Sizing Guide for ProxySG Deployments WAN Optimization

Sizing Guide for ProxySG Deployments
WAN Optimization
SGOS Version 6.2
23 May 2011
Deployment Mode
Model
WAN Optimization
and 'Mixed Use' see notes
Recommended
Max WAN
Max
Bandwidth
Connections
Hardware Spec
Licensing
Client Manager
for ProxyClient
Licensed Client
IPs
Storage
Recommended Max
ProxyClients
Managed
With ADN Enabled ◊
Drives Total Storage (GB)
CPU
Cores
Memory
2Mbps
2Mbps
6Mbps
500
500
1000
800
800
2000
10
150
No limit
1
1
1
250
250
250
1
1
1
2GB
2GB
4GB
600-10
600-20
600-35
6Mbps
12Mbps
25Mbps
1000
2000
4000
2000
3000
4000
500
1000
No limit
1
2
2
250
500
500
1
1
1
4GB
4GB
4GB
900-10
900-20
900-30
900-45
45Mbps
90Mbps
155Mbps
200Mbps
6000
9000
15,000
20,000
8000
10,000
3500
6000
No limit
No limit
2
2
3
4
1000
2000
3000
4000
2
2
2
4
9000-10 155Mbps
9000-20 310Mbps
9000-30 622Mbps
9000-40 1000Mbps
12,000
24,000
60,000
100,000
No limit
No limit
No limit
No limit
8
10
10
15
4000
5000
10,000
15,000
2
4
8
12
nections is likely to be reached before this limit
These guidelines show the relative power of SG appliances. Appropriate configurations
can vary significantly from these guidelines and will depend on technical requirements.
WAN Optimization
Use this guide when a ProxySG is being used for WAN optimization with or without other
functionality like forward proxy. Both SGOS Acceleration Edition and SGOS Proxy Edition can
be used for WAN optimization. Special rules apply for sizing units running ‘Mixed Use’ loads both WAN optimization and forward proxy. See Example 2.
Max WAN Bandwidth
Maximum WAN link speed appropriate for this model. Using a ProxySG on a WAN link that
exceeds its maximum WAN link speed can result in suboptimal performance.
Recommended Max Connections
The recommended maximum number of connections. A rule of thumb is that each active user
will require ten connections.
Clustering
Clusters of up to 20 ProxySGs can be created to handle substantially more traffic and users.
On-board Network
Bypass
300-5
300-10
300-25
◊ Except for the 300-5, Recommended Max Con-
Preinstalled Cards and
Available Slots
Power
Supply
Other
2 x 1000BT 1 x 1000BT
2 x 1000BT 1 x 1000BT
2 x 1000BT 1 x 1000BT
Single
Single
Single
1 open slot
1 open slot
1 open slot
2 x 1000BT 1 x 1000BT
2 x 1000BT 1 x 1000BT
2 x 1000BT 1 x 1000BT
Single
Single
Single
6GB
8GB
12GB
16GB
2 open slots
2 open slots
2 open slots
2 open slots
2 x 1000BT
2 x 1000BT
2 x 1000BT
2 x 1000BT
8GB
16GB
40GB
64GB
SSL, 3 open slots
SSL, 3 open slots
SSL, 3 open slots
4 x 1000BT
4 x 1000BT
4 x 1000BT
4 x 1000BT
SSL, Compression, 2 open slots
Note: Hardware SSL support
is included on all models
2 x 1000BT
2 x 1000BT
2 x 1000BT
2 x 1000BT
‡
Single
‡
Single
Redundant
Redundant
Redundant
Redundant
Redundant
Redundant
‡ Redundancy
optional
Client Manager for Proxy Client
Assumes a dedicated ProxySG appliance at 45% peak CPU load for servicing ProxyClients.
Use of a dedicated ProxySG is recommended as a best practice. Always use SGOS Proxy
Edition for any ProxyClient deployments requiring remote filtering. SGOS Acceleration Edition
is sufficient for acceleration-only ProxyClient deployments.
Recommended Max ProxyClients Managed
Maximum number of ProxyClient instances connecting to a Client Manager, regardless of the
features enabled on the ProxyClient (filtering, acceleration or both).
Licensing
ProxySGs are licensed based on concurrent client IP addresses only. Other values such as
Max WAN Bandwidth and Recommended Max Connections are suggested based on the
physical capacity of the system.
Licensed Client IPs
Licensed users are measured by the number of unique client IP addresses with open inbound
TCP connections to the ProxySG. The measurement is instantaneous and concurrent. It is not
based on the average over any time interval. The administrator can configure the appliance to
either bypass connections from new users when the license limit is exceeded, to delay them
Copyright © 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc.
Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered
trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners.
Page 1 of 3
until another client drops all of its connections or to attempt to accept them. The default is to
accept them.
For WAN Optimization deployments, Blue Coat recommends purchasing a ProxySG model
based on the maximum number of client connections it needs to support, not the maximum
number of users, since limits associated with connections are likely to be reached first. This
does not apply to the 310-5, however.
Hardware Spec
Hardware-based SSL acceleration is included for all models. A separate license is not
required to activate SSL termination. Ports on bypass-capable network interfaces can be
configured to be bridged pairwise or to act independently.
EXAMPLE 1: WAN Optimization Only
•
•
•
10 smaller branches with dual T1 lines (1.5Mbps each), each with less than 50 users
2 large branches, one with 150 users, the other with 200 users, with dual 6Mbps WAN
links
1 data center with a single DS3 link (45Mbps)
Deployment Mode
Model
WAN Optimization
Licensing
and 'Mixed Use' see notes
Client Manager
for ProxyClient
Licensed Client IPs
Max WAN
Bandwidth
Recommended
Max
Connections
Recommended Max
ProxyClients
Managed
With ADN Enabled ◊
300-5
300-10
300-25
2Mbps
2Mbps
6Mbps
500
500
1000
800
800
2000
10
150
No limit
600-10
600-20
600-35
6Mbps
12Mbps
25Mbps
1000
2000
4000
2000
3000
4000
500
1000
No limit
900-10
900-20
900-30
900-45
45Mbps
90Mbps
155Mbps
200Mbps
6000
9000
15,000
20,000
8000
10,000
3500
6000
No limit
No limit
9000-10 155Mbps
9000-20 310Mbps
9000-30 622Mbps
9000-40 1000Mbps
12,000
24,000
60,000
100,000
No limit
No limit
No limit
No limit
the SG300-25-M5 or the SG300-25-PR would be appropriate. Unless price is critical, Proxy
Edition (-PR) should be quoted for branch offices. Proxy Edition should always be quoted
when the branch users have direct internet access.
For the two larger branch offices, the maximum WAN bandwidth is 12Mbps (dual 6Mbps
links). The appropriate solution for these larger branch offices is SG600-20-M5 or SG60020-PR, which will accommodate up to 200 users at a connection to user ratio of 10-to-1. If
room for growth is desired, a SG600-35 should be quoted.
In general, the number of total connections needed at the data center can be calculated as
the sum of connections from all of the connected branch offices. In this case: (10 x 500) +
1500 + 2000 = 8500 connections. The data center in this example is connected via a
45Mbps link, which implies that the SG900-20-M5 model should be used (MACH5 editions
should always be quoted at the data center for pure WAN Optimization deals). Customers
will typically require redundancy for their data center, which means that two SG900-20-M5
models should be quoted. While the SG900-20-M5 is adequate for current performance
needs, if room for growth is required, quote an SG900-30-M5 as the data center
concentrator.
Therefore, the quote would include:
10 x SG300-25-PR (if price is a critical factor, quote 10 x SG300-25-M5 instead);
2 x SG600-20-PR (if price is a critical factor, quote 2 x SG600-20-M5 instead); and
2 x SG900-20-M5
NOTE: Include the appropriate support options for all models. Include the appropriate web
filtering licenses for Proxy Edition appliances that require web filtering. There is no need to
purchase software SSL licenses; they are now available at no charge on all 300, 600, 900
and 9000 models, no matter when they were purchased.
Example WAN Optimization Deployment Scenario - Application Acceleration
Each of the smaller branch offices requires 3 Mbps throughput (dual 1.5 Mbps links) and each
has fewer than 50 concurrent users. Applying the rule of thumb that each user needs 10
connections, the appliance should be able to optimize 500 connections. In this case, either
Copyright © 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat
Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use,
Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners.
Page 2 of 3
EXAMPLE 2: ‘Mixed Use’ Branch Appliance
•
•
•
•
•
•
The branch has 200 active employees, all with Internet access
5 Mbps link to the WAN optimization concentrator
10 Mbps link to an ISP for direct-to-net access
Requires room for growth (+40%)
No ICAP, SSL or filtering
70% CPU utilization
This appliance is to be configured with both Secure Web Gateway forward proxy and WAN
optimization functions enabled. For this situation, use the following sizing guidelines:
Calculate the user count: Determine the concurrent user count for all traffic.
Determine the number of connections required for WAN optimization. A rule of thumb is
to multiply the number of concurrent users by 10.
Calculate the bandwidth: Add the WAN and ISP bandwidth (not offered load) and
compare that number to the WAN sizing guidelines. If using Blue Coat Web Filter, take
75% of the bandwidth in the sizing guide. If using another filtering product, take 50%, or
ask a sizing expert for assistance.
Use the more restrictive factor (bandwidth or user count) to determine the correct
appliance, remembering to allow room for application growth and for new functions
(ICAP, increased SSL load) that are expected in the future.
Only Proxy Edition models (-PR) should be considered because a secure web gateway
is required.
Analysis:
•
User count: 280 (200 concurrent users plus 40% growth)
•
Connections required: 2800 (280 users x 10 connections each)
•
Bandwidth: 21 (15 Mbps plus 40% growth)
From the WAN Optimization Sizing Guide:
•
Max WAN
Bandwidth
Recommended
Max
Connections
Recommended Max
ProxyClients
Managed
600-20
600-35
12Mbps
25Mbps
2000
4000
3000
4000
900-10
45Mbps
6000
8000
Now consider the same case, but with one difference: the customer will also use Blue Coat
Web Filter.
Analysis:
•
User count: 280 (200 concurrent users plus 40% growth)
•
Connections required: 2800 (280 users x 10 connections each)
•
Bandwidth: 21 (15 Mbps plus 40% growth)
•
Since Blue Coat Web Filter is being used, adjust the WAN optimization bandwidth
down by 25%:
Adjusting the WAN Optimization Sizing Guide:
Recommended
Max
Max WAN Bandwidth Connections
•
Recommended Max
ProxyClients
Managed
600-20
600-35
12Mbps 9.0Mbps
25Mbps 18.8Mbps
2000
4000
3000
4000
900-10
45Mbps 33.8Mbps
6000
8000
Choose the unit that supports the most restrictive factor: In this case, the SG600-35
does not offer the 21 Mbps required, so the SG900-10-PR is the correct choice.
NOTE: If web filtering is required at the branch offices, the appropriate web filtering
licenses and service offerings should also be included in the quote. There is no need to
purchase software SSL licenses; software SSL is now licensed on all 300, 600, 900 and
9000 models, no matter when they were purchased. Finally, consider adding an additional
power supply to the quote to take advantage of the redundant power option available on
the SG900-10 and -20.
Choose the unit that supports the most restrictive factor. In this, case that is the SG60035-PR since it meets both the 2800 connection requirement and the 21 Mbps bandwidth
requirement.
Copyright © 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat
Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use,
Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners.
Page 3 of 3