OpenSSL Heartbleed vulnerability Guidelines

•18 de Maio de 2014 • Deixe um Comentário

Hi there folks,

unless you’ve been living under a rock, you’d know that a flaw has been discovered in OpenSSL, which is one of the most utilized encryption methods on the Internet and ICT at a global scale.

You can find here what OpenSSL Heartbleed bug is all about:
http://heartbleed.com/

A lot have been said and apart from the buzz there is some confusion around Heartbleed, so I want to provide you some sort of enlightment and guidelines, more about “What” and not “How” to deal with it.

Heartbleed verification and mitigation is time consuming, unless you have your ICT environment insanely documented you can’t bet that you are not exposed to Heartbleed, so let’s focus on the guidance model.

 

1 – Vendors affected by Heartbleed

You can find below an extensive list of security advisories regarding CVE-2014-0160 (a.k.a. Heartbleed) from the well known Linux Distributions and security + networking Software/Hardware vendors. I am sharing with you just a mere representation of vendors being impacted, the bulk part of the Iceberg it’s underwater with an endless list of vendors.

 

VMWare:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2076225

Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

Blackberry:
http://btsc.webapps.blackberry.com/btsc/viewdocument.do;jsessionid=5893087B0890E66745D0A2187EBB2FF1?externalId=KB35882&sliceId=1&cmd=displayKC&docType=kc&noCount=true&ViewedDocsListHelper=com.kanisa.apps.common.BaseViewedDocsListHelperImpl

Oracle:
http://www.oracle.com/technetwork/topics/security/opensslheartbleedcve-2014-0160-2188454.html

Google/Android:
http://googleonlinesecurity.blogspot.co.uk/2014/04/google-services-updated-to-address.html

Debian:
https://www.debian.org/security/2014/dsa-2896

Ubuntu:
http://www.ubuntu.com/usn/usn-2165-1/

Gentoo Linux:
http://www.gentoo.org/security/en/glsa/glsa-201404-07.xml

NetBSD:
http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2014-004.txt.asc

Nginx:
http://nginx.com/blog/nginx-and-the-heartbleed-vulnerability/

OpenBSD:
http://www.openbsd.org/errata55.html#002_openssl
http://ftp.openbsd.org/pub/OpenBSD/patches/5.5/common/002_openssl.patch.sig

FreeBSD:
http://www.freebsd.org/security/advisories/FreeBSD-SA-14:06.openssl.asc

Suse:
http://support.novell.com/security/cve/CVE-2014-0160.html

openSuse:
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00004.html

Novell:
http://support.novell.com/security/cve/CVE-2014-0160.html

Redhat:
https://access.redhat.com/security/cve/CVE-2014-0160
https://access.redhat.com/site/announcements/781953

Fedora Project:
https://lists.fedoraproject.org/pipermail/announce/2014-April/003205.html

Slackware:
hxxp://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.533622

Sparklabs/viscosity openvpn client:
https://www.sparklabs.com/viscosity/releasenotes/

XenServer:
http://xenserver.org/component/easyblog/entry/xenserver-and-the-openssl-heartbleed-vulnerability.html?Itemid=179

Mozilla:
https://blog.mozilla.org/security/2014/04/08/heartbleed-security-advisory/

HP Networking:
http://h17007.www1.hp.com/docs/advisories/HPNetworkingSecurityAdvisory-OpenSSL-HeartbleedVulnerability.pdf

Citrix:
http://support.citrix.com/article/CTX140605

CAcert:
https://blog.cacert.org/2014/04/openssl-heartbleed-bug/

Fortinet:
http://www.fortiguard.com/advisory/FG-IR-14-011/

F5:
http://support.f5.com/kb/en-us/solutions/public/15000/100/sol15159.html

Aruba Networks:
http://www.arubanetworks.com/support/alerts/aid-040814.asc

Checkpoint:
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk100173

Watchguard:
http://watchguardsecuritycenter.com/2014/04/08/the-heartbleed-openssl-vulnerability-patch-openssl-asap/

OpenVPN:
https://community.openvpn.net/openvpn/wiki/heartbleed

Despite all the information around I’m still  been asked over and over if there are Microsoft Services or products vulnerable to Heartbleed. The straight answer to that is the following:

Microsoft official spokesman:

“After a thorough investigation, Microsoft determined that Microsoft Account, Microsoft Azure, Office 365, Yammer and Skype, along with most Microsoft Services, are not impacted by the OpenSSL “Heartbleed” vulnerability. Windows’ implementation of SSL/TLS is also not impacted. A few Services continue to be reviewed and updated with further protections.”

http://blogs.technet.com/b/security/archive/2014/04/10/microsoft-devices-and-services-and-the-openssl-heartbleed-vulnerability.aspx

 

In late April 2014 Juniper Networks sent out a Security Advisory for their SSL VPN solution, you might not be aware of it but with the release of Windows 8.1 Microsoft integrated some 3rd-party vendors SSL VPN clients, Juniper is included.

Due to this 3rd-party integration on the OS base installation, all Windows 8.1 x86, x64 and RT should update the OS with the security update KB2962393.

 

Junos Pulse/SA (SSLVPN): Details on fixes for OpenSSL “Heartbleed” issue (CVE-2014-0160)/JSA10623  
http://kb.juniper.net/InfoCenter/index?page=content&id=KB29004

Update for Vulnerability in Juniper Networks Windows In-Box Junos Pulse Client
https://technet.microsoft.com/library/security/2962393

 

2 – Verify if a vulnerable OpenSSL version is installed on Windows OS;

OpenSSL is not the default Windows implementation of SSL/TLS, there is a proprietary API (SSPI), which in case of IIS is Secure Channel, but OpenSSL is relatively common on Open Source platforms, such as Apache Web Servers.

1. You should verify if there is a vulnerable version of OpenSSL installed on Windows systems that are exploring any type of non-MS components;

Example: Apache running on Windows with mod_ssl using OpenSSL.

2. In case you find a vulnerable OpenSSL version installed on Windows you should upgrade to a more recent and non-vulnerable version or alternatively you can recompile OpenSSL with the option “-OPENSSL_NO_HEARTBEATS”;

OpenSSL Upgrade path:
https://www.openssl.org/news/secadv_20140407.txt

3 – Verify if there are non-Microsoft OS’s with a vulnerable version of  OpenSSL;

In your network environment you may have non-Microsoft systems with OpenSSL installed, it is relatively common on Linux Operating Systems and Apache Web Servers, or with services that rely on encryption, such as SSH (port 22), encrypted SMTP (port 26), https (443), NNTP encrypted (563), LDAP over SSL (636), FTP encrypted (989 and 990), Telnet encrypted (992), IMAPS (993), IRC encrypted (994), POP3S (995), etc.

To verify:

1. On your central asset/device management platform (e.g. SCCM) there are any Linux machines, Apache Web Servers or any other machines with OpenSSL installed being reported?

If yes, you should update OpenSSL to a non-vulnerable version or if that’s not possible at the moment at least recompile OpenSSL with option “-DOPENSSL_NO_HEARTBEATS”.

2. On your Mobile Device Management (e.g. Intune) platform there are any devices (e.g. some Android versions) vulnerable to OpenSSL being reported?

If yes, update to a OS version that is not vulnerable to OpenSSL, if that’s not possible you should review your organization security policy, normally the security best practices state that on such cases a vulnerable OS should not be allowed to connect to your network environment or access corporate information systems.

3. There are any systems vulnerable to Heartbleed being hosted on IaaS or Hosting provider?

If yes, you should update to a non-vulnerable version of OpenSSL and follow the recommendations mentioned on step 6.

4 – Verify if your remote access and publishing plataforms are indirectly exposing non-vulnerable systems to Heartbleed;

To access your Web Services or Web Servers you are probably relying on web publishing or reverse proxy network components, such as: network load balancers, Cache services, TLS offloaders, reverse proxy, etc;

If any of these network components supporting the communication channel are vulnerable to Heartbleed, your Front-end and Back-end environment can be exposed either.

Analyze and update the solutions from 3rd-party vendors, such as network appliances, etc, with the vendor list I’ve provided on Step 1.

5 – Assess your environment with vulnerability scanners;

Vulnerability assessment should be a common practice in your network environment, if that’s not the case and you are the one responsible for it you need to reevaluate your management practices and start doing it at a regular basis, it’s a standardized approach in the Industry!

There’s an huge external motivation, specially for the worst reasons, to assess and detect vulnerable systems to Heartbleed, you need to do a Vulnerability assessment as soon as possible, if you have done it recently but prior to Heartbleed disclosure you should repeat the process ASAP.

1. Use a remote vulnerability scanner to assess your published web site or application;

Some examples that you can use at no charge for a remote analysis:

https://www.ssllabs.com/ssltest/

http://tif.mcafee.com/heartbleedtest

https://play.google.com/store/apps/details?id=com.lookout.heartbleeddetector

 

2. Use a vulnerability scanner to check Heartbleed exposure on your local network.

For that you can Run a Pentesting Linux Distribution such as Kali Linux;

You’ll find NMAP which can be used with the Heartbleed detection script:

– Boot your Kali VM, LiveCD or Installation;

– Open a terminal session:

– Update all kali tools and OS components:

sudo apt-get update
sudo apt-get upgrade

– Download and install the Heatbleed detection script on NMAP:

cd /usr/share/nmap/nselib/
sudo wget
https://svn.nmap.org/nmap/nselib/tls.lua
cd /usr/share/nmap/scripts/
sudo wget
https://svn.nmap.org/nmap/scripts/ssl-heartbleed.nse
sudo nmap –script-updatedb

– Scan for Heartbleed through NMAP:

nmap –script ssl-heartbleed [server]

On [server] insert your server IP, netbios, FQDN or IP range (192.168.0.0/24)

 

6 – When you find a System that is vulnerable to Hearbleed;

If you detect a vulnerable system, for such system and all those that are depending of it, to avoid the exposure of credentials and private/public key pairs you should proactively change the passwords for those systems, generate a new private/public key pair of those certificates and proceed with a more deep and broad analysis to evaluate if you had any security compromise.

 

R-Tape Loading error,
Luís Rato

Windows 8.1 Update 1 Download links

•8 de Abril de 2014 • Deixe um Comentário

Hi guys,

for those that can’t wait for today’s release of Windows 8.1 Update 1 on the Windows Update, here are the Official download links for a manual installation.

The Update KB2919355 is the main Windows 8.1 Update package, the other update KB’s are necessary for a successful installation of the main package, install them first before you go for KB2919355.

 

Download links for Windows 8.1 Update x86:
KB2919355
KB2919442
KB2932046
KB2937592
KB2938439
KB2949621-v2 (Windows Server 2012 R2 only)

Download links for Windows 8.1 Update x64:
KB2919355
KB2919442
KB2932046
KB2937592
KB2938439
KB2949621-v2 (Windows Server 2012 R2 only)

Download links for Windows 8.1 Update ARM:
KB2919355
KB2919442
KB2932046
KB2937592
KB2938439

R-Tape Loading error,
Luís Rato

Debian: How to fix the warning “Duplicate sources.list” while running “apt-get update”

•5 de Janeiro de 2014 • Deixe um Comentário

Hi there guys,

just to share an easy fix for the following situation:

Imagine that you want to execute APT to obtain the packages lists from the sources you specified (“/etc/apt/sources.list”), for that you would run:

sudo apt-get update

After executing the above command you got the following warning:

W: Duplicate sources.list entry http://dl.google.com/linux/chrome/deb/ stable/main amd64 Packages (/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-amd64_Packages)
W: Duplicate sources.list entry http://dl.google.com/linux/chrome/deb/ stable/main i386 Packages (/var/lib/apt/lists/dl.google.com_linux_chrome_deb_dists_stable_main_binary-i386_Packages)
W: You may want to run apt-get update to correct these problems

This means that there are duplicate entries on your sources list (“/etc/apt/sources.list”). In my case per the above warning I can see that there are duplicate entries for Google Chrome but this can happen on all kinds of software package lists.

To find out where they are run the following command (single line):

 grep -R --include="*.list" chrome /etc/apt/

kali-chromet

I did a recursive search for “chrome” on all files with the extension “.list” under each directory of “/etc/apt” and I got the following duplicates on the output:

/etc/apt/sources.list.d/google-chrome.list:deb http://dl.google.com/linux/chrome/deb/ stable main

/etc/apt/sources.list:deb http://dl.google.com/linux/chrome/deb stable main

kali-chrome2

Based on the above output I have duplicate entries for chrome on “/etc/apt/souces.list” and “/etc/apt/sources.list.d/google-chrome.list”, the last one has been automatically created during Chrome installation.

The “/etc/apt/sources.list.d” directory provides a way to add sources.list entries in separate files, I don’t want separate files to manage my sources and I prefer to manage all sources on a single file (“/etc/apt/souces.list”), so I will comment ( # ) the entry on “google-chrome.list”:

sudo nano /etc/apt/sources.list.d/google-chrome.list

Comment ( # ) the entry:

# http://dl.google.com/linux/chrome/deb/ stable main

Press [CONTROL]+[X] to exit and save the file.

kali-chrome3

 

Now rerun the “apt-get update” and everything should be ok.

kali-chrome4

 

That’s all folks.

 

R-Tape Loading error,
Luís Rato

Forefront TMG and UAG Phase out/alternatives – Part 2

•4 de Janeiro de 2014 • Deixe um Comentário

Hi again folks,

following the Part 1 of Forefront TMG and UAG Phase out/alternatives I will complete the series with the description of the available solutions for each ISA/TMG/UAG feature.

2. Finding the alternatives for each TMG/UAG features

Finding alternatives is far from being an easy exercise, there are many things to consider, I’ve already covered a few on my previous post, but some additional fundamentals may influence your decision, such as:

– Know-how of your team on determined technology/vendor, that may reduce the learning curve, training costs and the risk caused by faulty operations/implementation;

-Good vendor relationship and supportability are key elements for a less bumpy transition;

– Easy of use and manage (centralized) to make your team productive and fast responsive to the increasing business demand;

– Can’t restrict an Heterogeneous and interoperable ICT;

– A convergence of features on fewer solutions/vendors may simplify the management/operations burden and reduce Capex/Opex;

– Capable to respond to the new world order of Cloud, Big Data, Mobility and Social;

– Ultimately, respond to the business needs. All I’ve mentioned previously means nothing if you do not commit to the business goals. If you fail to do so, as a CIO/CSO you may turn yourself a shooting target, CEO’s, CFO’s and CMO’s are getting less tolerant with ICT misalignment, roadblocks and unresponsiveness.

 

I’ll leave you with the decision to be made, so to make your life easier I’ve created a table with the right mapping of available solutions that replace each feature of ISA, TMG and UAG.

On the following table you have:

– Mapping of available security features on ISA, TMG and UAG;

– Column “Transition path” is related to the available solutions that can replace each feature of ISA, TMG and UAG, you may opt for Microsoft Technology if available (highlighted with a Link for detailed information) or a 3rd-Party Vendor;

– Column “Security solution type” with the acronym of the standard names of Security solutions available on the market. On this column you have more than one type, that’s because there are different types of solutions that can respond to that particular feature, select one;

    • Features
ISA TMG UAG Transition path Security solution type ( * )
Route X X   Windows Server 2012 RRAS
– 3rd party vendor
WAI, ENF or UTM for SMB’s
NAT X X   Windows Server 2012 RRAS
– 3rd party vendor
WAI, ENF or UTM for SMB’s
Edge Firewall X X   3rd party vendor ENF or UTM for SMB’s
     Stateful Packet filtering X X   3rd party vendor ENF or UTM for SMB’s
Application Layer Firewalling X X X 3rd party vendor WAF, ENF or UTM for SMB’s
     HTTP Filter X X X 3rd party vendor WAF, ENF or UTM for SMB’s
     HTTPS Inspection   X X 3rd party vendor WAF, ENF or UTM for SMB’s
Intrusion Prevention and Intrusion Detection system X X   3rd party vendor WAI, ENF or UTM for SMB’s</
td>
Web proxy and Web caching Server X X   Web proxy:
– 3rd party vendor
Web Caching Server:
Windows Azure Caching Services for Cloud solutions integration
IIS Application Request Router
– 3rd party product
SWG, PaaS or UTM for SMB’s
     URL Filtering   X   – 3rd party vendor SWG or UTM for SMB’s
     Malware Inspection   X   – 3rd party vendor SWG or UTM for SMB’s
Forward Proxy X X   – 3rd party vendor WAF, ADC or UTM for SMB’s
Reverse Proxy X X X WS 2012 R2 Web Application Proxy (basic)
– 3rd Party product
WAF, ADC or UTM for SMB’s
VPN Server (Client VPN and Site to Site VPN) X X   Windows Server 2012 RRAS
– 3rd party vendor
WAI, ENF or UTM for SMB’s
E-Mail Protection Gateway X X   Exchange Online Protection
– 3rd party vendor
SEG, SWG, SaaS or UTM for SMB’s
SSL VPN     X – 3rd party vendor SRA
Direct Access     X Windows Server 2012 Direct Access
– 3rd party vendor
WAI

( * ) – Glossary:  Go to section ‘1.3 Get familiar with security industry solution types’ on Part 1

 

3.  3rd Party Vendors

In this section you have a table with the available solutions of 3rd Party vendors for each type of Security solution.

If you already had identified from the above section which type of solutions you need to replace each feature of ISA, TMG and UAG, after completing all the feature set you probably ended up with a few solutions that you may need to implement.

Some types of solutions may cover more than one feature, it maybe wise that you can converge as many features has you can in one type of solution as long as it can respond to the business requirements.

Some 3rd Party vendors can easily integrate different solution types from their portfolio, sometimes we are just talking about licensing a particular module or service and don’t even need to provision dedicated Hardware.

Here are the tables of each Security solution type and their designated 3rd Party solutions:

WAI – Wired and Wireless Access Infrastructure
Vendor/Solution Reference
Cisco Switches http://www.cisco.com/en/US/products/hw/switches/index.html
Cisco Routers http://www.cisco.com/en/US/products/hw/routers/index.html
Cisco Prime Infrastructure http://www.cisco.com/en/US/products/ps12239/index.html
Cisco Mobility Services Engine http://www.cisco.com/en/US/products/ps9742/index.html
HP FlexCampus Network Solutions http://h17007.www1.hp.com/us/en/networking/solutions/campus-lan/index.aspx#tab=TAB1
Aruba Networks Unified Networks http://www.arubanetworks.com/solutions/unified-networks/
Aruba Networks Mobility Access Switches http://www.arubanetworks.com/products/mobility-access-switches/
Aruba Networks Wireless Lan http://www.arubanetworks.com/products/wireless-lan/
Aruba Networks ClearPass http://www.arubanetworks.com/products/clearpass/?click=footer
Others Alcatel-Lucent Enterprise, Motorola Solutions, D-Link, Dell, Huawei, Adtran, Juniper Networks, Xirrus, Netgear, Fortinet, Enterasys Networks
ENF – Enterprise Network Firewall
Vendor/Solution Reference
Check Point Next Generation Firewall http://www.checkpoint.com/products/firewall-next-gen/index.html
Checkpoint Software Blade http://www.checkpoint.com/products/softwareblades/architecture/index.html
Checkpoint Security Appliance http://www.checkpoint.com/products/appliances/index.html#overview
Palo Alto Networks Firewall Platforms https://www.paloaltonetworks.com/products/platforms/firewalls.html
Palo Alto Network Virtualized Firewalls https://www.paloaltonetworks.com/products/platforms/virtualized-firewalls/vm-series/overview.html
Fortinet Next Generation Firewalls http://www.fortinet.com/solutions/next_generation_firewall.html
Fortinet High Performance Firewall / VPN http://www.fortinet.com/solutions/firewall.html
Cisco Firewalls ASA http://www.cisco.com/en/US/products/ps5708/Products_Sub_Category_Home.html
Juniper Networks SRX Series Services Gateways http://www.juniper.net/us/en/products-services/security/srx-series/
Juniper Networks SSG Series Secure Services Gateways http://www.juniper.net/us/en/products-services/security/ssg-series/
Juniper Networks ISG Series Integrated Security Gateways http://www.juniper.net/us/en/products-services/security/isg-series/
Others Dell SonicWall, StoneSoft, Mcafee, Watchguard, Sophos, Huawei, Barracuda Networks, Netasq, HP
UTM- Unified Threat Management
Vendor/Solution Reference
Fortinet Unified Threat Management http://www.fortinet.com/solutions/unified_threat_management.html
Check Point GAiA http://www.checkpoint.com/gaia/
Dell SonicWall TZ Series Unified Threat Management Firewall (Small) http://www.sonicwall.com/emea/en/products/TZ-Series.html
Dell SonicWall NSA Network Security Appliance Series (Mid-range) http://www.sonicwall.com/emea/en/products/NSA-Series.html
Dell SonicWall SuperMassive Series (Enterprise) http://www.sonicwall.com/emea/en/products/SuperMassive-Series.html
Watchguard XTM Next-Generation Network Security http://www.watchguard.com/products/xtm-main.asp
Sophos Unified Threat Management http://www.sophos.com/en-us/products/unified-threat-management.aspx
Others Cisco, Juniper Networks, Cyberoam, Netasq, Huawei, gateprotect, Clavister, Kerio
SWG – Secure Web Gateway
Vendor/Solution Reference
Cisco Web Security Appliance http://www.cisco.com/en/US/products/ps10164/index.html
Cisco Cloud Web Security http://www.cisco.com/en/US/products/ps11720/index.html
Blue Coat ProxySG http://www.bluecoat.com/products/proxysg
Blue Coat ProxyAV (ProxySG AV Add-on) http://www.bluecoat.com/products/proxyav
Blue Coat Web Flter (ProxySG Web Filter Add-on) http://www.bluecoat.com/products/webfilter
Blue Coat Secure Web Gateway Virtual Appliance http://www.bluecoat.com/products/secure-web-gateway-virtual-appliance
Blue Coat Web Security Service (Cloud Service) http://www.bluecoat.com/products/web-security-service
Websense Websecurity Gateway (Appliance) http://www.websense.com/content/web-security-gateway-features.aspx
Websense Websecurity Gateway Anywhere (Hybrid) http://www.websense.com/content/web-security-gateway-anywhere-features.aspx
Websense Cloud Websecurity Gateway http://www.websense.com/content/cloud-web-security-gateway-features.aspx
Zscaler Cloud Web Security http://www.zscaler.com/product-cloud-security/cloud-web-security.php
Barracuda Web Filter (Appliance) https://www.barracuda.com/products/webfilter
Barracuda Web Filter Vx (Virtual) https://www.barracuda.com/products/webfiltervx
Barracuda Web Security Service (Cloud) https://www.barracuda.com/products/websecurityflex
Mcafee Web Gateway (Appliance) http://www.mcafee.com/us/products/web-gateway.aspx
Mcafee SaaS Web Protection (Cloud) http://www.mcafee.com/us/products/saas-web-protection.aspx
Symantec Web Gateway http://www.symantec.com/web-gateway
Symantec Web Security.Cloud http://www.symantec.com/web-security-cloud
Others Trend Micro, Trustwave-M86 Security, Sophos, ContentKeeper Technologies, Sangfor, Phantom Technologies, EdgeWave, Optenet
WAF – Web Applicaiton Firewall
Vendor/Solution Reference
F5 – Big IP (WAF module – license) http://www.f5.com/products/big-ip/
Imperva SecureSphere Web Application Firewall http://www.imperva.com/products/wsc_web-application-firewall.html
Barracuda Web Application Firewall: https://www.barracuda.com/products/webapplicationfirewall
Barracuda Web Application Firewall for Applications hosted on Windows Azure (NEW) https://www.barracuda.com/WAFonAzure
Radware Web Application Firewall http://www.radware.com/resources/rclp.aspx?campaign=1632124&utm_campaign=seer%20msn%20application%20security%20search=&wt.srch=1&utm_source=msn&utm_medium=cpc&utm_term=barracuda%20web%20application%20firewall&wt.mc_id=seer%20msn%20application%20security%20search
Citrix NetScaler AppFirewall http://www.citrix.com/products/netscaler-appfirewall/overview.html
Others Breach Security, Deny all, Cisco, ModSecurity, Protegrity
ADC – Application Delivery Content
Vendor/Solution Reference
F5 – Big IP http://www.f5.com/products/big-ip/
Cytrix NetScaler 10 http://www.citrix.com/products/netscaler-application-delivery-controller/overview.html
Radware Alteon http://www.radware.com/Products/ApplicationDelivery/Alteon/default.aspx
Barracuda Load Balancer ADC https://www.barracuda.com/products/loadbalancer
Others Riverbed, A10 Networks, Brocade, Array Networks, Coyote Point, Cisco, Sangfor
SRA- Secure Remote Access
Vendor/Solution Reference
Dell SonicWall SSL VPN Secure Remote Access http://www.sonicwall.com/emea/en/products/Secure-Remote-Access.html
Barracuda SSL VPN https://www.barracuda.com/products/sslvpn/
F5 – SSL VPN http://www.f5.com/it-management/solutions/ssl-vpn-security/overview/
F5 – Big IP Edge Gateway http://www.f5.com/products/big-ip/big-ip-edge-gateway/overview/
Juniper Networks SA Series SSL VPN http://www.juniper.net/us/en/products-services/security/sa-series/
Others Array Networks, Check Point, Citrix, Cisco, Cryptzone, Nexus, Palo Alto Networks, Sangfor Technologies

 

Please note that the mentioned 3rd party solutions and links may be subject to change.

 

4.  Should I stay or should I go

One of the major concerns is about the right time to start dephasing ISA, TMG and UAG.

Per Microsoft Support Lifecycle of these products, ISA Server still has extended support, TMG and UAG have Mainstream support until 2015 and extended support until 2020.

Products Released
Lifecycle Start Date Mainstream Support End Date Extended Support End Date
Internet Security and Acceleration Server 2006 Enterprise Edition
10/17/2006 01/10/2012 01/10/2017
Internet Security and Acceleration Server 2006 Standard Edition 10/17/2006
01/10/2012
01/10/2017

 

Products Released
Lifecycle Start Date Mainstream Support End Date Extended Support End Date
Forefront Threat Management Gateway 2010 Enterprise
12/1/2009 4/14/2015 4/14/2020
Forefront Threat Management Gateway 2010 Standard 12/1/2009
4/14/2015
4/14/2020
Products Released
Lifecycle Start Date Mainstream Support End Date Extended Support End Date
Forefront Unified Access Gateway 2010
1/26/2010 4/14/2015 4/14/2020

 

So, should you rush to the dephase process or hold your horses for a while?

Some time ago you had to respond to business needs, you defined your ICT priority areas and had to accommodate on your budget the investment of ISA, TMG or UAG, so you obviously have a ROI to achieve.

Despite the fact that there is a ROI to be accomplished, ISA Server is out of development and you can’t expect too much being developed during the Mainstream support of TMG and UAG.

Being secure stands for evolving into the dynamics of changing threats, regulations, compliance and business needs, which basically mean that you need to evaluate if your Forefront solutions can respond to these challenges, if they can’t, no matter if your ROI has been achieved it is prudent to move forward to a new solution.

All said, for the majority of organizations the sense for a transition process is NOW, again one size does not fit all, you need to evaluate your particular situation.

 

 

This completes the series of Forefront TMG and UAG Phase out/alternatives.

 

R-Tape Loading error,
Luís Rato

Forefront TMG and UAG Phase out/alternatives – Part 1

•3 de Janeiro de 2014 • Deixe um Comentário

Hi there guys,

many of you are already aware that Microsoft announced the end of line for the security products “Forefront”, based on the announcement on 12/09/2012 the following products had been discontinued:

Important Changes to Forefront Product Roadmaps – 12/09/2012:

“We are discontinuing any further releases of the following Forefront-branded solutions:

    • Forefront Protection 2010 for Exchange Server (FPE)
    • Forefront Protection 2010 for SharePoint (FPSP)
    • Forefront Security for Office Communications Server (FSOCS)
    • Forefront Threat Management Gateway 2010 (TMG)
    • Forefront Threat Management Gateway Web Protection Services (TMG WPS)”

 

Until last month Forefront had only 2 products left, Microsoft Forefront Unified Access Gateway (UAG) and Microsoft Forefront Identity Manager (FIM).

There was a lot of concerns around the continuity of a particular product, namely Forefront UAG as it’s core is based on the discontinued Forefront TMG. On 17/12/2013 we finally had some clarity (many people expected this…) and the Product group announced the end of line of UAG on the current version.

Important Changes to Forefront Product Roadmaps – 17/12/2013:

“Based on product strategy, customer feedback, and prevailing market dynamics, Microsoft has made the decision not to deliver any further full version releases of Forefront UAG.”

However FIM is expected to be taken out from Forefront and be part of a Cloud Service somewhere in 2015, Identity-as-a-Service should be a reality at that time and to achieve a simplified model that requires a lot of transformation, I have my idea about what should be coming but that’s just a guess.

 

So based on many customers feedback and concerns I had about this topic I ended up with some common and frequent questions:

  • What are the alternatives for TMG and UAG?
    Answer: It depends.
  • When should I start dephasing TMG and UAG?
    Answer: It depends.

I don’t want to leave you with the typical consultant answer and more uncertainty so I’ll guide you through the relevant concerns that will help you moving forward.

 

1. Before you start looking for alternatives

1.1 Forefront TMG and UAG features

As you probably know TMG and UAG are multi-feature products so you first need to determine what features you are using on your infrastructure.

The following table can help you to identify which features are present on ISA, TMG and UAG and with that you can easily map to your own network environment what’s being used.

 

Features ISA TMG UAG
Route X X  
NAT X X  
Edge Firewall X X  
     Stateful Packet filtering X X  
Application Layer Firewalling X X X
     HTTP Filter X X X
     HTTPS Inspection   X X
Intrusion Prevention (IPS) and Intrusion Detection (IDS) system X X  
Web proxy and Web caching Server X X  
     URL Filtering   X  
     Malware Inspection   X  
Forward Proxy X X  
Reverse Proxy X X X
VPN Server (Client VPN and Site to Site VPN) X X  
E-Mail Protection Gateway X X  
SSL VPN     X
Direct Access     X

 

1.2 Industry standards, compliance, regulations and good practices

Prior to your decision you must consider if you need to comply with specific regulations and standards, depending on the industry segment you are in there are particular objectives that you may need to achieve to avoid penalties or avoid the harm of your business, this may involve the mitigation of certain threats, appropriate auditing and reporting capabilities, commit with OLA’s, SLA’s, RTO/RPO, etc.

Do bear in mind that technology means nothing if people and processes are not part of the equation.

Just an example, the Payment card Industry (PCI DSS 2.0 standard) requires that public-facing web-applications are protected with a Web Application Firewall (WAF). It does not mention which are the elements required for the WAF solution, however Security best practices and Standards should be taken into consideration, the Web Application Firewall Criteria is to be considered as a mandatory guideline for your security implementation and part of it underlines the top 10 web application security flaws that should be mitigated.

Many security vendors will state that their solutions commit to OWAP – top 10 web application security flaws, PCI DSS and many other security standards, these maybe good indicators for what you need to achieve, however many times securing your environment may involve more than one solution to mitigate multiple layers of threats, ease technology integration, facilitate user experience and provide the required business functionality. All in all, one size does not fit all and you probably will have to consider multiple solutions/vendors.

 

PCI DSS 2.0 compliance (section 6.6):

 

PCI DSS 2.0 Requirements Testing Procedures
6.6 For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:

· Reviewing public-facing web applications via manual or automated application vulnerability security assessment tools or methods, at least annually and after any changes

· Installing a web-application firewall in front of public-facing web applications

6.6 For public-facing web applications, ensure that either one of the following methods are in place as follows:

· Verify that public-facing web applications are reviewed (using either manual or automated vulnerability security assessment tools or methods), as follows:

– At least annually

– After any changes

– By an organization that specializes in application security

– That all vulnerabilities are corrected

– That the application is re-evaluated after the corrections

· Verify that a web-application firewall is in place in front of public-facing web applications to detect and prevent web-based attacks.

Note: ―An organization that specializes in application security‖ can be either a third-party company or an internal organization, as long as the reviewers specialize in application security and can demonstrate independence from the development team.

 

OWASP 2013 – Top 10 Web application security flaws:
https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project

A1 Injection
A2 Broken Authentication and Session Management
A3 Cross-Site Scripting (XSS)
A4 Insecure Direct Object References
A5 Security Misconfiguration
A6 Sensitive Data Exposure
A7 Missing Function Level Access Control
A8 Cross-Site Request Forgery (CSRF)
A9 Using Components with Known Vulnerabilities
A10 Unvalidated Redirects and Forwards

 

OWASP – Web Application Firewall Criteria:
https://www.owasp.org/index.php/Web_Application_Firewall

  • Protection Against OWASP Top Ten!
  • Very Few False Positives (i.e., should NEVER disallow an authorized request)
  • Strength of Default (Out of the Box) Defenses
  • Power and Ease of Learn Mode
  • Types of Vulnerabilities it can prevent.
  • Detects disclosure and unauthorized content in outbound reply messages, such as credit-card and Social Security numbers.
  • Both Positive and Negative Security model support.
  • Simplified and Intuitive User Interface.
  • Cluster mode support.
  • High Performance (milliseconds latency).
  • Complete Alerting, Forensics, Reporting capabilities.
  • Web Services\XML support.
  • Brute Force protection.
  • Ability to Active (block and log), Passive (log only) and bypass the web trafic.
  • Ability to keep individual users constrained to exactly what they have seen in the current session
  • Ability to be configured to prevent ANY specific problem (i.e., Emergency Patches)
  • Form Factor: Software vs. Hardware (Hardware generally preferred)

1.3 Get familiar with security industry solution types

For each business requirement that are certain solution types provided by the security industry which you can find on the following table (click on the highlighted solutions for further description):

Security Solution Description
WAI Wired/Wireless Access Infrastructure
ENF Enterprise  Network Firewall
UTM (Small, Medium Business) Unified Threat Management for Small Medium Business
SWG Security Web Gateway
WAF Web Application Firewall
ADC Application Deployment Controller
SEG Secure Email Gateway
SaaS Software as a Service
PaaS Platform as a Service
SRA Secure Remote Access

You’ll need this table later on for Glossary proposes and every time you start digging into 3r-party vendors their solutions will probably be compartmented like this.

 

This ends the first Part of Forefront TMG and UAG Phase out/alternatives. Have a look on Part 2 to complete the series.

 

R-Tape Loading error,
Luís Rato

Top-notch Windows PC that defeated the greatest Mac Pro VS Superb and cheaper Windows PC

•1 de Janeiro de 2014 • Deixe um Comentário

Greetings folks and happy new year!

following my previous post Top-notch Windows PC VS Apple Mac Pro where I’ve contradicted some fuzz around the alleged theory that a Mac Pro with the highest specifications would be cheaper than a Top-notch Windows PC with similar configuration (The New Apple Mac Pro is Here – But Can We Build it Better (and Cheaper) PC DIY Style?), as promised I am bringing here an even more cheaper Windows PC configuration without compromising the good design/form factor, extended functionality and performance.

As the Mac Pro has already been defeated on this challenge, now it’s a challenge between “Top-notch Windows PC that defeated the greatest Mac Pro VS Superb and cheaper Windows PC”, this title might disturb some Apple fanboys but it sounds great to me.

Part 1: Objectives

On my previous post I’ve made a selection of prime hardware components, however from the budget perspective it is not rational to pick up a selection of the most expensive hardware components, this time I want to achieve the best value for money while at the same time keeping the optimal design, functionality and performance.

Here is the list of changes:

– Storage: Don’t need 1TB of high performance PCIe Storage

For 99,999% of people 1TB is designated to store cold data, hot data normally lives at the Operating system and Applications level. Let’s be real, PCIe SSD with Read 2160MB/sec| Write 1980MB/sec has been made for a server machine and not a client/consumer machine, even at the server side only for very specific scenarios you would pay an high price rate to get such performance.

On this rational configuration I will keep the highest performance for the Operating system and Applications with a dedicated SSD PCIe and to Store cold data and file system operations I will designate a SATA3 SSD, so we need 2 SSD’s, one lower capacity PCIe and other higher capacity SATA3.

– Case: Don’t need a case with integrated high resolution LCD

Very few people will desire a case with an integrated high resolution LCD, a PC stands for being connected to an external screen so why I would need to visualize a movie from the PC Box? We never know…

For the rational config I’ve made a case selection where I will keep the same good look and feel, extended functionality for a optimal experience on home/audio media consumption, which means that you can turn on the machine and play media from a remote control.

– PSU: Don’t need the most expensive PSU

Remember the challenge? Saving money, maintain performance and functionality, yeh I know, this corporate bullsh*t approach sucks, to be honest I hate corporate bullsh*t so in real life from my own budget I wouldn’t change the PSU from the Top-Notch configuration (Silverstone Strider Gold Evolution), but again, numbers are numbers and we must achieve our lower budget.

Part 2: Mac Pro Top Specs and Price

Let’s recap the highest configuration and price of the Mac Pro:

Processor: 2.7GHz Xeon 12-core with 30MB of L3 cache
Memory: 64GB (4x16GB) of 1866MHz DDR3 ECC
SSD: 1TB PCIe-based flash storage
Graphics: Dual AMD FirePro D700 GPUs with 6GB of GDDR5 VRAM each

Price: $9,599.00 (does not include Sales Taxes)

Link for Mac Pro setup:
http://store.apple.com/us/buy-mac/mac-pro?product=MD878LL/A&step=config

mac-pro-gallery6-2013mac-pro-gallery7-2013_GEO_US

Part 3: Superb and cheaper Windows PC

This time the Windows PC Hardware configuration that I will present here is a rational approach with budget constraints in mind. I really don’t want to be distant from the Top-notch Windows PC and the Apple Mac Pro with top specifications, so apart from the budget challenge I’ve maintained the Performance, functionality and fancy design requirements.

I want to emphasize that when you chose a Mac Pro you don’t know the detailed hardware specifications, that is somehow frustrating for such prime Price. On the Hardware world CPU’s, Memory, GPU’s, SSD’s, Motherboards can perform with higher or lower speed/bandwidth and that can represent a major difference of performance.

I don’t want to leave you with the same frustration so I will be very transparent, for each Hardware component you have the Specifications and a link for the vendor detailed specification, the retail price and a link for the retailer website.

CPU: Intel® Xeon® Processor E5-2697 v2 (30M Cache, 2.70 GHz)

I’m keeping the same Intel Xeon Ivy Bridge E5 with 12 Cores.

47490-thickbox_default

Processor Number: E5-2697V2
# of Cores: 12
# of Threads: 24
Clock Speed: 2.7 GHz
Max Turbo Frequency: 3.5 GHz
Cache: 30 MB
Lithography: 22nm
Memory Types: DDR3-800/1066/1333/1600/1866

Full CPU Specs here: http://ark.intel.com/products/75283

Retail price: 2.376,10€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?controller=product&id_product=36827&utm_source=kuantokusta

Motherboard: Asus X79-DELUXE

I am keeping the same Motherboard to maintain the functionality and high quality level.

Socket: LGA2011 – Intel® Socket 2011 Core™ i7 Extreme Edition/Core™ i7 Processors

P_500

Memory:
8 x DIMM, Max. 64GB, DDR3 2800(O.C.)/2400(O.C.)/2133(O.C.)/1866/1600/1333/1066 MHz Non-ECC, Un-buffered Memory
Quad Channel Memory Architecture

Multi-GPU Support: Supports NVIDIA® 3-Way SLI™ Technology | Supports AMD Quad-GPU CrossFireX™ Technology

Expansion Slots:
3 x PCIe 3.0/2.0 x16 (dual x16 or x16/x8/x8) *1
1 x PCIe 3.0/2.0 x16 (x4 mode)
2 x PCIe x1

Storage:
Intel® X79 chipset:
2 x SATA 6Gb/s port(s), black
4 x SATA 3Gb/s port(s), black
Support Raid 0, 1, 5, 10
Marvell® PCIe 9230 controller:
4 x SATA 6Gb/s port(s), dark brown
ASMedia® ASM1061 controller:
2 x SATA 6Gb/s port(s), dark brown
2 x Power eSATA 6Gb/s port(s), green

LAN:
Intel® 82579V, 1 x Gigabit LAN Controller(s)
Realtek® 8111GR, 1 x Gigabit LAN Controller(s)
Dual Gigabit LAN controllers- 802.3az Energy Efficient Ethernet (EEE) appliance
Intel® LAN- Dual interconnect between the Integrated LAN controller and Physical Layer (PHY)

Wireless Data Network:
Wi-Fi 802.11a/b/g/n/ac
Supports dual band frequency 2.4/5 GHz

Bluetooth: Bluetooth V4.0

Audio:
Realtek® ALC1150 8-Channel High Definition Audio CODEC
– Supports : Jack-detection, Multi-streaming, Front Panel Jack-retasking
Audio Feature :
– Absolute Pitch 192kHz/ 24-bit True BD Lossless Sound
– DTS Ultra PC II
– DTS Connect
– Optical S/PDIF out port(s) at back panel
– BD Audio Layer Content Protection

USB Ports:
Intel® X79 chipset:
12 x USB 2.0/1.1 port(s) (4 at back panel, black, 8 at mid-board)
ASMedia® ASM1042 controller:
8 x USB 3.0/2.0 port(s) (6 at back panel, blue, 2 at mid-board)

Full Motherboard Specs here: http://www.asus.com/Motherboards/X79DELUXE/#specifications

Retail price: 343,96€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?id_product=43566&controller=product

SSD1 – Base OS install: OCZ SSD Revodrive3 120GB PCI-E 975/875Mbs

For a rational computer setup it makes sense that I would build it with multi-tier storage.

I am designating a small sized PCIe SSD for the OS and Apps installation, user profiles and memory swap file, normally on a client computer this is the hot data.

120GB is enough for all of this and I’ve downgraded one level on the performance lineup which makes a lot of sense in value for money.

revodrive3_lrg

Capacity: 120GB
Interface: PCIe Gen. 2 x4
Sequential Reads: 975MB/s
Sequential Writes: 875MB/s
Random 4k Read IOPS2: 30,000 IOPS
Random 4k Write IOPS2: 120,000 IOPS

Full SSD Specs here:
http://ocz.com/consumer/revodrive-3-pcie-ssd/specifications

Retail price: 299,00€ (23% VAT included)
Retailer: http://www.nanochip.pt/pt-PT/p/44657/OCZ-SSD-Revodrive3-240GB-PCI-E-1000900Mbs—RVD3-FHPX4-240G_OCZSSDREVO3240GB.htm

SSD2 – Store data: SAMSUNG SSD 750GB SATA III Serie 840 EVO Basic

As mentioned on the above SSD1 this computer setup is built with multi-tier storage.

For cold data and typical file system operations we don’t really need the ultimate performance of a PCIe storage with large capacity. As for hot data we already have a small sized and top performance PCIe SSD for Storage needs of cold data we can decrease the capacity to 750GB and use the regular SATA III SSD.

This multi-tier approach saves a lot of money and keeps the highest performance and storage needs in a way that makes more sense.

SSD840EVO_007_Dynamic_Black_1

Capacity: 750GB
Interface: 2.5″ SATA III
Series: 840 EVO
Sequential Reads: 540MB/s
Sequential Writes: 520MB/s
Random Read Speed: 98k
Random Write Speed: 90k

Full SSD Specs here:
http://www.samsung.com/us/computer/memory-storage/MZ-7TE750BW-specs

Retail price: 438,50€ (23% VAT included)
Retailer: http://www.nanochip.pt/pt-PT/p/45699/SAMSUNG-SSD-750GB-SATA-III-Serie-840-EVO-Basic—MZ-7TE750BW_SAMSUNGSSD750840EB.htm?utm_source=kuantokusta

Graphics Card: AMD Radeon™ HD 7990 950M BOOST 1000M 6GB DDR5 4XmDP DVI PCI-E

On the Top-notch Windows PC I’ve selected the XFX 7990 which is more expensive than MSI. Both graphics cards are wonderful but this time the challenge is about saving money so I’ll select the dual MSI 7990.

The Mac Pro D700 Graphics Card supports 3.5 teraflops.
The matching GPU for D700 on the Windows PC is AMD Radeon HD 7990 and it can even perform better with it’s 4,0 Teraflops. I believe that the difference should be in the GPU Clock as it can go from 950mhz to 1000mhz.

five_pictures4_2803_20130418162136_mGPU Clock : 950MHz Boost 1000MHz
Memory Bus : 384 bit x 2
Memory Bandwidth: 576
Memory Clock : 6.0 GHz
Memory Size : 6 GB
Memory Type : DDR5
Number of Stream Processing Units: 4096

Full Graphics Specs here:
AMD Official Website: http://products.amd.com/en-us/GraphicCardDetail.aspx?id=320&f1=PC&f2=AMD+Radeon%e2%84%a2+HD+7000+Series&f3=AMD+Radeon%e2%84%a2+HD+7970&f4=&f5=AMD&f6=&f7=&f8=Yes&f9=Yes&f10=0&f11=2&f12=Yes&f13=0&f14=0&f15=&f16=0&f17=0&f18=&f19=1&f20=0&f21=0&

MSI Official Website: http://www.msi.com/product/vga/R7990-6GD5.html#/?div=Specification

MSI Retail price: 989,00€ (23% VAT included)
http://www.nanochip.pt/pt-PT/p/44978/MSI-ATI-HD7990-6GB-DDR5-PCI-E—R7990-6GD5_MSIHD79906GBDDR5.htm

Memory: 64GB DDR3 GSkill RipjawsZ F3-1866C10Q2-64GZM

From my previous configuration nothing changes on the memory side.

The Mac Pro 64Gb configuration has ECC memory, the vast majority of memory available is unbuffered (non-ECC), I was not able to find ECC memory for a 64Gb setup and the MotherBoard also does not mention ECC memory support.

To respect the MotherBoard and Intel Xeon E5 compatibility I’ve opted for Non-Buffered memory with a good latency, 1,5Voltage, DDR3 1866Mhz – PC3-14900. Again we don’t know the Mac Pro memory specs to evaluate the memory Latency.

1401

Clock Speed: DDR3-1866 (PC3-14900)
Kit: 64GB (8GBx8)
Latency: CL10-11-10-30
Voltage: 1.5 Volt
Compatible: Intel Core i7 processor family for socket LGA-2011(Ivy Bridge-E)

Full Graphics Specs here:
http://www.gskill.com/en/finder?cat=31&series=0&prop_3=1866MHz&prop_4=0&prop_1=0&prop_2=64GB+%288GBx8%29

Retail price: 582,49€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?id_product=43739&controller=product

Case: Silverstone CW02 Black

On my previous configuration I’ve opted for the top selection of cases, they had an integrated High-resolution LCD, turns out that such fancy HTPC is very expensive and only very few people would spend a bunch of money for that.

Once again I don’t want to leave you embarrassed with your Windows PC against the Mac Pro Cylinder, the Silverstone CW02 has a Prime aluminum finish, a small and integrated LCD and also a remote control which gives you a wonderful Home Audio/Cinema experience.

You also have the hidden front USB 3.0, Firewire and 3.5mm jack for a flexible connection and computer interaction. With the external 5.25” bay you can mount a Blueray drive if you want, the interior housing capabilities with has 6 3.5” bays give you the flexibility to extend the multi-tier to a 3rd-level of storage with SATA 3.0 HDD of 3TB/4TB on each available bay.

On this computer configuration if you are already occupying one 3.5” internal bay with the SSD2 Samsung 750GB, you have 5 more 3.5” internal bays, so in theory you can have more 20TB of Storage (5 bays X 4TB SATA3 HDD’s).

This is a clear demonstration of the advantages of a Windows PC, extensibility and flexibility. 🙂

CW02

Color: black

Format: ATX

Use: HTPC Case

Dimensions (WxHxD): 435 mm x 225 mm x 440 mm

Weight without packaging: 8.2 kg

PSU: incorporatable format ATX

Bays:
-5.25 inch, externally 1
-3.5-inch internal 6

Case Fans:
-92 mm 2 x mountable
-120 mm: 1 x available

Material: Aluminum

Housing characteristics:
-Quality and very thick aluminum walls
-Vibration-absorbing drive cage
-High-end HTPC system
-Two large knobs for volume and navigation

Back:
-ATX panel
-Power adapter port
-120-mm fan
-7 x slot openings (Main Board)

Front:
-VF display
-Power button
-LEDs (power, HDD)
-Card reader
-Knobs to control
-2 x USB 3.0
-1 x FireWire
-2 x 3.5 mm jack

Card Reader: Yes

Delivery:
-MCE IR receiver
-MCE remote control
-Remote control and multimedia pack

Full Case Specs here:
http://www.silverstonetek.com/product.php?pid=138&area=en

Retail price: 350,65€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?controller=product&id_product=21867

PSU: Silverstone Technology SST-ST1000-P 1000W

The minimum requirement for a double AMD Radeon 7990 is 1000W.

On this computer configuration we have budget constraints so to save a few € I’ve downgraded PSU from 80 Plus Gold standard to 80 Plus Silver.

Per Silverstone recommendation the minimum requirement for a double 7990 configuration is 1000W. Like the top Silverstone Strider Gold Evolution the Strider Plus series PSU’s have interesting features, such as the modular cables that you can attach and detach (space free inside the case = better air flow and temperature), 2200uF capacitors for the PCIe connectors to reduce the electric noise and supports 80A on 12V+ and a lot of protection functions.

1000W_Silver

Color: black
Watts: 1000W
Combined Power: 3.3 V/5V 180 watts
Combined 12V: 960W/80A (Peak 85A)
Efficiency: 85-88%  at 20%~100% loading

Connectors:
1 x 24 / 20-Pin motherboard connector(550mm)
1 x 8 / 4-Pin EPS / ATX 12V connector(750mm)
1 x 8 / 4-Pin EPS / ATX 12V connector(550mm)
4 x 8/6-Pin PCIE connector(550mm)
2 x 6-Pin PCIE connector(550mm / 150mm)
6 x SATA connector(500mm / 250mm / 250mm)
6 x 4-Pin Peripheral connector (500mm / 250mm / 250mm)
2 x 4-Pin Floppy connector(500mm / 250mm / 250mm / 150mm)

Currents:
+3.3 V 30 A
+5 Vsb 3.5 A
+5 V 30 A
+12 V1 80 A
-12V 0.3 A

Protections:
Over current protection
Over power protection
Over voltage protection
Under voltage protection
Over temperature protection
Short circuit protection
No load protection

Properties: Active PFC
Features: ATX12V 2.3, Modular cable management, 80 PLUS Silver

Form Factor: ATX  PS/2
Power Supply Fan: 1 x 135mm silent fan
Weight without packaging: 3,0 kg

Dimensions (WxHxD): 150 mm x 86 mm x 180 mm

Full PSU Specs here:
http://www.silverstonetek.com/product.php?pid=238&area=en

Retail price: 178,01€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?id_product=35470&controller=product

OS: Microsoft Windows 8.1 64bit PT OEM

Retail price: 106,00€ (23% VAT included)
Retailer: http://www.pcdiga.com/2/12120/Microsoft-Windows-8-1-64bit-PT-OEM-WN7-00605?

Part 4: Wrap up – Top-notch Windows PC, Superb and cheaper Windows PC and Mac Pro Price comparison

Top-notch Windows PC:

Component Description

Price (Incl. 23% Vat)

Units

Total (Incl. 23% Vat)

CPU Intel Xeon E5 2697V2 2011

2 376,10 €

1,00

2 376,10 €

Motherboard ASUS P9X79 DELUXE

327,00 €

1,00

327,00 €

Memory G.Skill 64GB 1866-10 RipjawsZ

582,49 €

1,00

582,49 €

SSD Mushkin 960GB 2150/1950 ScorpionDX PCIe

1 200,77 €

1,00

1 200,77 €

Graphics XFX Radeon HD7990 6GB GDDR5 PCI-E

1 049,00 €

2,00

2 098,00 €

Case Origen AE S16T

610,88 €

1,00

610,88 €

PSU Silverstone ST1000-G Evolution 2.0 1000W

203,97 €

1,00

203,97 €

OS Microsoft Windows 8.1 64bit PT OEM

106,00 €

1,00

106,00 €

7 505,21 €

Superb cheaper Windows PC:

Component Description Price (Incl. 23% Vat) Units Total (Incl. 23% Vat)
CPU Intel Xeon E5 2697V2 2011

2 376,10 €

1,00

2 376,10 €

Motherboard ASUS P9X79 DELUXE

327,00 €

1,00

327,00 €

Memory G.Skill 64GB 1866-10 RipjawsZ

582,49 €

1,00

582,49 €

SSD1 OCZ SSD Revodrive3 120GB PCI-E 975/875Mbs

299,00 €

1,00

299,00 €

SSD2 SAMSUNG SSD 750GB SATA III Serie 840 EVO Basic

438,50 €

1,00

438,50 €

Graphics MSI ATI HD7990 6GB DDR5 PCI-E – R7990-6GD5

989,00 €

2,00

1 978,00 €

Case Silverstone CW02 Black

350,65 €

1,00

350,65 €

PSU Silverstone Technology SST-ST1000-P 1000W

178,01 €

1,00

178,01 €

OS Microsoft Windows 8.1 64bit PT OEM

106,00 €

1,00

106,00 €

6 635,75 €

Mac Pro:

Component Description

Price

(no Tax)

Tax

(average)

Total

(w/ Tax)

Total €

(w/ Tax)

CPU
Processor: 2.7GHz Xeon 12-core with 30MB of L3 cache

$9 599,00

10%

$10 558,90

7 643,59€

Motherboard Wireless AC+Bluetooth 4.0, 4 USB 3.0, 6 Thunderbolt, Dual Gigabit LAN, HDMI 1.4
Memory Memory: 64GB (4x16GB) of 1866MHz DDR3 ECC
SSD SSD: 1TB PCIe-based flash storage
Graphics Dual AMD FirePro D700 GPUs with 6GB of GDDR5 VRAM each
Case Cylinder 9,9″Height, 6.6″ Diameter and 11lb weight
PSU 450W
OS OSX Mavericks 10.9

For the price analysis on the Windows PC components from Portuguese retailers I’ve included the Portuguese VAT 23% (which is a complete robbery…) and for the Mac Pro on the Apple US online Store I’ve included the sales Tax (they don’t use VAT but use Sales tax) which is different from state to state so I’ve used an average of 10%.

For the currency conversion between USD and EUS I’ve used today’s post rate of 1 USD = 0.723900 EUR.

Part 5: Conclusion

It’s never been my intent to contradict the Mac Pro superior design, can’t talk about the hw engineering without seeing one from the inside, obviously the Cylinder form factor for the majority of people is much more attractive than a Standard Windows PC form factor, but for something below or on top of the desk you probably want something more than a Cylinder.

The Top-notch Windows PC was 138,38€ cheaper than the Mac Pro and the Superb and cheaper Windows PC was 1 007,84€ cheaper than the Mac Pro, now we are talking about an huge budget difference and pushing the value for Money of a Windows PC even higher.

Keep in mind that the hw specifications I’ve used on the Windows PC are superior to the Mac Pro and I’ve always managed to get a cheaper PC, basically after this two posts I just wanted to make proof that there’s no such thing of a Mac Pro being cheaper than a Windows PC.

R-Tape Loading error,
Luís Rato

Top-notch Windows PC VS Apple Mac Pro

•30 de Dezembro de 2013 • Deixe um Comentário

Greetings folks,

a very recent post made by Stephan Fung came to my notice where he mentions that a Mac Pro with top specs is cheaper than a top spec Windows PC. Paradigm shift or something went wrong with the analysis? Guess what…

Full article can be found here:

The New Apple Mac Pro is Here – But Can We Build it Better (and Cheaper) PC DIY Style?
http://www.futurelooks.com/new-apple-mac-pro-can-build-better-cheaper-pc-diy-style/

 

Part 1: Why I disagree with the article

Well, obviously I have to disagree with the argument and the whole article he published, here are the reasons:

– The hardware mapping he has done between the Mac Pro and Windows PC it’s not correct, he lowered the Windows PC Specs, browsed PC retailers with high prices and that pushed even more the lower value for money of a Windows PC:

– He has chosen Micro-ATX form factor, however current Micro-ATX motherboards only have 4 Dimm sockets which mean that can only support 32Gb of RAM (4x8GB);

– The Motherboard Asus Rampage IV Gene is Micro-ATX and can only take 32Gb of RAM, the Mac Pro top Specs support 64Gb;

– The memory is the CORSAIR Vengeance LP 32GB kit (4 x 8GB) 240-Pin DDR3 SDRAM DDR3 1866, the Mac Pro top Specs support 64Gb;

– The SSD/Storage is the Samsung 840 Pro Series 512GB SATA3 2.5 inch MLC SSDs, the Mac Pro top Specs support 1TB of SSD Storage PCIe;

– The Graphics Card AMD FirePro W9000 6GB GDDR5 is not the best fit for the PC when compared with the D700 of Mac Pro, there is a much better option in terms of Performance and Price, the AMD Radeon HD7990 6GB GDDR5 PCI-E is much more cheaper and outperforms the FirePro W9000 and the Mac Pro D700 with 4k teraflops against 2k Teraflops of W9000 and 3,5k Teraflops of D700.

– The case Silverstone FT03 is for Micro~ATX form factor, as mentioned we need an ATX form factor. The FT03 is either a low-end case from Silverstone, if we want to compare head to head a Windows PC with the Mac Pro we have to be fair and chose a top-notch Case.

– SSD Samsung 840 Pro Series 512GB SATA3 2.5 inch, first it does not have 1TB of Storage, second it is SATA3 where the Mac Pro top specs offer 1TB PCIe, again the Hardware mapping failed dramatically.

 

Part 2: Mac Pro Top Specs and Price

If we go ahead to Apple website and configure a Mac Pro with the Top Specs like Mr. Fung did, we would get something like this today:

Processor: 2.7GHz Xeon 12-core with 30MB of L3 cache
Memory: 64GB (4x16GB) of 1866MHz DDR3 ECC
SSD: 1TB PCIe-based flash storage
Graphics: Dual AMD FirePro D700 GPUs with 6GB of GDDR5 VRAM each

Price: $9,599.00 (does not include Sales Taxes)

Link for Mac Pro setup:
http://store.apple.com/us/buy-mac/mac-pro?product=MD878LL/A&step=config

mac-pro-gallery6-2013mac-pro-gallery7-2013_GEO_US

 

Part 3: Windows PC with the same Mac Pro top Specs

The Windows PC Hardware configuration that I will present here is an accurate mapping for a Mac Pro with the top specifications like I’ve described above.

I want to emphasize that when you chose a Mac Pro you don’t know the detailed hardware specifications, that is somehow frustrating for such prime Price. On the Hardware world CPU’s, Memory, GPU’s, SSD’s, Motherboards can perform with higher or lower speed/bandwidth and that can represent a major difference of performance.

I don’t want to leave you with the same frustration so I will be very transparent, for each Hardware component you have the Specifications and a link for the vendor detailed specification, the retail price and a link for the retailer website.

 

CPU: Intel® Xeon® Processor E5-2697 v2 (30M Cache, 2.70 GHz)

I’m keeping the same Intel Xeon Ivy Bridge E5 with 12 Cores.

47490-thickbox_default

Processor Number: E5-2697V2
# of Cores: 12
# of Threads: 24
Clock Speed: 2.7 GHz
Max Turbo Frequency: 3.5 GHz
Cache: 30 MB
Lithography: 22nm
Memory Types: DDR3-800/1066/1333/1600/1866

Full CPU Specs here: http://ark.intel.com/products/75283

Retail price: 2.376,10€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?controller=product&id_product=36827&utm_source=kuantokusta

 

Motherboard: Asus X79-DELUXE

I could have gone through other Asus Motherboards, but the reason I’ve chosen this one it’s because it has the socket LGA2011, 3 PCIe slots, supports 64Gb Memory with Quad-channel, Multi-GPU support and latest X79 chipset.

Other interesting value points are the number of USB 2.0/3.0 Ports, Dual Gigabite Lan, Wireless AC (1300Mbps wireless support!), Bluetooth 4.0, high quality 8-channel audio and fully optimized for the best Hardware and Windows 8.1.

Socket: LGA2011 – Intel® Socket 2011 Core™ i7 Extreme Edition/Core™ i7 Processors

P_500

Memory:
8 x DIMM, Max. 64GB, DDR3 2800(O.C.)/2400(O.C.)/2133(O.C.)/1866/1600/1333/1066 MHz Non-ECC, Un-buffered Memory
Quad Channel Memory Architecture

Multi-GPU Support: Supports NVIDIA® 3-Way SLI™ Technology | Supports AMD Quad-GPU CrossFireX™ Technology

Expansion Slots:
3 x PCIe 3.0/2.0 x16 (dual x16 or x16/x8/x8) *1
1 x PCIe 3.0/2.0 x16 (x4 mode)
2 x PCIe x1

Storage:
Intel® X79 chipset:
2 x SATA 6Gb/s port(s), black
4 x SATA 3Gb/s port(s), black
Support Raid 0, 1, 5, 10
Marvell® PCIe 9230 controller:
4 x SATA 6Gb/s port(s), dark brown
ASMedia® ASM1061 controller:
2 x SATA 6Gb/s port(s), dark brown
2 x Power eSATA 6Gb/s port(s), green

LAN:
Intel® 82579V, 1 x Gigabit LAN Controller(s)
Realtek® 8111GR, 1 x Gigabit LAN Controller(s)
Dual Gigabit LAN controllers- 802.3az Energy Efficient Ethernet (EEE) appliance
Intel® LAN- Dual interconnect between the Integrated LAN controller and Physical Layer (PHY)

Wireless Data Network:
Wi-Fi 802.11a/b/g/n/ac
Supports dual band frequency 2.4/5 GHz

Bluetooth: Bluetooth V4.0

Audio:
Realtek® ALC1150 8-Channel High Definition Audio CODEC
– Supports : Jack-detection, Multi-streaming, Front Panel Jack-retasking
Audio Feature :
– Absolute Pitch 192kHz/ 24-bit True BD Lossless Sound
– DTS Ultra PC II
– DTS Connect
– Optical S/PDIF out port(s) at back panel
– BD Audio Layer Content Protection

USB Ports:
Intel® X79 chipset:
12 x USB 2.0/1.1 port(s) (4 at back panel, black, 8 at mid-board)
ASMedia® ASM1042 controller:
8 x USB 3.0/2.0 port(s) (6 at back panel, blue, 2 at mid-board)

Full Motherboard Specs here: http://www.asus.com/Motherboards/X79DELUXE/#specifications

Retail price: 343,96€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?id_product=43566&controller=product

 

SSD: PCIe Mushkin 960GB 2150/1950 ScorpionDX PCIe

This PCIe SSD is a wonderful piece of hardware, I would love to have one of this, just have a look on the Read and Write Speeds and IOPS supported, you can’t reach such performance with the available SATA3 SSD’s and that’s why Stephen Fung failed with the hardware mapping on his analysis.

Even though we don’t know which PCIe SSD is being integrated with the Mac Pro configuration but I pretty much doubt that is something compared with this one here,  that could be an huge downturn on the performance difference if they have gone for a 800MB/Sec PCIe.

scorpion-deluxe-960gb.1_f

Interface Type: PCIe 2.0 x8 Interface
Capacity: 960GB
Dimensions: 167.5 x 111.5 x 14.2mm
Temp. Range: 0-70°C (operating) / -20-85°C (storage)
Read Speed: up to 2160MB/sec
Write Speed: up to 1980MB/sec
IOPS (4K ran read): 78000
IOPS (4K ran write) 107000
MTBF: 1 million hours
Controller: Quad SandForce SF-2281 SSD processors with un-throttled IOPS

Full SSD Specs here:
http://poweredbymushkin.com/catalog/item/36-scorpion-deluxe-pcie-ssd/839-scorpion-deluxe-960gb

Retail price: 1200,77€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?controller=product&id_product=35997

 

Graphics Card: AMD Radeon™ HD 7990 950M BOOST 1000M 6GB DDR5 4XmDP DVI PCI-E

The Mac Pro D700 Graphics Card supports 3.5 teraflops.
The matching GPU for D700 on the Windows PC is AMD Radeon HD 7990 and it can even perform better with it’s 4,0 Teraflops. I believe that the difference should be in the GPU Clock as it can go from 950mhz to 1000mhz.

 

five_pictures4_2803_20130418162136_m20131127112047_FX-799A-6NF_1GPU Clock : 950MHz Boost 1000MHz
Memory Bus : 384 bit x 2
Memory Bandwidth: 576
Memory Clock : 6.0 GHz
Memory Size : 6 GB
Memory Type : DDR5
Number of Stream Processing Units: 4096

Full Graphics Specs here:
AMD Official Website: http://products.amd.com/en-us/GraphicCardDetail.aspx?id=320&f1=PC&f2=AMD+Radeon%e2%84%a2+HD+7000+Series&f3=AMD+Radeon%e2%84%a2+HD+7970&f4=&f5=AMD&f6=&f7=&f8=Yes&f9=Yes&f10=0&f11=2&f12=Yes&f13=0&f14=0&f15=&f16=0&f17=0&f18=&f19=1&f20=0&f21=0&

XFX Official Website: http://products.xfxforce.com/en-us/Graphics_Cards/AMD_Radeon™_HD_7990/FX-799A-6NF9

MSI Official Website: http://www.msi.com/product/vga/R7990-6GD5.html#/?div=Specification

XFX Retail price: 1.049,00€ (23% VAT included)
Retailer: http://www.alientech.pt/product_info.php?products_id=21387&utm_medium=cpc&utm_campaign=catalogo

MSI Retail price: 989,00€ (23% VAT included)
http://www.nanochip.pt/pt-PT/p/44978/MSI-ATI-HD7990-6GB-DDR5-PCI-E—R7990-6GD5_MSIHD79906GBDDR5.htm

 

Memory: 64GB DDR3 GSkill RipjawsZ F3-1866C10Q2-64GZM

The Mac Pro 64Gb configuration has ECC memory, the vast majority of memory available is unbuffered (non-ECC), I was not able to find ECC memory for a 64Gb setup and the MotherBoard also does not mention ECC memory support.

To respect the MotherBoard and Intel Xeon E5 compatibility I’ve opted for Non-Buffered memory with a good latency, 1,5Voltage, DDR3 1866Mhz – PC3-14900. Again we don’t know the Mac Pro memory specs to evaluate the memory Latency.

1401

Clock Speed: DDR3-1866 (PC3-14900)
Kit: 64GB (8GBx8)
Latency: CL10-11-10-30
Voltage: 1.5 Volt
Compatible: Intel Core i7 processor family for socket LGA-2011(Ivy Bridge-E)

Full Graphics Specs here:
http://www.gskill.com/en/finder?cat=31&series=0&prop_3=1866MHz&prop_4=0&prop_1=0&prop_2=64GB+%288GBx8%29

Retail price: 582,49€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?id_product=43739&controller=product

 

Case: OrigenAE S16T

What makes a Mac Pro special is the Cylindrical case and form factor. All the Mac Pro HW has been build for this form factor, the Windows PC world is more about standard form factors so we can’t opt for such type of case.

Even though I don’t want to leave you embarrassed with your Windows PC against the Mac Pro Cylinder, there are special cases that can make you shine, OrigenAE and Silverstone have top-notch HTPC cases. For this particular configuration I’ve chosen OrigenAE S16T but you have a very similar one from SilverStone at the same price range which is CW03 (http://www.silverstonetek.com/product.php?pid=161&area=en).

Both cases have an integrated LCD and remote control so that you can have a prime Home Audio/Cinema experience, now I got your attention. Winking smile

18714-thickbox_default

Dimensions: 435 x 175 x 390 mm (WxHxD)
Material: aluminum (5 mm)
Color: Silver
Weight: 6.2 kg
Form Factor: ATX, Micro ATX

Fan:
1x 92mm (side)
2 x 80 mm (rear)

Drive Bays:
1x 5.25 (External)
4 x 3.5 (internal)

Expansion Slots: 7

AC adapter (optional): Standard ATX

I / O Panel:
2x USB
1x FireWire
1x each Audio IN & OUT
1x Card Reader

TFT Display:
Size: 17.8 cm (7 inch)
Format: 15:9
Native Resolution: 800 x 480
Maximum resolution: 1920 x 1080
Operation: Touch Screen
Interface: SVGA
Power supply: 12 V / 9 W

Compatibility: Windows 9X, ME, 2000, XP (Home, Pro, MCE), Vista (32/64 bit), 7 (32/64 bit), Mac OS 9.X from; Linux

Delivery:
S16T HTPC Aluminium OrigenAE
IR receiver IR310
Remote Control
Mounting hardware, wiring

 

Full Case Specs here:
http://www.origenae.co.kr/en/htpc_s16t.htm

Retail price: 610,88€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?id_product=10627&controller=product

 

PSU: Silverstone ST1000-G Evolution 2.0 1000W

The minimum requirement for a double AMD Radeon 7990 is 1000W.

Such case deserves a prime PSU so I’ve chosen the Silverstone Strider Gold Evolution with 1000W, per Silverstone recommendation this is the minimum requirement for a double 7990 configuration. This particular PSU has some interesting features, such as the modular cables that you can attach and detach (space free inside the case = better air flow and temperature), 2200uF capacitors for the PCIe connectors to reduce the electric noise, FAN filter and supports 83VA’s on 12V+ and a lot of protection functions.

1000W

Color: Black

Total: 1,000 watts
Combined Power: 3.3 V/5V 150 watts
Combined 12V: 996 watts
Efficiency: 87-90%

Input Voltage:
230V, 50Hz
110V, 60Hz
90-264 volts

Standard: ATX 2.03, EPS, ATX12V 2.3

Main connection:
1 x ATX (20-pole), cable length 55 cm or
1 x ATX 2.x (24-pole), cable length 55 cm or
1 x EPS (24-pole), cable length 55 cm

Drive Connectors:
6 x 5.25 inch, cable length 2 x 60 cm, 2 x 75 cm, 90 cm 2 x
2 x 3.5 inches, 105 cm cable length of 2 x
8 x Serial ATA cable length of 2 x 60 cm, 2 x 75 cm, 2 x 90 cm, 2 105 cm

Graphics card connectors:
4 x 6 +2- pin, 2 x 6-pin cable length of 5 x 55 cm, 1 x 70 cm

Currents
+3.3 V 25 A
+5 Vsb 3.5 A
+5 V 25 A
+12 V1 83 A
+12 V total 83 A
-12V 0.3 A

Back:
Power Switch A

Protection functions:
Surge Protection (OCP):
Over voltage protection (OVP)
Undervoltage protection (UVP)
Overload protection (OLP / OPP)
Short circuit protection (SCP)
Thermal protection (OTP)
Operating with no load (NLP / NLO)

Properties: Active PFC

Features: ATX12V 2.3, cable management, temperature-controlled fan, 80 PLUS certified gold

Design: ATX

Power Supply Fan: 1 x 135 mm

Weight without packaging: 3.2 kg

Dimensions (WxHxD): 150 mm x 86 mm x 180 mm
Full PSU Specs here:
http://www.silverstonetek.com/product.php?pid=319&area=en

Retail price: 175,68€ (23% VAT included)
Retailer: http://moddingworld.pt/loja/index.php?id_product=13391&controller=product

 

OS: Microsoft Windows 8.1 64bit PT OEM

Retail price: 106,00€ (23% VAT included)
Retailer: http://www.pcdiga.com/2/12120/Microsoft-Windows-8-1-64bit-PT-OEM-WN7-00605?

 

Part 4: Wrap up – Windows PC and Mac Pro Price comparison

Windows PC:

 

Component Description Price (Incl. 23% Vat) Units Total (Incl. 23% Vat)
CPU Intel Xeon E5 2697V2 2011  2 376,10 € 1,00 2 376,10 €
Motherboard ASUS P9X79 DELUXE  327,00 € 1,00 327,00 €
Memory G.Skill 64GB 1866-10 RipjawsZ 582,49 € 1,00 582,49 €
SSD Mushkin 960GB 2150/1950 ScorpionDX PCIe 1 200,77 € 1,00 1 200,77 €
Graphics XFX Radeon HD7990 6GB GDDR5 PCI-E 1 049,00 € 2,00 2 098,00 €
Case Origen AE S16T 610,88 € 1,00 610,88 €
PSU Silverstone ST1000-G Evolution 2.0 1000W 203,97 € 1,00 203,97 €
OS Microsoft Windows 8.1 64bit PT OEM 106,00 € 1,00 106,00 €
7 505,21 €

Mac Pro:

Component Description

Price

(no Tax)

Tax

(average)

Total

(w/ Tax)

Total €

(w/ Tax)

CPU
Processor: 2.7GHz Xeon 12-core with 30MB of L3 cache

$9 599,00

10%

$10 558,90

7 643,59€

Motherboard Wireless AC+Bluetooth 4.0, 4 USB 3.0, 6 Thunderbolt, Dual Gigabit LAN, HDMI 1.4
Memory Memory: 64GB (4x16GB) of 1866MHz DDR3 ECC
SSD SSD: 1TB PCIe-based flash storage
Graphics Dual AMD FirePro D700 GPUs with 6GB of GDDR5 VRAM each
Case Cylinder 9,9″Height, 6.6″ Diameter and 11lb weight
PSU 450W
OS OSX Mavericks 10.9

 

 

 

For the price analysis on the Windows PC components from Portuguese retailers I’ve included the Portuguese VAT 23% (which is a complete robbery…) and for the Mac Pro on the Apple US online Store I’ve included the sales Tax (they don’t use VAT but use Sales tax) which is different from state to state so I’ve used an average of 10%.

For the currency conversion between USD and EUS I’ve used today’s post rate of 1 USD = 0.723900 EUR.

 

Part 5: Conclusion

Mr. Stephen Fung was wrong and as I’ve shown here a Windows PC is always more cheaper than a Mac Pro and I’ve left no margin to doubt of it, the Windows PC configuration I’ve set has the best hw you could have, I’ve surpassed the Mac Pro specifications with a better Motherboard, Graphics, SSD, Case and PSU.

At the end the Windows PC was 138,38€ cheaper than the Mac Pro and I ensure you that if I had chosen different HW for the Windows PC I would make it much more cheaper, I’ll leave it for my next post

 

Keep in mind that prices are subject to change anytime, they reflect the date of this post.

 

R-Tape Loading error,
Luís Rato