CLEARSWIFT SECURE Web Gateway v2.5 Server sizing guide
CLEARSWIFT SECURE Web Gateway v2.5 Server sizing guide
CLEARSWIFT SECURE Web Gateway v2.5 Server sizing guide
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>CLEARSWIFT</strong><br />
<strong>SECURE</strong> <strong>Web</strong> <strong>Gateway</strong> <strong>v2.5</strong><br />
<strong>Server</strong> <strong>sizing</strong> <strong>guide</strong><br />
Revision 1.1<br />
12/01/2012
Introduction<br />
This document helps you to determine the correct server specification<br />
and appropriate number of servers required to meet the bandwidth<br />
demands of your user population.<br />
Overview<br />
Sustained bandwidth is the most reliable metric for choosing the right<br />
server specification. If you don’t know what the sustained bandwidth<br />
associated with web traffic is, use the available bandwidth of the<br />
Internet connection.<br />
The table below provides guidance on selecting the correct server<br />
specification and number of servers needed based on sustained bandwidth<br />
requirements.<br />
Sustained<br />
Bandwidth<br />
(Mbps)<br />
Peak<br />
Bandwidth<br />
(Mbps)<br />
<strong>Server</strong><br />
Specification<br />
15 Mbps 20 Mbps (A) 1 x dual core Xeon 2.8Ghz, 4GB<br />
RAM, 500GB SATA @ 7200rpm<br />
45 Mbps 55 Mbps (B) 1 x quad core Xeon 2.8Ghz, 4GB<br />
RAM, 500 GB SATA @ 7200 rpm<br />
55 Mbps 70 Mbps (C) 2 x quad core Xeon 2.8Ghz 6GB<br />
RAM, 3x146GB SAS @15k rpm,<br />
RAID 5<br />
Important:<br />
The bandwidth figures shown above are based on HTTP traffic<br />
only, using a 100 Mbps Internet pipe with off-box reporting enabled and<br />
the proxy cache disabled.<br />
When the proxy cache is enabled, an SSD drive MUST be used. In<br />
this case the bandwidth will be lower than shown above.<br />
If the sustained bandwidth required is more than the 55 Mbps delivered by<br />
server specification (C) above, multiple servers can be used to achieve the<br />
required bandwidth.<br />
The ‘Peak Bandwidth’ column indicates the maximum bandwidth<br />
obtainable for short durations.
Example one<br />
<strong>Server</strong> specification (A) = 1 x dual core Xeon 2.8GHz, 4GB RAM, 500GB SATA @7200rpm<br />
Here, the initial recommendation of server specification (A) is based<br />
entirely on bandwidth. For (N+1) resilience two servers can be deployed.<br />
Example two<br />
<strong>Server</strong> specification (C) = 2 x quad core Xeon 2.8GHz, 6GB RAM, 3 x 146GB SAS @ 15k rpm RAID 5<br />
Example two considers a scenario in which no single server is capable<br />
of achieving the desired sustained throughput of 70 Mbps. In this case,<br />
two type (C) servers are required which together provide a combined<br />
throughput of 110 Mbps. For resilience an additional server can be<br />
included.<br />
Maximum throughput<br />
Using servers equivalent to type (C), a total of nine <strong>Web</strong> <strong>Gateway</strong>s can<br />
be peered together, providing a maximum sustainable throughput of<br />
500 Mbps (630Mbps peak) in a single peered environment. Peered <strong>Web</strong><br />
<strong>Gateway</strong>s share a common interface for policy management and<br />
reporting.<br />
If more than 500 Mbps bandwidth is required, multiple <strong>Web</strong> <strong>Gateway</strong><br />
peer groups can be deployed. Where bandwidth requirements exceed<br />
that of a single peer group, please contact Clearswift for additional<br />
advice.
<strong>Gateway</strong> Reporter<br />
Whenever possible, regular reports should be scheduled for off-peak<br />
hours, avoiding times when the <strong>Web</strong> <strong>Gateway</strong> is at its busiest. Clearswift<br />
recommends deploying the <strong>Gateway</strong> Reporter to centralise auditing and<br />
reporting functions to a separate server. This reduces the overall<br />
processing load by moving the consolidation of audit log files away from<br />
the <strong>Web</strong> <strong>Gateway</strong>.<br />
The <strong>Gateway</strong> Reporter should always be deployed in instances where:<br />
1. The audit retention period is greater than 30 days.<br />
2. Two or more servers are needed to meet the sustained bandwidth.<br />
Audit retention period: By default, the retention period is set to 30 days.<br />
Keeping the retention period to a minimum will save disk space, reduce<br />
insertion times, make the reports run faster and improve proxy<br />
performance.<br />
For large user numbers, retaining the audit data for too long will result in<br />
an audit database hundreds of Gigabytes in size. The larger the database,<br />
the longer it takes to insert new records and run reports. Before<br />
increasing the retention period, consider the usefulness of the data. Will<br />
knowing someone accessed a particular website more than 30 days ago<br />
be useful/is it required?<br />
<strong>Gateway</strong> Reporter server specification<br />
The server specification for the <strong>Gateway</strong> Reporter is determined by the<br />
amount of storage required. Storage is calculated as the product of the<br />
number of days audit data is retained and the number of transactions<br />
audited across all <strong>Gateway</strong>s.<br />
The retention period, current database size and average number of daily<br />
transactions processed during the previous seven days are all displayed<br />
under System > System settings > Report Data Settings.<br />
Each transaction stored requires approximately 600 bytes of disk space.<br />
Using the above you can estimate the disk space required. For example,<br />
270,500 transactions per day kept for 60 days will require:<br />
270,500 transactions * 60 days * 600 bytes = 9,738MB or 9.7GB of disk<br />
space
Storage requirement <strong>Gateway</strong> Reporter <strong>Server</strong><br />
Specification<br />
Entry: 500 GB storage 1U, Quad Core, 4 GB RAM, 2 x 500<br />
GB Raid 1<br />
Mid: 1.5 TB storage 1U, Quad Core, 6 GB RAM, 4 x 500<br />
GB Raid 5<br />
High: 3 TB storage 1U, 2 x Quad Core, 8 GB Ram, 4 x<br />
1 TB Raid 5<br />
Virtualised deployment<br />
If the Clearswift <strong>Gateway</strong> running in a virtual environment, sustained<br />
bandwidth should be reduced by 40 - 50% due to the inherent overheads<br />
of a virtual environment, especially where other high-intensity<br />
applications share the same physical host environment. For performance<br />
and resilience, Clearswift recommends deploying multiple instances of<br />
the <strong>Gateway</strong> across separate virtual machines.<br />
Future performance considerations<br />
As web traffic volumes grow through increased use of web applications<br />
and changes in employee numbers, demands placed on the <strong>Web</strong> <strong>Gateway</strong><br />
will change over time.<br />
For this reason, the original servers selected should be reviewed on a<br />
regular basis to ensure that the bandwidth demands being placed on the<br />
<strong>Web</strong> <strong>Gateway</strong> continue to be met by the servers deployed.<br />
Post deployment considerations<br />
Once deployed, there are some policy components and system<br />
configurations that can place additional processing demand on the<br />
<strong>SECURE</strong> <strong>Web</strong> <strong>Gateway</strong>, affecting performance. The following section<br />
highlights these areas and provides guidance on best practice.<br />
Lexical Analysis: The lexical analysis content rule very powerful and can<br />
be used to identify key words and phrases within web content and file<br />
attachments. This rule also allows complex regular expressions capable<br />
of identifying patterns within the text – e.g. customer reference numbers<br />
– to be defined. Regular expression processing requires more CPU power<br />
than searching for simple keywords such as ‘Top Secret’.<br />
The <strong>Web</strong> <strong>Gateway</strong> allows the textual searching to be targeted at<br />
particular parts of the web transfer rather than searching all the web<br />
content. By being more specific about site type, file type, location within<br />
documents and desired search direction, processing overheads and risk of<br />
identifying false positives can be reduced. For example, you only need to
search outbound web traffic for sensitive phrases related to confidential<br />
business information.<br />
To reduce performance overheads associated with textual searching,<br />
consider how you can limit the areas searched to:<br />
• Particular types of sites and documents<br />
• Specific file types<br />
• <strong>Web</strong> page or document content, URL, HTTP header or even<br />
the header, footer and properties of the document.<br />
Note: Selecting ‘HTTP header’ and/or ‘Request URL’ is rarely<br />
needed. Searching every HTTP header and every URL for a<br />
phrase will impact on performance, therefore only select<br />
these after careful consideration.
• Direction - data only leaks out!<br />
Database Optimisation: There are two aspects to database<br />
optimisation:<br />
1. Rebuilding the database indexes:<br />
By default the index rebuilding is performed weekly, on<br />
Saturday at 21.00 hours. This day and time has been selected<br />
because it’s out of hours and therefore doesn’t impact the<br />
performance of the web proxy.<br />
2. Shrinking the database:<br />
Database shrinking means releasing redundant disk space<br />
occupied by deleted rows in the database. This option should<br />
not be enabled unless explicitly instructed to do so by<br />
Clearswift Customer Support.<br />
Hardware compatibility list<br />
For a list of compatible hardware platforms see the<br />
Clearswift <strong>SECURE</strong> <strong>Web</strong> <strong>Gateway</strong> Hardware Sizing Guide<br />
which is available from the resources section of the<br />
Clearswift website within the Technical Guides section.
Contact Clearswift<br />
UK - International HQ<br />
Clearswift Limited<br />
1310 Waterside<br />
Arlington Business Park<br />
Theale<br />
Reading<br />
Berkshire<br />
RG7 4SA<br />
UK<br />
Tel: +44 (0) 118 903 8903<br />
Fax: +44 (0) 118 903 9000<br />
Sales: +44 (0) 118 903 8700<br />
Technical Support: +44 (0) 118 903 8200<br />
Email: info@clearswift.com<br />
Australia<br />
Clearswift<br />
5th Floor<br />
165 Walker Street<br />
North Sydney<br />
New South Wales, 2060<br />
AUSTRALIA<br />
Tel: +61 2 9424 1200<br />
Fax: +61 2 9424 1201<br />
Email: info@clearswift.com.au<br />
Germany<br />
Clearswift<br />
Landsberger Straße 302<br />
D-80 674 Munich<br />
GERMANY<br />
Tel: +49 (0)89 904 05 206<br />
Fax: +49 (0)89 904 05 810<br />
Email: info@clearswift.de<br />
Japan<br />
Clearswift K.K<br />
7F Hanai Bldg.<br />
1-2-9 Shibakouen,<br />
Minato-ku, Tokyo<br />
105-0011<br />
JAPAN<br />
Tel: +81 (3)5777 2248<br />
Fax: +81 (3)5777 2249<br />
Email: info.jp@clearswift.co.jp<br />
Spain<br />
Clearswift España S.L.<br />
Cerro de los Gamos 1, Edif. 1<br />
28224 Pozuelo de Alarcón<br />
Madrid<br />
SPAIN<br />
Tel: +34 91 7901219 / +34 91 7901220<br />
Fax: +34 91 7901112<br />
Email: info.es@clearswift.com<br />
United States<br />
Clearswift Corporation<br />
161 Gaither Drive<br />
Centerpointe<br />
Suite 101<br />
Mt. Laurel, NJ 08054<br />
UNITED STATES<br />
Tel: +1 856-359-2360<br />
Fax: +1 856-359-2361<br />
Email: info@us.clearswift.com<br />
For further information<br />
Contact Information:<br />
Product Manager: mark.maciw@clearswift.com<br />
<strong>Web</strong> site: http://www.clearswift.com
Change language