Data Loss Prevention

 View Only

  • 1.  Web prevent Configuration with 500 connections - DLP 14

    Posted Mar 29, 2017 10:13 AM

    Dear, 

    I need your experience to this question, actualy the company are using 3 bluecoat server with 500 concurrent conexions, at the moment only I have 1 web prevent server and this only cant support 32 concurrent conexions in reference to his KB https://support.symantec.com/en_US/article.TECH219293.html

    From this number of connection i need 4 servers with the following configuration:

    4 processor of 2,4 GHz with 8 core each
     
    Number of cores available = Number of CPUs (sockets) x Number of Cores per CPU (socket) = 32
    MessageChain.NumChains = 2 x Number of cores available =64
    MessageChain.CacheSize = MessageChain.NumChains=64
    Maximum Number of Requests: 2x MessageChain.NumChains =128 
    Connection Backlog: (default 5) =5

    From the side of infrastructure each web prevent server support 128 connection , this is correct ?

    Attach the configuration on the DLP server

    Regars!

     



  • 2.  RE: Web prevent Configuration with 500 connections - DLP 14

    Posted Mar 30, 2017 09:24 AM

    How many users are going through the proxies?

    If by 500 concurrent connections through the proxy you're referring to 500 users, then this is not the same thing as the connections between proxy and DLP Network Prevent for Web servers. The connections between proxy and DLP are piplines or tunnels that service multiple web requests/responses per pipeline. Unless you're in a company with over 100k users (with 3 proxies, I doubt it), you'll be fine with 2 proxies with 4 physical cores and 8-16GB of ram... if you want to be extremely safe, you could do 1:1 (3 servers).

    The Blue Coat ICAP configuration can be made to fail-open and not wait for ICAP server, so it's extremely unrisky to just give it a go if you configure it in this way.



  • 3.  RE: Web prevent Configuration with 500 connections - DLP 14

    Posted Mar 30, 2017 10:30 AM

    Dean_Thomson,

    Thanks for the information, the company have 3500 users but 500 are the conexion between the proxy and dlp server because only some proxy categories are pass, the setting Maximum Number of Requests: 2x MessageChain.NumChains = xxx is the numbers of tunnels that can handle 1 dlp server ?

     

     



  • 4.  RE: Web prevent Configuration with 500 connections - DLP 14

    Posted Apr 04, 2017 03:34 AM

    Leave it as the default '16'. Blue Coat will also default to this.

    These connections between proxy and DLP Web Prevent are not per request or response - they're TCP pipelines that will have many requests/responses sent through them.

    Those servers are way overspec'd for that amount of users. You can leave the messagechains at 8 and messagechain.cache at 8. One of those servers will easily accomodate having all traffic passed through it (but design for DR/HA obviously).