Best Practices on Planning your Secure App Connector Deployment
Overview
The Skyhigh SSE Secure App Connector is a virtual machine or container designed to be placed adjacent to applications provisioned for access in Skyhigh's Secure Service Edge (SSE) Zero Trust Network Access (ZTNA) platform. This connector operates using an outbound HTTPS tunnel, eliminating the need for any inbound firewall rules.
Connector Deployment Architecture
General Guidance
To ensure optimal performance and reliability, connectors are generally deployed in groups of two or more, following the n+1 redundancy rule. This rule ensures that in the event one connector is lost, the remaining connectors can handle the load. When deploying connectors at a cloud provider, it is recommended to balance connectors across different availability zones.
Individual connector machines should be provisioned with a minimum of 8 cores, 12 GB of RAM, and 80 GB of solid-state storage. Horizontal scaling, which involves adding more connectors to a group, is the preferred method for scaling as it increases the number of tunnels and provides additional redundancy.
Connector Group Sizing
The following table provides a sizing guide for connector groups based on a system with 8 cores and 12 GB of RAM
The bandwidth listed is the combined capacity of all connectors in the group.
|
Connector Machines |
Total Throughput |
n+1 Throughput |
|---|---|---|
|
1 |
500 |
0 |
|
2 |
1000 |
700 |
|
3 |
1500 |
1400 |
|
4 |
2000 |
2100 |
|
5 |
2500 |
2800 |
NOTE: load balancing is performed per connection (not bandwidth) so that individual connections to services over the SSE fabric will be limited by the available throughput of a single connector (as well as the bandwidth and latency available to the client itself).
For more information and detailed guidance on deploying the Skyhigh SSE Secure App Connector, See Deploy Secure App Connector.