ProSecure® STM appliances manage an organization's Internet usage and protects these organizations from Internet borne malware, spam, viruses, and inappropriate web surfing. With the ProSecure® STM appliance sitting between the organization and the Internet, it is critical that the STM appliance is sized appropriately and matches the performance needs of the organization.
There are no industry-standard metrics for determining the model to select, as every organization is unique and displays different Internet usage characteristics. As such, NETGEAR® uses several specifications to evaluate the applicability of an STM appliance:
A starting point is to estimate the throughput your organization requires between its internal network and the Internet. As the STM appliance sits between your internal network and the Internet, this throughput number is the total amount of traffic that can be passed with the STM in place.
The number of concurrent clients represents the maximum number of currently active clients that can simultaneously access the Internet through the STM. NETGEAR® STM Appliances' Concurrent Client rating is a number that is measured assuming that each active client is currently engaging in an "average" web browsing session with multiple connections to multiple websites.
In general, your organization's concurrent client count should be less than the total number of users in your organization. For instance, if your organization has 1000 users, perhaps only 800 of those users have Internet access via a computer. Moreover, on the average, perhaps only 75% of those users are in the office at any point in time (75% x 800 = 600 users). Lastly, you may perhaps estimate that only 50% of those users (50% x 600 = 300 users) are actually on the Internet browsing web traffic at a given time.
Concurrently Scanned HTTP Connections
Users who are actively browsing the Internet can typically be estimated to have 5 active HTTP connections at any point in time with a 60% rate of concurrency (yielding 3 connections). This number accommodates averaged situations where some users are heavily browsing the web or using Internet bandwidth intensive applications. Note that the peak number of connections can exceed these estimates if there is extraordinarily heavy usage of Internet bandwidth or connection intensive applications such as Peer 2 Peer applications are being used.
The rate at which users send and receive Emails varies widely in organizations, and is also dependent on the amount of spam an organization is receiving. For instance, if users, on the average, send and receive 30 legitimate emails per hour and 70% of Email traffic is SPAM, then each user will contribute 100 Emails per hour to the overall system load. A 200 user organization could then be expected to experience an Email load of 200,000 messages per hour.
|STM Model Capacity
|Concurrently Scanned HTTP Connections
|SMTP Throughput (emails / hour)
When sizing an STM for an organization, throughput, concurrent clients, concurrent connections, and Emails processing capability should all be assessed against the characteristics of the organization. In the examples below, we have outlined potential sample organizations and the recommended STM appliances for each organization.
||Suggested STM Model
|10 Mbps Throughput
100 concurrent clients
300 concurrently scanned HTTP connections
100,000 Emails / hour
|40 Mbps Throughput
250 concurrent clients
800 concurrently scanned HTTP connections
300,000 Emails / hour
|120 Mbps Throughput
500 concurrent clients
1600 concurrently scanned HTTP connections
700,000 Emails / hour
The ProSecure® STM gateway security appliance is an inline transparent bridge that can easily
be deployed to any point on the network without requiring network reconfiguration or additional hardware.
The following are the most common deployment scenarios for the STM appliance. Depending on your network environment
and the areas that you want to protect, you can choose one or a combination of these deployment scenarios.
In a typical gateway deployment scenario, a single STM appliance is installed at the gateway between
the firewall and the LAN core switch to protect the network against all Web and Email threats entering and
leaving the gateway. In this type of deployment, all STMs scan both Web and Email traffic.
Note: In a gateway deployment, it is recommended to install the STM behind the firewall to employ the
firewall's functionality in stopping DoS attacks (which may often be non Web or Email traffic related).
Figure 1 Gateway Deployment
Server Group Deployment
In a server group deployment, one STM appliance is installed at the gateway and another in front of the server group.
This type of deployment helps split the network load and provides the mail server with dedicated protection against
email-borne malware and spam. In this type of deployment the STM installed at the gateway scans only Web traffic
while the STM in front of the server group scans only Email traffic.
Figure 2 Server Group Deployment
Segmented LAN Deployment
In a segmented LAN deployment, one STM appliance is installed in front of each network segment. This type of
deployment helps split the network load and protects network segments from Web and Email threats coming in through
the gateway or originating from other segments. In this type of deployment, all STMs scan both Web and Email traffic.
Figure 3 Segmented LAN Deployment