A passively coole

posted in: IT, Uncategorized | 0

A passively cooled micro computer as a full Windows Server 2012 R2, Azure Site to Site VPN Router, VPN endpoint for clients (SSTP/IPSEC), Remote Desktop Gateway, Failover DHCP Scope, all  in the size of 2 decks of cards.  

Earlier this week I had a micro ITX server I used as all those function go up in smoke.  The server was 5 years old and an old Atom machine.   The box functioned as the bridge from my onprem environment to Azure where I run a few servers as well (AD, ADFS, DNS, and a few other things).  This gave my environment redundancy for all critical network services (Authentication, IP addressing, and Name Resolution) in the case my main hardware was down.

I went looking for replacements and was going to go with some formal routers with DHCP relay agents that could get me close.   But I stumbled on the ECS Liva products.  

These are micro-all-in-one PCs.  This model has 2GB of ram, and 32GB of flash onboard and a mSATA expansion slot.   It even packs Wifi and Bluetooth (which I disabled).   This is a ECS Liva X, which cost me around $120.  They have a more expensive 4GB RAM/64GB Flash version for $180.   This box is passively cooled, has no moving parts, and runs off a 5v power brick and uses on average about 3W of power.   And has a handy mounting panel so you can mount it to a wall to keep it out of the way.

It has UEFI Bios, and supports Windows 8.1 and 10 natively, but will run Windows Server 2012 R2 once you update the BIOS to the latest version.   Installing Windows 2012 R2 on a 32GB flash seems tight, but the server in its full fat setup only used 30% of the disk.


The SoC chip inside is a Intel BayTrail M proc (Celeron N2808 1.58Ghz, 2 core.), with 2GB of RAM.   It has one USB 3.0, and 2x USB 2.0 ports, and one Gbit Ethernet port.  I added on a USB 3.0 NIC to give 2 network interfaces.

Once all configured, I am able to get 200Mbit/sec throughput on encrypted IPSEC tunnels on this box – CPU limited, it maxes the proc at that point.  600Mbit/sec on pure NAT translation.  That is about 2 – 4x faster than $200 soho class routers, and rivals some $700 routers. 

Even will full GUI the server idles at 75% memory use leaving some headroom.

Azure Site to Site Gateway with RRAS:

The perks of using this as an Azure router is that Server 2012 R2 Routing and Remote Access supports IKEv2 for VPN endpoints.  This allows it to connect to Azure via a Dynamic routing gateway which unlocks some nice features in Azure.    Most Cisco, Netgear, Linksys, TP-Link and other SOHO (and some enterprise hardware even) don’t support those features and force you to use Static routing in Azure which locks down the Vnet functionality substantially. 


I have full Server 2012 R2 installed, but as soon as I am done testing and tweaking I am going to remove the GUI and knock it down to just a command line shell to save memory.

Overall though this is a very versatile box.  I have this server setup as part of a failover/load balanced Remote Desktop gateway farm, so if I am remote I can still connect in and power up (Via BMC) the main hardware in the environment if its down,  VPN in remotely, and it acts as my link to Azure.  (Which I can VPN directly into Azure an come back into my environment that way as well).

Because this is a full server, I can also install other tools on this as I need down the road.

 Total price to do this (Not counting the Server licensing) was $140 ($120 for the server, $20 for USB 3.0 Nic)

Silent, low power, cool running, and faster than most dedicated router hardware.

URL for the ECS Liva: http://www.ecs.com.tw/ECSWebSite/Product/Product_LIVA.aspx?DetailID=1593&LanID=0 

Follow Joe Kelly:

Geek of many things

CEO of this Blog. It's kind of a big deal.

Latest posts from

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.