cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
MicheleM
Iron

SMS sizing

Jump to solution

Hi All,

Whenever I have to create a new management in a virtual environment I have no idea how to do the sizing. The disk space is not to much difficolt to estimate but for the CPU/RAM is a different Story. 

 

There is a best practice to help in sizing ( R80.20 )?

 - If have 2 cluster, 4 firewall how many CPU/RAM i need? 

 - If have 10 cluster ( 20 firewall ) What impact can I expect on management?

 - If the number grow to 20 cluster?

 - and for 40?

 

There is a difference if we have 20 firewall or 10 cluster?

 

Can anyone help me?

 

MicheleM

1 Solution

Accepted Solutions
Highlighted
Admin
Admin

Re: SMS sizing

Jump to solution
As a rough guide, you can always cross reference the hardware specs on the various Smart-1 appliances, which are designed to handle a specific number of gateways.
Erring on the side of more RAM is also a good thing.

View solution in original post

6 Replies

Re: SMS sizing

Jump to solution
MicheleM,
First of all, if you create a VM for a SMS than it really does not matter.
You can start with 16GB and 4 cores, when you see it is running short of memory you add some, same for the cores.
The point being that it differs per environment, when you log every rule and you have 1Gb data per gateway per sec, this will put a high load on the system.
Your question is there a difference between 10 clusters and 20 gateways, the answer is yes, in most clusters only 1 member is handling traffic and sending log's 20 gateways will have 20 streams of logs, you will also have more policies to maintain.
Regards, Maarten
MicheleM
Iron

Re: SMS sizing

Jump to solution

Hi Maarten,

Thanks for your repay. I usualy I do exactly what you suggested. The reason for my question is that customers often ask a "final" estimate. They want configure the VM one time and then forget it (in some company the VMs are managed by teams different from the firewall one).

 

Thanks for the answer the cluster vs single node. I will have something to think about.

 

0 Kudos

Re: SMS sizing

Jump to solution

In my experience there is a noticeable improvement in management performance up to about 8 cores for an SMS which seems to be the sweet spot.  More cores beyond 8 will certainly not hurt but won't provide much additional performance improvement for an SMS.  As far as RAM 16GB is a good starting spot and 32GB is even better. 

As you scale the number of gateways (and number of policies/objects) CPU and memory overhead for compiling policies will increase slightly, but by far the biggest impact will be the increased indexed logging rate as gateways are added.  The amount of disk space allocated is not nearly as important as the read and especially write performance of the disk path.  When selecting a physical disk path for the SMS VM be sure to choose one that is lightly utilized and will not be shared with a large number of I/O-heavy VMs such as database servers.  Provision the disk Thick or Thick/lazy, not Thin.

Check out the following for further reading:

sk104848: Best Practices - Performance Optimization of Security Management Server installed on VMwar...

 

"IPS Immersion Training" Self-paced Video Class
Now Available at http://www.maxpowerfirewalls.com
MicheleM
Iron

Re: SMS sizing

Jump to solution
Hi Timothy,
I am also worried about I / O performance but it is something I always do present to customers.

I knew the SK you indicated, but I thank you anyway.
0 Kudos
Highlighted
Admin
Admin

Re: SMS sizing

Jump to solution
As a rough guide, you can always cross reference the hardware specs on the various Smart-1 appliances, which are designed to handle a specific number of gateways.
Erring on the side of more RAM is also a good thing.

View solution in original post

MicheleM
Iron

Re: SMS sizing

Jump to solution
Hi PhoneBoy,
Thanks for your replay. I think this is a good starting point. Thanks again.
0 Kudos