Protection, Reliability, Speed, Power, Maturity.
Finally, everything you need all in one place.


Last updated 8/3/1998

White Papers

The Internet Protocol Adapter (IPAD) Architecture and Design

We've reached a point in the development of the Internet where we can draw a circle around a building block of functions that must be replicated absolutely every time someone makes a new connection to the Internet. The architecture chosen to build a product this comprehensive is a critical factor to its success.


The IPAD-OS (Internet Protocol Adapter Operating System) is an economical, high performance system integrating all necessary Internet functions into a single easy to administer appliance, without sacrificing the reliability and security required in today's Internet. The IPAD is the first complete product to include communications interfaces, firewall, router, remote access and Internet servers in a single integrated appliance that can support hundreds of users while simultaneously routing data packets at speeds greater than a T1 line.

By dramatically simplifying installation and administration of a secure Internet presence, the IPAD removes the technological barriers to entry for full-time, full-function Internet sites. The simplicity of the IPAD allows creation of a complete Internet site with all hardware and software installation and configuration completed in less than two hours. Non-technical clerical personnel can administer the resulting system with minimal training.

Providing this simplicity in combination with firewall technology certified by the International Computer Security Association (ICSA), mission critical uptime reliability, and continuous throughput performance at greater than T1 speeds is a tremendous technical challenge. The architecture chosen to build a product as comprehensive as the IPAD involves many design considerations and is an important factor to its success. This white paper will discuss these considerations and detail both why the IPAD architecture was chosen and how it compares to the available alternatives.

Scope of the task

The functions required to produce a product such as the IPAD cover an extremely wide range from the device driver and router level to high level servers. These functions include:

  • Direct interface connection and encapsulation protocols to support at least:
    • Frame Relay leased line (up to 2Mbps)
    • PPP leased line (up to 2Mbps)
    • ISDN (up to 128Kbps)
    • OCN (64Kbps or faster)
    • 56Kbps modem PPP or SLIP protocol
    • Ethernet
    • Token Ring
  • Internet Protocol (IP) Router
  • Automatic firewall including:
    • Firewall Pass through for easy scalability and protection of other Operating Systems
    • Zero administration DHCP server
    • Anti-spoof filtering
  • Dial-up Remote Access Server
  • Application Servers including at least:
    • Simple Mail Transfer Protocol (SMTP) e-mail with spam filtering and mailing list capability
    • Post Office Protocol 3 (POP3) mailboxes
    • Full primary/secondary Domain Name Service (DNS)
    • File Transfer Protocol (FTP)
    • Common Internet File System (CIFS)
    • WWW
  • Simple Network Management Protocol (SNMP) to allow use in managed networks
  • Configuration and administration through an easy-to-use web browser interface

Integrating this many functions into a form that can be presented as a single easy to administer product is a very large and demanding task. The architecture chosen has a significant effect on the ability to make the result a coherent product. In addition, maintaining the high level of real-time performance required to provide the capacity this type of device will demand under full load at up to T1 continuous packet rates is an extreme technical challenge and is greatly affected by the architecture chosen.

Finally there is the requirement for security in a setting where there will be no sophisticated computer security expertise. Again, the architecture chosen has a significant effect on the ability to meet this requirement.

Options Available

The primary architectural decisions fall into two categories, hardware and software. The hardware choice must be made first, as it will restrict or open certain software choices.

The hardware choices tend to fall in one of two directions:

  1. Build custom hardware. Choose the best, high performance hardware for each function as well as the overall packaging.


  2. Choose standard hardware with standard open I/O busses to reduce time to manufacture, reduce component cost and allow maximum flexibility for the future.

Only if the open hardware choice (2) cannot be made to meet the performance requirements should the move be made to the custom hardware of choice (1). In the case of the IPAD, the IOA was able to meet the performance requirements while using standard Intel hardware with PCI and ISA bus adapters. This approach gives the lowest cost, multiple vendors for components, and keeps the IPAD open for new hardware communications technology interfaces.

The software choices tend to fall in the same two directions as the hardware choice:

  1. Build a custom, integrated, embedded real-time system.


  2. Use a standard, open, general purpose software system with applications added to create the integrated product.

While the software choice should be made for the same reason as the hardware choice was made, the software criteria are significantly more complex. To fully meet the design goals software for a product like the IPAD has stringent requirements not only for raw performance, but also for reliability, security, and integration of functions into a coherent easy to use appliance like product. A successful design will push the envelope in all four of these directions at the same time.

The determination of a successful software approach is thus not as straight forward as the hardware choice. The natural response is to opt for the open system approach on software as was done for hardware. However, experience has shown that the performance, reliability, security and ease of use criteria are all much harder to achieve with general purpose open software. In fact, as this paper will show, a product that meets all four of these criteria at the same time using both open system hardware and open system software is simply not possible. So the choice then becomes to either compromise one or more of the design goals, or move to custom embedded system real-time integrated software. The only reason not to do this would be that the drive to use open system software is so strong that it is better to build an inferior product than to go to an embedded system design.

IOA has chosen the embedded system route for the IPAD, and thus has created a product that successfully meets all four of the criteria — performance, reliability, security and ease-of-use. However, it is not immediately obvious why this choice is the best one. Let's examine the reasons that open systems software is usually such a strong choice, and its impact in the case of the IPAD.

Open Systems

Open systems provide two primary and related advantages. First, because open system interfaces are published, anyone can write an additional piece of software that plugs into them. So you get the advantage of multiple sources, multiple companies, and multiple talents generating the next new ideas and/or improving the current ones. And if they happen to generate an idea that matters to you, you can get their software, plug it into your system, and be up and running in the next new game without big development expense and time. So you will never stay far behind the development curve. If you do fall behind, you can catch up quickly with the next cycle of innovations. So open systems are a tremendous advantage in a world where new things are always emerging.

The second advantage of open systems is that since they are highly standardized and in wide use (e.g. Windows or UNIX) they generate a great deal of building block software. Developers have access to a myriad of toolkits, middleware, and utilities. So if you have something that is a custom program that you need to write — your particular version of your accounts receivable for instance — you can get that program developed quickly and easily. Eighty percent of the fundamental applications you will need can be purchased from third party vendors, plugged into your open operating system, and customized by a programmer. You build your application quickly. You can get tools from a multitude of sources.

But open systems come with a big price. In trying to accommodate such wide ranges of options and requirements, open systems become incredibly complex. Because general purpose open systems have the ability to move in so many directions, in any given application thousands of parts that are not built for that application but for other uses are still present and active. In customizing or enhancing any single application, the software developer must take these myriad other functions into account. In addition, the presence of these many other functions and their general purpose nature brings tremendous processing overhead. An awful lot of software is running, using resources like CPU power and memory, just to make this open interface possible.

In most computer applications, however, the payoff for openness is so dramatic that it's a trump card. That is, regardless of the downside costs, the advantage of open systems is usually so strong that bearing the costs and doing the best possible job with the result is the optimal choice. The most obvious cost of open systems is performance inefficiency, and that inefficiency can largely be addressed in most cases by buying more hardware. When we need to scale-up our database, we may also need to be able to change to a different manufacturer that makes newer, better software for our open system. When a programmer is needed to walk in and refine our existing software, we gain greatly from running in an environment they already know, one they're already trained in. These payoffs are not easily set aside.

However, when you start networking systems, in addition to the huge performance price there is also the price in general system complexity and security. Public networking systems like the IPAD require security against attack. The trouble here lies in the difficulty of trying to close an open system. The better it is at being open, the more difficult it is to secure it. In trying to close it, you're fighting everything it was built to be.

Finally, trying to integrate the large number of functions the IPAD requires and present them as a single easy to use appliance, becomes very difficult with open systems. Integrating many applications that were written without knowledge of each other creates a very fragile system with respect to configuration of the underlying general purpose operating system. It is easy to reach a condition where changing a setting for one function will have unexpected side effects on other applications. And it is impossible to hide many of the configuration settings that the user really should not have to know exist. This gives rise to extremely high system administration costs to manage the resulting complexity, and scarcity of talent to do this management becomes a serious problem.

Embedded Systems

As with custom hardware, the advantages of embedded systems software are clear: Better performance; real-time responsiveness; totality of integration of the functions to build a specific very easy to use product with no unnecessary or conflicting settings; plus security and reliability due to the absence of all of the unused support functions of a general purpose operating system. But the question is can this product endure without being based on an open operating system? To answer this question let's examine where in the world embedded systems thrive, and determine if the IPAD is such an application.

Embedded systems thrive once a set of functions becomes so defined that they're repeatable, and won't change except for minor evolutionary improvements and modifications. Examples of places embedded systems thrive are control programs for cellular telephones, under-the-hood computers for automobiles, caching disk controllers, modems and routers. An embedded system does not have an operating system that resembles the familiar general purpose operating systems. It may be modularized and have APIs internally for the convenience of the people who built it, but for the user, this is irrelevant. In fact, in such a setting we are usually unaware that we are working with a computing system at all. We just see a product performing a certain defined set of functions.

In short, embedded systems thrive when the functions they perform have become standardized and when the consumer wants the interfaces on the system to be purpose-built so they can enter a minimum of information to get maximum performance on a specified set of tasks. Thus these systems become very easy to use in a way that an open general purpose system can never become.

The Internet Protocol ADapter (IPAD)

With the IPAD we've reached a point in the development of the Internet at which we can draw a circle around a building block of functions that must be replicated absolutely every time someone makes a new connection to the Internet. The architecture chosen to build a product this comprehensive is a critical factor to its success.

The IPAD enables a private Local Area Network (LAN) to connect to the wide area public Internet. But instead of taking an open system general purpose kernel, adding a number of software packages, and trying to create a tight integration of these pieces into an Internet connection appliance, the IPAD represents a new design. It has emerged from years of research and testing as a specialized embedded system which can in fact meet the requirements of the marketplace to provide extreme ease of use in combination with ICSA certified firewall security, mission critical uptime reliability, and continuous performance at greater than T1 speeds.

Open Networks

With the Internet, the concept of 'openness' doesn't apply to operating systems, but rather to communication protocols at the network level. The IPAD can plug into any LAN and work with any host computer of any operating system type as long as it supports the TCP/IP Internet protocol — making the IPAD an Internet open system. The IPAD is really a new type of Internet product, one which encapsulates the functions required to connect to the Internet and provide a complete Internet presence while being open at the network level.

There are other areas of computing that have crossed this boundary of openness at the network level. Think of an Ethernet hub or of a printer where there is a protocol that talks to the device. The printer or hub itself is an embedded system, but it has interfaces that operate with any system that supports a specified protocol.

The IPAD has been designed to provide access to a clear set of communications functions without needing to add any software modules, without needing to change any functions, and without needing to deal with a complex communications interface. The IPAD is open because it provides direct access to any other system that links through TCP/IP. It's also open because it has a set of software slots behind the firewall that easily allows scaling to use (and securely protect) open system servers for any number of large programming tasks may be needed. These include commerce servers, video servers, and audio servers, among others. These options provide the capability to smoothly scale your Internet presence. The beauty of the Internet is that there will always be new applications. The IPAD's open network design makes sure that you will be able to use them all, without overtaxing your own computer's operating system.

Simplicity after Complexity

From the designer's perspective these details of a new design for computing and communicating across the Internet are intuitively clear. But for the consumer, who has been conditioned to believe that the very concept of an open system is a consumer protection move, the concept of open networks may not be immediately clear. It's a serious mistake apply the very same concept of open systems to the block of functions we are considering here. If you try to build a device such as the IPAD out of an open system you will lose tremendously in security, performance, reliability and ease of use. It's not an accident that the IPAD is the first (and as of this printing the only) 'all-in-one-box' Internet connection system that has been certified by the International Computer Security Association (ICSA). If you examine other all-in-one box products that are built on open systems you will find that these systems have been modified to the point that they're no longer open. These systems have lost the open systems advantage, and yet haven't gained the advantage of having an efficient system built for the task.

There is a moment when any systems designer can see that trying to force new design requirements onto an old design method is only going to create perpetual problems for the end user. But recognizing when a set of functions from that earlier system have actually gained such a degree of autonomy that a new system is called for takes in-depth experience, knowing what to look for, and a spirit of innovation. In fact, in The Structure of Scientific Revolutions (2nd Edition, page 65), Thomas Kuhn said that novelty ordinarily emerges only for the man who, knowing with precision what he should expect, is able to recognize that something has gone wrong. In designing Internet connection systems, many designers will simply add routers, servers, and firewalls to try to cover the disadvantages of open systems and accept preposterously slow response times and complex setup and administration as unavoidable overhead from the mix. This approach attempts to arrive at something new while looking backward. This involves an ongoing battle just to get the system to work, and a never-ending administrative battle thereafter.

With the IPAD, we've taken a significant step back, turned and looked forward, and then rebuilt and reintegrated these same functions around an open network embedded system. From the perspective of integrated network system design, the network is the computer, and in this context the protocol is the open system.

Because the IPAD has been designed, built, and tested to deliver one set of Internet communications functions, its user interface has been extremely simplified to the task, in the same way as your automobile interface has been. With the IPAD, you plug in three connections: power, the local network, and the connection to the outside world (phone line, Ethernet, ISDN, or leased line), and you have a high-performance, secure and reliable Internet connection that is easy to set up and administer.

The IPAD thus allows small and medium businesses to create an Internet presence without being burdened by either complicated (and therefore time consuming and costly) installation, or the cost of utilizing highly technical personnel for system administration. The IPAD provides the security, reliability and performance required for full-time Internet connections without the complexity and cost usually associated with such a connection. The IPAD firewall cannot be configured to compromise security, making it ideal for installation in sites without sophisticated technical personnel. The IPAD firewall pass through capability allows smooth scalability with complete protection not normally found in low cost solutions.

IOA's unique real-time embedded system technology is the key that allows the IPAD to be an easy to use, secure, economical, high performance solution that meets or exceeds all of the desired design criteria. Retaining an open system approach in its hardware and in all areas where it touches the network delivers the best of both worlds.