Linux on Nokia IP Series Hardware
Anonymous Coward writes "Michael Rash has written a howto for the Linux Journal on getting Linux to run on a Nokia IP 330. Now we can use a free firewall on a platform normally designed to run Check Point Firewall-1. In these troubling times where IT departments all across the landscape are trying to reduce costs, this will allow companies to say 'No' to expensive support contracts and upgrade costs and still maintain security without having to buy new hardware."
I'm a network guy for a fairly large company. We use Linux all over the place, including firewalls. Frankly, I'm quite impressed; we've found it to be far more supportable than even the best commercial products.
But why would I want to run it on a Nokia box? Typically, firewall vendors sell the box's hardware and software support together. So, if you're not paying the software support, you have no hardware support. If you're using Linux to save costs, and it fries its power supply, you're SOL.
For the amount of CPU power that you get in the Nokia, you're better off if you buy a good, high-quality PC (We use Dell PowerEdge), throw a few NICs in it, and run Linux on it. The PC will be cheaper, include hardware support, and be easily field-servicable by any PC tech.
When I first started with technology I was shocked to learn that you had to pay for upgrades
Yes, I was also shocked when I found out auto makers wouldn't give me the latest car model every time they upgraded the design. Or that I didn't automatically get later editions of textbooks. Or that I didn't get a free sixpack of Vanilla Coke despite all those Classic Cokes I've bought. Or that I don't get a new HDTV, even that I've been a loyal user of my last one for ten years.
One purchase does not entitle you to free products for life. Networking products are no different. Neither is software. You can't afford to pay the engineers to work on the upgrade unless you pay for the upgrades. (The only alternative is to pay for them all up front -- but then you wouldn't buy that very expensive product compared to its competitors, now would you?)
As a bit of background, I work for an established Check Point and Nokia partner. We regularly sell large numbers of these firewalls to enterprise customers. They are as reliable and full-featured as a firewall gets.
This article brings up the question: why would anyone consider installing Linux on the Nokia appliance? The answer: they wouldn't. Here are the reasons.
1. If the hardware is used/old, it is outdated by today's standards. For $800 including hardware support you can get a nice rackmount Dell server and run Linux on it. The performance boost would be many many times what you can get on the Nokia.
2. The Nokias hold their resale value better than a system with the same hardware specs. An older 330 can still fetch a decent amount on Ebay. Right now, there is one that has a buy-it-now price of $1,199.00. Why do you want an AMD 233 with no hardware support when you can sell it and buy yourself an 850MHz Celeron with support and then pocket $300?? It doesn't make sense.
3. Presumably, if you already have the Nokia then you have Check Point as well. Why ditch it for a the Linux firewall? The management, logging, and OPSEC features of Check Point outweigh the benefits of switching to Linux.
I think the Nokia/Check Point solution is great. I just don't think that trying to run an unsupported OS on the platform is worth it. Look at the cost/benefit of a new system. It makes a lot more sense to "budget-strapped IT departments."
-shox
I hate this sentiment. It doesn't do the network or the business any good to be able to point a finger. It does you some good though, as you're not responsible for it in managment's eyes. So, not only are you paying out the arse for support, you're also suffering downtime. Wonderful!
Nobody considers it your fault though, unless you didn't have a good reason for picking your vendor. If everybody thought the vendor was a good one then you're okay. Well, the end of the fiscal year comes around and your department spent all of it's money and didn't achieve it's goals. The internal IT team sticks their thumbs up their collective asses and points the index finger of their free hand at the vendors. Business conclusion at this point: The department costs too much and provides too little. Outsource it or cut it.
You still lost your job.
Maybe I'm idealistic but it frightens me how many people only do enough to keep their job safe without thinking about the company's benefit as a whole.
Perhaps I'm a bit jaded though. A recent project that I've been working on just illustrates the point that your vendor isn't employing hundreds upon hundres of Supermen. In fact, their employees might be just damned near retarded sometimes. Their engineers have deadlines to meet and they can't meet those deadlines if you're still finding bugs in their recently released product and demanding fixes for them. It really doesn't matter how much money you put into them -- they're still only human. No amount of cash will change that.