Messaging Gateway

 View Only

  • 1.  Brightmail Sizing

    Posted Apr 09, 2012 03:06 PM

    I have company that has multiple Brightmail systems due to a merger.  It looks oversized to me, just looking at feedback.

    I think that a couple of 8380's would be more than enough.  Since they have lots of hardware, I'd probably deploy a Control Centers, and 2 Scanners (for redundancy). This would get rid of mutiple control centers.

    Here is the combined performance data.

    Message
    - Single threat        1,240,000
    - Multiple threat           3,900
    Total Threat           1,243,900
    Clean                       325,000
    Total Messages      1,568,900
    Messages/second      18.1/s

    Reputation Rejects    1,117,500
    Rejects/second          12.9/s

    SBG hardware performance table:

    8380
     v9.5 Rejects        654.93 Conn/sec
     v9.5 Throughput     60.98  msgs/sec
     v9.5 CPU Load        76.2 %
     

     



  • 2.  RE: Brightmail Sizing

    Posted Apr 09, 2012 11:55 PM

    I think your instincts are correct. It does look a little overspec. If you'd like a full spec for the environment, reply with answers to the below and I'll provide it:

     

     

    What is the total number of users within the organization?
    What is the total average volume of inbound email received per day, before spam filtering?
    What is the total average volume of outbound email sent per day?
    What is the estimated % of spam received daily? (In percent)
    What is the typical peak load? (percent of average)
    What are the typical peak business hours?
    Will the Symantec Brightmail Gateway be the first servers to receive email for the organization? (Yes or No)
    Is the organization planning on quarantining spam? (Yes or No)
    Is the organization planning on quarantining suspect spam? (Yes or No)
    Will end-users require access to their spam quarantine? (Yes or No)  (If organization is not planing on quaranting spam, must enter "No")
    Will the organization create compliance rules to protect against confidential data loss? (Yes or No)
    Does the organization want to enable extended reporting, statistics, and message audit logs? (Yes or No)
    What is the forecasted volume increase over the next 3 years? (percent of average) 
    How many separate sites receive inbound email for the organization?     (If deploying at 1 site, enter "1" AND "Yes" to the next question)
    a. If they have multiple sites, do they require that the Symantec Brightmail Gateway be deployed at each of the sites? (Yes or No)
    b. If they have multiple sites, do they require that each site failover to each other? (Yes or No)
    Do they require redundancy and high availability at each site? (Yes or No)
    Do they require a cold standby for Brightmail Control Center Failures? (Yes or No)
    Will the organization be deploying the Symantec Brightmail Gateway Virtual Edition?
     

     



  • 3.  RE: Brightmail Sizing

    Posted Apr 10, 2012 04:28 PM
    What is the total number of users within the organization? 90K+
    What is the total average volume of inbound email received per day, before spam filtering? 1.568 M
    What is the total average volume of outbound email sent per day? 200K
    What is the estimated % of spam received daily? (In percent) - 90% blocked by reputation.
    What is the typical peak load? (percent of average) - Spam or CPU - CPU peaks ~ 15% across 5 inbound 8380's Scanner only.
    What are the typical peak business hours? - Peaks ~ 10-11 AM.
    Will the Symantec Brightmail Gateway be the first servers to receive email for the organization? (Yes or No) Yes.
    Is the organization planning on quarantining spam? (Yes or No) No
    Is the organization planning on quarantining suspect spam? (Yes or No) No
    Will end-users require access to their spam quarantine? (Yes or No)  (If organization is not planing on quaranting spam, must enter "No") No - if we did, we'd use a dedicated internal box for this.
    Will the organization create compliance rules to protect against confidential data loss? (Yes or No) - Limited. No real DLP usage of Brightmail.
    Does the organization want to enable extended reporting, statistics, and message audit logs? (Yes or No) - Using SNMP for box performance monitoring, 30 days MAL
    What is the forecasted volume increase over the next 3 years? (percent of average)  Inbound? Outbound - 2-3%
    How many separate sites receive inbound email for the organization?     (If deploying at 1 site, enter "1" AND "Yes" to the next question) Currently 3, sites are well connected (> 300 Mb/s)
    a. If they have multiple sites, do they require that the Symantec Brightmail Gateway be deployed at each of the sites? (Yes or No) Yes, 2 for redundancy.
    b. If they have multiple sites, do they require that each site failover to each other? (Yes or No) - Since Brightmail doesn't do F/O, but LB... I'd put a boxes in each of 2 site.
    Do they require redundancy and high availability at each site? (Yes or No) No
    Do they require a cold standby for Brightmail Control Center Failures? (Yes or No) No
    Will the organization be deploying the Symantec Brightmail Gateway Virtual Edition? Possible but unlikely as no DMZ exposed VM hosts.


  • 4.  RE: Brightmail Sizing
    Best Answer

    Posted Apr 11, 2012 09:46 PM

    My calculations tell me that you could get away with one appliance (virtual or physical) to handle the load. This includes the projected growth you specified. So this means you can essentially place your boxes wherever you need them without worrying about load.

     

    Cheers

    Ben