Core Competence, Inc. Internet @ppliance Industry Report:
A Guide to Technology,
Products, and Deployment
David Strom, Inc.

Internet Appliance Inc. SES 1500

Small-to-medium Internet security and web server. Supports Virtual Private Networks (VPNs) and has built-in firewall and email servers, as well as support for Windows file sharing. Various options available from dial-on-demand to Ethernet and ATM connections.

Model 1500-E as tested with Ethernet or DSL Internet connection sells for under $3000.
Model 1500-T1 supports T1 connections (priced slightly higher).
Model 1500-D supports dial up connections (priced slightly lower).

Internet Appliance, Inc.
40515 Encyclopedia Dr.
Fremont, CA 94538
Phone: (510)413-1068
Fax: (510)413-1060

July 1999

SES 1500

The Internet Appliance Inc. SES 1500 is a good balance of sophistication and simplicity. It is a VPN appliance that combines web, firewall, and dial-in servers together in a nice package, all administered from a series of browser-based configuration screens. It is an appliance geared towards medium-sized businesses who require capacity to support 30-50 users along with the security features to protect them on the Internet.

What's inside?

The first thing you notice about the SES 1500 is its distinctive two-tone blue case. Behind the colorful cover is an X86 computer running Linux on a 333 MHz AMD processor. The model we tested had 64 MB of RAM and a 6.4 GB hard disk; other options can include up to 256 MB of RAM.

Setting up the SES 1500

There are several ways to setup the SES. You can use Telnet to directly access the command line operations of the server, or hook up a standard PC keyboard and VGA monitor directly to the unit. But the easiest method is to connect the SES to a network and use a PC-based browser to configure it.
With this latter method, setup was very simple and took less than 15 minutes. We reset a PC's IP address to be on the same network as the SES, and then rebooted the PC and brought up a browser and typed in the default SES IP address with port 222. We could use the quick start series of screens, which asked us to setup IP parameters, host names, administrator password and other information. Once the quick setup is done, we restarted and server and we were ready to go. If you can by on the default settings for web, mail and other services that Internet Appliance has specified, you are ready to use the server as-is.

All administration of the SES is handled through the browser and two series of menus: one for the standard configuration options (shown at right) and one for the Virtual Private Network options. The menus are clearly laid out and on screen help is provided that walks you through what is needed to fill out each form.

Click here to view a larger image

The SES lacks its own name and address servers that may be found on other Internet appliances.

Web, Email and File Sharing Services

The SES supports Windows file sharing protocols, so users can connect to it as they would any other NT or Windows 98 file server. This is setup with a simple configuration web form as part of the main setup process. In addition to file services, the SES may be configured to share a network print queue among Windows users. You can also make use of its built-in FTP server to transfer files to the device.

The SES comes with a built-in Apache web server that includes the ability run CGI scripts. To run a script, you go to the System Management | CGI Utilities menu, and upload your script to the appropriate directory on the web server. (You can also copy the file directly within Windows Explorer too.)

The SES automatically maintains several different log files, including a standard web server log along with system and other diagnostic logs. All are readily available from a series of menus. Not included in the SES are any pre-designed web templates. This is a lean and mean web server, and it supports SSL v 1.1 secure web services too.

Speaking of setting up users, this is done via two screens: the first to add the account on the server, and the second to setup an email alias or identity. It couldn't get much simpler. Each user can have an individual public web directory on the server, using the standard format of web servername/~username.

The SES is a full Internet-capable email server. It can support both POP and IMAP clients, and the printed documentation describes how to set up various email clients such as Netscape Messenger and Microsoft Outlook. The email server can be configured in one of three ways to handle a wide variety of situations, and this is perhaps the most confusing portion of the SES setup:

One nice feature not found on many Internet appliances is the ability to screen or block particular URLs from being accessed through the Internet, what the company calls "dynamic Internet screening." You can add or subtract URLs via a web form, although having to type in all the various addresses can get tedious. It comes preloaded with a series of blocked sites, and for obvious reasons these sites are not displayed in the configuration menus. Administrators can view a daily log of page accesses that were blocked by the system.

Finally, the SES has two important features. It can be configured as both a web proxy and caching server, so that all outbound connections pass through the box before heading out to the Internet. This can increase performance, and reduce the latency time that web pages appear on user's browsers. The caching server comes pre-configured and runs automatically and without any user intervention. The proxy server has a single form to specify the size of the cache and the port address of the server.

Notable Security Services

The SES includes a complete firewall as part of the package, and it is setup with a clear easy to use form to specify the various packet filtering rules. The filters apply to particular IP addresses, ports, and protocols. You can also enable packet masquerading for all rules to apply an extra layer of protection for your internal network, and you reorder the rules themselves so they are applied to network communications properly.
Click here to view a larger image
Click here to view a larger image In addition to the firewall, the SES (models 1500 series only) contains a full Virtual Private Network (VPN) gateway. You'll need to have two SES devices connected to each other over the Internet in order to establish a secure connection between them. While the procedure is geared for experienced network administrators, the steps (and menu choices as shown in this screen shot) to create a VPN are clearly documented, along with diagrams showing you typical network configurations. Setting up the VPN option will take a few hours, even for the moderately experienced administrator.

Communication Services

The SES comes with a variety of built-in communication services, including support for dial-out and dial-in servers. However, you must use two separate modems if you wish to enable both directions. The dial-in server supports Microsoft Remote Access Server protocols, and setup merely requires you to connect the modem to the serial port and specify a particular IP address in a single web configuration form. The dial-out server can be set to disconnect after a specified idle period or remain connected continuously.

Final Word

The Internet Appliance SES 1500 is a good choice for medium-sized enterprises looking for a simple but sophisticated appliance. It has a good mix of web, email and firewall services and is noteworthy in its support for VPNs.

Copyright ©2000 Core Competence, Inc. and David Strom, Inc.
All Rights Reserved

No part of this report may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without permission in writing from the publishers.