Last updated 8/3/1998
We've reached a point in the development of the Internet where
we can draw a circle around a building block of functions that must be
replicated absolutely every time someone makes a new connection to the
Internet. The architecture chosen to build a product this comprehensive is
a critical factor to its success.
The IPAD-OS (Internet Protocol Adapter Operating System) is an economical, high performance system integrating all necessary Internet functions into a single easy to administer appliance, without sacrificing the reliability and security required in today’s Internet. The IPAD is the first complete product to include communications interfaces, firewall, router, remote access and Internet servers in a single integrated appliance that can support hundreds of users while simultaneously routing data packets at speeds greater than a T1 line.
By dramatically simplifying installation and administration of a secure Internet presence, the IPAD removes the technological barriers to entry for full-time, full-function Internet sites. The simplicity of the IPAD allows creation of a complete Internet site with all hardware and software installation and configuration completed in less than two hours. Non-technical clerical personnel can administer the resulting system with minimal training.
Providing this simplicity in combination with firewall technology certified by the International Computer Security Association (ICSA), mission critical uptime reliability, and continuous throughput performance at greater than T1 speeds is a tremendous technical challenge. The architecture chosen to build a product as comprehensive as the IPAD involves many design considerations and is an important factor to its success. This white paper will discuss these considerations and detail both why the IPAD architecture was chosen and how it compares to the available alternatives.
The functions required to produce a product such as the IPAD cover an extremely wide range from the device driver and router level to high level servers. These functions include:
Pass throughfor easy scalability and protection of other Operating Systems
Integrating this many functions into a form that can be presented as a single easy to administer product is a very large and demanding task. The architecture chosen has a significant effect on the ability to make the result a coherent product. In addition, maintaining the high level of real-time performance required to provide the capacity this type of device will demand under full load at up to T1 continuous packet rates is an extreme technical challenge and is greatly affected by the architecture chosen.
Finally there is the requirement for security in a setting where there will be no sophisticated computer security expertise. Again, the architecture chosen has a significant effect on the ability to meet this requirement.
The primary architectural decisions fall into two categories, hardware and software. The hardware choice must be made first, as it will restrict or open certain software choices.
The hardware choices tend to fall in one of two directions:
Only if the open hardware choice (2) cannot be made to meet the performance requirements should the move be made to the custom hardware of choice (1). In the case of the IPAD, the IOA was able to meet the performance requirements while using standard Intel hardware with PCI and ISA bus adapters. This approach gives the lowest cost, multiple vendors for components, and keeps the IPAD open for new hardware communications technology interfaces.
The software choices tend to fall in the same two directions as the hardware choice:
While the software choice should be made for the same reason as the
hardware choice was made, the software criteria are significantly more
complex. To fully meet the design goals software for a product like the
IPAD has stringent requirements not only for raw performance, but also for
reliability, security, and integration of functions into a coherent easy
to use appliance like
product. A successful design will
push the envelope
in all four of these directions at the
same time.
The determination of a successful software approach is thus not as straight forward as the hardware choice. The natural response is to opt for the open system approach on software as was done for hardware. However, experience has shown that the performance, reliability, security and ease of use criteria are all much harder to achieve with general purpose open software. In fact, as this paper will show, a product that meets all four of these criteria at the same time using both open system hardware and open system software is simply not possible. So the choice then becomes to either compromise one or more of the design goals, or move to custom embedded system real-time integrated software. The only reason not to do this would be that the drive to use open system software is so strong that it is better to build an inferior product than to go to an embedded system design.
IOA has chosen the embedded system route for the IPAD, and thus has created a product that successfully meets all four of the criteria — performance, reliability, security and ease-of-use. However, it is not immediately obvious why this choice is the best one. Let’s examine the reasons that open systems software is usually such a strong choice, and its impact in the case of the IPAD.
Open systems provide two primary and related advantages. First, because open system interfaces are published, anyone can write an additional piece of software that plugs into them. So you get the advantage of multiple sources, multiple companies, and multiple talents generating the next new ideas and/or improving the current ones. And if they happen to generate an idea that matters to you, you can get their software, plug it into your system, and be up and running in the next new game without big development expense and time. So you will never stay far behind the development curve. If you do fall behind, you can catch up quickly with the next cycle of innovations. So open systems are a tremendous advantage in a world where new things are always emerging.
The second advantage of open systems is that since they are highly standardized and in wide use (e.g. Windows or UNIX) they generate a great deal of ‘building block’ software. Developers have access to a myriad of toolkits, middleware, and utilities. So if you have something that is a custom program that you need to write — your particular version of your accounts receivable for instance — you can get that program developed quickly and easily. Eighty percent of the fundamental applications you will need can be purchased from third party vendors, plugged into your open operating system, and customized by a programmer. You build your application quickly. You can get tools from a multitude of sources.
But open systems come with a big price. In trying to accommodate such wide ranges of options and requirements, open systems become incredibly complex. Because general purpose open systems have the ability to move in so many directions, in any given application thousands of parts that are not built for that application but for other uses are still present and active. In customizing or enhancing any single application, the software developer must take these myriad other functions into account. In addition, the presence of these many other functions and their general purpose nature brings tremendous processing overhead. An awful lot of software is running, using resources like CPU power and memory, just to make this open interface possible.
In most computer applications, however, the payoff for openness is so dramatic that it's a trump card. That is, regardless of the downside costs, the advantage of open systems is usually so strong that bearing the costs and doing the best possible job with the result is the optimal choice. The most obvious cost of open systems is performance inefficiency, and that inefficiency can largely be addressed in most cases by buying more hardware. When we need to scale-up our database, we may also need to be able to change to a different manufacturer that makes newer, better software for our open system. When a programmer is needed to walk in and refine our existing software, we gain greatly from running in an environment they already know, one they're already trained in. These payoffs are not easily set aside.
However, when you start networking systems, in addition to the huge performance price there is also the price in general system complexity and security. Public networking systems like the IPAD require security against attack. The trouble here lies in the difficulty of trying to close an open system. The better it is at being open, the more difficult it is to secure it. In trying to close it, you're fighting everything it was built to be.
Finally, trying to integrate the large number of functions the IPAD requires and present them as a single easy to use appliance, becomes very difficult with open systems. Integrating many applications that were written without knowledge of each other creates a very fragile system with respect to configuration of the underlying general purpose operating system. It is easy to reach a condition where changing a setting for one function will have unexpected side effects on other applications. And it is impossible to hide many of the configuration settings that the user really should not have to know exist. This gives rise to extremely high system administration costs to manage the resulting complexity, and scarcity of talent to do this management becomes a serious problem.
As with custom hardware, the advantages of embedded systems software are
clear: Better performance; real-time responsiveness; totality of
integration of the functions to build a specific very easy to use product
with no unnecessary or conflicting settings; plus security and reliability
due to the absence of all of the unused support functions of a general
purpose operating system. But the question is can this product
endure without being based on an open operating system?
To answer
this question let’s examine where in the world embedded systems
thrive, and determine if the IPAD is such an application.
Embedded systems thrive once a set of functions becomes so defined that they're repeatable, and won't change except for minor evolutionary improvements and modifications. Examples of places embedded systems thrive are control programs for cellular telephones, under-the-hood computers for automobiles, caching disk controllers, modems and routers. An embedded system does not have an operating system that resembles the familiar general purpose operating systems. It may be modularized and have APIs internally for the convenience of the people who built it, but for the user, this is irrelevant. In fact, in such a setting we are usually unaware that we are working with a computing system at all. We just see a product performing a certain defined set of functions.
In short, embedded systems thrive when the functions they perform have become standardized and when the consumer wants the interfaces on the system to be purpose-built so they can enter a minimum of information to get maximum performance on a specified set of tasks. Thus these systems become very easy to use in a way that an open general purpose system can never become.
With the IPAD we’ve reached a point in the development of the Internet at which we can draw a circle around a building block of functions that must be replicated absolutely every time someone makes a new connection to the Internet. The architecture chosen to build a product this comprehensive is a critical factor to its success.
The IPAD enables a private Local Area Network (LAN) to connect to the wide area public Internet. But instead of taking an open system general purpose kernel, adding a number of software packages, and trying to create a tight integration of these pieces into an Internet connection appliance, the IPAD represents a new design. It has emerged from years of research and testing as a specialized embedded system which can in fact meet the requirements of the marketplace to provide extreme ease of use in combination with ICSA certified firewall security, mission critical uptime reliability, and continuous performance at greater than T1 speeds.
With the Internet, the concept of 'openness' doesn't apply to operating
systems, but rather to communication protocols at the network level. The
IPAD can plug into any LAN and work with any host computer of any
operating system type as long as it supports the TCP/IP Internet protocol
— making the IPAD an Internet open system.
The IPAD
is really a new type of Internet product, one which encapsulates the
functions required to connect to the Internet and provide a complete
Internet presence while being open at the network level.
There are other areas of computing that have crossed this boundary of openness at the network level. Think of an Ethernet hub or of a printer where there is a protocol that talks to the device. The printer or hub itself is an embedded system, but it has interfaces that operate with any system that supports a specified protocol.
The IPAD has been designed to provide access to a clear set of
communications functions without needing to add any software modules,
without needing to change any functions, and without needing to deal with
a complex communications interface. The IPAD is open because it provides
direct access to any other system that links through TCP/IP. It's also
open because it has a set of software slots behind the firewall that
easily allows scaling to use (and securely protect) open system servers
for any number of large programming tasks may be needed. These include
commerce servers, video servers, and audio servers, among others. These
options provide the capability to smoothly scale your Internet presence.
The beauty of the Internet is that there will always be new applications.
The IPAD's open network
design makes sure that you will
be able to use them all, without overtaxing your own computer's operating
system.
From the designer's perspective these details of a new design for
computing and communicating across the Internet are intuitively clear. But
for the consumer, who has been conditioned to believe that the very
concept of an open system is a consumer protection move, the concept of
open networks
may not be immediately clear. It’s a
serious mistake apply the very same concept of open systems to the block
of functions we are considering here. If you try to build a device such as
the IPAD out of an open system you will lose tremendously in security,
performance, reliability and ease of use. It’s not an accident that
the IPAD is the first (and as of this printing the only) 'all-in-one-box'
Internet connection system that has been certified by the International
Computer Security Association (ICSA). If you examine other all-in-one box
products that are built on open systems you will find that these systems
have been modified to the point that they’re no longer open. These
systems have lost the open systems advantage, and yet haven't gained the
advantage of having an efficient system built for the task.
There is a moment when any systems designer can see that trying to force
new design requirements onto an old design method is only going to create
perpetual problems for the end user. But recognizing when a set of
functions from that earlier system have actually gained such a degree of
autonomy that a new system is called for takes in-depth experience,
knowing what to look for, and a spirit of innovation. In fact, in The
Structure of Scientific Revolutions (2nd Edition, page 65),
Thomas Kuhn said that novelty ordinarily emerges only for the man
who, knowing with precision what he should expect, is able to
recognize that something has gone wrong.
In designing Internet
connection systems, many designers will simply add routers, servers, and
firewalls to try to cover the disadvantages of open systems and accept
preposterously slow response times and complex setup and administration as
unavoidable overhead from the mix. This approach attempts to arrive at
something new while looking backward. This involves an ongoing battle just
to get the system to work, and a never-ending administrative battle
thereafter.
With the IPAD, we've taken a significant step back, turned and looked forward, and then rebuilt and reintegrated these same functions around an open network embedded system. From the perspective of integrated network system design, the network is the computer, and in this context the protocol is the open system.
Because the IPAD has been designed, built, and tested to deliver one set of Internet communications functions, its user interface has been extremely simplified to the task, in the same way as your automobile interface has been. With the IPAD, you plug in three connections: power, the local network, and the connection to the outside world (phone line, Ethernet, ISDN, or leased line), and you have a high-performance, secure and reliable Internet connection that is easy to set up and administer.
The IPAD thus allows small and medium businesses to create an Internet
presence without being burdened by either complicated (and therefore time
consuming and costly) installation, or the cost of utilizing highly
technical personnel for system administration. The IPAD provides the
security, reliability and performance required for full-time Internet
connections without the complexity and cost usually associated with such a
connection. The IPAD firewall cannot be configured to compromise security,
making it ideal for installation in sites without sophisticated technical
personnel. The IPAD firewall pass through
capability
allows smooth scalability with complete protection not normally found in
low cost solutions.
IOA's unique real-time embedded system technology is the key that allows the IPAD to be an easy to use, secure, economical, high performance solution that meets or exceeds all of the desired design criteria. Retaining an open system approach in its hardware and in all areas where it touches the network delivers the best of both worlds.