Sie sind auf Seite 1von 3

Sizing Guide for ProxySG Deployments

WAN Optimization
SGOS Version 6.2
23 May 2011
Deployment Mode
Model

WAN Optimization
and 'Mixed Use' see notes
Recommended
Max WAN
Max
Bandwidth
Connections

Hardware Spec

Licensing

Client Manager
for ProxyClient

Licensed Client
IPs

Storage

Recommended Max
ProxyClients
Managed

With ADN Enabled

Drives Total Storage (GB)

CPU
Cores

Memory

2Mbps
2Mbps
6Mbps

500
500
1000

800
800
2000

10
150
No limit

1
1
1

250
250
250

1
1
1

2GB
2GB
4GB

600-10
600-20
600-35

6Mbps
12Mbps
25Mbps

1000
2000
4000

2000
3000
4000

500
1000
No limit

1
2
2

250
500
500

1
1
1

4GB
4GB
4GB

900-10
900-20
900-30
900-45

45Mbps
90Mbps
155Mbps
200Mbps

6000
9000
15,000
20,000

8000
10,000

3500
6000
No limit
No limit

2
2
3
4

1000
2000
3000
4000

2
2
2
4

9000-10 155Mbps
9000-20 310Mbps
9000-30 622Mbps
9000-40 1000Mbps

12,000
24,000
60,000
100,000

No limit
No limit
No limit
No limit

8
10
10
15

4000
5000
10,000
15,000

2
4
8
12

nections is likely to be reached before this limit

These guidelines show the relative power of SG appliances. Appropriate configurations


can vary significantly from these guidelines and will depend on technical requirements.
WAN Optimization
Use this guide when a ProxySG is being used for WAN optimization with or without other
functionality like forward proxy. Both SGOS Acceleration Edition and SGOS Proxy Edition can
be used for WAN optimization. Special rules apply for sizing units running Mixed Use loads both WAN optimization and forward proxy. See Example 2.
Max WAN Bandwidth
Maximum WAN link speed appropriate for this model. Using a ProxySG on a WAN link that
exceeds its maximum WAN link speed can result in suboptimal performance.
Recommended Max Connections
The recommended maximum number of connections. A rule of thumb is that each active user
will require ten connections.
Clustering
Clusters of up to 20 ProxySGs can be created to handle substantially more traffic and users.

On-board Network

Bypass

300-5
300-10
300-25

Except for the 300-5, Recommended Max Con-

Preinstalled Cards and


Available Slots

Power
Supply

Other

2 x 1000BT 1 x 1000BT
2 x 1000BT 1 x 1000BT
2 x 1000BT 1 x 1000BT

Single
Single
Single

1 open slot
1 open slot
1 open slot

2 x 1000BT 1 x 1000BT
2 x 1000BT 1 x 1000BT
2 x 1000BT 1 x 1000BT

Single
Single
Single

6GB
8GB
12GB
16GB

2 open slots
2 open slots
2 open slots
2 open slots

2 x 1000BT
2 x 1000BT
2 x 1000BT
2 x 1000BT

8GB
16GB
40GB
64GB

SSL, 3 open slots


SSL, 3 open slots
SSL, 3 open slots

4 x 1000BT
4 x 1000BT
4 x 1000BT
4 x 1000BT

SSL, Compression, 2 open slots


Note: Hardware SSL support
is included on all models

2 x 1000BT
2 x 1000BT
2 x 1000BT
2 x 1000BT

Single

Single
Redundant
Redundant
Redundant
Redundant
Redundant
Redundant
Redundancy

optional

Client Manager for Proxy Client


Assumes a dedicated ProxySG appliance at 45% peak CPU load for servicing ProxyClients.
Use of a dedicated ProxySG is recommended as a best practice. Always use SGOS Proxy
Edition for any ProxyClient deployments requiring remote filtering. SGOS Acceleration Edition
is sufficient for acceleration-only ProxyClient deployments.
Recommended Max ProxyClients Managed
Maximum number of ProxyClient instances connecting to a Client Manager, regardless of the
features enabled on the ProxyClient (filtering, acceleration or both).
Licensing
ProxySGs are licensed based on concurrent client IP addresses only. Other values such as
Max WAN Bandwidth and Recommended Max Connections are suggested based on the
physical capacity of the system.
Licensed Client IPs
Licensed users are measured by the number of unique client IP addresses with open inbound
TCP connections to the ProxySG. The measurement is instantaneous and concurrent. It is not
based on the average over any time interval. The administrator can configure the appliance to
either bypass connections from new users when the license limit is exceeded, to delay them

Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc.
Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered
trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners.
Page 1 of 3

until another client drops all of its connections or to attempt to accept them. The default is to
accept them.
For WAN Optimization deployments, Blue Coat recommends purchasing a ProxySG model
based on the maximum number of client connections it needs to support, not the maximum
number of users, since limits associated with connections are likely to be reached first. This
does not apply to the 310-5, however.
Hardware Spec
Hardware-based SSL acceleration is included for all models. A separate license is not
required to activate SSL termination. Ports on bypass-capable network interfaces can be
configured to be bridged pairwise or to act independently.

EXAMPLE 1: WAN Optimization Only

10 smaller branches with dual T1 lines (1.5Mbps each), each with less than 50 users
2 large branches, one with 150 users, the other with 200 users, with dual 6Mbps WAN
links
1 data center with a single DS3 link (45Mbps)

Deployment Mode
Model

WAN Optimization

Licensing

and 'Mixed Use' see notes

Client Manager
for ProxyClient

Licensed Client IPs

Max WAN
Bandwidth

Recommended
Max
Connections

Recommended Max
ProxyClients
Managed

With ADN Enabled

300-5
300-10
300-25

2Mbps
2Mbps
6Mbps

500
500
1000

800
800
2000

10
150
No limit

600-10
600-20
600-35

6Mbps
12Mbps
25Mbps

1000
2000
4000

2000
3000
4000

500
1000
No limit

900-10
900-20
900-30
900-45

45Mbps
90Mbps
155Mbps
200Mbps

6000
9000
15,000
20,000

8000
10,000

3500
6000
No limit
No limit

9000-10 155Mbps
9000-20 310Mbps
9000-30 622Mbps
9000-40 1000Mbps

12,000
24,000
60,000
100,000

No limit
No limit
No limit
No limit

the SG300-25-M5 or the SG300-25-PR would be appropriate. Unless price is critical, Proxy
Edition (-PR) should be quoted for branch offices. Proxy Edition should always be quoted
when the branch users have direct internet access.
For the two larger branch offices, the maximum WAN bandwidth is 12Mbps (dual 6Mbps
links). The appropriate solution for these larger branch offices is SG600-20-M5 or SG60020-PR, which will accommodate up to 200 users at a connection to user ratio of 10-to-1. If
room for growth is desired, a SG600-35 should be quoted.
In general, the number of total connections needed at the data center can be calculated as
the sum of connections from all of the connected branch offices. In this case: (10 x 500) +
1500 + 2000 = 8500 connections. The data center in this example is connected via a
45Mbps link, which implies that the SG900-20-M5 model should be used (MACH5 editions
should always be quoted at the data center for pure WAN Optimization deals). Customers
will typically require redundancy for their data center, which means that two SG900-20-M5
models should be quoted. While the SG900-20-M5 is adequate for current performance
needs, if room for growth is required, quote an SG900-30-M5 as the data center
concentrator.
Therefore, the quote would include:

10 x SG300-25-PR (if price is a critical factor, quote 10 x SG300-25-M5 instead);

2 x SG600-20-PR (if price is a critical factor, quote 2 x SG600-20-M5 instead); and

2 x SG900-20-M5
NOTE: Include the appropriate support options for all models. Include the appropriate web
filtering licenses for Proxy Edition appliances that require web filtering. There is no need to
purchase software SSL licenses; they are now available at no charge on all 300, 600, 900
and 9000 models, no matter when they were purchased.

Example WAN Optimization Deployment Scenario - Application Acceleration

Each of the smaller branch offices requires 3 Mbps throughput (dual 1.5 Mbps links) and each
has fewer than 50 concurrent users. Applying the rule of thumb that each user needs 10
connections, the appliance should be able to optimize 500 connections. In this case, either
Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat
Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use,
Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners.
Page 2 of 3

EXAMPLE 2: Mixed Use Branch Appliance

The branch has 200 active employees, all with Internet access
5 Mbps link to the WAN optimization concentrator
10 Mbps link to an ISP for direct-to-net access
Requires room for growth (+40%)
No ICAP, SSL or filtering
70% CPU utilization

This appliance is to be configured with both Secure Web Gateway forward proxy and WAN
optimization functions enabled. For this situation, use the following sizing guidelines:

Calculate the user count: Determine the concurrent user count for all traffic.

Determine the number of connections required for WAN optimization. A rule of thumb is
to multiply the number of concurrent users by 10.

Calculate the bandwidth: Add the WAN and ISP bandwidth (not offered load) and
compare that number to the WAN sizing guidelines. If using Blue Coat Web Filter, take
75% of the bandwidth in the sizing guide. If using another filtering product, take 50%, or
ask a sizing expert for assistance.

Use the more restrictive factor (bandwidth or user count) to determine the correct
appliance, remembering to allow room for application growth and for new functions
(ICAP, increased SSL load) that are expected in the future.

Only Proxy Edition models (-PR) should be considered because a secure web gateway
is required.
Analysis:

User count: 280 (200 concurrent users plus 40% growth)

Connections required: 2800 (280 users x 10 connections each)

Bandwidth: 21 (15 Mbps plus 40% growth)


From the WAN Optimization Sizing Guide:

Max WAN
Bandwidth

Recommended
Max
Connections

Recommended Max
ProxyClients
Managed

600-20
600-35

12Mbps
25Mbps

2000
4000

3000
4000

900-10

45Mbps

6000

8000

Now consider the same case, but with one difference: the customer will also use Blue Coat
Web Filter.
Analysis:

User count: 280 (200 concurrent users plus 40% growth)

Connections required: 2800 (280 users x 10 connections each)

Bandwidth: 21 (15 Mbps plus 40% growth)

Since Blue Coat Web Filter is being used, adjust the WAN optimization bandwidth
down by 25%:
Adjusting the WAN Optimization Sizing Guide:
Recommended
Max
Max WAN Bandwidth Connections

Recommended Max
ProxyClients
Managed

600-20
600-35

12Mbps 9.0Mbps
25Mbps 18.8Mbps

2000
4000

3000
4000

900-10

45Mbps 33.8Mbps

6000

8000

Choose the unit that supports the most restrictive factor: In this case, the SG600-35
does not offer the 21 Mbps required, so the SG900-10-PR is the correct choice.

NOTE: If web filtering is required at the branch offices, the appropriate web filtering
licenses and service offerings should also be included in the quote. There is no need to
purchase software SSL licenses; software SSL is now licensed on all 300, 600, 900 and
9000 models, no matter when they were purchased. Finally, consider adding an additional
power supply to the quote to take advantage of the redundant power option available on
the SG900-10 and -20.

Choose the unit that supports the most restrictive factor. In this, case that is the SG60035-PR since it meets both the 2800 connection requirement and the 21 Mbps bandwidth
requirement.

Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat
Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use,
Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners.
Page 3 of 3