You are here
Hardware Sizing and System Requirements for Airlock Gateway
Last update on 14. December 2022 - 14:09.
For general information about driver and system compatibility, read Airlock WAF hardware compatibility.
Hardware
These are the recommended hardware profiles for Airlock Gateway. If Airlock IAM is run on Airlock Gateway, add another 2 GB.
| Profile | Minimum Requirements | Example |
|
Minimum (for demo purposes) Max. 5 parallel users / sessions |
1 CPU 2.0 GHz |
Virtual machine with 5 GB RAM and a virtual 18 GB disk |
|
Small Up to 1000 HTTPS sessions |
2 CPU 2.0 GHz |
Virtual machine with 8 GB RAM and a virtual 80 GB disk HP ProLiant DL20 Gen9 |
|
Medium Up to 9000 HTTPS sessions |
1 x 8-Core CPU 2.5 GHz |
HP ProLiant DL360 Gen10 |
|
Large Up to 40000 HTTPS sessions |
2 x 8-Core CPU 2.5 GHz |
HP ProLiant DL360 Gen10 |
Performance
With modern hardware, Airlock Gateway is able to answer up to 7000 HTTPS requests/second. However, the actual performance very much depends on protected applications, the protocol used (HTTP and/or HTTPS) and enabled Airlock Gateway features. For example, enabling HTTPS, URL encryption and content rewriting can easily double the CPU load. Having a lot of long-running requests, WebSocket or NTLM-passthrough connections reduces the amount of requests that can be handled with the same hardware.
The performance numbers contained in the profiles above are based on a number of assumptions. The most important are:
- Average application response time is 200ms
- 10 HTTPS requests per minute and user on average
- Complex WAF features are enabled, e.g., HTML Rewriting, General Response Rewriting, Deny Rules
SSD vs. HDD
In environments with high traffic rates and local reporting enabled, lots of log messages are written to disk (at least one message per request). Therefore, we recommend the use of SSD disks in these setups.
RAM
Airlock Gateway automatically tunes the scalability settings for critical system components depending on the amount of installed RAM.
Starting with Airlock Gateway 7.2, the scalability settings are tuned for systems with up to 256 GB installed RAM. For older versions of Airlock Gateway, this amount is 128 GB RAM.
Servers that have even more installed RAM are tuned like servers that have exactly the mentioned amount of installed RAM. This means that most performance metrics will not improve anymore. The maximum number of requests per second and the maximum number of concurrent connections will stay on a similar level.
Please contact Airlock support if you encounter scalability problems.
Hardware RAID Controllers
It is recommended to use software RAID. Hardware RAID may be supported on specific plattforms.
Using the built-in software RAID of Airlock Gateway has the following advantages:
- Disk mirroring (RAID 1) for redundant logs and configuration data
- Integrated disk monitoring with automatic logging and alerting in case of disk failure
- Standard Installation. No additional third party drivers is needed.
- Performance similar to hardware RAID
Cloud
These are the recommended profiles for Airlock Gateway in cloud environments:
| Profile | Requirements |
|
Minimum (for demo purposes) Max. 5 parallel users / sessions |
1 vCPU |
|
Small Up to 1000 HTTPS sessions |
2 vCPUs |
|
Medium Up to 9000 HTTPS sessions |
8 vCPUs |
|
Large Up to 40000 HTTPS sessions |
16 vCPUs |