95162610-6-1-WAN-Optimization-Sizing-Guide-SG300-600-900-9000-4Aug11-f

Embed Size (px)

Citation preview

  • Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered

    trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Page 1 of 3

    These guidelines show the relative power of SG appliances. Appropriate configurations can vary significantly from these guidelines and will depend on technical requirements.

    WAN Optimization Use this guide when a ProxySG is being used for WAN optimization with or without other functionality like forward proxy. Both SGOS Acceleration Edition and SGOS Proxy Edition can be used for WAN optimization. Special rules apply for sizing units running Mixed Use loads - both WAN optimization and forward proxy. See Example 2.

    Max WAN Bandwidth Maximum WAN link speed appropriate for this model. Using a ProxySG on a WAN link that exceeds its maximum WAN link speed can result in suboptimal performance.

    Recommended Max Connections The recommended maximum number of connections. A rule of thumb is that each active user will require ten connections.

    Clustering

    Clusters of up to 20 ProxySGs can be created to handle substantially more traffic and users. Client Manager for Proxy Client Assumes a dedicated ProxySG appliance at 45% peak CPU load for servicing ProxyClients. Use of a dedicated ProxySG is recommended as a best practice. Always use SGOS Proxy Edition for any ProxyClient deployments requiring remote filtering. SGOS Acceleration Edition is sufficient for acceleration-only ProxyClient deployments.

    Recommended Max ProxyClients Managed Maximum number of ProxyClient instances connecting to a Client Manager, regardless of the features enabled on the ProxyClient (filtering, acceleration or both).

    Licensing ProxySGs are licensed based on concurrent client IP addresses only. Other values such as Max WAN Bandwidth and Recommended Max Connections are suggested based on the physical capacity of the system.

    Sizing Guide for ProxySG Deployments

    SGOS Version 6.1

    4 August 2011

    Licensing

    Max Internet

    Bandwidth

    Recommended Max

    ProxyClients

    Managed Drives

    Total

    Storage

    (GB) Bypass Other

    300-5 6Mbps 800 10 / 30 1 250 1 2GB 2 x 1000BT 1 x 1000BT Single

    300-10 6Mbps 800 150 1 250 1 2GB 2 x 1000BT 1 x 1000BT Single

    300-25 10Mbps 2000 No limit 1 250 1 4GB 2 x 1000BT 1 x 1000BT Single

    600-10 12Mbps 2000 500 1 250 1 4GB 1 open slot 2 x 1000BT 1 x 1000BT Single

    600-20 20Mbps 3000 1000 2 500 1 4GB 1 open slot 2 x 1000BT 1 x 1000BT Single

    600-35 30Mbps 4000 No limit 2 500 1 4GB 1 open slot 2 x 1000BT 1 x 1000BT Single

    900-10 60Mbps 8000 3500 2 1000 2 6GB 2 open slots 2 x 1000BT 2 x 1000BT Single

    900-20 90Mbps 10,000 6000 2 2000 2 8GB 2 open slots 2 x 1000BT 2 x 1000BT Single

    900-30 155Mbps No limit 3 3000 2 12GB 2 open slots 2 x 1000BT 2 x 1000BT Redundant

    900-45 200Mbps No limit 4 4000 4 16GB 2 open slots 2 x 1000BT 2 x 1000BT Redundant

    9000-10 155Mpbs No limit 8 4000 2 8GB SSL, 3 open slots 4 x 1000BT Redundant

    9000-20 250Mbps No limit 10 5000 4 16GB SSL, 3 open slots 4 x 1000BT Redundant* Security Mode; Performance Mode often 10 if ADN-enabled, Note: Hardware SSL support Redundancy

    can use less powerful ProxyAV hardware 30 if not is included on all models optional

    Hardware Spec

    Power

    Supply

    Preinstalled Cards

    and Available Slots

    Licensed

    Client IPs

    CPU

    Cores

    Storage Memory On-board Network Client Manager

    for ProxyClient

    Deployment Mode

    Model Forward

    Proxy

  • Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use,

    Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Page 2 of 3

    Licensed Client IPs Licensed users are measured by the number of unique client IP addresses with open inbound TCP connections to the ProxySG. The measurement is instantaneous and concurrent. It is not based on the average over any time interval. The administrator can configure the appliance to either bypass connections from new users when the license limit is exceeded, to delay them until another client drops all of its connections or to attempt to accept them. The default is to accept them.

    For WAN Optimization deployments, Blue Coat recommends purchasing a ProxySG model based on the maximum number of client connections it needs to support, not the maximum number of users, since limits associated with connections are likely to be reached first. This does not apply to the 310-5, however.

    Hardware Spec Hardware-based SSL acceleration is included for all models. A separate license is not required to activate SSL termination. Ports on bypass-capable network interfaces can be configured to be bridged pair-wise or to act independently.

    EXAMPLE 1: WAN Optimization Only

    10 smaller branches with dual T1 lines (1.5Mbps each), each with less than 50 users 2 large branches, one with 150 users, the other with 200 users, with dual 6Mbps WAN

    links 1 data center with a single DS3 link (45Mbps)

    Each of the smaller branch offices requires 3 Mbps throughput (dual 1.5 Mbps links) and each has fewer than 50 concurrent users. Applying the rule of thumb that each user needs 10 connections, the appliance should be able to optimize 500 connections. In this case, either the SG300-25-M5 or the SG300-25-PR would be appropriate. Unless price is critical, Proxy Edition (-PR) should be quoted for branch offices. Proxy Edition should always be quoted when the branch users have direct internet access. For the two larger branch offices, the maximum WAN bandwidth is 12Mbps (dual 6Mbps links). The appropriate solution for these larger branch offices is SG600-20-M5 or SG600-20-PR, which will accommodate up to 200 users at a connection to user ratio of 10-to-1. If room for growth is desired, a SG600-35 should be quoted.

    In general, the number of total connections needed at the data center can be calculated as the sum of connections from all of the connected branch offices. In this case: (10 x 500) + 1500 + 2000 = 8500 connections. The data center in this example is connected via a 45Mbps link, which implies that the SG900-20-M5 model should be used (MACH5 editions should always be quoted at the data center for pure WAN Optimization deals). Customers will typically require redundancy for their data center, which means that two SG900-20-M5 models should be quoted. While the SG900-20-M5 is adequate for current performance needs, if room for growth is required, quote an SG900-30-M5 as the data center concentrator.

    Therefore, the quote would include:

    10 x SG300-25-PR (if price is a critical factor, quote 10 x SG300-25-M5 instead); 2 x SG600-20-PR (if price is a critical factor, quote 2 x SG600-20-M5 instead); and 2 x SG900-20-M5

    NOTE: Include the appropriate support options for all models. Include the appropriate web filtering licenses for Proxy Edition appliances that require web filtering. There is no need to purchase software SSL licenses; they are now available at no charge on all 300, 600, 900 and 9000 models, no matter when they were purchased.

    Licensing

    Max WAN

    Bandwidth

    Recommended

    Max

    Connections

    Recommended Max

    ProxyClients

    Managed With ADN Enabled

    300-5 2Mbps 500 800 10

    300-10 2Mbps 500 800 150

    300-25 6Mbps 1000 2000 No limit

    600-10 6Mbps 1000 2000 500

    600-20 12Mbps 2000 3000 1000

    600-35 25Mbps 4000 4000 No limit

    900-10 45Mbps 6000 8000 3500

    900-20 90Mbps 9000 10,000 6000

    900-30 155Mbps 15,000 No limit

    900-45 200Mbps 20,000 No limit

    9000-10 155Mbps 12,000 No limit

    9000-20 310Mbps 24,000 No limit

    Deployment Mode

    Model WAN Optimization Client Manager

    for ProxyClient

    Licensed Client

    IPsand 'Mixed Use' see notes

    Example WAN Optimization Deployment Scenario - Application Acceleration

  • Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use,

    Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Page 3 of 3

    EXAMPLE 2: Mixed Use Branch Appliance The branch has 200 active employees, all with Internet access 5 Mbps link to the WAN optimization concentrator 10 Mbps link to an ISP for direct-to-net access Requires room for growth (+40%) No ICAP, SSL or filtering 70% CPU utilization This appliance is to be configured with both Secure Web Gateway forward proxy and WAN optimization functions enabled. For this situation, use the following sizing guidelines:

    Calculate the user count: Determine the concurrent user count for all traffic. Determine the number of connections required for WAN optimization. A rule of thumb is

    to multiply the number of concurrent users by 10.

    Calculate the bandwidth: Add the WAN and ISP bandwidth (not offered load) and compare that number to the WAN sizing guidelines. If using Blue Coat Web Filter, take 75% of the bandwidth in the sizing guide. If using another filtering product, take 50%, or ask a sizing expert for assistance.

    Use the more restrictive factor (bandwidth or user count) to determine the correct appliance, remembering to allow room for application growth and for new functions (ICAP, increased SSL load) that are expected in the future.

    Only Proxy Edition models (-PR) should be considered because a secure web gateway is required.

    Analysis:

    User count: 280 (200 concurrent users plus 40% growth)

    Connections required: 2800 (280 users x 10 connections each)

    Bandwidth: 21 (15 Mbps plus 40% growth) From the WAN Optimization Sizing Guide:

    Choose the unit that supports the most restrictive factor. In this, case that is the SG600-35-PR since it meets both the 2800 connection requirement and the 21 Mbps bandwidth requirement.

    Now consider the same case, but with one difference: the customer will also use Blue Coat Web Filter. Analysis:

    User count: 280 (200 concurrent users plus 40% growth)

    Connections required: 2800 (280 users x 10 connections each)

    Bandwidth: 21 (15 Mbps plus 40% growth)

    Since Blue Coat Web Filter is being used, adjust the WAN optimization bandwidth down by 25%: Adjusting the WAN Optimization Sizing Guide:

    Choose the unit that supports the most restrictive factor: In this case, the SG600-35 does not offer the 21 Mbps required, so the SG900-10-PR is the correct choice.

    NOTE: If web filtering is required at the branch offices, the appropriate web filtering licenses and service offerings should also be included in the quote. There is no need to purchase software SSL licenses; software SSL is now licensed on all 300, 600, 900 and 9000 models, no matter when they were purchased. Finally, consider adding an additional power supply to the quote to take advantage of the redundant power option available on the SG900-10 and -20.

    Max WAN

    Bandwidth

    Recommended

    Max

    Connections

    Recommended Max

    ProxyClients

    Managed

    600-20 12Mbps 2000 3000

    600-35 25Mbps 4000 4000

    900-10 45Mbps 6000 8000

    Max WAN Bandwidth

    Recommended

    Max

    Connections

    Recommended Max

    ProxyClients

    Managed

    600-20 12Mbps 9.0Mbps 2000 3000

    600-35 25Mbps 18.8Mbps 4000 4000

    900-10 45Mbps 33.8Mbps 6000 8000