You are here

Hardware Sizing and System Requirements for Airlock Gateway

OLD: Affects product: 
Airlock WAF
OLD: Affects version(s): 
6.x

For general information about driver and system compatibility, read Airlock WAF hardware compatibility.

Hardware

These are the recommended hardware profiles for Airlock Gateway. If Airlock IAM is run on Airlock Gateway, add another 2 GB.

Profile Minimum Requirements Example

Minimum (for demo purposes)

Max. 5 parallel users / sessions

1  CPU 2.0 GHz
5 GB RAM
1 Ethernet
1 x 18 Gb HD
DVD-ROM / USB-Boot

Virtual machine with 5 GB RAM and a virtual 18 GB disk

Small

Up to 1000 HTTPS sessions

2 CPU 2.0 GHz
8 GB RAM
2 x 1Gb Ethernet
1 x 80 GB HD
DVD-ROM / USB-Boot

Virtual machine with 8 GB RAM and a virtual 80 GB disk

HP ProLiant DL20 Gen9
1 x 4-Core Xeon (E3-1240v5) CPU 3.5G - 3.9 Hz
8 GB RAM
2 x 1Gb Ethernet
2 x 100 GB HD

Medium

Up to 9000 HTTPS sessions

1 x 8-Core CPU 2.5 GHz
32 GB RAM
2 x 1Gb Ethernet
2 x 200 GB HD
DVD-ROM / USB-Boot

HP ProLiant DL360 Gen10
1 x 8-Core Xeon (4110) CPU 2.1 - 3.0 GHz
32 GB RAM
4 x 1Gb Ethernet
2 x 300 GB HD
Raid Controller: HP Smart Array S100i
DVD-ROM

Large

Up to 40000 HTTPS sessions

2 x 8-Core CPU 2.5 GHz
64+ GB RAM
2 x 1Gb Ethernet
2 x 200 GB HD
DVD-ROM / USB-Boot

HP ProLiant DL360 Gen10
1 x 18-Core Xeon (6140) CPU 2.3 - 3.7 GHz
128 GB RAM
4 x 1Gb Ethernet
2 x 300 GB HD
Raid Controller: HP Smart Array S100i
DVD-ROM

Performance

With modern hardware, Airlock Gateway is able to answer up to 7000 HTTPS requests/second. However, the actual performance very much depends on protected applications, the protocol used (HTTP and/or HTTPS) and enabled Airlock Gateway features. For example, enabling HTTPS, URL encryption and content rewriting can easily double the CPU load. Having a lot of long-running requests, WebSocket or NTLM-passthrough connections reduces the amount of requests that can be handled with the same hardware.

The performance numbers contained in the profiles above are based on a number of assumptions. The most important are:

  • Average application response time is 200ms
  • 10 HTTPS requests per minute and user on average
  • Complex WAF features are enabled, e.g., HTML Rewriting, General Response Rewriting, Deny Rules

SSD vs. HDD

In environments with high traffic rates and local reporting enabled, lots of log messages are written to disk (at least one message per request). Therefore, we recommend the use of SSD disks in these setups.

RAM

Airlock Gateway automatically tunes the scalability settings for critical system components depending on the amount of installed RAM.

Starting with Airlock Gateway 7.2, the scalability settings are tuned for systems with up to 256 GB installed RAM. For older versions of Airlock Gateway, this amount is 128 GB RAM.

Servers that have even more installed RAM are tuned like servers that have exactly the mentioned amount of installed RAM. This means that most performance metrics will not improve anymore. The maximum number of requests per second and the maximum number of concurrent connections will stay on a similar level.

Please contact Airlock support if you encounter scalability problems.

Hardware RAID Controllers  

It is recommended to use software RAID. Hardware RAID may be supported on specific plattforms.

Using the built-in software RAID of Airlock Gateway has the following advantages:

  • Disk mirroring (RAID 1) for redundant logs and configuration data
  • Integrated disk monitoring with automatic logging and alerting in case of disk failure
  • Standard Installation. No additional third party drivers is needed.
  • Performance similar to hardware RAID

Cloud

These are the recommended profiles for Airlock Gateway in cloud environments:

Profile Requirements

Minimum (for demo purposes)

Max. 5 parallel users / sessions

1 vCPU
5 GB RAM
1 Network Interface
10 GB Storage

Small

Up to 1000 HTTPS sessions

2 vCPUs
8 GB RAM
10 GB SWAP
2 Network Interfaces
80 GB Storage

Medium

Up to 9000 HTTPS sessions

8 vCPUs
32 GB RAM
24 GB SWAP
2 Network Interfaces
200 GB Storage

Large

Up to 40000 HTTPS sessions

16 vCPUs
64 GB RAM
24 GB SWAP
2 Network Interfaces
200 GB Storage

Knowledge Base Categories: