Call a Specialist Today! 800-886-5369

CWS Connector Sizing for WSA and WSAv Connectors
Sizing Guide for Cisco Cloud Web Security Connector with the WSA and WSAv Connectors

Cisco Web Security Appliance

Previous sizing for the Cisco® Web Security Appliance Connector and Cloud Web Security was based on user count. However, traffic profiles vary significantly across different customers. For example, school students, bankers, and retailers all use the Internet differently.

As a result, user count is not a meaningful way of sizing, even though it was convenient because it tied in with the Cloud Web Security licensing model.

Next-Generation Tower (NGT) sizing for Cloud Web Security connectors is now based on two testing metrics: requests per second (RPS, Xact/sec) and bandwidth (Mbps). Neither of these metrics should be exceeded when sending traffic to an NGT.

Due to TCP/IP limitations, the Web Security Appliance can use only 64,000 ports per single IP address. So, although the appliance can handle many users when proxied to a Cloud Web Security tower, there may be a bottleneck, depending on the type of traffic that is sent to Cloud Web Security. Microsoft Office 365 traffic, for example, will use many ports.

Customers should calculate their user own count based on their traffic profile. Metrics are provided for two scenarios: when the Web Security Appliance does no authentication and when the NT LAN Manager (NTLM) authenticates on the device. There are five levels of SSL mix, from zero percent to 100 percent at 25 percent intervals.

Full Testing Details

Connector Sizing for the Web Security Virtual Appliance S000V

Mode Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Transparent No Throughput (Mbps) 250 250 250 200 180
Transparent No Xact/sec 1500 1380 1240 990 880
Explicit No Throughput (Mbps) 210 200 200 170 170
Explicit No Xact/sec 990 940 940 800 800
Transparent NTLM Throughput (Mbps) 160 160 150 150 130
Transparent NTLM Xact/sec 850 810 750 720 640
Explicit NTLM Throughput (Mbps) 70 70 70 70 70
Explicit NTLM Xact/sec 320 320 320 320 320

Connector Sizing for the Web Security Virtual Appliance S100V

Mode Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Transparent No Throughput (Mbps) 290 270 250 200 180
Transparent No Xact/sec 1500 1380 1240 990 880
Explicit No Throughput (Mbps) 300 300 240 210 180
Explicit No Xact/sec 1550 1520 1200 960 780
Transparent NTLM Throughput (Mbps) 240 230 210 190 160
Transparent NTLM Xact/sec 1270 1180 1250 930 750
Explicit NTLM Throughput (Mbps) 90 90 90 90 90
Explicit NTLM Xact/sec 420 420 420 410 400

Connector Sizing for the Web Security Virtual Appliance S300V

Mode Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Transparent No Throughput (Mbps) 420 370 270 230 200
Transparent No Xact/sec 2150 1880 1310 1110 940
Explicit No Throughput (Mbps) 420 380 280 210 190
Explicit No Xact/sec 2240 1770 1340 980 800
Transparent NTLM Throughput (Mbps) 350 330 270 210 180
Transparent NTLM Xact/sec 1840 1690 1330 1040 880
Explicit NTLM Throughput (Mbps) 120 120 120 120 120
Explicit NTLM Xact/sec 550 550 550 550 550

Connector Sizing for the Web Security Appliance S380

Mode Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Transparent No Throughput (Mbps) 130 130 70 60 60
Transparent No Xact/sec 630 630 330 300 290
Explicit No Throughput (Mbps) 60 60 60 60 60
Explicit No Xact/sec 290 290 290 290 290
Transparent NTLM Throughput (Mbps) 60 60 60 60 60
Transparent NTLM Xact/sec 300 300 290 290 290
Explicit NTLM Throughput (Mbps) 60 60 60 60 60
Explicit NTLM Xact/sec 300 300 290 290 290

Connector Sizing for the Web Security Appliance S670

Mode Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Transparent No Throughput (Mbps) 800 650 550 470 450
Transparent No Xact/sec 3810 3080 2640 2240 2140
Explicit No Throughput (Mbps) 430 400 320 290 250
Explicit No Xact/sec 2030 1870 1460 1310 1110
Transparent NTLM Throughput (Mbps) 440 410 360 310 300
Transparent NTLM Xact/sec 2300 1960 1740 1490 1420
Explicit NTLM Throughput (Mbps) 440 410 310 290 270
Explicit NTLM Xact/sec 2300 1960 1570 1390 1250

Connector Sizing for the Web Security Appliance S680

Mode Authentication Metric SSL 0% SSL 25% SSL 50% SSL 75% SSL 100%
Transparent No Throughput (Mbps) 730 480 430 360 300
Transparent No Xact/sec 3510 2280 2040 1720 1410
Explicit No Throughput (Mbps) 380 280 240 220 180
Explicit No Xact/sec 1820 1280 1160 100 820
Transparent NTLM Throughput (Mbps) 490 320 340 320 280
Transparent NTLM Xact/sec 2320 1630 1620 1500 1340
Explicit NTLM Throughput (Mbps) 320 250 240 160 130
Explicit NTLM Xact/sec 1830 2250 1960 1460 1370

Cisco Capital

Financing to Help You Achieve Your Objectives

Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries.

Documentation:

Download the Cisco CWS Connector Sizing for WSA and WSAv Connectors Data Sheet (PDF).