Very New to UT, Need Some Confirmation

[sky-knight]

The NG25 and 50 are using D510 Atoms.

Beware, the performance between the NG25/50 series appliances doesn't directly translate to standard builds. The motherboards in the entire NG series line are specifically designed for network applications. This grants greater than normal throughput possibilities, and allows us to scale back the ram and CPU a bit.

If you're going to use a standard PC of some kind for Untangle, my personal minimum requirements for Untangle are a dual core processor of at least 2ghz, 1gb of ram, and two HARDWARE based network interfaces. That's Intel, Broadcom, or 3Com, nothing else will do. That server will handle 25-50 users, unless traffic gets heavy. At which point you add more RAM generally.

You need more CPU if you need to run more AV/Spam checks. You need more RAM for more throughput, and extra racks.

The balance is hard to strike, you can experiment yourself, or take advantage of one of us resellers that know how to place these units with the minimum hardware to the job. There isn't enough detail in your thread here to really say how large of a unit to use.

[tezgno]

From a topology standpoint, we have about 50 or so virtual servers (most of them development boxes), about another 5 physical server appliances, and about 60-80 devices that are all on the network at any given moment. We also run various systems that are accessible from the internet (support ticket systems, websites, etc) that can range in the number of actual users hitting them at once. From an internal person perspective, we only have 30 users (physical people) at any given moment on the network from a PC perspective. But, each of those people have smart devices that could also access the network, etc. Those device are included in the 60-80 devices number.

Our current internet bandwidth is 4.5Mbps/4.5Mbps using EoTDM (Ethernet over TDM). In the very near future, we will be switching to a DOCSIS3 service that would be providing us with either a 35Mbps/10Mbps or a 50Mbps/10Mbps (haven't made the final decision on which yet).

Based upon how we use the network, I think that we are probably covered in terms of hardware. However, if you have any suggestions as to what you think would be best, please let me know. Thanks.

[tezgno]

Almost forgot, in terms of what we would be using from the UTM perspective. We would use the AV filters (and IDS), but not the SPAM. We have an appliance for that.

[sky-knight]

Well then you'll be happy to know that the dual core 1gb box I just estimated for you is pushing my DOCSIS 3.0 line at 10/100 quite happily. Another thing to keep in mind, the rack isn't directional. The Spam module is, but everything else is not. This means, traffic that is subject to a given module will be subject to the module regardless of the source or destination.

*plain english translation*

If you ever forward TCP 80 to an internal web server, and forget to bypass the traffic... the web requests will engage your AV modules and bring your Untangle to its knees.

Given your utilization, and the fact that you're a development testing house. The users you have are power users. Power users need more resources. I would suggest you design your network with hardware built to withstand 100-200 people.

[tezgno]

Thanks. That usage estimate of 100-200 users has been what I have been basing my sizing on.

With regards to your warning about the modules, that is good to know. My current situation is actually worse in that a function can be turned on or off by interface, but not by protocol or source/destination. This means that if I turn on, say, the a/v scan, it will be active on any traffic on the interface, which I a huge issue on the performance side of things on the unit. So, the fact that the UT can bypass is actually good.