Sizing and the Secure Web Gateway

Sizing always seems to be a touchy issue when talking to appliance vendors. It seems to be no different with Secure Web Gateway vendors who seem to exaggerate their numbers of supported users on a platform. Whether the vendor is Blue Coat, McAfee (Secure Computing), Websense or Cisco (Ironport), the number of users claimed always seems to surprise me, perhaps less for some vendors than others.

Let's start with an obvious culprit. Websense is the newest to the appliance game, introducing their V10000 appliance a little more than a year ago. As the name seems to implicate and what some Websense documents allude to, is the support for 10,000 users. 10,000 users for a system that's running a virtual operating system hosting multiple virtual images. It sounds high to me, but I could be wrong, so I'd like to hear from any real users as to whether they're able to get 10,000 users on a system in proxy mode (not SPAN port as we've discussed elsewhere in this blog)

Next we move to McAfee, who smartly decided to remove the user count labels when they introduced their high end WG5000 and WG5500 platforms. But if you look at their lower end platforms, like the WW1100E the old marketing materials claimed support for 8000 users. Yes, 8,000 users on a low-end platform. Once again, it leaves an IT professional to wonder if there's anyone who gets that many users on a WW1100E or even WG5000 or WG5500 (the new high-end platforms), and once again in a proxy deployment?

Cisco's Ironport offering isn't any less boastful about their claims. For their high-end S660 platform, they claim over 10,000 users, leaving the sub-10,000 user count to their mid-range platform the S360. Without too much effort it's easy to tell that the Cisco, McAfee and Websense offerings are all Dell based platforms, so wonders how much juice can you put under the covers? So I ask once again, if anyone has a deployment of over 10,000 users in proxy mode for a Cisco Ironport S660?

Blue Coat is the one company that actually manufactures their own hardware rather than using something off the shelf, so maybe they can actually juice up their platforms a little more than the competition, but enough to claim unlimited users? Yes, that's right, for the high-end platforms, the user count claim is unlimited. But if you actually ask, you'll find the more reasonable numbers. They're just not published on the website. And yes their numbers are in the same range as Websense, Cisco and McAfee's high-end platforms.

So, I'm asking readers of this blog, which numbers do you believe in? Which of you are supporting 10,000 users on a single platform deployed as a forward proxy? Help us out and let's see who's exaggerating and who's telling the truth.