The data center may seem a big place, but watts are watts: Every one you use costs you money. Two firewalls in a high-availability pair may not be the biggest power expense in a computer room, but that's no excuse to waste wattage.
In our "green factor" testing, we found that Nokia's and WatchGuard Technologies' UTM firewalls certainly know how to pass packets without wasting money: Both draw less than 1 amp. As the overall winner in this category, the Nokia IP290 pair we tested used 1.0 amps under load and barely slipped past WatchGuard's Firebox Peak devices, using 10% less power overall.
The IP290s are especially green because of their space and size. Nokia fits two half-wide boxes in a single 1U mounting bracket. That's downright elegant, especially compared with some of the other devices we tested. In fact, two Nokia IP290 firewalls weigh less than the rack-mount kit for the Secure Computing Sidewinder UTMs. When you upgrade and replace your firewalls at the end of a five-year life cycle, you're going to be throwing out a lot more finished product that had to be mined, manufactured, shipped and ultimately recycled.
Gigabit firewalls range from the very efficient (Nokia and WatchGuard) to the very wasteful (IBM and Secure Computing) when it comes to power consumed and materials to manufacture the device. You can build a greener data center by choosing products with lower resource requirements.
In the doghouse for their high power use were the general-purpose servers from IBM (running Check Point software) and Secure Computing (running on Dell hardware), which pulled down 7.7 amps to 6.3 amps in our tests (and emitting a similarly disproportionate number of BTUs). The custom-built IBM Internet Security Systems' Proventia MX5010 also weighed in heavily in this category, pulling down 5.5 amps.
Swapping amps for cycles
Measuring the power consumed by each device isn't necessarily a fair-comparison criterion, because different devices have different performance characteristics. It took both Nokia IP290 firewalls in a load-sharing cluster to get up 750Mbps of firewall performance, while the single, power-sucking IBM System x3650 clocked in at greater than 3Gbps throughput.
So if you like the Check Point UTM software, you can run it on a pair of Nokia IP290 systems instead of on IBM or Crossbeam Systems hardware and save 400% to 750% on power without giving up any features -- though you do have to give up performance.
Another tricky part of measuring power use lies in the management server. We didn't factor management into our power equation, because, with the exception of the IBM/ISS Proventia, which is a dedicated appliance, we ran management servers for each product in a virtual machine on a VMware server or on low-end systems we had in the lab. In a production environment, you'd want to put these consoles on real hardware, which would take proportionately more power, space and cooling resources.
Nevertheless, the numbers speak for themselves: If you have a 150Mbps OC-3 to the Internet that you want to firewall, the Nokia or WatchGuard firewalls will do it just fine and draw about 1 amp of power.
Read related articles:
Check Point UTM management falters; Cisco, Juniper gain
UTM and IPv6: Do they mix?
UTM performance takes a hit
Juniper, Cisco all-in-1 devices hit on intrusion-prevention
VPN capabilities vary widely across UTM firewall devices
Tracking UTM high availability
A closer look at UTM hardware architecture
UTMs require routing for flexibility's sake
AV's place is not in the all-in-one security box