At STH, we cover the embedded server market as well as the mainstream server world. Lately, the HP T620 Plus is getting a lot of attention. The units are originally thin clients meant for call centers, government facilities, and financial institutions. Purchased in droves, the units are now hitting the secondary market for under $100 if you do an eBay search. Unlike many other embedded platforms, the HP T620 Plus has a great second use case as a firewall and VPN appliance making this an environmentally friendly alternative to the dump.

In this article, we are going to show you the HP T620 plus, and then show you how to add a quad port NIC, without tools, to make a very capable firewall or VPN appliance.

The HP T620 Plus Thin Client

Starting from the beginning, the HP T620 plus is often sold with Windows 7 Embedded, HP ThinPro or HP SmartZero. As a thin client, it was typically used to access a remote desktop or simple web applications at call centers. These are not small units. With the stand they are 8.7 x 2.6 x 9.5 in or 22 x 6.5 x 24 cm. They have a number of features such as legacy I/O ports, display port out, USB 3.0 and 2.0 generation ports and even a legacy parallel printer port.

At the heart of the HP T620 Plus thin client is the AMD GX-420CA APU SoC running at 2GHz. This is an older generation 28nm low power APU based on AMD’s Jaguar cores.

Some of the key points here are that the PCIe I/O is extremely limited. This is still a PCIe 2.0 generation chip and the biggest link is a PCIe 2.0 x4.

One can see an array of two front panel USB 3.0 ports, along with two USB 2.0 ports on both the front and rear of the chassis. There are two internal USB 2.0 headers in the HP T620 Plus for additional flash drive storage.

RAM capacity is up to 16GB in two 8GB DDR3-1600 SODIMMs. Most of these models come with a single 4GB module installed so going to 8GB or 12GB will be relatively inexpensive.

HP T620 Plus Power Consumption and Noise

Power consumption and noise on the HP T620 Plus are great. Giving a few data points we have seen idle at just under 5W without a quad port NIC. With a quad-port Intel Gigabit NIC we have seen idle around 6W. The maximum power consumption we are seeing in these units has been in the 10-11W range.

From a noise perspective, when the fan is spun up under load we can get to around 17dba. Specs say that the unit can hit up to 24dba. That may be with the optional PCIe GPU and everything running at 100% load. We have not been able to get there. On a practical level, if you are more than 3 feet away, this unit will be silent.

HP T620 Plus Jamestown Rev A v. Rev B Motherboards

For those looking to expand the HP T620 Plus even further, there are at least two motherboard revisions. The motherboard itself is codenamed “Jamestown” and there are A and B revisions. We purchased two of these systems and received two different motherboards, an A and a B.

The key difference on the PCB is that the revision B motherboard does not have the additional mPCIe slot that the A has (left side middle of the PCB near the end of the quad port NICs.) In these pictures we have the NICs installed as we will show in the video next. Under those NICs is a metal cage where the two SODIMM slots sit.

Installing a NIC in the HP T620 Plus

Key to the installation is the low-profile PCIe expansion slot. Many embedded motherboards utilize lower-cost Ethernet NICs, even if they are Intel NICs and do not offer expansion capabilities beyond mPCIe slots. Luckily, the excellent industrial design of the HP T620 Plus thin client makes it easy to convert into a firewall and VPN appliance.

We made a video of the installation. Essentially one simply needs to open the chassis, then install a low-profile NIC into the expansion card slot.

For example, the Intel i210 is the company’s current generation basic NIC while the Intel i350 is a higher-end NIC that can handle for Gigabit Ethernet ports in a single chip. The i350 has features like larger buffers making it ideal for a networking appliance.

One caveat, as shown in the picture above, is that the low profile PCIe slot placement means that it may be difficult to unplug your network cables.

Our Tips Picking One Up

There are a lot of different configurations out there. We wanted to share a few key tips in the event you are looking to pick one of these machines up on the secondary market as a way to be eco-friendly.

Get 4GB RAM and a 16GB or 32GB SSD for applications like pfSense or OPNsense.

Most of these came bundled with keyboards and mice. They are not the nicest, but they are sometimes thrown in.

Some had 100mbps fiber cards, either via a mezzanine or a PCIe x1 card. The cost of fiber and switches will make it unlikely you will use these. The PCIe x1 card is preferred since the mezzanine was used on Jamestown Rev B motherboards.

If yours has it, disconnect the 100mbps card for low single digit watt power consumption savings.

If you want more RAM or more SSD space, some are available with 8GB/ 64GB which is a major upgrade, and sometimes for not much more.

The stand is a great feature for keeping these cool oriented in a vertical position. Get this with your unit if you can.

Worried about reliability? These are inexpensive enough to get spare(s).

You may see the HP T620 offered. This does not have the low profile expansion slot that we are using for the NIC.

Some had a 2.5″ bay for an internal 100mbps NIC carrier. While we have not yet sorted power, it seems like one can add a 2280 M.2 SATA SSD along with a 2.5″ SSD in this chassis.

Of course, the big one here is where to find. Here is an eBay search with tons of them at this writing.

Learning More

If you want to learn more and share your experience check out the STH forums. There is a great thread in the STH forums dedicated to the HP T620 Plus thin client. The newer version of this is the HP T730 (not called plus) and we have one of those in the lab already being worked on.

We spent $90 all-in on our unit and performance wise it uses less power and is faster than the Protectli FW4A Firewall and VPN appliance recently reviewed on STH. The Protectli was much smaller, but also almost 4x as costly. We have done wire-speed gigabit NAT and get about 30mbps more OpenVPN performance over the Protectli in pfSense.