5 Replies Latest reply on Aug 24, 2012 12:44 AM by eelsasser

    McAfee Web Gateway & Reporter sizing for Virtual Appliance

      Hi,

       

      I have a customer that wants to know the sizing specs for VM. Customer wants to deploy Web GW and Reporter on Virtual Appliance. I know having Request/sec will help in sizing but we don’t have that information. Can we make assumptions?

       

      What VM Specs needed to support?

      30,000 Users – for Web GW and Web Reporter

      40,000 Users – for Web GW and Web Reporter

      50,000 Users – for Web GW and Web Reporter

      80,000 Users – for Web GW and Web Reporter

      90,000 Users – for Web GW and Web Reporter

       

      If the sizing is too big for one VM to handle, please advise how we can split it? I.e. 2 x VM with biggest specs possible

       

      Regards

      Joshua

       

        • 1. Re: McAfee Web Gateway & Reporter sizing for Virtual Appliance

          I will attempt to answer this as best I can. This is only based on my gut feeling and has no corroboration with engineering.

           

          It is almost impossible to accurately size a virtual environment because we have no idea what other guests you may having running on the VMware host. MWG is tuned to the physical hardware we provide, so we know what the limits are to the sizing, but we don't control what hardware you may have or the other guests that are running and cannot predict the results.

           

          I personally don't recommend using VMware for installations larger than 3,000-5,000 users. I usually see it used for sites of 1,000 users or less.

           

          For 3,000-5,000 users, I would use minimums of:
          8 Gig RAM
          8 CPU cores
          300 Gig HD

           

          I would also turn off web caching because that very disk IO intensive and can affect performance of the other guests sharing the disk.

           

          Because the resource requirement is very high compared to the physical appliance, for the user counts you are asking (30,000 to 90,000 users) i would not use VM. I would only go with appliances. It may actually be less expensive using appliances at this scale that trying to leverage virtual.

           

          Again, this is not any official statement, just observation and instinct. I could be totally wrong (but i don't think so).

          1 of 1 people found this helpful
          • 2. Re: McAfee Web Gateway & Reporter sizing for Virtual Appliance

            Thank you very much for sharing!

             

            Does it means that I must deploy 10 x Web GW appliances in order to support up to 50,000 users? In this case, how is the deployment like? Using Load balancer? or a central Web Gateway manager to manage all 10 appliances?

            • 3. Re: McAfee Web Gateway & Reporter sizing for Virtual Appliance

              That's where it gets tricky. I wouldn't suggest trying to deploy 50,000 users on VM in the first place, unless they were widely distributed, like 3,000 users in 16 locations.

              I would suggest appliances or if rack space were at a premium, i would use blades.

              You would have to tell me the use case for why you have to use VM. Is it rackspace constrained, or you want high density or wide geographic distribution, or ISP, or any number of other scenarios.

               

              One VM with the above specs for 5,000 users does not mean 2 instances on the same host will support 10,000 users or 10 instances will support 50,000 users. It's not a linear progression and there is a point of diminishing returns.

               

              Even with the appliances, you cannot make accurate assesments of anything based on user counts. Although I would be comfortable with guessing that 6-8 WG5500s would support 50,000 users, you may need more or less hardware. Users counts do not equal performance statistics. I just came from a customer site that has 50,000 users and they have 8 blue coats + 8 ProxyAVs that they are replacing with 8 MWGs. But other customers might have twice as many appliances for half as many users.

               

               

              Even if you spec out a single VM guest to have the same hardware equivalent as the appliance, you will not get the same performance. You get at least a 30% hit just because it's on VMware, and that's with one guest running on a single host. Add more guests and the overhead increases per appliance. And that doesn't take into account what features you have turned on. I usually use worst case with all features on when i size. If you only want URL filtering, that's a totally different set of calculations.

               

              You can use VM instances of MWG for central management to manage them if you wanted.

               

              I'm sorry for evading the direct question, but the truth is, it's all incalcuable without actual traffic statistics.

              The problem is, we can't test every combination of possibilities and have no control over the deployment. I can't make broad generalizations based on just user counts.

              • 4. Re: McAfee Web Gateway & Reporter sizing for Virtual Appliance

                thank you for your recommendations and insight information regarding this sizing, I know it is very tough to size it accurate just basing on users. I guess I shall recommend customer to go for Blade Servers instead. Thank you very much!

                • 5. Re: McAfee Web Gateway & Reporter sizing for Virtual Appliance

                  Keep in mind, someone from support or product management or engineering could still say that I have no idea what I'm talking about and I'm full of BS.

                  It's still my own opinion, and you know what they say about opinions.