There's no shortage of solutions helping admins keep track of "who is doing what" on the Internet.

It isn't unusual to find Internet-traffic content, virus, and malware filtering in the current crop of UTM firewalls, and routers and other devices have been shaping traffic forever.

Thanks to a growing convergence among these tools, however, admins overseeing smaller networks can now do all of this from one easy-to-use appliance and reduce their management overhead.

Network Composer from Cymphonix is a veritable Swiss Army knife of network-management, usage-reporting, and threat-protection tools rolled into a single appliance. From one console, admins can impose bandwidth limits on users as well as applications, scan Web content and TCP streams for spyware and viruses, and block access to Web sites deemed inappropriate.

Wrapped around all of these capabilities is a comprehensive reporting engine that provides clickable graphs and detailed usage information on application and user. Targeted at the SMB market, Network Composer does an excellent job of filling a need without breaking the bank.

I tested the DC30X Network Composer 2U appliance on my production network and found the device surprisingly easy to configure and deploy.

It dropped into my network as a transparent bridge, with its two 10/100 Mbit/s interfaces connected between my core switch and Check Point firewall.

I like that even at its low cost point, Network Composer includes fail-to-wire in case of power or operating system failure and an additional 10/100 Mbit/s management interface for connecting to a separate management network.

Maximum throughput for the DC30X is 30 Mbit/s, enough for almost any cable or DSL connection.

Initial set up and configuration took less than 30 minutes and was aided by a helpful wizard. The wizard took care of all the normal chores of IP addressing on the DC30X as well as things such as the default bandwidth shaping policy and SNMP information.

Premium Filtering, Cymphonix's name for virus and Spyware scrubbing, is not enabled by default but easily set up through the management UI. During my tests, I couldn't detect any noticeable additional latency while Premium Filtering was enabled and scanning all traffic for digital nasties.

A UTM by any other name
A case can be made that many Network Composer features are already widely available in gateway security devices, such as firewalls.

This is true, but there is a general concern that firewalls, specifically ones in the SMB price range, cannot provide the level of performance necessary to inspect traffic through Layer 7 without adding significant latency.

Network Composer is designed to add little or no latency while improving network edge performance - during my testing, timed test scripts showed sub-1-second latency on fully scanned HTTP and FTP traffic.

The traffic shaping feature does a good job of managing the flow of data in and out of the LAN without being overly complex to deploy. Shaping is based on upload and download speeds for each group of applications (VOIP, HTTP/HTTPS, streaming media) from "unlimited" to "disabled" or some percentage in between.

I set limits well below my Internet connection's maximum bandwidth for FTP, streaming media, and e-mail traffic to make sure that these traffic types never consume too much of my available connection.

Network Composer comes with a solid list of predefined applications and services, and administrators can create custom definitions for non-standard traffic, such as a custom Web application.

Network Composer doesn't participate in QoS tagging as defined by existing routers but does its own internal traffic prioritisation. For example, I was able to give HTTP/HTTPS traffic a higher priority than IM traffic as the packets passed through the DC30X.

This kind of prioritisation takes effect when Network Composer reaches a certain level of internal congestion.

If this was an enterprise appliance, the lack of QoS would be a big deal; but as it is, most midsized businesses won't have a full QoS system in place (if they have one at all), so Network Composer's set-up works okay. It's constantly monitoring the traffic stream - it just doesn't enforce the prioritisation until its threshold is reached.

Scrub that Internet traffic
Content filtering is another subtly powerful feature. Based on Fast Data's URL libraries and Cymphonix's detection engine, Network Composer includes a large list of categorised sites and can easily enforce just about any acceptable use policy.

Admins can block access to Web sites based on category, a specific URL, file type (such as .rar and .exe), and MIME type (such as video/mpeg). A whitelist facility is also included to make sure specific URLs, such as business partner portals, are never blocked.

Network Composer really shines when it comes to reporting. It can display usage information based on hardware or user profile. Hardware profiles don't require any special configuration, but to log usage based on the user, special LDAP settings must be defined in the box along with the addition of a client-side executable.

Defining the LDAP connection is no harder than most other types of network devices. The LDAP client application must be run on each user's PC - in my case, launched from a Group Policy log-in script. The program takes up less than 3MB of system memory and I experienced no trouble while running it.

What I really like about Network Composer's reports is the accessibility of the collected data to the administrator. A customisable dashboard shows at-a-glance recent activity, including a summary of application traffic, bandwidth by user and blocked malware and Web requests.

I can click on any graph or traffic category and quickly drill down into the specific data behind the graph - very cool. Although not nearly to the level of Network Physics' NP-500, admins can dig into the traffic and get a good idea of how their network bandwidth is being consumed.

One thing missing is the capability to drill into a specific traffic type on a device or user basis and see the conversation details. For instance, I wanted to know if the HTTP traffic attributed to a server was inbound or outbound traffic.

In this release, that level of detail is not available, but I was told that it will be included in future releases.

The Network Composer DC30X is a very good tool at a terrific price. I really like how much information is available from the intuitive UI and how easy it is to set up and use. Traffic shaping and content filtering are good and the malware and virus scanning kept out all of the bad stuff I could throw at it.

There's not much more you can ask of a small and mid-sized business threat management box.


Network Composer is a very good tool for protecting small and midsize networks from Internet-borne viruses and spyware. Traffic shaping is good, although it does not participate in existing QoS deployments. Reporting is strong, allowing IT to see easily how network resources are being consumed and by which users. It's is a very capable tool for monitoring network usage and threat levels - and the unlimited DC30X costs little more than the bandwidth-limited DC30.