SWG 13.0 E Model Appliance Sizing Guide
This document illustrates a subset of the configuration and sizing options for Skyhigh Security Web Gateway version 13.0.0. If detailed technical sizing is required, please contact your Skyhigh Security channel sales engineer or representative.
Hardware Specification Appliances
| Parameters | WBG-4500-E | WBG-5000-E | WBG-5500-E | VM-82 | VM-162 |
|---|---|---|---|---|---|
| CPU Cores /Threads | 4/4 | 20 / 401 | 40/ 801 | 8/8 | 16/16 |
| Memory (in GB) | 64 | 96 | 128 | >= 32 | >= 32 |
| Storage (in GB) | 2 x 480 SSD, SATA |
2 x 960 SSD, SATA |
2 x 960 SSD, SATA |
>= 500 | >= 500 |
| Raid Level | 1 | 1 | 1 | n/a | n/a |
| Web Cache (in GB) | 194 | 410 | 410 | >= 444 | >= 444 |
| Network Interface Cards (NICs) |
6 or 8 x
|
2 x 1000/10000 Mbit/s onboard 2 x 100/1000/10000 Mbit/s PCIe RJ-45 Ethernet ports |
2 x 1000/10000 Mbit/s onboard 2 x 100/1000/10000 Mbit/s PCIe RJ-45 Ethernet ports |
n/a | n/a |
| Maximum Throughput (in Mbit/s)3 |
674 | 4101 | 5052 | - | - |
| Maximum Number of Simultaneous Connections4 |
77000 | 182000 | 188000 | - | - |
| Rack Space | 1 unit | 1 unit | 1 unit | - | - |
| Power Supply Unit (PSU) | Single | Redundant | Redundant | - | - |
| Remote Management | ASPEED AST2000 BMC |
RMM4 Lite 2 | RMM4 Lite 2 | - | - |
NOTE:
1 Hyper threading enabled.
2Virtual Machines (VM) - Values recommended for Intel(R) Xeon(R) Gold 6426Y @ 2.50GHz or higher. The recommendation is valid for Hyper-V and VMWare ESX.
3 Throughput values are listed as maximums for forward proxy deployment. Security features enabled within the proxy impact throughput and should be evaluated upon sizing.
4 The connection capacity depends on hardware, SWG policy, and workload to be filtered and can vary.
Sizing Guide for Forward Proxy Scenarios
Use this guide to determine the recommended appliance sizing for forward proxy deployments based on workload, traffic patterns, and enabled security features.
Sizing Assumptions
This sizing guide assumes the following conditions:
- The appliance operates at 60% of its maximum capacity.
- SSL (HTTPS) scanning is enabled for 80% of traffic.
- Anti-malware uses the Full Coverage configuration, which Skyhigh Security recommends.
Recommended Sizing Method
Skyhigh Security recommends using the following metrics for sizing, in order of priority:
- Peak bandwidth for web traffic
- Requests per second (RPS)
These workload-based metrics provide more accurate sizing because they reflect real-world traffic patterns and application processing requirements.
- Obtain peak bandwidth data from a firewall or router.
- Collect RPS data from an existing proxy deployment.
When sizing based on bandwidth, include only web-related traffic instead of the total external network bandwidth.
This method provides more reliable results because Web Gateway operates at Layer 7 and evaluates both:
- Network traffic processing (up to Layer 4)
- Application-level processing (Layer 7)
User-Based Sizing Considerations
User-based sizing can vary significantly across organizations. For example, an ecommerce company with 1,000 users may generate much higher traffic volume and request rates than a retail organization with the same number of users.
Although user-based sizing may not accurately represent actual workload requirements, you can use it as an initial estimate when bandwidth or RPS data is unavailable.
NOTE: Skyhigh Security licenses Web Gateway appliances based on the number of users. Refer to the quoting handbook or contact your Skyhigh Security representative for user definitions and SKU recommendations.
Architecture and Management
Skyhigh Security Web Gateway includes built-in Central Management and does not require dedicated standalone policy management servers.
The integrated management framework also supports:
- Anti-malware
- Data Loss Prevention (DLP)
- URL filtering
Virtual Appliance Sizing
If you want to size a virtual machine hosted on Hyper-V or VMWare ESX, you can size with VM-8 or VM-16 recommendations. As web filtering needs a reasonable amount of resources, the recommendations assume that there is no other guest than SWG. The performance of virtual appliances depends on the number of cores and CPU type of the host. If the CPU is slower than the Intel(R) Xeon(R) Gold 6426Y @ 2.50GHz, you need to increase the amount of guest systems. The size of memory and storage space listed in the table is the recommended minimum. For example, if you want to size a guest with 4 threads, simply divide the web capacity values of the system listed with VM-8 by two.
Important Considerations
- The sizing calculations assume that hyperthreading is enabled.
- Security features enabled within the proxy can significantly affect throughput and require proper evaluation during sizing.
- Features such as authentication, URL filtering, media type filtering, anti-malware scanning, and SSL decryption can reduce throughput by more than 10x.
- Connection capacity varies depending on:
- Hardware platform
- Web policy configuration
- Traffic characteristics and workload complexity
Recommendations for Sizing the Web and User Parameters When Performing Anti-malware and URL Filtering
| WBG-4500-E | WBG-5000-E | WBG-5500-E | VM-8 | VM-16 | |
|---|---|---|---|---|---|
| Internet Bandwidth (in Mbit/s) |
11 | 40 | 75 | 9 | 17 |
| Web Traffic (Requests/s) |
130 | 480 | 910 | 102 | 205 |
| Employee Count (Number of Users) |
1300 | 4800 | 9100 | 1020 | 2050 |
Recommendations for Sizing the Web and User Parameters When Only Performing URL Filtering
| WBG-4500-E | WBG-5000-E | WBG-5500-E | VM-8 | VM-16 | |
|---|---|---|---|---|---|
| Internet Bandwidth (in Mbit/s) |
132 | 398 | 605 | 69 | 138 |
| Web Traffic (Requests/s) |
1608 | 4871 | 7399 | 842 | 1684 |
| Employee Count (Number of Users) |
16080 | 48710 | 73990 | 8420 | 16840 |