Sizing Guide for Forward Proxy Scenarios — Skyhigh Security Web Gateway Version 12.2.0 for E Model Appliances
This article deals with E-Series Hardware appliances and Virtual Machines. For details about F-Series Sizing please go to Sizing Guide for Forward Proxy Scenarios — Skyhigh Security Web Gateway Version 12.2.0 on the WBG-5000-F and WBG-5500-F Appliances.
When running a Secure Web Gateway appliance, you need to consider how to configure the sizing options based on the amount of web traffic that you plan to process using the appliance.
In the following, some recommendations for sizing a physical or virtual appliance are provided. For more details, ask your Skyhigh Security channel sales engineer or representative.
The recommendations assume that you are running Secure Web Gateway 12.2.0 or a higher version on your appliance.
About Sizing Guide
The sizing data shown implies an appliance running at 60% of its maximum capacity and SSL scanning enabled at 80%. The anti-malware configuration is set to Full Coverage which is the recommended setting.
Skyhigh Security’s preferred value for sizing Skyhigh Security Web Gateway (SWG) is the number of requests per second, which takes both network traffic (up to Layer 4) and the application load (Layer 7) into consideration. This is important as Web Gateway operates at Layer 7 and is not just looking at data packets. The number of requests per second can usually be obtained from an existing proxy solution. If no existing proxy solution or other technology is available to supply this data, the bandwidth for web protocols can usually be obtained from a firewall or router. When using bandwidth for sizing, it is only necessary to take related traffic into consideration, not the overall bandwidth of the external connection.
Calculations based on the number of users can vary considerably between different organizations. For example, the volume or request rate of an ecommerce company with 1000 users is likely to differ from that of a retail chain company with the same number of employees. Skyhigh Security Web Gateway appliances are licensed based on the number of users. Please use the quoting handbook or contact your Skyhigh Security representative for a definition of users or which SKU should be used.
Skyhigh Security Web Gateway does not require specialized standalone policy management instances, as Central Management is a built-in function of the product. This also applies to anti-malware, data loss protection (DLP), and URL filtering.
If you want to size a virtual machine hosted on Hyper-V or VMWare ESX, you can size with VM-8 or VM-16 recommendations. As web filtering needs a reasonable amount of resources the recommendations assume that there is no other guest than SWG. The performance of virtual appliances depends on number of cores and CPU type of the host. If the CPU is slower as the Intel(R) Xeon(R) CPU E5-2680 v4 @ 2.40GHz you need to increase the amount of guest systems. The size of memory and storage space listed in the table is the recommended minimum. For example, if you want to size a guest with 4 threads simply divide the web capacity values of the system listed with VM-8 by two.
Recommendations for Sizing the Appliance Parameters
Notes to the titles and entries in the table can be found at the bottom.
| WBG-4500-E | WBG-5000-E | WBG-5500-E | VM-82 | VM-162 | |
|---|---|---|---|---|---|
| CPU Cores /Threads | 4/4 | 2 x 10 / 401 | 2 x 20 / 801 | 8/8 | 16/16 |
| Memory (in GB) | 64 | 96 | 128 | >= 32 | >= 32 |
| Storage (in GB) | 2 x 480 SSD, SATA |
2 x 960 SSD, SATA |
2 x 960 SSD, SATA |
>= 500 | >= 500 |
| Raid Level | 1 | 1 | 1 | n/a | n/a |
| Web Cache (in GB) | 194 | 410 | 410 | >= 444 | >= 444 |
| Network Interface Cards (NICs) |
6 or 8 x
|
2 x 1000/10000 MBit/s onboard 2 x 100/1000/10000 MBit/s PCIe RJ-45 Ethernet ports |
2 x 1000/10000 MBit/s onboard 2 x 100/1000/10000 MBit/s PCIe RJ-45 Ethernet ports |
n/a | n/a |
| Maximum Throughput (in MBit)3 |
988 | 3996 | 5050 | n/a | n/a |
| Maximum Number of Simultaneous Connections4 |
70000 | 189000 | 190000 | n/a | n/a |
| Rack Space | 1 unit | 1 unit | 1 unit | n/a | n/a |
| Power Supply Unit (PSU) | Single | Redundant | Redundant | n/a | n/a |
| Remote Management | ASPEED AST2000 BMC |
RMM4 Lite 2 | RMM4 Lite 2 | n/a | n/a |
NOTES:
- With hyper-threading enabled
- The recommended sizes have been tested for running Secure Web Gateway appliances as virtual machine (VMs) on Intel (R) Xeon (R) CPU E5-2680 at 2.80 GHz or higher with Hyper-V and VMware ESX.
- Security features enabled on an appliance impact throughput and must be considered for the sizing.
- The maximum number of simultaneous connections can vary depending on the appliance model, the web policy that is enforced under Secure Web Gateway, and the filtering workload.
Recommendations for Sizing the Web and User Parameters When Performing Anti-malware and URL Filtering
| WBG-4500-E | WBG-5000-E | WBG-5500-E | VM-8 | VM-16 | |
|---|---|---|---|---|---|
| Internet Bandwidth (in MB/s) |
15 | 54 | 99 | 10 | 19 |
| Web Traffic (Requests/s) |
175 | 660 | 1200 | 115 | 230 |
| Employee Count (Number of Users) |
1750 | 6600 | 12000 | 1150 | 2300 |
Recommendations for Sizing the Web and User Parameters When Only Performing URL Filtering
| WBG-4500-E | WBG-5000-E | WBG-5500-E | VM-8 | VM-16 | |
|---|---|---|---|---|---|
| Internet Bandwidth (in MB/s) |
86 | 331 | 395 | 47 | 93 |
| Web Traffic (Requests/s) |
1050 | 4050 | 4830 | 565 | 1135 |
| Employee Count (Number of Users) |
10500 | 40500 | 48300 | 5650 | 11300 |