SSL Gateway Sizing


Can anyone provide me with some SSL Gateway sizing guidelines?



Tags (1)
0 Kudos
2 Replies
2 Bronze

RE: SSL Gateway Sizing

0 Kudos
1 Copper

RE: SSL Gateway Sizing

Sizing of the Secure Gateway can be a very hard process because of the way SSL encryption/decryption is handled when done through software on an OS.  You first need to consider the OS requirements.  After the OS is tuned, you would really have to start adding users and watching the RAM, CPU cycles and Network Utilization in use.

The Secure Gateway does not write to the disk unless logging is enabled.  If logging is enabled, you will get a lot of disk writes depending on the number of users and this will cause degradation of the Secure Gateway server greatly.

SSL Encryption mainly uses CPU and RAM.  It may page a little but paging should not be a great concern.  Encryption/Decryption happens on the fly using CPU and RAM then sending to the NIC.

With the above said, we have seen the Secure Gateway handle 100 - 150 users concurrently on a Virtual Machine with 2 virtual processors and 2GB RAM.  I am not sure if we have run numbers on physical hardware.

If using Secure Gateway and Web Access on the same server, the above numbers decline and one can easily say you get a 30% loss if WA is on the same box.  It is always recommended that if WA and SG are on the same box to setup some sort of Network Load Balancing and have at least two servers in the cluster.  NLB will allow double the numbers and still use a single IP address.