• No results found

SECURE Web Gateway Sizing Guide

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "SECURE Web Gateway Sizing Guide"

Copied!
9
0
0

Loading.... (view fulltext now)

Download now ( 9 Page )

Full text

(1)

SECURE Web Gateway Sizing Guide

Technical Guide

Version 02 26/02/2015

(2)

SECURE Web Gateway Sizing Guide

Contents

Introduction ... 3 Overview ... 3 Example one ... 4 Example two ... 4 Maximum throughput ... 4 Gateway Reporter ... 4

Gateway Reporter server specification ... 5

Virtualized deployment ... 5

Future performance considerations ... 6

Post deployment considerations ... 6

Hardware compatibility list ... 8

(3)

SECURE Web Gateway Sizing Guide

Introduction

This document helps you determine the correct server specification and

appropriate number of servers required to meet the bandwidth demands of your user population.

Overview

Sustained bandwidth is the most reliable metric for choosing the right server

specification. If you don’t know what the sustained bandwidth associated with web traffic is, use the available bandwidth of the Internet connection.

The table below provides guidance on selecting the correct server specification and number of servers needed based on sustained bandwidth requirements.

Sustained Bandwidth (Mbps)

Peak Bandwidth

(Mbps) Server Specification

15 Mbps 20 Mbps (A) 1 x dual core Xeon 2.8Ghz, 4GB RAM, 500GB SATA @ 7200rpm 45 Mbps 55 Mbps (B) 1 x quad core Xeon 2.8Ghz, 4GB RAM, 500 GB SATA @ 7200 rpm 55 Mbps 70 Mbps

(C) 2 x quad core Xeon 2.8Ghz 6GB RAM, 3x146GB SAS @15k rpm, RAID 5

Important:

 The bandwidth figures shown above are based on HTTP traffic only, using a 100 Mbps Internet pipe with off-box reporting enabled and the proxy cache disabled.

 When the proxy cache is enabled, an SSD drive MUST be used. In this case the bandwidth will be lower than shown above.

If the sustained bandwidth required is more than the 55 Mbps delivered by server specification (C) above, multiple servers can be used to achieve the required bandwidth.

The ‘Peak Bandwidth’ column indicates the maximum bandwidth obtainable for short durations.

(4)

SECURE Web Gateway Sizing Guide

Example one

Here, the initial recommendation of server specification (A) is based entirely on bandwidth. For (N+1) resilience two servers can be deployed.

Example two

Example two considers a scenario in which no single server is capable of achieving the desired sustained throughput of 70 Mbps. In this case, two type (C) servers are required which together provide a combined throughput of 110 Mbps. For resilience an additional server can be included.

Maximum throughput

Using servers equivalent to type (C), a total of nine Web Gateways can be peered together, providing a maximum sustainable throughput of 500 Mbps (630Mbps peak) in a single peered environment. Peered Web Gateways share a common interface for policy management and reporting.

If more than 500 Mbps bandwidth is required, multiple Web Gateway peer groups can be deployed. Where bandwidth requirements exceed that of a single peer group, please contact Clearswift for additional advice.

Gateway Reporter

Whenever possible, regular reports should be scheduled for off-peak hours, avoiding times when the Web Gateway is at its busiest. Clearswift recommends deploying the Gateway Reporter to centralize auditing and reporting functions to a separate server. This reduces the overall processing load by moving the consolidation of audit log files away from the Web Gateway.

(5)

SECURE Web Gateway Sizing Guide

1. The audit retention period is greater than 30 days.

2. Two or more servers are needed to meet the sustained bandwidth. Audit retention period: By default, the retention period is set to 30 days. Keeping the retention period to a minimum will save disk space, reduce

insertion times, make the reports run faster and improve proxy performance. For large user numbers, retaining the audit data for too long will result in an audit database hundreds of Gigabytes in size. The larger the database, the longer it takes to insert new records and run reports. Before increasing the retention period, consider the usefulness of the data. Will knowing someone accessed a particular website more than 30 days ago be useful/is it required?

Gateway Reporter server specification

The server specification for the Gateway Reporter is determined by the amount of storage required. Storage is calculated as the product of the number of days audit data is retained and the number of transactions audited across all

Gateways.

The retention period, current database size and average number of daily transactions processed during the previous seven days are all displayed under System > System settings > Report Data Settings.

Each transaction stored requires approximately 600 bytes of disk space. Using the above you can estimate the disk space required. For example, 270,500 transactions per day kept for 60 days will require:

270,500 transactions * 60 days * 600 bytes = 9,738MB or 9.7GB of disk space Storage Requirement Gateway Reporter Server Specification

Entry: 500 GB storage Quad Core Xeon, 4 GB RAM, 2 x 500GB RAID 1

Mid: 1.5 TB storage Quad Core Xeon, 6 GB RAM, 4 x 500GB RAID 5

High: 3 TB storage 2 x Quad Core Xeon, 8 GB RAM, 4 x 1TB RAID 5

Virtualized deployment

If the Clearswift Gateway running in a virtual environment, sustained bandwidth should be reduced by 40 - 50% due to the inherent overheads of a virtual

environment, especially where other high-intensity applications share the same physical host environment. For performance and resilience, Clearswift

(6)

SECURE Web Gateway Sizing Guide

recommends deploying multiple instances of the Gateway across separate virtual machines.

Future performance considerations

As web traffic volumes grow through increased use of web applications and changes in employee numbers, demands placed on the Web Gateway will change over time.

For this reason, the original servers selected should be reviewed on a regular basis to ensure that the bandwidth demands being placed on the Web Gateway continue to be met by the servers deployed.

Post deployment considerations

Once deployed, there are some policy components and system configurations that can place additional processing demand on the SECURE Web Gateway, affecting performance. The following section highlights these areas and provides guidance on best practice.

Lexical Analysis: The lexical analysis content rule very powerful and can be used to identify key words and phrases within web content and file

attachments. This rule also allows complex regular expressions capable of identifying patterns within the text – e.g. customer reference numbers – to be defined. Regular expression processing requires more CPU power than searching for simple keywords such as ‘Top Secret’.

The Web Gateway allows the textual searching to be targeted at particular parts of the web transfer rather than searching all the web content. By being more specific about site type, file type, location within documents and desired search direction, processing overheads and risk of identifying false positives can be reduced. For example, you only need to search outbound web traffic for

sensitive phrases related to confidential business information.

To reduce performance overheads associated with textual searching, consider how you can limit the areas searched to:

(7)

SECURE Web Gateway Sizing Guide

 Specific file types

 Web page or document content, URL, HTTP header or even the header, footer and properties of the document.

Note: Selecting ‘HTTP header’ and/or ‘Request URL’ is rarely needed. Searching every HTTP header and every URL for a phrase will impact on performance, therefore only select these after careful consideration.

 Direction - data only leaks out!

Database Optimization: There are two aspects to database optimization: 1. Rebuilding the database indexes:

(8)

SECURE Web Gateway Sizing Guide

By default the index rebuilding is performed weekly, on Saturday at 21.00 hours. This day and time has been selected because it’s out of hours and therefore doesn’t impact the performance of the web proxy.

2. Shrinking the database:

Database shrinking means releasing redundant disk space occupied by deleted rows in the database. This option should not be enabled unless explicitly instructed to do so by Clearswift Customer Support.

Hardware compatibility list

For a list of compatible hardware platforms see the Clearswift SECURE Web Gateway Hardware Sizing Guide which is available from the resources section of the Clearswift website within the Technical Guides section.

(9)

SECURE Web Gateway Sizing Guide

Contact Clearswift

UK - International HQ

Clearswift Limited 1310 Waterside Arlington Business Park Theale Reading Berkshire RG7 4SA UK

Tel: +44 (0) 118 903 8903 Fax: +44 (0) 118 903 9000 Sales: +44 (0) 118 903 8700 Technical Support: +44 (0) 118 903 8200 Email: [email protected] Australia Clearswift 5th Floor 165 Walker Street North Sydney

New South Wales, 2060 AUSTR ALIA Tel: +61 2 9424 1200 Fax: +61 2 9424 1201 Email: [email protected] Germany Clearswift Landsberger Straße 302 D-80 674 Munich GERMANY Tel: +49 (0)89 904 05 206 Fax: +49 (0)89 904 05 810 Email: [email protected] Japan Clearswift K.K 7F Hanai Bldg. 1-2-9 Shibakouen, Minato-ku, Tokyo 105-0011 JAPAN Tel: +81 (3)5777 2248 Fax: +81 (3)5777 2249 Email: [email protected] United States Clearswift Corporation 161 Gaither Drive Centerpointe Suite 101 Mt. Laurel, NJ 08054 UNITED STATES Tel: +1 856-359-2360 Fax: +1 856-359-2361 Email: [email protected]

For further information

References

Download now ( PDF - 9 Page - 352.48 KB )

Related documents

Answers to 2014 Bar Questions in Criminal Law

Here, during the trial for Theft, AA had been previously convicted by final judgment for the crime of Robbery, both crimes being embraced in the same title of the

Practical Planning, Thought Leadership & Best Practices for Retirement Planning By Lyle Benson, CPA/PFS

Oransky believes CPA financial planners can help clients plan for retirement by helping them understand risk, focus on cash flow and optimize asset location within a portfolio..

SAFETY DATA SHEET NATURAL STONE PRODUCTS. New Venetian Gold

Inhalation and potential exposure to eyes, hands, or other body parts if contact is made with broken tile, and/or during procedures involving the cutting of products, and/or

MEDICAID UTILIZATION ANALYST

Four years of professional experience providing clinical patient care requiring documentation of services provided, patient progress, etc. nursing/therapy services); or; two years

A Literature Review of Expert Problem Solving using Analogy

Our goal therefore is to conduct a systematic literature review (SLR) of the empirical literature on cognitive aspects of expert problem solving using analogies for

Targeting immune response with therapeutic vaccines in premalignant lesions and cervical cancer: hope or reality from clinical studies

Therapeutic human papilloma virus 16 (HPV- 16) E6/E7 long peptides vaccine (ISA101) at different doses with or without IFN- α as combination therapy with carboplatin and paclitaxel

BEST PRACTICES FOR INTEGRATING TELESTREAM VANTAGE WITH EMC ISILON ONEFS

When sizing an Isilon cluster for a new installation, Vantage server performance is benchmarked using local storage in order to determine bandwidth requirements for a single

Security Target for Citrix Presentation Server 4.0 For Windows

The ‘Server Component’ of the TOE is composed of the server running the Secure Gateway, the Secure Web Server, the server running the Web Interface, the server running the