Skip to main content

Gatekeeper Appliance Shapes

Gateway appliance can be deployed either as a hardware or virtual appliance, with both options utilizing the same Xshield gateway appliance software. The difference lies in the execution environment: In the virtual appliance gatekeeper software runs within a virtualization environment such as VMware, while in the case of a hardware appliance, gatekeeper is a physical appliance.  The hardware appliance can either be a ColorTokens Xshield gatekeeper appliance box such as the one below or compatible hardware on amd64 architecture which can run ubuntu 22.04. The requirements for a virtual appliance interms of CPU/Memory/Storage and Network Card Capacity are the same as that of the hardware appliance specs below in the Hardware Appliance section.

Gatekeeper Virtual Appliance

Gatekeeper Virtual Appliance Minimal Requirement for IOT and OT Applications

Gatekeeper Virtual Appliance Minimal Requirement for IOT and OT Applications

Shown above is a sample configuration of a virtual gatekeeper appliance running on VMware ESXi 6.5.

Please note: Two network adapters are required—one for the upstream network and the other for the downstream network. The gatekeeper appliance can be set up in either standalone mode or high availability mode. In the case of a high availability (HA) configuration, two gatekeeper appliances operate in active/standby mode. Should any issues arise, the active gatekeeper appliance automatically switches over to the standby appliance.

Gatekeeper Hardware Appliance

ColorTokens offers a range of Gatekeeper appliances to suit various deployment sizes and network requirements. Besides these hardware shapes gatekeeper can also be run in a virtual environment like VMware. The Virtual appliance specs are the same as that for a hardware appliance for the given number of devices shown below:

GK-1000 Series

Max Devices: 1,000

  • Ideal for: Small deployments, PoCs, or single subnet/VLAN environments
  • CPU: AMD 4 Core Processor
  • Memory: 8GB
  • Disk: 256GB SSD
  • Network Card: 2.5 Gbe
  • Latency Impact: <1 ms under normal traffic; <7 ms under full line rate

GK-2000 Series

Max Devices: 2,000

  • CPU: Intel Xeon 12 Core Processor
  • Memory: 32GB
  • Disk: 512GB SSD
  • Network Card: 10 Gbe
  • Latency Impact: <1 ms under normal traffic; <7 ms under full line rate
  • Redundant Power Supply

GK-4000 Series

Max Devices: 4,000

  • CPU: Intel Xeon 16 Core Processor
  • Memory: 64GB
  • Disk: 1TB SSD
  • Network Card: 10 Gbe or 40 Gbe
  • Latency Impact: <1 ms under normal traffic; <7 ms under full line rate
  • Redundant Power Supply

GK-6000 Series

Max Devices: 6,000

  • CPU: Intel Xeon 24 Core Processor
  • Memory: 128GB
  • Disk: 1TB SSD
  • Network Card: 40 Gbe (100 Gbe available for additional cost)
  • Latency Impact: <1 ms under normal traffic; <7 ms under full line rate
  • Redundant Power Supply

GK-9000 Series

Max Devices: 9,000

  • CPU: Intel Xeon 48 Core Processor
  • Memory: 256GB
  • Disk: 2TB SSD
  • Network Card: 100 Gbe
  • Latency Impact: <1 ms under normal traffic; <7 ms under full line rate
  • Redundant Power Supply

All Gatekeeper appliances are designed to support their respective network bandwidths with minimal latency impact, ensuring that security measures do not compromise the performance of critical OT systems.

Hardware Customization Options

ColorTokens can customize Gatekeeper hardware appliances based on specific customer requirements to meet both industrial environment and data center environment standards. The hardware configuration can be tailored across multiple parameters to match your deployment needs and budget.

Customizable Parameters

1. Network Interface Options

  • SFP+ vs Copper Ports: Choose between fiber optic SFP+ ports for long-distance connections or copper ports for standard Ethernet connectivity
  • Port Count: Additional network cards can be installed to support more ports based on your network topology requirements
  • Network Card Speeds: Support for 1GbE, 2.5GbE, 10GbE, 40GbE, and 100GbE network cards

2. Processing Power

  • CPU Cores: Number of CPU cores is designed to support the expected network card bandwidth capacity
  • Memory: RAM allocation scaled to match processing requirements and expected traffic load
  • Architecture: All appliances are based on AMD64 architecture, typically using Intel Xeon processors

3. Power Configuration

  • Voltage Options: 110V or 240V power supply configurations available
  • Deployment Type: Designed for rack-mount or desktop deployment form factors
  • Redundancy: Optional redundant power supply for high availability requirements

4. Storage Options

  • Disk Capacity: Storage sizes can be configured larger than standard specifications, though typically not required for normal operations
  • Storage Type: Generally equipped with NVMe-based disks for optimal performance

5. Management Interface

  • Out-of-Band Management: Dedicated management LAN connection for remote administration
  • IPMI/iDRAC Support: Integrated Lights-Out Management (iLO) or equivalent for remote power management, console access, and hardware monitoring
  • Remote Access: Enables remote troubleshooting, firmware updates, and system monitoring without affecting production traffic

Environment Standards

Industrial Environment

  • Ruggedized components for harsh operating conditions
  • Extended temperature range support
  • Enhanced vibration and shock resistance
  • Industrial-grade power supplies

Data Center Environment

  • Standard rack-mount form factors
  • Enterprise-grade components
  • Hot-swappable components where applicable
  • Advanced thermal management

Cost Considerations

Hardware costs vary based on the selected configuration options. ColorTokens works with customers to match hardware specifications to specific requirements, ensuring optimal performance while maintaining cost-effectiveness.

For custom hardware configurations and pricing, please contact ColorTokens sales or support team to discuss your specific deployment requirements.