appliances have several large vulnerabilities themselves:
1. They depend on cloud servers for everything
2. They are totally dependent on the internet for everything
when they have a license/cloud server crash(which they have had) your internet is down as all of their products become unlicensed and shutdown
2. if your internet or their connection has an issue..or there is a problem in between the two...your appliance goes offline.
The local hdd is actually a great hedge against all of these issues. mechanical hdd's are soooo reliable and to be honest they aren't going to slow things down enough if the machine is built properly. The extra expense of flash plus the possible lifetime issues with flash drives and long term performance problems really means hdds for firewalls are just fine for all but the most extreme installations. if you really need tons of IOPS you just need to setup 215k drives in raid 1 or 4 10k drives in raid10.
OK so why not provide Astaro Box without any local HD
and make logging through a network storage disk !?
with a dedicated interface for that 1Gbps should be enough to transfert the logs
so with this architecture MTBF of the box should increase dramatically
some customer/partner are a bit scary with HD components in a box
specially when this argues is emphasis by competition
1. HA is provided for failover. if you need redundant disks you can easily RAID1 as astaro supports a good range of RAID cards.
2. See above
3. av/ips/antispam is NOT performed on the hdd but in cpu and ram. it is the logging which is accessed via hdd. HDd can be leveraged for local content filtering but that is usually set for ram. SSD is not really needed for all but the most extreme of environments and then you'll be running a cluster. Given the current unknown state of TRIM in the astaro kernel SSD's might suffer form fatigue failures quicker. v9 I believe has TRIM support..not 100 percent on that one though.
I would further like to add:
That this will open doors for:
1. users with no HA will continue to operate with out a downtime. At least firewall and networking if no content scanning.
2. A planned downtime can be set to replace the HDD.
3. Higher through puts of AV/IPS/Antispam if scanning done on SSD as compared to that of RPM based SATA/IDE
A response to competition on Astaro's use of HDD, usually Sonicwall and Fortinet hit this.