HP T620 Plus Thin Client and Firewall VPN Appliance

7
HP T620 Plus Thin Client Front And Rear
HP T620 Plus Thin Client Front And Rear

At STH, we cover the embedded server market as well as the mainstream server world. Lately, the HP T620 Plus is getting a lot of attention. The units are originally thin clients meant for call centers, government facilities, and financial institutions. Purchased in droves, the units are now hitting the secondary market for under $100 if you do an eBay search. Unlike many other embedded platforms, the HP T620 Plus has a great second use case as a firewall and VPN appliance making this an environmentally friendly alternative to the dump.

In this article, we are going to show you the HP T620 plus, and then show you how to add a quad port NIC, without tools, to make a very capable firewall or VPN appliance.

The HP T620 Plus Thin Client

Starting from the beginning, the HP T620 plus is often sold with Windows 7 Embedded, HP ThinPro or HP SmartZero. As a thin client, it was typically used to access a remote desktop or simple web applications at call centers. These are not small units. With the stand they are 8.7 x 2.6 x 9.5 in or 22 x 6.5 x 24 cm. They have a number of features such as legacy I/O ports, display port out, USB 3.0 and 2.0 generation ports and even a legacy parallel printer port.

HP T620 Thin Client Quick Specs
HP T620 Thin Client Quick Specs

At the heart of the HP T620 Plus thin client is the AMD GX-420CA APU SoC running at 2GHz. This is an older generation 28nm low power APU based on AMD’s Jaguar cores.

AMD G Series APU SoC
AMD G Series APU SoC

Some of the key points here are that the PCIe I/O is extremely limited. This is still a PCIe 2.0 generation chip and the biggest link is a PCIe 2.0 x4.

One can see an array of two front panel USB 3.0 ports, along with two USB 2.0 ports on both the front and rear of the chassis. There are two internal USB 2.0 headers in the HP T620 Plus for additional flash drive storage.

RAM capacity is up to 16GB in two 8GB DDR3-1600 SODIMMs. Most of these models come with a single 4GB module installed so going to 8GB or 12GB will be relatively inexpensive.

HP T620 Plus Power Consumption and Noise

Power consumption and noise on the HP T620 Plus are great. Giving a few data points we have seen idle at just under 5W without a quad port NIC. With a quad-port Intel Gigabit NIC we have seen idle around 6W. The maximum power consumption we are seeing in these units has been in the 10-11W range.

From a noise perspective, when the fan is spun up under load we can get to around 17dba. Specs say that the unit can hit up to 24dba. That may be with the optional PCIe GPU and everything running at 100% load. We have not been able to get there. On a practical level, if you are more than 3 feet away, this unit will be silent.

HP T620 Plus Jamestown Rev A v. Rev B Motherboards

For those looking to expand the HP T620 Plus even further, there are at least two motherboard revisions. The motherboard itself is codenamed “Jamestown” and there are A and B revisions. We purchased two of these systems and received two different motherboards, an A and a B.

HP T620 Plus Thin Client Jamestown Rev B And A Side By Side
HP T620 Plus Thin Client Jamestown Rev B And A Side By Side

The key difference on the PCB is that the revision B motherboard does not have the additional mPCIe slot that the A has (left side middle of the PCB near the end of the quad port NICs.) In these pictures we have the NICs installed as we will show in the video next. Under those NICs is a metal cage where the two SODIMM slots sit.

Installing a NIC in the HP T620 Plus

Key to the installation is the low-profile PCIe expansion slot. Many embedded motherboards utilize lower-cost Ethernet NICs, even if they are Intel NICs and do not offer expansion capabilities beyond mPCIe slots. Luckily, the excellent industrial design of the HP T620 Plus thin client makes it easy to convert into a firewall and VPN appliance.

We made a video of the installation. Essentially one simply needs to open the chassis, then install a low-profile NIC into the expansion card slot.

For example, the Intel i210 is the company’s current generation basic NIC while the Intel i350 is a higher-end NIC that can handle for Gigabit Ethernet ports in a single chip. The i350 has features like larger buffers making it ideal for a networking appliance.

HP T620 Plus Thin Client Low Profile Recess
HP T620 Plus Thin Client Low Profile Recess

One caveat, as shown in the picture above, is that the low profile PCIe slot placement means that it may be difficult to unplug your network cables.

Our Tips Picking One Up

There are a lot of different configurations out there. We wanted to share a few key tips in the event you are looking to pick one of these machines up on the secondary market as a way to be eco-friendly.

  • Get 4GB RAM and a 16GB or 32GB SSD for applications like pfSense or OPNsense.
  • Most of these came bundled with keyboards and mice. They are not the nicest, but they are sometimes thrown in.
  • Some had 100mbps fiber cards, either via a mezzanine or a PCIe x1 card. The cost of fiber and switches will make it unlikely you will use these. The PCIe x1 card is preferred since the mezzanine was used on Jamestown Rev B motherboards.
  • If yours has it, disconnect the 100mbps card for low single digit watt power consumption savings.
  • If you want more RAM or more SSD space, some are available with 8GB/ 64GB which is a major upgrade, and sometimes for not much more.
  • The stand is a great feature for keeping these cool oriented in a vertical position. Get this with your unit if you can.
  • Worried about reliability? These are inexpensive enough to get spare(s).
  • You may see the HP T620 offered. This does not have the low profile expansion slot that we are using for the NIC.
  • Some had a 2.5″ bay for an internal 100mbps NIC carrier. While we have not yet sorted power, it seems like one can add a 2280 M.2 SATA SSD along with a 2.5″ SSD in this chassis.

    HP T620 Plus Thin Client Internal 2.5 In Bay
    HP T620 Plus Thin Client Internal 2.5 In Bay

Of course, the big one here is where to find. Here is an eBay search with tons of them at this writing.

Learning More

If you want to learn more and share your experience check out the STH forums. There is a great thread in the STH forums dedicated to the HP T620 Plus thin client. The newer version of this is the HP T730 (not called plus) and we have one of those in the lab already being worked on.

We spent $90 all-in on our unit and performance wise it uses less power and is faster than the Protectli FW4A Firewall and VPN appliance recently reviewed on STH. The Protectli was much smaller, but also almost 4x as costly. We have done wire-speed gigabit NAT and get about 30mbps more OpenVPN performance over the Protectli in pfSense.

SHARE
Previous articleIBM POWER9 E950 and E980 Servers Launched
Next articleNVIDIA RTX Turing Launch Livestream
Patrick has been running STH since 2009 and covers a wide variety of SME, SMB, and SOHO IT topics. Patrick is a consultant in the technology industry and has worked with numerous large hardware and storage vendors in the Silicon Valley. The goal of STH is simply to help users find some information about server, storage and networking, building blocks. If you have any helpful information please feel free to post on the forums.

7 COMMENTS

  1. How does the HP compare to the Netgate SG-2440 in terms of performance?

    My fibre internet has been upgraded to gigabit and the CPU is bottlenecking on the Netgate SG-2440. Is the HP fast enough to handle gigabit brodband?

  2. BW I got this to replace a Supermicro C2358 pfSense with that AVR54 bug. These aren’t susceptible to AVR54 which the article didn’t mention. These also have 4 cores instead of 2 and a higher clock speed. I have a few now in the lab and they can NAT between two networks at gigabit. They can’t VPN at gigabit and I’m sure if you had crazy FW rules and other packages like Snort doing a lot you’d want something faster. People in the forums are getting the T730 that cost $100 more but have way faster CPUs.

  3. And it looks like the i350 cards use about half the power if my quick net search is accurate. It makes sense why you recommend the newer cards. Thanks for the feedback.

  4. can this do full giga or even half with smart QoS? what if you pile on cloud flare / encrypted DNS and or VPN as well?

LEAVE A REPLY

Please enter your comment!
Please enter your name here