STM Series

ProSecure® STM appliances manage an organization's Internet usage and protects these organizations from Internet borne malware, spam, viruses, and inappropriate web surfing. With the ProSecure® STM appliance sitting between the organization and the Internet, it is critical that the STM appliance is sized appropriately and matches the performance needs of the organization.

There are no industry-standard metrics for determining the model to select, as every organization is unique and displays different Internet usage characteristics. As such, NETGEAR® uses several specifications to evaluate the applicability of an STM appliance:

Throughput

A starting point is to estimate the throughput your organization requires between its internal network and the Internet. As the STM appliance sits between your internal network and the Internet, this throughput number is the total amount of traffic that can be passed with the STM in place.

Concurrent Clients

The number of concurrent clients represents the maximum number of currently active clients that can simultaneously access the Internet through the STM. NETGEAR® STM Appliances' Concurrent Client rating is a number that is measured assuming that each active client is currently engaging in an "average" web browsing session with multiple connections to multiple websites.

In general, your organization's concurrent client count should be less than the total number of users in your organization. For instance, if your organization has 1000 users, perhaps only 800 of those users have Internet access via a computer. Moreover, on the average, perhaps only 75% of those users are in the office at any point in time (75% x 800 = 600 users). Lastly, you may perhaps estimate that only 50% of those users (50% x 600 = 300 users) are actually on the Internet browsing web traffic at a given time.

Concurrently Scanned HTTP Connections

Users who are actively browsing the Internet can typically be estimated to have 5 active HTTP connections at any point in time with a 60% rate of concurrency (yielding 3 connections). This number accommodates averaged situations where some users are heavily browsing the web or using Internet bandwidth intensive applications. Note that the peak number of connections can exceed these estimates if there is extraordinarily heavy usage of Internet bandwidth or connection intensive applications such as Peer 2 Peer applications are being used.

Email Throughput

The rate at which users send and receive Emails varies widely in organizations, and is also dependent on the amount of spam an organization is receiving. For instance, if users, on the average, send and receive 30 legitimate emails per hour and 70% of Email traffic is SPAM, then each user will contribute 100 Emails per hour to the overall system load. A 200 user organization could then be expected to experience an Email load of 200,000 messages per hour.

STM Model Capacity	STM150	STM300	STM600
Throughput (Mb/s)	42	160	260
Concurrent Clients	145	333	600
Concurrently Scanned HTTP Connections	1,000	2,000	4,000
SMTP Throughput (emails / hour)	139,000	420,000	960,000

Sample Organizations

When sizing an STM for an organization, throughput, concurrent clients, concurrent connections, and Emails processing capability should all be assessed against the characteristics of the organization. In the examples below, we have outlined potential sample organizations and the recommended STM appliances for each organization.

Organization Characteristics	Suggested STM Model
10 Mbps Throughput 100 concurrent clients 300 concurrently scanned HTTP connections 100,000 Emails / hour	STM150
40 Mbps Throughput 250 concurrent clients 800 concurrently scanned HTTP connections 300,000 Emails / hour	STM300
120 Mbps Throughput 500 concurrent clients 1600 concurrently scanned HTTP connections 700,000 Emails / hour	STM600

The ProSecure® STM gateway security appliance is an inline transparent bridge that can easily be deployed to any point on the network without requiring network reconfiguration or additional hardware.

The following are the most common deployment scenarios for the STM appliance. Depending on your network environment and the areas that you want to protect, you can choose one or a combination of these deployment scenarios.

• Gateway Deployment
• Server Group Deployment
• Segmented LAN Deployment

Gateway Deployment

In a typical gateway deployment scenario, a single STM appliance is installed at the gateway between the firewall and the LAN core switch to protect the network against all Web and Email threats entering and leaving the gateway. In this type of deployment, all STMs scan both Web and Email traffic.

Note: In a gateway deployment, it is recommended to install the STM behind the firewall to employ the firewall's functionality in stopping DoS attacks (which may often be non Web or Email traffic related).

Figure 1 Gateway Deployment

Server Group Deployment

In a server group deployment, one STM appliance is installed at the gateway and another in front of the server group. This type of deployment helps split the network load and provides the mail server with dedicated protection against email-borne malware and spam. In this type of deployment the STM installed at the gateway scans only Web traffic while the STM in front of the server group scans only Email traffic.

Figure 2 Server Group Deployment

Segmented LAN Deployment

In a segmented LAN deployment, one STM appliance is installed in front of each network segment. This type of deployment helps split the network load and protects network segments from Web and Email threats coming in through the gateway or originating from other segments. In this type of deployment, all STMs scan both Web and Email traffic.

Figure 3 Segmented LAN Deployment