Safe travels

GCN Lab Review: Tumbleweed appliance makes quick work of delivering files securely across great distances

We are all painfully aware of the cost when proprietary information is compromised.

Losses can total millions of dollars, and the publicity generated by sensitive data leakage can be even more detrimental. That's why file transport solutions are vital to any organization.

Many forms of physical transport, such as CDs and flash drives, are encrypted to ensure that only the right people have access to the information.

But if the device is lost or stolen, the information is gone and unavailable to the people who need it. In addition, physical transport speed is limited by how fast the user can get the media to its destination.

Web-based File Transfer Protocol solutions and Internet-based instant-messaging services remove the possibility of physical loss by eliminating the need for easily lost or stolen media, and they speed transfer times over great physical distances.

Unfortunately, these publicly available services are almost never secure enough for government needs. Of course, if everyone who needed to share an organization's files could do so within the confines of a local-area network, security would not be a problem.

Providing security and mobility seems to be a difficult task.

The Secure Transport Server from Tumbleweed makes this job a lot easier, not to mention safer. It is a file transfer appliance that uses the Hypertext Transfer Protocol Secure port to let users foil unauthorized access when they upload and download files from a Web browser.

Secure Transport is a rack-mountable appliance that takes up 1U of space. Its Intel Xeon dual-core processor and 2G of memory should be enough to handle typical levels of office file traffic. The two 146G Serial Attached SCSI hard drives are in a Redundant Array of Independent Disks 1 mirrored configuration, so there is 100 percent recovery should one of the drives fail.

Although the Secure Transport appliance we tested came with a single power supply, we were pleased to see that it had a bay for a second one, allowing for the capability of redundancy.

We found the setup of the Secure Transport about as easy as an enterprise security appliance gets.

We booted it up with a monitor and keyboard, used a few Linux commands to set the IP of the LAN port, and we were pretty much ready to go. Then it was simply a matter of using the Web-based administrator interface to create file transfer sites and add user accounts.

We found the flexibility offered in this area to be good. We could make a different FTP site for each user or group users into classes and allow or deny access that way.

Using the Web-based interface to transfer files was equally easy. Once we logged in as a user, a list of files on the server appeared.

Clicking on one of these began a download process, allowing us to open it on the server or download a copy to a local computer. Uploading a file was simply a matter of browsing for the file on the local computer and clicking Upload.

In either case, a status window popped up to show the progress of the transfer. We found this feature useful for larger files, but the transfer is too quick to use it for any file smaller than about 50M.

We were disappointed to discover that we could not select more than one file at a time for uploading, and it was impossible to select a folder to upload. This may at times be an inconvenience for some users, but this will not likely be an obstacle for most people in their day-to-day file sharing.

To create a larger file for testing, we compressed several files, then made another compressed file and added copies of the first one until it was the size we needed.

Transfer times were about what we expected for a secure file transfer product. Using a 100 megabits/sec local-network connection, we uploaded and downloaded our 80M file in 12 seconds each way for a rate of 55 megabits/sec, which is only slightly slower than the 62.4 megabits/sec speed we got when transferring the same file between two unsecured computers on a local network.

The extra time is because of the encryption and decryption that the file must go through to make the transfer secure.

As files get larger, however, the encryption time becomes proportionally longer. For example, our 375M test file took 1 minute, 4 seconds to upload (49.2 megabits/sec) and 58 seconds to download (54.32 megabits/sec).

The difference in upload and download times for larger files can be attributed to the appliance being optimized for downloading.

This is generally a good idea, because a typical file would be uploaded once and downloaded repeatedly by various staff members.

Our 1G file took 4 minutes, 8 seconds to upload (38.2 megabits/sec), and 3 minutes, 26 seconds to download (46 megabits/sec). It would be rare for a user to have a file as large as 1G, but we wanted to see how the appliance handled it.

As a comparison, the best file transfer rate we got when testing IEEE 802.11n access points for last year's roundup was 22 megabits/sec. But that speed was at a distance of less than 40 feet.

In addition, wireless networking has its own set of security challenges. We used a 100M file for the wireless test, so we have no way to tell how the transfer rate would have been affected had we used a file as big as 1G.

Of course, transfer times depend on the connection speed of the user's computer.

The interface is Web-based, so allowing for the possibility of remote access, a user's connection could theoretically be as slow as a dial-up modem. However, the Secure Transport appliance will certainly not be the bottleneck for any connection.

The Secure Transport Server is priced at $16,000 as configured for our review. Considering what it does, that is a good price.

Tumbleweed also makes a Windows-based client that can accomplish tasks the Webbased one can't, such as schedule an upload for a later time and keep a log of prior transfers.

This client costs $330 and does not come standard with the appliance. We didn't see the point of charging this relatively small amount in addition to the appliance price, but there you have it.

Our configuration was at the starting price for the product line, but Tumbleweed offers different configurations with larger hard drives, more powerful processing and additional redundant power supplies, so it shouldn't be hard to find one that fits your needs.

Tumbleweed Communications, (877) 282-7390, http://www.tumbleweed.com

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above