Sizing Guide for ProxySG Deployments SGOS Version 6.

1 4 August 2011

Deployment Mode
Model Forward Proxy
Max Internet Bandwidth

Licensing
Licensed Client IPs Storage
Total Storage (GB)

Hardware Spec
CPU Memory Cores Preinstalled Cards and Available Slots On-board Network Power Supply

Client Manager for ProxyClient

Recommended Max ProxyClients Managed

Drives

Bypass
1 1 1 1 1 1 2 2 2 4 2 4 2GB 2GB 4GB 4GB 4GB 4GB 6GB 8GB 12GB 16GB 8GB 16GB 1 open slot 1 open slot 1 open slot 2 open slots 2 open slots 2 open slots 2 open slots SSL, 3 open slots SSL, 3 open slots
Note: Hardware SSL support is included on all models

Other
Single Single Single Single Single Single Single Single Redundant Redundant Redundant Redundant
Redundancy

300-5 300-10 300-25 600-10 600-20 600-35 900-10 900-20 900-30 900-45 9000-10 9000-20

6Mbps 6Mbps 10Mbps 12Mbps 20Mbps 30Mbps 60Mbps 90Mbps 155Mbps 200Mbps 155Mpbs 250Mbps

800 800 2000 2000 3000 4000 8000 10,000

10 / 30 150 No limit 500 1000 No limit 3500 6000 No limit No limit No limit No limit

1 1 1 1 2 2 2 2 3 4 8 10

250 250 250 250 500 500 1000 2000 3000 4000 4000 5000

2 x 1000BT 1 x 1000BT 2 x 1000BT 1 x 1000BT 2 x 1000BT 1 x 1000BT 2 x 1000BT 1 x 1000BT 2 x 1000BT 1 x 1000BT 2 x 1000BT 1 x 1000BT 2 x 1000BT 2 x 1000BT 2 x 1000BT 2 x 1000BT 2 x 1000BT 2 x 1000BT 2 x 1000BT 2 x 1000BT 4 x 1000BT 4 x 1000BT

* Security Mode; Performance Mode often 10 if ADN-enabled, can use less powerful ProxyAV hardware 30 if not

optional

These guidelines show the relative power of SG appliances. Appropriate configurations can vary significantly from these guidelines and will depend on technical requirements. WAN Optimization Use this guide when a ProxySG is being used for WAN optimization with or without other functionality like forward proxy. Both SGOS Acceleration Edition and SGOS Proxy Edition can be used for WAN optimization. Special rules apply for sizing units running Mixed Use loads both WAN optimization and forward proxy. See Example 2. Max WAN Bandwidth Maximum WAN link speed appropriate for this model. Using a ProxySG on a WAN link that exceeds its maximum WAN link speed can result in suboptimal performance. Recommended Max Connections The recommended maximum number of connections. A rule of thumb is that each active user will require ten connections. Clustering

Clusters of up to 20 ProxySGs can be created to handle substantially more traffic and users. Client Manager for Proxy Client Assumes a dedicated ProxySG appliance at 45% peak CPU load for servicing ProxyClients. Use of a dedicated ProxySG is recommended as a best practice. Always use SGOS Proxy Edition for any ProxyClient deployments requiring remote filtering. SGOS Acceleration Edition is sufficient for acceleration-only ProxyClient deployments. Recommended Max ProxyClients Managed Maximum number of ProxyClient instances connecting to a Client Manager, regardless of the features enabled on the ProxyClient (filtering, acceleration or both). Licensing ProxySGs are licensed based on concurrent client IP addresses only. Other values such as Max WAN Bandwidth and Recommended Max Connections are suggested based on the physical capacity of the system.

Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Page 1 of 3

Licensed Client IPs Licensed users are measured by the number of unique client IP addresses with open inbound TCP connections to the ProxySG. The measurement is instantaneous and concurrent. It is not based on the average over any time interval. The administrator can configure the appliance to either bypass connections from new users when the license limit is exceeded, to delay them until another client drops all of its connections or to attempt to accept them. The default is to accept them. For WAN Optimization deployments, Blue Coat recommends purchasing a ProxySG model based on the maximum number of client connections it needs to support, not the maximum number of users, since limits associated with connections are likely to be reached first. This does not apply to the 310-5, however. Hardware Spec Hardware-based SSL acceleration is included for all models. A separate license is not required to activate SSL termination. Ports on bypass-capable network interfaces can be configured to be bridged pair-wise or to act independently.

Each of the smaller branch offices requires 3 Mbps throughput (dual 1.5 Mbps links) and each has fewer than 50 concurrent users. Applying the rule of thumb that each user needs 10 connections, the appliance should be able to optimize 500 connections. In this case, either the SG300-25-M5 or the SG300-25-PR would be appropriate. Unless price is critical, Proxy Edition (-PR) should be quoted for branch offices. Proxy Edition should always be quoted when the branch users have direct internet access. For the two larger branch offices, the maximum WAN bandwidth is 12Mbps (dual 6Mbps links). The appropriate solution for these larger branch offices is SG600-20-M5 or SG60020-PR, which will accommodate up to 200 users at a connection to user ratio of 10-to-1. If room for growth is desired, a SG600-35 should be quoted. In general, the number of total connections needed at the data center can be calculated as the sum of connections from all of the connected branch offices. In this case: (10 x 500) + 1500 + 2000 = 8500 connections. The data center in this example is connected via a 45Mbps link, which implies that the SG900-20-M5 model should be used (MACH5 editions should always be quoted at the data center for pure WAN Optimization deals). Customers will typically require redundancy for their data center, which means that two SG900-20-M5 models should be quoted. While the SG900-20-M5 is adequate for current performance needs, if room for growth is required, quote an SG900-30-M5 as the data center concentrator. Therefore, the quote would include: 10 x SG300-25-PR (if price is a critical factor, quote 10 x SG300-25-M5 instead); 2 x SG600-20-PR (if price is a critical factor, quote 2 x SG600-20-M5 instead); and 2 x SG900-20-M5 NOTE: Include the appropriate support options for all models. Include the appropriate web filtering licenses for Proxy Edition appliances that require web filtering. There is no need to purchase software SSL licenses; they are now available at no charge on all 300, 600, 900 and 9000 models, no matter when they were purchased.

EXAMPLE 1: WAN Optimization Only 10 smaller branches with dual T1 lines (1.5Mbps each), each with less than 50 users 2 large branches, one with 150 users, the other with 200 users, with dual 6Mbps WAN links 1 data center with a single DS3 link (45Mbps)

Deployment Mode
Model WAN Optimization
and 'Mixed Use' see notes Max WAN Bandwidth Recommended Max Connections

Licensing
Licensed Client IPs
With ADN Enabled

Client Manager for ProxyClient

Recommended Max ProxyClients Managed

300-5 300-10 300-25 600-10 600-20 600-35 900-10 900-20 900-30 900-45 9000-10 9000-20

2Mbps 2Mbps 6Mbps 6Mbps 12Mbps 25Mbps 45Mbps 90Mbps 155Mbps 200Mbps 155Mbps 310Mbps

500 500 1000 1000 2000 4000 6000 9000 15,000 20,000 12,000 24,000

800 800 2000 2000 3000 4000 8000 10,000

10 150 No limit 500 1000 No limit 3500 6000 No limit No limit No limit No limit
Example WAN Optimization Deployment Scenario - Application Acceleration

Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Page 2 of 3

EXAMPLE 2: Mixed Use Branch Appliance The branch has 200 active employees, all with Internet access 5 Mbps link to the WAN optimization concentrator 10 Mbps link to an ISP for direct-to-net access Requires room for growth (+40%) No ICAP, SSL or filtering 70% CPU utilization

Now consider the same case, but with one difference: the customer will also use Blue Coat Web Filter. Analysis: User count: 280 (200 concurrent users plus 40% growth) Connections required: 2800 (280 users x 10 connections each) Bandwidth: 21 (15 Mbps plus 40% growth) Since Blue Coat Web Filter is being used, adjust the WAN optimization bandwidth down by 25%: Adjusting the WAN Optimization Sizing Guide:
Recommended Max Max WAN Bandwidth Connections Recommended Max ProxyClients Managed

This appliance is to be configured with both Secure Web Gateway forward proxy and WAN optimization functions enabled. For this situation, use the following sizing guidelines: Calculate the user count: Determine the concurrent user count for all traffic. Determine the number of connections required for WAN optimization. A rule of thumb is to multiply the number of concurrent users by 10. Calculate the bandwidth: Add the WAN and ISP bandwidth (not offered load) and compare that number to the WAN sizing guidelines. If using Blue Coat Web Filter, take 75% of the bandwidth in the sizing guide. If using another filtering product, take 50%, or ask a sizing expert for assistance. Use the more restrictive factor (bandwidth or user count) to determine the correct appliance, remembering to allow room for application growth and for new functions (ICAP, increased SSL load) that are expected in the future. Only Proxy Edition models (-PR) should be considered because a secure web gateway is required. Analysis: User count: 280 (200 concurrent users plus 40% growth) Connections required: 2800 (280 users x 10 connections each) Bandwidth: 21 (15 Mbps plus 40% growth) From the WAN Optimization Sizing Guide:
Recommended Max Connections Recommended Max ProxyClients Managed

600-20 600-35 900-10

12Mbps 9.0Mbps 25Mbps 18.8Mbps 45Mbps 33.8Mbps

2000 4000 6000

3000 4000 8000

Choose the unit that supports the most restrictive factor: In this case, the SG600-35 does not offer the 21 Mbps required, so the SG900-10-PR is the correct choice. NOTE: If web filtering is required at the branch offices, the appropriate web filtering licenses and service offerings should also be included in the quote. There is no need to purchase software SSL licenses; software SSL is now licensed on all 300, 600, 900 and 9000 models, no matter when they were purchased. Finally, consider adding an additional power supply to the quote to take advantage of the redundant power option available on the SG900-10 and -20.

Max WAN Bandwidth

600-20 600-35 900-10

12Mbps 25Mbps 45Mbps

2000 4000 6000

3000 4000 8000

Choose the unit that supports the most restrictive factor. In this, case that is the SG60035-PR since it meets both the 2800 connection requirement and the 21 Mbps bandwidth requirement.

Copyright 2011 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use, Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Page 3 of 3