What's the best solution platform for Internet content filtering?

Let's begin by defining terms...

  • Appliances are specialized hardware devices that focus on providing optimized performance for just one single job — Internet content filtering.  They are often embodied as small rack-mountable (1u or 2u sized) chassis.

  • Software-only based solutions come in a variety of forms.  They can be stand-alone programs that run as a service on a server, virtual machines (VMs) that can be deployed on popular virtual platforms, modules that can be loaded onto a proxy server program, or even software upgrades that can be applied to firewalls, routers and intelligent cache devices.

  • Turnkey solutions are a hybrid.  They are a combination of a software solution pre-loaded onto a chassis.  Typically the chassis is running a version of the Linux operating system.  They mostly resemble an appliance, but lack specialized hardware optimizations.

Now let's take a look at some of the Positives and Negatives of each approach...

Appliances: Positives

  • Easy to implement, provide an all-in-one solution.
  • Single point of contact for service and support.
  • Top units can provide very high performance, for demanding bandwidth applications.
  • Components are often less in number and typically more reliable than in turnkey solutions.
  • They can be quickly and easily "unplugged" when necessary, to facilitate maintenance and repair without disrupting Internet access.

Appliances: Negatives

  • Initial investment is typically a bit higher than software-only solutions.

Appliances are an excellent approach to providing Internet content filtering. Quality units are available in a wide range of sizes, with performance covering the spectrum from small business up to the largest enterprise.


 Software-Only: Positives

  • Initial investment is typically a bit lower than appliance solutions.
  • Can often use existing server hardware or network device (but subject to performance and compatibility concerns).

Software-Only: Negatives

  • More complex to install. Typically more work is required to ensure proper integration into the operating environment.
  • Multiple points of contact for service and support. When a problem occurs, is it caused by the software, the operating system, or a hardware component?
  • The server or network device hosting the software will typically be down during installation, maintenance and upgrading to new versions.
  • If installed on a non-dedicated server, it will negatively impact overall server performance, because it shares the processor and memory.
  • If installed as an upgrade to a network device (e.g. a firewall), it can also negatively impact performance since these devices were not designed to perform heavy database processing.
  • Typically lower performance and less reliable than appliances.
  • To enable outside support, administrator-level access must often be granted. This can expose all services running on the server and compromise security.

As you can see, the negatives of software-only solutions can often outweigh the positives.  Even after successfully implementing this type of solution, the negatives of running in a complex, multi-vendor environment continue.  For example — let's say the software was installed on a standard server computer, and a new version of the server's Operating System (OS) has just been released.  Now you are faced with some interesting questions: Should you install the new version?  Will the software-only solution be compatible with the this new OS version?  If it is not, then what will stop working — just the software-only solution, or will all other applications running on the server be affected?  Can you afford to delay the OS upgrade, or does the new OS version contain a security patch that must be installed immediately? 

Despite these negatives, tens of thousands of companies have successfully implemented and are enjoying the benefits of software-only based solutions. In some situations, they just make good economic sense (e.g. very small installations or where users are spread across many remote locations).


Turnkey: Positives

  • Easy to implement, provides an all-in-one solution.
  • Single point of contact for service and support.
  • Dedicated box, so better performance and no negative impact on other servers or devices.

Turnkey: Negatives

  • Components are greater in number and typically less reliable than in appliance solutions.
  • Initial investment is typically a bit higher than software-only solutions.

In theory, a hybrid solution could offer the strength and best advantages of each of the approaches discussed above.  Unfortunately, current turnkey solutions tend to exhibit more of the disadvantages of each approach.  They are typically not as fast, reliable and easy to configure as appliances, nor are they as cost-effective as software-only solutions.

It is possible that a quality turnkey solution will become available in the future, and we constantly evaluate new product offerings.  Currently, there are no specific examples of this type of solution that we can recommend.