Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Sizing Guide for Forward Proxy Scenarios — Skyhigh Security Web Gateway Version 12.2.0 for E Model Appliances

This article deals with E-Series Hardware appliances and Virtual Machines. For details about F-Series Sizing please go to Sizing Guide for Forward Proxy Scenarios — Skyhigh Security Web Gateway Version 12.2.0 on the WBG-5000-F and WBG-5500-F Appliances.

When running a Secure Web Gateway appliance, you need to consider how to configure the sizing options based on the amount of web traffic that you plan to process using the appliance.

In the following, some recommendations for sizing a physical or virtual appliance are provided. For more details, ask your Skyhigh Security channel sales engineer or representative.

The recommendations assume that you are running Secure Web Gateway 12.2.0  or a higher version on your appliance.

About Sizing Guide

The sizing data shown implies an appliance running at 60% of its maximum capacity and SSL scanning enabled at 80%. The anti-malware configuration is set to Full Coverage which is the recommended setting.

Skyhigh Security’s preferred value for sizing Skyhigh Security Web Gateway (SWG) is the number of requests per second, which takes both network traffic (up to Layer 4) and the application load (Layer 7) into consideration. This is important as Web Gateway operates at Layer 7 and is not just looking at data packets. The number of requests per second can usually be obtained from an existing proxy solution. If no existing proxy solution or other technology is available to supply this data, the bandwidth for web protocols can usually be obtained from a firewall or router. When using bandwidth for sizing, it is only necessary to take related traffic into consideration, not the overall bandwidth of the external connection.

Calculations based on the number of users can vary considerably between different organizations. For example, the volume or request rate of an ecommerce company with 1000 users is likely to differ from that of a retail chain company with the same number of employees. Skyhigh Security Web Gateway appliances are licensed based on the number of users. Please use the quoting handbook or contact your Skyhigh Security representative for a definition of users or which SKU should be used.

Skyhigh Security Web Gateway does not require specialized standalone policy management instances, as Central Management is a built-in function of the product. This also applies to anti-malware, data loss protection (DLP), and URL filtering.

If you want to size a virtual machine hosted on Hyper-V or VMWare ESX, you can size with VM-8 or VM-16 recommendations. As web filtering needs a reasonable amount of resources the recommendations assume that there is no other guest than SWG. The performance of virtual appliances depends on number of cores and CPU type of the host. If the CPU is slower as the Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz you need to increase the amount of guest systems. The size of memory and storage space listed in the table is the recommended minimum. For example, if you want to size a guest with 4 threads simply divide the web capacity values of the system listed with VM-8 by two.

Recommendations for Sizing the Appliance Parameters

Notes to the titles and entries in the table can be found at the bottom. 

  WBG-4500-E WBG-5000-E WBG-5500-E VM-82 VM-162
CPU Cores /Threads 4/4 2 x 10 / 401 2 x 20 / 801 8/8 16/16
Memory (in GB) 64 96 128 >= 32 >= 32
Storage (in GB) 2 x 480
SSD, SATA 
2 x 960
SSD, SATA
2 x 960
SSD, SATA
>= 500 >= 500 
Raid Level 1 1 1 n/a n/a
Web Cache (in GB) 194 410 410 >= 444 >= 444
Network Interface Cards
(NICs)

6 or 8 x
10/100/100 MBit/s onboard/IO/PCIe
RJ-45
Ethernet ports

 

2 x
1000/10000 MBit/s
onboard
2 x
100/1000/10000 MBit/s
PCIe
RJ-45
Ethernet ports
2 x
1000/10000 MBit/s
onboard
2 x
100/1000/10000 MBit/s
PCIe
RJ-45
Ethernet ports
n/a n/a
Maximum Throughput
(in MBit)
3
988 3996 5050 n/a n/a
Maximum Number of
Simultaneous
Connections4
70000 189000 190000 n/a n/a
Rack Space 1 unit 1 unit 1 unit n/a n/a
Power Supply Unit (PSU) Single  Redundant Redundant n/a n/a
Remote Management ASPEED AST2000
BMC
RMM4 Lite 2 RMM4 Lite 2 n/a  n/a

NOTES: 

  1. With hyper-threading enabled
  2. The recommended sizes have been tested for running Secure Web Gateway appliances as virtual machine  (VMs) on Intel (R) Xeon (R) CPU E5-2680 at 2.80 GHz or higher with Hyper-V and VMware ESX. 
  3. Security features enabled on an appliance impact throughput and must be considered for the sizing.
  4. The maximum number of simultaneous connections can vary depending on the appliance model, the web policy that is enforced under Secure Web Gateway, and the filtering workload.

Recommendations for Sizing the Web and User Parameters When Performing Anti-malware and URL Filtering

  WBG-4500-E WBG-5000-E WBG-5500-E VM-8 VM-16
Internet Bandwidth
(in MB/s)
15 54 99 10 19
Web Traffic
(Requests/s)
175 660 1200 115 230
Employee Count
(Number of Users)
1750 6600 12000 1150 2300

 

Recommendations for Sizing the Web and User Parameters When Only Performing URL Filtering

  WBG-4500-E WBG-5000-E WBG-5500-E VM-8 VM-16
Internet Bandwidth
(in MB/s)
86 331 395 47 93
Web Traffic
(Requests/s)
1050 4050 4830 565 1135
Employee Count
(Number of Users)
10500  40500 48300 5650 11300