Bluecoat web proxy gateways are nifty devices..do some handy things doing inline AV of all web requests, and can decrypt SSL in line as well.
They're swell until someone in your organization wants their Citrix ICA client to connect to an external provider of some sort and that external provider uses the secure ICA cruft of tcp/443. If you're an explicit proxy shop, be prepared for the device to drive you nuts trying to decode that TLS stream thinking it's standard SSL. It's not... and it'll quietly just not work. Still haven't gotten it working and am bypassing the proxy for that traffic for now.
Also, it really sorta blows when you have a device that's licensed for 1200 concurrent users, but you start seeing CPU peg at 100% at just 330 concurrent users. Apparently it's rated at 25Mbps. The day after memorial day, people seemed to be feeling a bit surfy and were pushing 30-60Mbps through ours all day. This was not a good way to find out we were sold boxes that weren't sized appropriately for our environment. Guess we get to pay them more to fire up our cold spare and do some load balancing between them in order to have some margin.
Subscribe to:
Post Comments (Atom)
See ...this is how many vendors get you!
ReplyDelete1,200 concurrent users
OR
20Mb/sec peak throughput
...so if my math is correct (calc says it is) then this means that all 1,200 people would be pulling 17kb/sec to keep this legit.
WHO surfs at 17kb/sec ...seriously!?
RANT ON ...