IWSVA Customer Sizing Guide 090930

Securing Your Web World

A Trend Micro TrendEdge SolutionAdvanced Technologies and Techniques to Enhance Your Product

TREND MICRO INC.

10101 N. De Anza Blvd. Cupertino, CA, 95014 • www.trendmicro.com

• Toll free: +1 800.228.5651 • Fax: +1 408.257.2003 • Phone: +1 408.257.1500

InterScan Web Security Virtual ApplianceCustomer Sizing Guide

September 2009

Trend Micro InterScan Web Security Virtual Appliance Customer Sizing Guide

i A TrendEdge Solution

Contents Executive Summary ............................................................................................................................1 Assumptions.......................................................................................................................................1 Default Sizing Guidelines ....................................................................................................................1 Sizing at a Glance – Software Appliance (Bare Metal) ..........................................................................2 Sizing at a Glance – Virtual Appliance (VMware ESX v3.5) ...................................................................3 Calculating the Number of IWSVA Servers Required ............................................................................5

Step 1: Obtain the Required Sizing Data for Your Environment ...................................................5 Step 2: Determine the Number of Required Servers ....................................................................6

The Effect of Enabling HTTPS Scanning (IWSVA 5.0 and above) ..........................................................8 HTTPS Scanning Assumptions ..................................................................................................8 General Sizing and Performance Guidance for HTTPS Scanning .................................................8

Appendix A.........................................................................................................................................9 How Tests Were Conducted ............................................................................................................9

What Configuration Changes do to Sizing ............................................................................................9 Scanning ........................................................................................................................................9 Reporting ..................................................................................................................................... 10 Caching ....................................................................................................................................... 10

Performance Criteria for Tests .......................................................................................................... 10 Scalability and Accuracy ............................................................................................................... 10 Hardware Tested .......................................................................................................................... 11

Glossary .......................................................................................................................................... 15 About Trend Micro Incorporated ........................................................................................................ 16

Copyright© 2009 by Trend Micro Incorporated. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system, or transmitted without the prior written consent of Trend Micro Incorporated. Trend Micro, the t-ball logo, and InterScan are trademarks or registered trademarks of Trend Micro Incorporated. All other company and/or product names may be trademarks or registered trademarks of their owners. Information contained in this document is provided "as-is" and subject to change without notice. This report is for informational purposes only and is not part of the documentation supporting Trend Micro products. TREND MICRO MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS REPORT. [TSS Part No: SG02WSVA_090930US] This document is a product of Trend Micro Technical Sales Solutions.


1 A TrendEdge Solution

E x ec utive S ummary Trend Micro conducted a series of tests to obtain performance characterization data for sizing Trend Micro™ InterScan™ Web Security Virtual Appliance (IWSVA) for customer environments.

Trend Micro determined that the following variables impact sizing for a single IWSVA server with antivirus, Web reputation, URL filtering, and Applet and ActiveX Security (AAXS) active without caching in the environment:

• CPU

• Memory

• Disk type and configuration

• IWSVA 5.0 active features

This document provides sizing for both HTTP and HTTPS scanning. (HTTPS is inactive by default.)

For the latest information about InterScan Web Security Virtual Appliance, including documentation, device support, and the latest software builds, visit the Trend Micro Web site at:

http://www.trendmicro.com/download/product.asp?productid=86

A s s umptions This document bases sizing on the following assumptions:

• The user population is the total number of potential web users within an organization. • The number of active users is the total number of client workstations that simultaneously request

HTTP content at any point in time. Trend Micro assumes this number to be 20% by default. • Each active user has an average of 3.5 open connections to the Internet at any one time. • The LAN uses gigabit network interface cards (NIC) throughout.

It makes the following recommendations:

• All hardware must meet Trend Micro’s minimum recommended requirements. • The device must have enough memory to establish a TCP connection. If not enough memory is

available, system performance may be restricted. • Medium to Large Enterprise environments should use Trend Micro Advanced Reporting and

Management (ARM) for centralized database functionality. At a minimum, they should consider installing a separate PostgreSQL database. (For more information about setting up a separate PostgreSQL database, see: http://trendedge.trendmicro.com/pr/tm/te/document/ IWSS3.1_Master-Child_and_Shared_dB_090205.pdf.)

Default S iz ing G uidelines You can calculate general sizing on a per-server basis if you know the specifics of the available hardware. The sizing below assumes virus scanning, Web reputation, URL filtering and AAXS are active with IWSVA in both Forward Proxy mode without an external caching server. The results are accurate to within ±3 percent.

Because IWSVA performance is CPU-bound, the number of CPUs present affects performance. For multi-core systems, this sizing guide considers each core a separate CPU.

The sizing information in this document is the absolute maximum the specified hardware configuration can support. Trend Micro advises you to size your servers appropriately and allow room for growth, and not undersize your systems.



Note:

A linear increase in CPU GHz does not equate to a linear increase in performance.

S izing at a G lanc e – S oftware Applianc e (B are Metal) Assuming virus scanning, Web reputation, URL filtering, and AAXS are active, an IWSVA server scanning HTTP traffic that uses a Forward Proxy, Bridge mode, and without access logging enabled, Table 1 provides general recommendations for IWSVA sizing.

T a ble 1 Sizing at a Glance with All Scanning Policies Active (Default Install Configuration)

Server Type Memory Concurrent Connections

HTTP Transactions per Second

Throughput (Mbps)

Maximum Total User Population

per device 2 CPU

(Xeon 80546K) 2 GB 500 340 40 Mbps 700

4 CPU (Xeon E5335) 4 GB 2,400 1,590 188 Mbps 3,400

4 CPU (Xeon 5160) 4 GB 2,700 2,191 262 Mbps 3,800

8 CPU (Xeon X5460) 8 GB 6,700 5,155 615 Mbps 9,500

16 CPU (Xeon E7340) 16 GB 10,800 7,671 924 Mbps 15,400

For the hardware configuration for each server type in Table 1, refer to Appendix A.

Note:

As the number of users and events increases, it becomes more important to use a fast disk subsystem to increase system performance (for example, SAS disk in RAID 1+0 configuration)

Note:

The effect of features and modes on IWSVA software appliance performance:

• The largest use of system resources is virus scanning. • The use of Web reputation, URL filtering, and Applet and ActiveX Security (AAXS)

only modestly lowers system performance, and does not significantly decrease the number of users each server supports.

• Trend Micro determined that the performance of IWSVA in transparent bridge mode is less than 2% lower than it is in forward proxy mode. For all practical purposes, the performance of these two modes is the same.

• As a rule, enabling HTTPS scanning in a network that contains 15% HTTPS traffic reduces the values in the sizing tables by approximately 53%. This is normal since HTTPS key negotiation, decryption, and re-encryption are CPU-bound activities.

• Enabling access logging affects system sizing and customers should evaluate it carefully during the PoC. Trend Micro will include additional details in this document when they are available.



S izing at a G lanc e – V irtual Applianc e (V Mware E S X v3.5) Assuming virus scanning, Web reputation, URL filtering, and AAXS are active, an IWSVA server scanning HTTP traffic that uses a Forward Proxy, Bridge mode, and without access logging enabled, Table 2 provides general recommendations for virtual appliance sizing.

T a ble 2 Sizing at a Glance with All Scanning Policies Active (Default Install Configuration)

Server Type Memory Concurrent Connections

HTTP Transactions per Second

Throughput (Mbps)

Maximum Total User Population

per device 4 vCPU

(4GHz Allocation) 4 GB 1,000 727 87 Mbps 1,400

4 vCPU (8GHz Allocation) 4 GB 2,100 1,486 177 Mbps 3,000

4 vCPU (12GHz Allocation) 4 GB 2,400 1,636 193 Mbps 3,400

For the hardware configuration for each server type in Table 2, refer to Appendix A.

On systems using 4 CPUs and the same amount of memory and disk, the difference in performance of installing IWSVA as a VMware virtual appliance verses installing it on a bare metal server is between 10% and 15%. The performance degradation under VMware is normal and can be attributable to the use of shared resources and the overhead the VMware OS requires to manage its Virtual Machines (VMs).

Customers should also be aware that a linear increase in allocated CPU GHz does not equate to a linear performance increase.

For example, there is a 114% increase in performance from 4 GHz to 8 GHz, but there is only a 13.3% increase from 8 GHz to 12 GHz. When looking at a similar relationship in the software appliance, there is only a 12.5% increase when moving from 4 CPUs running at 2 GHz (8 GHz combined) to 4 CPUs running at 3 GHz (12 GHz combined).

Note:

The maximum number of CPUs you can use with a virtual machine depends on the version of VMware you use. Trend Micro conducted its tests with a maximum of 4 CPUs using VMware ESX 3.5. Later versions of VMware or versions such as vSphere 4.0 that permit the use of additional CPUs will provide higher performance and capacity.

For more information on performance tuning IWSVA installed on VMware, see the TrendEdge document “Trend Micro Software Virtual Appliance Best Practices for VMware”.

http://trendedge.trendmicro.com/pr/tm/te/document/VMWare_Best_Practices_for_SVAs_090803.pdf�



Note:

The effect of features and modes on IWSVA virtual appliance performance:

• The largest use of system resources is virus scanning. Enabling virus scanning has the biggest impact on system performance.

• The use of Web reputation, URL filtering, and Applet and ActiveX Security (AAXS) only modestly lowers system performance, and does not significantly decrease the number of users each server supports.

• As a rule, enabling HTTPS scanning in a network that contains 15% HTTPS traffic reduces the values in the sizing tables by approximately 53%. This is normal since HTTPS key negotiation, decryption, and re-encryption are CPU-bound activities.

• Enabling access logging will impact system sizing and you should evaluate it carefully during the PoC.

• For larger, high-volume environments, Trend Micro highly recommends that you redirect logging and reporting functions to an external reporting device, such as Trend Micro Advanced Reporting and Management module. Offloading logging and reporting to an off-box device improves the logging and reporting performance and reduces scanning latency on the IWSVA unit.



C alc ulating the Number of IW S V A S ervers R equired This procedure allows you to calculate the number of IWSVA servers you need based on the total number of users in your organization.

S tep 1: O btain the R equired S izing Data for Y our E nvironment At a minimum, you need the following information to size your environment:

• User Population

You can calculate a rough sizing estimate for your environment based on your number of users. However, if you want a detailed sizing estimate, you need to obtain the following items of information:

• Peak number of concurrent users

• Peak throughput (Mbps)

• Caching percentage (if present)

Table 3 contains all sizing variables and their definitions. Try to obtain as much information for your environment as possible.

Note:

To ensure proper sizing, Trend Micro recommends that you use peak loads (the highest number of active users and peak throughput) when calculating the number IWSVA servers.

T a ble 3 Environment Variables for IWSVA Sizing

Name Variable Description

Number of Users with Internet Access

USER_POPULATION The total number of end users with Internet access that this IWSVA deployment supports.

Number of Users Accessing the Internet Simultaneously

%_CONCURRENCY

The percentage of the USER_POPULATION who are actively making an Internet request (clicking a link in a web browser). If unknown, it is common to choose 20% (0.20) concurrency when sizing. (%_CONCURRENCY=0.20)

Peak Bandwidth Required THROUGHPUT_TOTAL

The amount of HTTP traffic passing through the gateway in Megabits per second (Mbps). If unknown, it is common to choose a value of 75% available Internet bandwidth. For example, if you have a T3 connection, you have a total available bandwidth of 44.74 Mbps. For your organization: THROUGHPUT_TOTAL = 0.75 x 44.74 = 33.6.

Connections per user CONNECTIONS_USER

The number of HTTP connections per active user. If unknown, the default value is 3.5 (CONNECTIONS_USER=3.5).



Name Variable Description

Caching % %_CACHE

If you use a caching solution, the percentage of caching you use. (Note: You MUST record a value if you use caching in your environment.) If you use caching, but do not know what percentage you use, Trend Micro suggests that you use 25% as your caching value (%_CACHE = 0.25). If you do not use caching, use zero as your caching value (%_CACHE = 0).

S tep 2: Determine the Number of R equired S ervers This sizing guide assumes that you use identical hardware for all servers in a multi-server environment. After completing the calculations, you can decide which server type fits your needs best and use the recommended number of servers for that specific hardware configuration.

The options below assume that you have installed IWSVA as a Software Appliance (bare metal) without access logging enabled (Table 1)

Note:

This guide uses only one type of server for sizing. Do not add the results from the options below; simply choose one of the sizing results.

Option 1: Number of 2 CPU servers (2.8 GHz Intel Xeon 80546K, 2 GB RAM)

Using the variables in Table 3, calculate the number of servers you require:

)_%1(LATION) USER_POPU NT%_CONCURRE NS_USER(CONNECTIO

_500

CACHEServersNumber −×××

=

Round up the number of IWSVA servers to the nearest whole number.

Option 2: Number of 4 CPU servers (2.0 GHz Intel Xeon E5335, 4 GB RAM)


)_%1(2,400

LATION) USER_POPU NT%_CONCURRE NS_USER(CONNECTIO _ CACHEServersNumber −×

××=


Option 3: Number of 4 CPU servers (3.0 GHz Intel Xeon 5160, 4 GB RAM)


)_%1(2,700


××=




Option 4: Number of 8 CPU servers (3.16 GHz Intel Xeon X5460, 8 GB RAM) Using the variables in Table 3, calculate the number of servers you require:

)_%1(6,700


××=


Connection HTTP Sizing Example

For an environment with:

• USER_POPULATION = 10,000

• %_CONCURRENT = 0.20

• CONNECTIONS_USER = 3.5

• %_CACHE = 0.20

• THROUGHPUT_TOTAL=180 Megabits per second (Mbps)

That desires sizing using the following server configuration:

• Two CPU (two, dual-core, 3.0 GHz Intel Xeon 5160)

• Memory per server is 4 GB

The calculation for determining the number of servers scanning HTTP traffic is as follows:

)20.01(700,2

10,000) 0.20 (3.5 _ −×

××=ServersNumber = 2.07. With rounding up, this equals 3.0

For this network, you need three (3) servers to ensure that your HTTP scanning capacity meets environmental conditions. If you are scanning HTTPS content ou should as a rule double the number of servers they require (in this case, you would need a total of 6 servers).



T he E ffec t of E nabling HT T P S S c anning (IW S V A 5.0 and above) Starting with IWSVA 5.0, you can enable HTTPS scanning to decrypt SSL traffic. HTTPS scanning involves CPU- intensive operations – negotiating the SSL key pair and key exchange, decrypting SSL encrypted content for scanning, and re-encrypting content to deliver to client hosts.

You can select which URL categories, domains, web sites, and individual URLs to decrypt for scanning with the IWSVA 5.0’s HTTPS scanning policies. You should be aware that:

• Performance decreases as the amount of SSL traffic to decrypt and scan increases.

• HTTPS scanning performance depends on the amount of available CPU on the server platform.

As a rule, enabling HTTPS scanning in a network that contains 15% HTTPS traffic reduces the sizing and capacity numbers in the sizing guide tables by approximately 53%. This is normal since HTTPS key negotiation, decryption, and re-encryption are CPU-bound activities.

HT T P S S c anning As s umptions • In general, the mix of HTTPS traffic to normal non-encrypted traffic ranges between 8% and

30%.

• Most customers enable HTTPS scanning using URL and custom categories they define with only the domains, web sites, and URLs that they are interested in scanning.

• Using categories reduces the amount of HTTPS traffic IWSVA 5.0 scans by more than 50% of the overall HTTPS traffic mix.

• Using categories reduces overall HTTPS traffic to an amount less than 15% of the total traffic.

G eneral S izing and P erformanc e G uidanc e for HT T P S S c anning Testing performed by Trend Micro’s sizing labs reveal the following:

• Scanning capacity with 100% HTTPS traffic is approximately 13% (or 1/8th) of non-encrypted

traffic on the same server platform.

• Using the Dell 2950 Series III server platform with 8 CPU cores and 8 GB of memory as an example, the following performance can be expected:

T a ble 4 HTTPS Scanning Sizing Example

HTTPS Scanning Enabled Disabled

HTTPS Traffic Mix for Scanning Maximum of 15% Not applicable

Concurrent Connections Supported (< 2 sec page latency)

3,150 6,700

User Population Supported 4,500 9,500



A ppendix A

How T es ts W ere C onduc ted Trend Micro measured product performance based on a workload where each active user accesses 12 web sites sequentially. Trend Micro deemed this workload to be representative of that of an actual enterprise. Trend Micro used several common object types (.jpg, .png, .css, .gif, and .js) ranging in size between 9 and 174 KB, with .htm pages ranging between 3 and 143 KB. Trend Micro maintained a think time at 5 seconds, making this a test of moderately aggressive Internet surfing behavior.

Using this representative workload, Trend Micro observed a maximum throughput of ~615 Mbps at 6,700 simultaneous connections on a Dell 2950 Series 3 server (8 CPU Intel Xeon X5460, 8 GB RAM). Trend Micro determined that throughput results were a function of the size of the user download. With large, long downloads, higher throughput occurs; with many smaller objects, less throughput occurs.

The use of ICAP or caching in general greatly improves the capacity of the environment by reducing the amount of network communication to the IWSVA server.

Note:

IWSVA 3.1 and above also includes a new Web Reputation feature. This feature relies on DNS queries to Trend Micro data centers for each new URL request. IWSVA caches reputations for 35 minutes by default and provides new reputation requests for that URL without the need for additional queries.

This Sizing Guide assumes that your environment has sufficient DNS infrastructure to handle the query load that results from deploying one or more IWSVA units. For every URL request that does not have a cached reputation value, IWSVA makes two DNS queries: one to resolve the URL itself, and another to obtain the reputation of that URL from the data center.

W hat C onfiguration C hanges do to S iz ing Configuration changes to IWSVA affect sizing in a number of ways. A summary of these impacts appears below:

S c anning • There are four available scanning features in the IWSVA 3.1 product and five in the IWSVA 5.0

product (the fifth is HTTPS scanning). This sizing guide contains tests that Trend Micro performed with only four scanning features active. This document does not contain tests of HTTPS.

• HTTPS scanning (IWSVA 5.0 only) decreases scanning throughput when you enable it. The amount of capacity degradation depends on the amount of HTTPS traffic that occurs along with your normal HTTP and FTP traffic, and how many URL categories or domains/URLs you set up for HTTPS decryption and scanning. In general, HTTPS scanning performance is about 13% (or 1/8th) of non-encrypted scanning performance without SSL hardware acceleration.

• If you deactivate virus scanning, the number of simultaneous connections IWSVA can support increases by approximately 19% (6,700 connections per second vs. 8,000 connections per second for an eight-CPU server).

• The use of Web reputation, URL filtering, and Applet and ActiveX scanning only modestly affects scanning performance for average workloads.



R eporting • Real-time reports can take a significant amount of time to complete in high-volume or saturated

network environments if there is inadequate free CPU to process each request. If your network environment meets these conditions, Trend Micro recommends scheduling reports for non-peak periods or using Trend Micro Advanced Reporting and Management (ARM) module to offload logging and reporting.

• If you require real-time reporting during high-workload periods, Trend Micro advises that you size your servers for less than 100% CPU utilization to keep your end-user and administrative experiences positive.

• Activating optional per-user logging (marking the Logs Settings “Log HTTP/FTP access events” check box) can increase disk I/O considerably. In multi-server environments, leveraging Trend Micro Advanced Reporting and Management (ARM) module for off-box reporting or installing an additional IWSVA server that is dedicated only to logging and reporting greatly improves logging and reporting performance.

• Using high-performance RAID arrays with fast hard disks also improves performance significantly.

C ac hing Using caching also affects system performance. With a properly sized ICAP 1.0 solution in place, you can increase the capacity of your environment proportionally to the cache percentage. For example:

• A 25 percent cache allows each server to increase capacity by a factor of 1.3.

• A 50 percent cache allows each server to increase capacity by a factor of 2.



Trend Micro calculated these performance factors using an external ICAP v1.0 server.

P erformanc e C riteria for T es ts Trend Micro conducted the tests with the requirement that all test results and sizing recommendations meet the following conditions:

• Hosts and servers have zero TCP Connection failures

• Hosts and servers have zero HTTP Transaction failures

• Hosts must experience an average page load time < 2,000 ms (2 seconds)

Although the IWSVA servers can provide more connections and transactions than appear in the sizing tables, the page load latency is above 2 seconds and does not reflect real-world expectations where users expect fast Internet response times.

S c alability and A c c urac y The scalability of IWSVA depends totally on the quantity and type of CPU you use. CPUs that have a seemingly higher MHz rating but use an older technology do not yield better performance. The reason for this is that CPU processing efficiency gains as technology improves.

When sizing different CPU environments, Trend Micro advises that you use the performance numbers calculated using the 4 CPU performance results in this document as these yield nice upper and lower performance boundaries for CPUs commonly available today. These results can also translate between the software appliance and the virtual appliance



The testing procedure and methodology used in this report is accurate, reproducible and well documented. The results are precise up to ±3 percent.

Hardware T es ted Tables 5-11 provide details of the hardware used in this Sizing Guide.

T a ble 5 2 CPU Server

Component Type

Value More Information

Chassis Dell 1850 Series 1 CPU Intel® Xeon® Processor 2.80 GHz 80546K http://processorfinder.intel.com/Details.aspx?sSpec=SL7PD CPU Speed 2.8 GHz Bus Speed 800 MHz Cores per CPU 2 Number of CPU s 1 Total Cores / CPU 2 Memory 2 GB Disk Drives 1 x 146 GB 15K SCSI Disk Controller Dell Perc 5/I SCSI Network Gigabit Ethernet x 2


Component Type


Chassis Dell 1950 Series 2 CPU Intel® Xeon® Processor E5335 http://processorfinder.intel.com/details.aspx?sSpec=SLAEK CPU Speed 2 GHz Bus Speed 1333 MHz Cores per CPU 4 Number of CPU s 1 Total Cores / CPU 4 Memory 4 GB Disk Drives 2 x 73 GB 15K RPM SAS Configured in RAID 1

Disk Controller Dell Perc 5/i SAS Network Gigabit Ethernet x 2

http://processorfinder.intel.com/Details.aspx?sSpec=SL7PD�




Component Type


Chassis Dell 1950 Series 3 CPU Intel® Xeon® Processor 5160 http://processorfinder.intel.com/details.aspx?sSpec=SLAG9 CPU Speed 3 GHz Bus Speed 1333 MHz Cores per CPU 2 Number of CPUs 2 Total Cores / CPU 4 Memory 4 GB Disk Drives 2 x 73 GB 15K RPM SAS Configured in RAID 1



Component Type


Chassis Dell 2950 Series 3 CPU Intel® Xeon® Processor X5460 http://processorfinder.intel.com/details.aspx?sSpec=SLANP CPU Speed 3.16 GHz Bus Speed 1333 MHz Cores per CPU 4 Number of CPUs 2 Total Cores / CPU 8 Memory 8 GB Disk Drives 3 x 73 GB 15K RPM SAS Configured in RAID 5





Component Type


Chassis Sun X4450 CPU Intel® Xeon® Processor E7340 http://processorfinder.intel.com/details.aspx?sSpec=SLA68 CPU Speed 2.4 GHz Bus Speed 1066 MHz Cores per CPU 4 Number of CPUs 4 Total Cores / CPU 16 Memory 16 GB Disk Drives 4 x 136 GB 15K RPM SAS Configured in RAID 5

Disk Controller Adaptec SUN RAID Network Gigabit Ethernet x 2

T a ble 10 4 CPU Virtual Appliance

Component Type Value More Information Chassis VMware ESX 3.5 CPU VMware vCPU CPU Speed (Total Allocated)

4 GHz / 8 GHz / 12 GHz

Bus Speed NA Cores per CPU 1 Number of CPUs 4 Total Cores / CPU 4 Memory 4 GB Disk Drives 40 GB Disk Controller LSI Logic Network Gigabit Ethernet x 1



T a ble 11 VMware ESX 3.5 Host Server

Component Type Value More Information Chassis Dell 2950 Series 2 CPU Intel® Xeon® Processor X5355 http://processorfinder.intel.com/details.aspx

?sSpec=SLAEG CPU Speed 2.66 GHz Bus Speed 1333 MHz Cores per CPU 4 Number of CPUs 2 Total Cores / CPU 8 Memory 8 GB Disk Drives 3 x 73 GB 15K RPM SAS Configured in RAID 5


http://processorfinder.intel.com/details.aspx?sSpec=SLAEG�

http://processorfinder.intel.com/details.aspx?sSpec=SLAEG�



G los s ary Active Users – The number of users actively requesting web content through an HTTP web browser (such as Microsoft Internet Explorer) at any one time.

Connection Latency – The amount of time between a user’s first click in a web browser until the time data begins appearing on the screen.

Default Configuration – The default configuration of IWSVA is with antivirus, Web reputation, URL filtering, and Applet and ActiveX Security (AAXS) active.

HTTP 1.1 Connection – A method that enables the use of one connection to send or receive multiple HTTP requests or responses. HTTP 1.1 allows users to make multiple requests through a single connection.

Requests per second – The rate at which an application requests and processes HTTP objects (for example .jpg, .gif, or .htm files).

Think Time – The time between browser clicks for an active user.

Throughput – The amount of digital data per time unit that an application delivers over a physical or logical link, or that passes through a gateway-scanning device. Typically, you measure this rate in either Bytes per second or bits per second (8 bits = 1 Byte).

Total Page Download Latency – The average total time to download a workload-specific Web site after initial connection.

User Population – The total number of users with Internet access this IWSVA deployment supports.



A bout T rend Mic ro Inc orporated Trend Micro Incorporated, a global leader in Internet content security, focuses on securing the exchange of digital information for businesses and consumers. A pioneer and industry vanguard, Trend Micro is advancing integrated threat management technology to protect operational continuity, personal information, and property from malware, spam, data leaks and the newest Web threats. Its flexible solutions, available in multiple form factors, are supported 24/7 by threat intelligence experts around the globe.

Founded in 1988, Trend Micro provides individuals and organizations of all sizes with award-winning security software, hardware, and services. With headquarters in Tokyo and operations in more than 30 countries, Trend Micro solutions are sold through corporate and value-added resellers and service providers worldwide. For additional information and evaluation copies of Trend Micro products and services, visit our Web site at http://www.trendmicro.com/.

http://www.trendmicro.com/�

Documents

IWSVA Customer Sizing Guide 090930