28 minute read
UTM appliances
The Network
Practical buying and strategic advice for IT managers and decision makers
Advertisement
Buyer’s guide
Protect your business
Every organisation needs protection from ransomware, phishing, hacker attacks and worse. Dave Mitchell tries out the appliances that can keep you safe with minimal management
Small and medium businesses may be taking a well-earned breather as the pandemic recedes, but you can’t let your guard down when it comes to data protection. The past few years have seen reduced investment in network security, along with big changes in working practices. That’s created plenty of new opportunities for cybercriminals: in its 2021 Cyber Threat Analysis report, ISP Beaming tracked a steady increase in attacks over the last quarter of 2021, with UK businesses subjected to 165,933 breach attempts over the threemonth period – an average of one every 47 seconds.
This isn’t a threat to take lightly. In March, the UK government estimated that the average cost to British businesses of a security breach is £4,200. But there are ways to ensure your systems aren’t compromised – and they’re a lot cheaper than dealing with a successful attack.
This month we review unified threat management (UTM) appliances from four established names in the world of network security: DrayTek, Sophos, WatchGuard and Zxyel. All offer enterprise-class protection at SMB-friendly prices, and we put each one through its paces in our lab to help you choose the best protection.
All together now
UTM appliances are ideal for busy SMBs, as they provide a full spread of security functions in a single box. Along with a business-grade firewall, most provide intrusion prevention systems (IPS), active threat detection and all-round protection against viruses and ransomware, including web, email and application scanning.
BELOW DrayTek’s Vigor 2866ax features a high-performance Wi-Fi 6 access point
Integrating everything into one device also keeps administration simple. All the appliances on review can be managed from a user-friendly web console, with centralised monitoring and easy access to all features. Malware signatures and IPS profiles can be automatically updated with no intervention, and since the UTM sits at the perimeter of your network, with all inbound and outbound traffic passing through it, it’s simple to apply company-wide security policies and be sure that nothing slips through the net.
Power and performance
While most UTMs offer a broad range of security functions, they vary in their throughput capacity. This is something to consider up front: hopefully your UTM will last you for many years, and you don’t want an underpowered unit that will slow to a
crawl as your user base expands and gateway traffic increases. Don’t be swayed by vendors’ quoted firewall throughput rates – these are invariably tested using lightweight UDP packets, which don’t represent real-world usage. Services such as antivirus scanning and IPS have much higher demands on appliance hardware, and we recommend you use these figures as a baseline when sizing the appliance for current and future demand.
Pick the right subscription
Security services need to be kept current, so beside the purchase cost of your UTM you’ll need to budget for a regular subscription. Most vendors offer flexible licences, so you only pay for the features you need.
Licences typically start with a base subscription that only enables the firewall along with IPsec and SSL VPNs. The next tier adds key services such as malware protection, web content filtering and application controls, while the top tier activates advanced functions such as threat detection and response, zero-day protection and analysis of encrypted HTTPS traffic. Subscriptions usually run for one- or three-year terms, and you can make substantial savings by committing for a longer period.
Cloud cover
If you need to extend protection to a remote branch or subsidiary office, consider a UTM with a cloud portal. This lets you remotely monitor and configure your security provisions regardless of where the appliance is physically located.
A useful feature – supported by all four UTMs on test this month –is zerotouch provisioning, which lets you remotely configure security settings before the appliance is even plugged in. Support staff simply need to provide an internet connection, after which the UTM will pick up your settings and begin providing your chosen protections.
A cheaper alternative is to consider a security vendor whose endpoint protection software links up with the same cloud portal as the UTM. If you install this software on client devices at the remote site, one dashboard can provide status information and alerts across all your locations.
Sophos also offers a clever third option for protecting remote
TOP LEFT DrayTek’s web console is highly informative yet easy to get around
TOP RIGHT The WatchGuard T20-W shows you where web threats are located
locations, courtesy of its Ethernet SD-RED device. This routes all the remote site’s traffic through a secure VPN tunnel to your primary office; it then passes through the main UTM appliance and is subjected to the same security policies as local users. You thus get the same protections as if you’d installed a second appliance, at a fraction of the cost.
Satellite radio
LEFT The Sophos XGS 116 web interface packs a wealth of detail about threats
Two of the UTM appliances on test this month don’t just handle wired traffic: they also offer integrated wireless services. This is very convenient for businesses in the service industry wanting to offer secure customer Wi-Fi in locations such as restaurants and coffee shops. Even the cheapest appliance we tested supports the high-performance Wi-Fi 6 standard. This doesn’t mean that the two appliances without an internal access point can’t manage wireless traffic; they just need to be partnered with a compatible external access point from the same vendor. This will then be recognised and provisioned as a secure wireless network. If you’re planning to provide Wi-Fi to office visitors or the general public, look for the ability to create guest wireless networks, with their own “A cloud portal lets you protection policies. For a touch of professionalism, remotely configure your most allow you to create security regardless of where the appliance is physically located” captive guest portals, with various authentication options supported, including vouchers and social network logins. A UTM appliance is one of the smartest investments a small business can make – certainly compared to the potential cost and reputational damage of a breach. The models on review this month all offer an excellent range of data protection measures and are well suited to SMBs, remote offices and home workers. Read on to see how to keep your business and your staff safe.
DrayTek Vigor 2866ax
A versatile and very affordable SMB security router with Wi-Fi 6 and top-notch WAN redundancy
SCORE
PRICE £286 exc VAT from ballicom.co.uk
DrayTek’s Vigor 2866ax looks like an ordinary wireless router – and for a small office it can fulfil that role perfectly well. It offers a solid set of Wi-Fi 6 services, with speeds of up to 574Mbits/sec on its 2.4GHz radio and 2.4Gbits/sec on the 5GHz band. It’s also one of the very few SMB routers we’ve seen that supports wide 160MHz channels for maximum bandwidth. Round the back, six Gigabit Ethernet ports allow for the direct connection of wired clients, or the sixth can alternatively be configured as a WAN socket, as we’ll discuss below.
Installation is a cinch. The router’s web console provides quick-start wizards for configuring internet access, presenting secure wireless services and setting up VPNs. The price includes support for 32 IPsec tunnels plus 16 SSL VPNs, with optional hardware acceleration for increased performance. The firewall is also enabled out of the box, and preconfigured with a strict security policy; this can be customised with rules and filters, which are also used to enforce application controls and link, with the latter automatically brought online when the primary link fails or its traffic exceeds specific thresholds. Alternatively, you can set mutiple links as simultaneously active, and enable the load balancing service to distribute traffic across them all.
Wireless services are also good for the price. Up to four SSIDs can be defined on the 2.4GHz and 5GHz bands, each with its own security scheme, and you can present hotspot services for guest users with custom web portals and a range of authentication methods. Performance is helped along by a clever hardware acceleration option that allows traffic that’s already been through the firewall and content filters to bypass the CPU. This can yield huge performance benefits: with acceleration disabled, closerange file copies between a server (connected via Ethernet) and a Windows workstation connected over Wi-Fi 6 averaged 65MB/sec, with router CPU usage peaking at 80%. Enabling acceleration saw speeds leap up to 105MB/sec, while CPU usage dropped to barely 5%. We were also able to gain a small performance increase by enabling the 160MHz channel width, which saw copy speed increase slightly to 107MB/sec.
The Vigor 2866ax offers a lot for a low price; it’s a great choice for small businesses that want reliable internet and security services in one unit. It lacks some advanced features such as gateway malware protection and anti-spam, but all the essential security measures are present, and thanks to DrayTek’s powerful hardware acceleration it’s faster than you might expect.
web content filtering. Cloud management is available via the optional VigorACS 3 web portal.
DrayTek’s URL keyword filtering service is basic, but you can beef it up with the optional Cyren GlobalView service, which divides the web up into 81 site categories that can be blocked or allowed using up to eight profiles. A free 30-day trial can be activated from your MyVigor account, after which it costs around £35 per year.
Application controls are also free on registration, and provide a list of 160 apps and protocols that can be controlled. Services including Facebook, WhatsApp and LinkedIn can be instantly blocked using profiles enabled within your firewall rules, although we did notice that Twitter is oddly not covered.
One area where the Vigor 2866ax really stands out is WAN redundancy. Alongside the built-in G.Fast/VDSL2 modem, one of the Ethernet sockets can be set as an internet connection, and the two front-facing USB 2 ports will each take a 3G or 4G modem. Each WAN connection can be configured as an active or backup
ABOVE Up to four WAN connections can be used for failover or load balancing
RECOMMENDED
BELOW Despite its small size, the Vigor 2866ax provides lots of security options
SPECIFICATIONS
Fanless desktop unit G.Fast/VDSL2 RJ-11 modem 6 x GbE ports (5 x LAN, LAN/WAN) 2.4/5GHz 802.11ax wireless 2 x external wireless aerials 2 x USB 2 external PSU 241 x 165 x 44mm (WDH) 780g 2yr RTB warranty
Sophos XGS 116
A small and mighty appliance with outstanding security and remote management features at a tempting price
SCORE PRICE With 3yr Xstream Protection: £1,439 exc VAT (List) from enterpriseav.co.uk
Don’t be deceived by its modest dimensions: the Sophos XGS 116 is a security powerhouse. Aimed at busy SMBs and branch offices, this desktop appliance boasts a raw firewall throughput of 7,700Mbits/sec, and even with full threat protection enabled it keeps up a creditable 685Mbits/sec.
That’s largely thanks to Sophos’ dual-processor architecture. The Xstream Flow Processor provides a hardware acceleration layer that’s optimised for specific network tasks, ensuring the main AMD CPU doesn’t get bogged down.
Connection options abound. The rear panel presents eight Gigabit Ethernet ports – with PoE+ on the last one – plus one fibre port. While there’s no built-in modem, an expansion bay lets you add VDSL2 or 3G/4G modules, although Sophos’ Flexi network cards only work with larger rackmount XGS models.
The flexible licensing model allows you to choose which features you want, and there are plenty on offer. We’ve shown the price of a three-year Xstream subscription above, which enables the base firewall licence along with Xstream TLS 1.3 SSL inspection, deep packet inspection, network, web and zero-day protection modules, central orchestration and enhanced appliance’s Control Center console remotely for full configuration.
Businesses with home workers will love the Synchronised Security feature, which extends firewall protection to remote systems running the Sophos Intercept X endpoint agent. A heartbeat service monitors and automatically isolates any that are compromised, while the application control feature detects unknown applications running on endpoints and pushes out firewall policies to secure them.
All of this is controlled via policies that bring together firewall rules, service filters, schedules and specific settings for intrusion detection, email, applications and web filtering. That last feature is particularly impressive: the appliance comes with predefined settings to get you started, but you can choose to block or allow sites in over 90 categories. Application controls are equally extensive, with more than 3,500 predefined filters supplied, including 12 for Twitter and 73 for Facebook, so you can finely control social networking in the workplace.
A new filtering feature in the latest firmware makes it easy to find specific rules within complex policies, and lets you reset traffic counters to zero with a click – a big improvement on the previous release, which required a reboot.
All told, the XGS 116 delivers strong gateway security measures at a great price. It has the power to cope with high demand, and the integration with Sophos’ endpoint security software will appeal to businesses that want to extend their protection to home workers.
24/7 support. The email and web server protection modules are optional extras, each costing around £142 for a three-year licence.
Deployment is easy thanks to the appliance’s web console wizard, which guides you through the steps required to get secure internet access up and running. We chose routed mode as we wanted the appliance to provide all security functions; protection starts immediately, with the wizard enabling a standard set of firewall security policies including web filtering and anti-malware.
Henceforth, the Control Center dashboard provides everything you need to know about network activity and security issues. Graphs provide a clear visual overview of web traffic and network attacks, plus blocked and allowed applications and web categories. The User and Device Insights section keeps track of activity in modules such as SSL inspection, advanced threat protection and zero-day protection, and clicking on an icon takes you directly to a more detailed report.
Remote management comes into play too, with the Sophos Central portal. After we’d registered the appliance with our account, we were able to bring up live reports in a web browser, and to access the
ABOVE Both copper and fibre Ethernet are supported, along with PoE+ on the last port
BELOW The XGS 116 can be managed from its own console or via the cloud portal
SPECIFICATIONS
1U desktop chassis 2.1GHz quad-core AMD RX-421ND CPU 4GB DDR4 64GB SATA SSD 8 x GbE ports (PoE+ on port 8) SFP GbE RJ45/micro-USB COM ports USB 3 USB 2 expansion slot external PSU (max. 2) 320 x 213 x 44mm (WDH) 2.2kg 1yr standard hardware warranty
WatchGuard Firebox T20-W
This affordable desktop appliance is a great choice for protecting small offices and home workers
SCORE PRICE With 3yr Total Security, £1,508 exc VAT from watchguardonline.co.uk
The T20-W is the entry point of WatchGuard’s Firebox table-top security appliances, and is aimed primarily at small and home office deployments. It could also be a sound choice for larger businesses wanting to protect remote sites, as it offers cloud management and zero-touch deployment.
The latter is handled via WatchGuard’s RapidDeploy service: once you’ve register a new appliance with your support account, you can assign it a configuration file created from a local Firebox appliance. When the appliance is plugged in at the remote site, it grabs the file from your account and instantly starts providing protection.
For management, you can either use the local web console or enable full cloud management, which disables the local interface and provides remote access to all configuration settings. Whichever you choose, WatchGuard keeps the workload low with proactive protection: the ThreatSync service can collect and collate event data from multiple Firebox units, while DNSWatch blocks access to known malicious domains. The T20-W doesn’t support the IntelligentAV scanner found on other Firebox models, however – it’s too demanding for this appliance’s dual-core CPU.
Even so, the T20-W offers a good range of security measures. The price above includes a three-year Total Security subscription, which enables gateway antivirus, anti-spam, web content filtering, application controls, intrusion prevention services, an advanced persistent threat blocker and WatchGuard’s RED (reputation enabled defence) service – plus the aforementioned ThreatSync and DNSWatch features. All subscriptions include cloud management, and the Total Security licence includes log retention for up to 30 days.
Though compact, the T20-W offers a respectable range of connection options. Five Gigabit Ethernet ports handle WAN, LAN and DMZ duties, although there’s no PoE+ as found on the more powerful T40-W. Believe it or not, there’s built-in wireless too, although Wi-Fi 6 isn’t supported – you’re limited to Wave 1 802.11ac – and the 2.4GHz and 5GHz radios can’t be active simultaneously. Still, that will be fine for home workers, and if you need the extra performance of Wi-Fi 6 then the T20-W’s integrated
ABOVE The Firebox T20-W packs in a wide range of services
RECOMMENDED
wireless gateway can provision and manage WatchGuard’s access points. Performance, too, should be ample for the target market: WatchGuard claims top firewall and UTM throughput rates of 1.7Gbits/sec and 154Mbits/sec respectively. For testing, we registered the T20-W with our cloud account and initially chose local management. Even with this option active, the unit remains visible in the cloud portal, allowing you to monitor a wealth of detail about traffic, detected threats and responses. The web console, meanwhile, provides wizards for configuring the various traffic proxies, which cover a whole range of protocols including “The ThreatSync service HTTP, HTTPS, FTP, SIP, POP3 and SMTP. Enabling can collect event data from gateway AV and APT multiple Firebox units, while DNSWatch blocks access to malicious domains” blocking are one-click manoeuvres, while the WebBlocker service presents 130 URL categories that can be blocked or allowed. Strict controls can also be applied to over 1,100 predefined apps, including all popular social networking services. Moving to full cloud management is as easy as clicking a button in the device configuration page. We tried this and were happy to see the T20-W BELOW You can immediately reconfigured itself and monitor a heap of provided full access to the full set of information about security services. traffic and threats If wireless services are a priority then the Firebox T20-W might not be the ideal choice, but it’s bursting with security features, and WatchGuard’s swift deployment and cloud management make it ideal for extending enterprise protection to home workers.
SPECIFICATIONS
Fanless desktop unit dual-core 1GHz NXP LS1023A CPU 2GB DDR4 ECC 4GB eMMC 5 x GbE ports (WAN, 4 x LAN) 2.4/5GHz 802.11ac Wave 1 wireless 2 x USB 2 RJ-45 serial port external PSU 217 x 206 x 44mm (WDH) 900g warranty inc in subscription
Zyxel ZyWALL ATP200
A top-value appliance with great cloud management and clever protection against unknown threats
SCORE
PRICE With 1yr Gold Security licence, £875 exc VAT from broadbandbuyer.com
Zyxel’s ZyWALL ATP appliances are designed to stay one step ahead of hackers. They have a sharp focus on zero-day threats, making use of advanced services such as cloud threat intelligence, machine learning and automated sandboxing of suspect files.
The ATP200 on test is affordable, too. The price shown includes a one-year Gold licence, after which yearly renewals cost £276. That gets you a heap of security features – not just the technologies menti0ned above, but also hybrid anti-malware, anti-spam, web content filtering, application controls, IPS and Zyxel’s cloud-hosted SecuReporter Premium reporting service.
This desktop unit isn’t overloaded with ports, but it presents two Gigabit WAN and four copper LAN ports, plus a handy SFP fibre socket for longer connections. Performance is good for the price, with Zyxel claiming a 2Gbits/sec raw firewall throughput dropping to 600Mbits/sec with all security services enabled.
You have two management choices as all of Zyxel’s ATP appliances can be either locally managed or brought under the control of the Nebula cloud platform, which provides a single portal for all the company’s compliant wireless APs, switches and mobile routers. There’s just one small catch, which is that the Nebula portal doesn’t currently support Zyxel’s email security component, so if you want to use this you’ll need to run the ATP200 in standalone mode.
We opted for cloud management and found registration a very swift process thanks to the Nebula iPad app, which let us scan the appliance’s QR code and immediately add it to our site. The same process can be used for zero-touch provisioning: once you’ve registered the appliance, you can send it off to a remote office and, once connected, it will receive all the settings configured in the portal.
We like the way that Nebula’s dashboard can be customised to show whatever data is important to you. It came up showing the appliance’s hardware status, detected apps and clients, WAN throughput and security alerts, but there was plenty of room for us to add performance and status widgets for our Zyxel PoE switches and Wi-Fi 6 APs.
Like most UTM appliances, the ATP200 is controlled via security policies, which combine firewall rules with application patrol settings – you can manage access to over 3,500 business apps – and web-content filtering settings, which let you block or allow sites across 110 categories.
Enable the anti-malware hybrid mode and Zyxel’s cloud-based threat intelligence comes into play too, combining a local signature database with cloud queries to check whether downloaded files are safe to allow through. The sandbox service is accessed from the same page: this isolates files it hasn’t seen before and gives them a test run in the cloud to see if they are malicious. Friendly files are allowed through, while those deemed a threat are destroyed. Another notable feature is Zyxel’s collaborative detection and response service, which blocks rogue devices. You can specify how many times a device is allowed to trigger the malware, IDP or web threat services; once the threshold is reached, the appliance will automatically kick them into quarantine.
Finally, you can configure the SecuReporter cloud service, which receives logs from the ATP200, to decide whether personal information such as email addresses and usernames should be included or anonymised. The main dashboard provides an informative overview of all security events along with deeper insights into web, app and threat activity plus all security issues.
The ZyWALL ATP200 offers a persuasive defence against unknown threats, and the Nebula portal integration is especially useful for businesses looking to protect remote offices. It’s a real shame that email security is only supported in standalone mode – we hope that will be rectified soon – but even without that module, you still get a great set of security features for the price.
ABOVE The ATP200 uses cloud intelligence to help block even unknown threats
RECOMMENDED
BELOW The Nebula cloud portal provides plenty of information on all network activity
SPECIFICATIONS
Fanless desktop unit quad-core CPU 2GB RAM 7 x GbE ports (2 x WAN, 4 x LAN, 1 x SFP) 2 x USB 3 DB9 serial port external PSU 272 x 187 x 86mm (WDH) 1.4kg 1yr Gold licence 5yr limited warranty
Dell EMC PowerEdge T350
A superbly built single-socket server for SMBs, with great expansion potential and remote management features
SCORE PRICE As reviewed, £2,382 exc VAT from dell.co.uk
When designing the new PowerEdge T350 tower server, Dell EMC originally considered using the same chassis as the mighty T550. But SMBs said no – they wanted something much more space-efficient. And so it came to pass: the T350 introduces a brand-new mini-tower format that’s 37% smaller than its predecessor, the T340.
The size reduction doesn’t come at the cost of power. This single-socket server supports Intel’s Xeon E-2300 CPUs and up to 128GB of DDR4 memory, while eight internal LFF hot-swap drive bays offer plenty of storage potential. There isn’t an SFF drive cage option, but smaller SFF hard disks and SSDs can also be mounted in hybrid drive carriers.
While the PowerEdge T350 is a more lightweight server than the T550, it shares the exceptional build quality of its big brother. The chassis is constructed of sturdy pressed steel panels all round, with a weighty metal removable side, and sports Dell EMC’s trademark honeycomb front cover.
Pricing starts at a terrifically affordable £1,273: that gets you a quad-core 2.8GHz Xeon E-2314 CPU
Storage RAID options are plentiful. The motherboard comes with a basic S150 SATA controller, but you can choose from an extensive range of PERC adapter cards. Our system includes the entry-level PERC H345 SAS3/SATA card, which offers hardwaremanaged RAID0, 1 and 10 arrays; pricier 700-series adapters add
RAID5 and 6, plus battery-protected cache memory. With the RAID card in place you’re still left with three spare PCI-E slots to play with, so you can also add a 10GbE card if the the T350’s dual Gigabit Ethernet ports don’t suffice for your needs.
One valuable feature passed down from the T550 is support for Dell EMC’s boot-optimised storage solution (BOSS) S2 card. This runs the operating system from a mirrored pair of M.2 SATA SSDs, allowing for maximum speed and resilience while freeing up the main drives for data storage. The SSDs are presented at the front in hot-swap carriers, and our server setup included the card and dual 240GB drives.
You also get the same excellent remote management features as on much bigger servers. Dell EMC’s embedded iDRAC9 controller provides tons of valuable information on server operations and hardware status through a slick web console. You can also monitor the server from a mobile device; we used the OpenManage iOS app on an iPad to view the server’s status, pull up a list of hardware and receive alerts on health issues. We went for an iDRAC9 Enterprise licence, which enables full OS remote control and virtual media services. We used the latter to attach a remote Windows Server 2022 ISO to the server and had the OS installed on the BOSS card in under 30 minutes.
The PowerEdge T350 is a fantastic little machine for SMBs and branch offices seeking a capable but affordable single-socket tower server. With support for a whole spread of Xeon E-2300 CPUs and a big helping of memory it can be specified to meet a wide range of needs, while the high storage capacity and plenty of expansion space provide room to
and 16GB of memory. There are plenty of other options, though, as the T350 supports all ten Xeon E-2300 CPUs. For our review we chose a faster 3.1GHz Xeon E-2324G and a variety of upgrades which we’ll discuss below, bringing the price to a still very reasonable £2,382.
The smaller chassis means there’s less working space inside than on the old T340, but with the side panel removed you’ll find everything neatly arranged and easy to access. Cooling is handled by a quiet 9cm fan at the rear, and the motherboard is covered by a solid plastic shroud to assist air flow. The CPU is fitted with a large passive heatsink, beneath which sit four DDR4 DIMM slots. We chose to install a single 32GB 3,200MHz module in one of these, leaving three available for future upgrades. Base systems are powered by a fixed 450W Bronze PSU, but beefier configurations such as ours can use dual hot-swap 600W Platinum PSUs.
ABOVE The new T350 chassis is compact, quiet and even stylish
BELOW Dell EMC’s OpenManage console is loaded with plenty of useful information
grow. DAVE MITCHELL
SPECIFICATIONS
Tower chassis 3.1GHz Intel Xeon E-2324G 32GB 3,200MHz DDR4 ECC (max 128GB) 8 x LFF/SFF hot-swap drive bays Dell PERC H345 SAS/SATA PCI-E card Supports RAID0, 1, 10 2 x 2TB SATA hard disks BOSS S2 with 2 x 240GB SATA M.2 SSDs 2 x PCI-E 4 2 x PCI-E 3 2 x GbE 2 x 600W hot-plug PSUs iDRAC9 Enterprise with GbE 175 x 595 x 382mm (WDH) 3yr basic on-site NBD warranty
Qnap KoiBox-100W
A versatile and affordable videoconferencing solution with great wireless screen presentation features
SCORE
PRICE Diskless, £411 exc VAT from broadbandbuyer.com
NAS specialist Qnap has lately been expanding into new areas such as network switching; now it turns its attention to the SMB videoconferencing market. And the KoiBox-100W is a clever concept: a portable appliance that can operate as both an all-in-one conferencing solution and a wireless screen-sharing station for in-person presentations.
If you’re fed up with monthly subscriptions, there’s one feature you’ll like right away. Instead of charging a recurrent fee, the KoiBox is a one-off purchase with all licences included. That gets you support for the most popular conferencing platforms, including Skype, Microsoft Teams and Zoom. The KoiBox will appeal equally to businesses that want to go off-grid, as it can provide private conferencing services too, with Qnap taking care of all user authentication and meeting connections.
Inside, the KoiBox is powered by a 1.8GHz Intel Celeron 6305 CPU, and it pipes 4K video out of a single HDMI port at the rear. Next to it sit four USB-A 3.2 Gen 2 ports, to which you can connect cameras, speakers, microphones, a keyboard and mouse as required, plus a Gigabit Ethernet socket, although you may not need this as the KoiBox has built-in Wi-Fi 6. was sharing, or begin a sharing session of our own. Cloud meetings are easy to set up, especially if you’re using Microsoft Teams, as the KoiBox has native integration with this platform. After we’d assigned one of our Team user accounts to the KoiBox we were right away presented with the standard interface we all know and love. For private video calls the appliance uses the KoiMeeter app – the same one as found on Qnap’s NAS appliances, but pre-registered so you don’t have to worry about time limits. Unhelpfully, the user manual neglects to explain how PC and Mac users can join private meetings, but it’s easily done – they just need to point a web browser at the KoiMeetr website and log in with their Qnap account. Remote participants get a picture-in-picture view in their browser, along with video and audio controls, a screen-sharing button and facilities to invite other users up to the maximum of four per meeting.
If remote users are logged into the KoiMeeter web service, they can also be invited to meetings directly from the KoiBox by entering their personal KoiCode. This is one reason you might want to connect a keyboard: the remote control works, but it’s tedious having to use it to flick through the onscreen dial-pad. Mobile users can use the KoiMeeter app for iOS and Android to start meetings and accept requests from the KoiBox, or they can bypass the KoiBox entirely and use the app to conduct private meetings amongst themselves.
The KoiBox-100W is an intriguing alternative to the mainstream providers. Once you’ve added the cost of a 4K camera and audio equipment it isn’t much cheaper than a budget video bar, but it’s easy to set up and use, it will appeal to SMBs wanting private videoconferencing services, and the screen-sharing capabilities
Though you can’t see it, there’s one final connector: an internal SFF drive bay, into which you can install an SSD to record your meetings. We were able to slot in and use a 1.92TB Micron SATA SSD with no fuss.
Setting up the KoiBox is very easy. You just connect it to a display and use the included remote-control handset to step through the onscreen setup wizard. This guided us through choosing a language, formatting the SSD and confirming our AV equipment as working (we tried both a Logitech ConferenceCam Connect and a Poly Studio P15 system, and had no problem with either).
Once setup is complete, the KoiBox presents a colourful homescreen from which you can access all functions using the remote. To share your screen from a PC you just need to enter the IP address of the appliance in Chrome or Firefox, select the wireless projection option and choose whether you want to cast the entire screen, a window or a browser tab.
Mobile screen sharing is supported, too: we tried the free KoiCast iOS app on an iPad. This immediately opened with a view of the KoiBox’s screen, allowing us to see what someone else
ABOVE Four USB-A ports let you hook up cameras, mics, keyboards and more
RECOMMENDED
LEFT There’s no shortage of conferencing and screen-
sharing tools are a bonus. DAVE MITCHELL
SPECIFICATIONS
Desktop chassis dual-core 1.8GHz Intel Celeron 6305 CPU Intel UHD Graphics 4GB DDR4 RAM 30GB M.2 SSD 1 x SFF internal bay Gigabit Ethernet Intel AX201 Wi-Fi 6 4 x USB-A 3.2 Gen 2 ports HDMI 1.4b RM-IR004 handset (batteries not included) external PSU 232 x 152 x 45mm (WDH) 1.1kg 3yr hardware warranty
