You are here

Machine Sizing for Airlock WAF

OLD: Affects product: 
Airlock WAF
OLD: Affects version(s): 
5.x
6.x
7.x

For general information about driver and system compatibility, read Airlock WAF hardware compatibility.

These are the recommended hardware profiles for Airlock WAF:

Profile Minimum Requirements Example

Minimum (for demo purposes)

Max. 5 parallel users / sessions

1  CPU 2.0 GHz

RAM
- 6.x: 1.5 GB
- 7.x: 3 GB
1 Ethernet
1 x 18 Gb HD
DVD-ROM / USB-Boot

Virtual machine with 3GB RAM and a virtual 18 GB disk

Small

Up to 1000 HTTPS sessions

2 CPU 2.0 GHz
RAM
- 6.x: 4 GB
- 7.x: 6 GB
2 x 1Gb Ethernet
1 x 80 Gb HD
DVD-ROM / USB-Boot

Virtual machine with 6GB RAM and a virtual 80 GB disk

HP ProLiant DL20 Gen9
1 x 4-Core Xeon (E3-1220v5) CPU 3.0Ghz
8 GB RAM
2 x 1Gb Ethernet
2 x 100 GB HD

Medium

Up to 9000 HTTPS sessions

1 x 6-Core CPU 2.5 GHz
16 GB RAM
2 x 1Gb Ethernet
2 x 200 Gb HD
DVD-ROM / USB-Boot

HP ProLiant DL360 Gen9
1 x 6-Core Xeon (E5-2609v3) CPU 2.5 GHz
16 GB RAM
4 x 1Gb Ethernet
2 x 300 GB HD
Raid Controller: HP Smart Array P440ar
DVD-ROM

Large

Up to 40000 HTTPS sessions

2 x 8-Core CPU 2.5 GHz
64 GB RAM
2 x 1Gb Ethernet
2 x 200Gb HD
DVD-ROM / USB-Boot

HP ProLiant DL360 Gen9
2 x 8-Core Xeon (E5-2640v3) CPU 2.6 GHz
64 GB RAM
4 x 1Gb Ethernet
2 x 300 GB HD
Raid Controller: HP Smart Array P440ar
DVD-ROM

Notes

With modern hardware, Airlock WAF is able to answer up to 7000 HTTPS requests/second. However, the actual performance very much depends on protected applications, the protocol (HTTP/HTTPS), and enabled Airlock WAF features. For example, enabling HTTPS, URL encryption and content rewriting can easily double the CPU load. The performance numbers contained in the profiles above are based on a number of assumptions. The most important are:

  • Average application response time is 200ms
  • 10 HTTPS requests per minute and user on average
  • Complex WAF features are enabled, e.g., HTML Rewriting, General Response Rewriting, Deny Rules

  •  

Hardware RAID Controllers

Ergon recommends using software RAID, since there is no advantage in using hardware RAID controllers for Airlock WAF.  

Using the built-in Soft-RAID of Airlock WAF has the following advantages:

  • Disk mirroring (RAID 1) for redundant logs and configuration data
  • Integrated disk monitoring (automatic logging/alerting in case of disk failure)
  • Standard Installation (no additional third party drivers needed)
  • Performance similar to HW-RAID
Knowledge Base Categories: