We are strongly considering the McAfee Gateway solution, and we are getting ready to demo it, but I am curious what type of utilization other customers are seeing when using the VM Appliance on their own VMWare host. I would GREATLY appreciate any input regarding the following, or other thoughts:
What do you have your gateway VM speced out at for CPU and RAM?
What is your avg utilization during the day for:
How many users are you filtering through the VM and what type of avg bandwidth?
We are only looking to make the call between going th VM route vs the hardware appliance, not looking to discount McAfee based on the VM utilization. We have a number of mission critical VMs on the host, and my main concern is the I/O and the network traffic to the gateway VM causing degradation to the other VM's on the host. The CPU/RAM specs are important for truly determining if we can allocate the resources for this VM, but at the end of the day, they can always be capped, where you are much more likely to run into issues affecting other VM's with I/O or LAN utilization.
I dont have any input on host utilization, but I will say turn off caching if you are using MWG in VM. This causes high IO and is not recommended for VMs.
This can be done in two place, first is appliance specific under Configuration > [select your appliance] > Proxies. Or Globally under Common Rules > Web Cache, disable the ruleset.
Yeah, I have read that. I was just curious what type of utilization people have been seeing in practice. Minimum specs are one thing, real-world is another!
On specs, memory doesn't matter too much as MWG doesn't really use > 4GB all that much... allocating 8GB, 16GB or 32 GB seems to work about the same for about 800 req/sec.
As with all VMs, providing too many vCPUs won't help.(8 or 12 seems to be a sweetspot but really depends on the underlying hardware).
MWG on ESX will consume CPU cycles.
Disk and Disk I/O is whre MWG on VM really suffers. MWG just isn't written with ESX in mind..
You'll get pretty adequate performance with SSD (or if you have SAN storage) but for anything else, best to turn off caching and Anti-ware.
as a normal URL-filtering proxy, it performs pretty well. If you need caching and anti-malware, invest in really quick disks or buy the appliances.....
I'm sure a McAfee expert will correct me
i am really no sizing expert here (ask our PS or sales guys ), but just want to add that enabled cache in VM deployment is the most common issue if customers feeling "slowness" in high req situation if the disk backend is not fast enough. But i would strongly disagree to disable the Antimalware Engine. Also going over 8 vCPU i do not have any indication that will do the trick. And for LAN util, well, i do not know your setup/environment but by using 1 GBit/s Network is quite comon today so i do not think you will have a bottleneck here at all.
As a rule of thumb: Try to avoid using web cache in VM deployment if you do not have SSD / SAN storage, never assign more virtual CPUs than real Cores are availble on the host system, maybe try to use Resource Pools for your production servers and different resource pool for the MWGs that both groups of VMs will not degrade each other.