At STH, we cover the embedded server market as well as the mainstream server world. Lately, the HP T620 Plus is getting a lot of attention. The units are originally thin clients meant for call centers, government facilities, and financial institutions. Purchased in droves, the units are now hitting the secondary market for under $100 if you do an eBay search. Unlike many other embedded platforms, the HP T620 Plus has a great second use case as a firewall and VPN appliance making this an environmentally friendly alternative to the dump.
In this article, we are going to show you the HP T620 plus, and then show you how to add a quad port NIC, without tools, to make a very capable firewall or VPN appliance.
The HP T620 Plus Thin Client
Starting from the beginning, the HP T620 plus is often sold with Windows 7 Embedded, HP ThinPro or HP SmartZero. As a thin client, it was typically used to access a remote desktop or simple web applications at call centers. These are not small units. With the stand they are 8.7 x 2.6 x 9.5 in or 22 x 6.5 x 24 cm. They have a number of features such as legacy I/O ports, display port out, USB 3.0 and 2.0 generation ports and even a legacy parallel printer port.
At the heart of the HP T620 Plus thin client is the AMD GX-420CA APU SoC running at 2GHz. This is an older generation 28nm low power APU based on AMD’s Jaguar cores.
Some of the key points here are that the PCIe I/O is extremely limited. This is still a PCIe 2.0 generation chip and the biggest link is a PCIe 2.0 x4.
One can see an array of two front panel USB 3.0 ports, along with two USB 2.0 ports on both the front and rear of the chassis. There are two internal USB 2.0 headers in the HP T620 Plus for additional flash drive storage.
RAM capacity is up to 16GB in two 8GB DDR3-1600 SODIMMs. Most of these models come with a single 4GB module installed so going to 8GB or 12GB will be relatively inexpensive.
HP T620 Plus Power Consumption and Noise
Power consumption and noise on the HP T620 Plus are great. Giving a few data points we have seen idle at just under 5W without a quad port NIC. With a quad-port Intel Gigabit NIC we have seen idle around 6W. The maximum power consumption we are seeing in these units has been in the 10-11W range.
From a noise perspective, when the fan is spun up under load we can get to around 17dba. Specs say that the unit can hit up to 24dba. That may be with the optional PCIe GPU and everything running at 100% load. We have not been able to get there. On a practical level, if you are more than 3 feet away, this unit will be silent.
HP T620 Plus Jamestown Rev A v. Rev B Motherboards
For those looking to expand the HP T620 Plus even further, there are at least two motherboard revisions. The motherboard itself is codenamed “Jamestown” and there are A and B revisions. We purchased two of these systems and received two different motherboards, an A and a B.
The key difference on the PCB is that the revision B motherboard does not have the additional mPCIe slot that the A has (left side middle of the PCB near the end of the quad port NICs.) In these pictures we have the NICs installed as we will show in the video next. Under those NICs is a metal cage where the two SODIMM slots sit.
Installing a NIC in the HP T620 Plus
Key to the installation is the low-profile PCIe expansion slot. Many embedded motherboards utilize lower-cost Ethernet NICs, even if they are Intel NICs and do not offer expansion capabilities beyond mPCIe slots. Luckily, the excellent industrial design of the HP T620 Plus thin client makes it easy to convert into a firewall and VPN appliance.
We made a video of the installation. Essentially one simply needs to open the chassis, then install a low-profile NIC into the expansion card slot.
For example, the Intel i210 is the company’s current generation basic NIC while the Intel i350 is a higher-end NIC that can handle for Gigabit Ethernet ports in a single chip. The i350 has features like larger buffers making it ideal for a networking appliance.
One caveat, as shown in the picture above, is that the low profile PCIe slot placement means that it may be difficult to unplug your network cables.
Our Tips Picking One Up
There are a lot of different configurations out there. We wanted to share a few key tips in the event you are looking to pick one of these machines up on the secondary market as a way to be eco-friendly.
- Get 4GB RAM and a 16GB or 32GB SSD for applications like pfSense or OPNsense.
- Most of these came bundled with keyboards and mice. They are not the nicest, but they are sometimes thrown in.
- Some had 100mbps fiber cards, either via a mezzanine or a PCIe x1 card. The cost of fiber and switches will make it unlikely you will use these. The PCIe x1 card is preferred since the mezzanine was used on Jamestown Rev B motherboards.
- If yours has it, disconnect the 100mbps card for low single digit watt power consumption savings.
- If you want more RAM or more SSD space, some are available with 8GB/ 64GB which is a major upgrade, and sometimes for not much more.
- The stand is a great feature for keeping these cool oriented in a vertical position. Get this with your unit if you can.
- Worried about reliability? These are inexpensive enough to get spare(s).
- You may see the HP T620 offered. This does not have the low profile expansion slot that we are using for the NIC.
- Some had a 2.5″ bay for an internal 100mbps NIC carrier. While we have not yet sorted power, it seems like one can add a 2280 M.2 SATA SSD along with a 2.5″ SSD in this chassis.
HP T620 Plus Thin Client Internal 2.5 In Bay
Of course, the big one here is where to find. Here is an eBay search with tons of them at this writing.
Learning More
If you want to learn more and share your experience check out the STH forums. There is a great thread in the STH forums dedicated to the HP T620 Plus thin client. The newer version of this is the HP T730 (not called plus) and we have one of those in the lab already being worked on.
We spent $90 all-in on our unit and performance wise it uses less power and is faster than the Protectli FW4A Firewall and VPN appliance recently reviewed on STH. The Protectli was much smaller, but also almost 4x as costly. We have done wire-speed gigabit NAT and get about 30mbps more OpenVPN performance over the Protectli in pfSense.
That linked thread on the forums has great info
How does the HP compare to the Netgate SG-2440 in terms of performance?
My fibre internet has been upgraded to gigabit and the CPU is bottlenecking on the Netgate SG-2440. Is the HP fast enough to handle gigabit brodband?
BW I got this to replace a Supermicro C2358 pfSense with that AVR54 bug. These aren’t susceptible to AVR54 which the article didn’t mention. These also have 4 cores instead of 2 and a higher clock speed. I have a few now in the lab and they can NAT between two networks at gigabit. They can’t VPN at gigabit and I’m sure if you had crazy FW rules and other packages like Snort doing a lot you’d want something faster. People in the forums are getting the T730 that cost $100 more but have way faster CPUs.
What about going with a $20 Intel PRO/1000 VT Quad Port card? Any reason not to?
The PRO/1000 VT uses the 2007 era 82575GB and uses around 10-11W. The newer i350 cards cost about the same buying OEM pulls.
And it looks like the i350 cards use about half the power if my quick net search is accurate. It makes sense why you recommend the newer cards. Thanks for the feedback.
can this do full giga or even half with smart QoS? what if you pile on cloud flare / encrypted DNS and or VPN as well?
Patrick, do you have or can you look to see if there’s a part number on the 2.5″ drive bracket?
These machines are dirt cheap in the States.
I haven’t been able to find any to a decent pricing in EU.
Do You have knowledge to any in EU?
Curious that you should recommend this. I was doing this using the older T5700. I used them for a router/firewall, Asterisk PBX server and a streaming music server. Sadly, those devices, with a 1 GHZ transmeta CPU cannot cope with faster internet connections.
https://www.mgraves.org/2009/01/how-to-diy-music-server-using-freenas-slimnas-and-an-h-p-t5700/
Anyone know the P/N for the caddy as pictured on the HP T620 Plus Thin Client Jamestown Rev B? The one with the green clamps… Any info appreciated!
Just as an update, just bagged a HP T730 in the UK for 150 with quad core, 8GB RAM and 30GB drive, combine that with a quad nic at total cost of £180.
So much cheaper, quieter, smaller than a lot of solutions out there, especially ITX board self builds.
What chipset is the onboard NIC?
Spec sheets say 1588-2000 and BCM57762, but the driver download is a Realtek, so curious if the BCM57762 is for the fiber NIC, which says Fast Ethernet, but the BCM57762 is a gigabit chipset…
The integrated RJ-45 copper NIC is a Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller.
The fiber NIC looks like it uses the mPCIe or PCIe slot, but if it is a mezzanine board it probably uses the same chipset.
I also want to add that the mSATA and m.2 SATA ports can house up to 2TB SSDs, and that the t620 can utilize up to 32GB of LPDDR3 1333MT/s in two 16GB SODIMM modules.
It is also possible to convert the PCIe 2.0 16x slot (4x electrical) to a m.2 NVMe adapter and back again to an external PCIe 16x (4x electrical) port for use with GPGPUs and other larger PCIe cards.
I have a RTX 3070 for GPGPU running 24/7 on my HP t620 thin client right now, which only uses about 75% of the bandwidth of the PCIe 2.0 4x connection.
This does require a second ATX PSU to power the GPU itself, but it does work extremely well.
These also make for great firewalls and VPN appliances, which I also have one running in just such a configuration to this day.