Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Physical and Virtual Appliance Requirements

Physical and Virtual Appliances

You can use different types of platforms to serve as the appliance systems that the Secure Web Gateway appliance software runs on.

Depending on these platforms, the appliance system is physical or virtual. Accordingly, a Secure Web Gateway appliance runs as one of the following:

  • Physical appliance — On a physical hardware platform
  • Virtual appliance — On a virtual machine

System requirements are different for each of these two options.

System Requirements for a Physical Appliance

Before installing Secure Web Gateway as a physical appliance, you must make sure that the system requirements for this type of appliance are met.

Shipped Items

  • Hardware platform (models vary) with the appliance software

NOTE: The recommended minimum memory size on a hardware platform is 8 GB. If you are using an older model with less than this memory, you can upgrade.

  • Power cord
  • Network cables
  • USB-PS/2 adapter cable (if you use a PS/2 keyboard for the initial configuration)

Installation media (CD/DVD and USB drive) were shipped to you with the appliance software. They are not required for the installation, but you can use them for reimaging the appliance.

Items You Must Provide

  • Standard VGA monitor and PS/2 or USB type keyboard
    • Or: Serial system console
  • Administration system with:
    • Microsoft Windows or Linux operating system
    • Oracle Java Runtime Environment (JRE), version 1.8, also referred to as Java 8, or later

JRE is required if you require Java support for working with the Secure Web Gateway interface. You can, however, work with this interface and not require Java support.

  • Microsoft Internet Explorer, version 9.0 or later

This browser allows you to work with the Secure Web Gateway interface. You can, however, work with this interface and not use a browser.

  • Network cables for the administration system

System Requirements for a Virtual appliance

Before installing Secure Web Gateway as a virtual appliance, you must make sure that the system requirements for this appliance type are met. These requirements must also be met when installing a virtual appliance on an Azure platform with Hyper-V.

Virtual Machine Software

This VMware type is required:

  • VMware ESXi

The following table shows the versions of this VMware that we recommend for use with particular versions of Secure Web Gateway. VMware versions that are not recommended can still be run here.

We further recommend using the latest update of the recommended VMware version, ESXi 6.0, ESXi 6.5, and so on, that you are actually working with.

We also recommend this for Secure Web Gateway. Use the latest update of the particular version, SWG 7.8.x.x, 8.x.x, and so on, that you are working with.

  ESXi 6.5 ESXi 6.7 ESXi 7.0 ESXi 8.0
SWG 7.8.x.x Yes Yes No  No
SWG 8.x.x Yes Yes No No
SWG 9.x.x Yes Yes Yes No
SWG 10.x.x Yes Yes Yes No
SWG 11.x.x Yes Yes Yes Yes
SWG 12.x.x No No Yes Yes 

 

Yes = Recommended

No = Not recommended

Virtual Machine Host System

  • CPU — 64-bit capable
  • Virtualization extension — VT-x/AMD-V

Virtual Machine

Specifications depend on how you are using a virtual appliance.

Use RAM (in GB) Hard-disk space (in GB) CPU Cores
Functional testing (user interface based on Java applet or desktop client) 4 80 4
Functional testing (HTML-based user interface) 8 80 4
Production (minimum) 16 200 4
Production (recommended) 32 500 4 or more

 

Setup procedures differ for each VMware type. The following table provides some more common setup parameters and values. Parameter names can also differ.

For parameters that are not listed, use the default values in the procedures.

Option Definition
Configuration type Typical | Advanced (recommended)
Installation mode ISO image
Operating system CentOS 64-bit, version 7
Memory 32 GB (recommended)

Starting with version 4.1, VMware ESXi, which is one of the supported VMware types for a virtual Secure Web Gateway appliance, includes some optimizations known as NUMA optimizations.

A host system for virtual machines that runs this VMware is also referred to as a NUMA node. Memory must then be allotted to a virtual machine in relation to the memory that is available on a NUMA node, otherwise you might experience a severe impact on performance.

For example, if you set up three virtual machines on one NUMA node and configure the same number of processors (CPU cores) for each virtual machine, do not allot more than one third of the memory that is available on the NUMA node to each virtual machine.

Best results are achieved if you run one virtual machine on one NUMA node.

Make sure that you also reserve a certain amount of memory for the NUMA node (the host system).
Hard-disk space 500 GB (recommended)
Number of processors 1 | 2 | 4 (recommended) | <other values>

The number of processors (CPU cores) that are provided for selection depends on the equipment of the host system that is used for setting up the virtual appliance.

When virtual machines are set up on a host system that runs ESXi VMware, version 4.1 or later, with NUMA optimizations, CPU cores must be configured in relation to what is allowed on a NUMA node (a host system).

The number of CPU cores that you configure for a virtual machine must be multiples or divisors of the number of CPU cores that fit in with the size of a NUMA node.

For example, if the size of a NUMA node is sufficient for running six CPU cores, configure virtual machines with two, three, or six cores (if you are only using one node), or with 12, 18, 24, and so on (if you are using multiple nodes).

Best results are achieved if you run one virtual machine on one NUMA node.<
Network connection mode Bridged (recommended) | NAT | <other values>
CD/DVD drive with assigned ISO image <drive name>/<name of the ISO image>
Network interface card type VMXNET 3
SCSI controller (for some ESX versions) BusLogic SCSI (not supported in a 64-bit environment) | LSI Logic Parallel (default) | LSI Logic SAS | VMware PV SCSI (recommended)
vSwitch — Allow promiscuous mode Reject for all modes except for Transparent Bridge
vSwitch — Allow forged transmits Reject for all modes except for Transparent Bridge

 

Supported Hyper-V Servers

The following Windows Servers are currently supported as Hyper-V servers. Hyper-V is a role that a Windows Server can take when a virtual appliance is installed.

  • Windows Server 2022 (64-bit)
  • Windows Server 2019 (64-bit)
  • Windows Server 2016 (64-bit)
  • Windows Server 2012 R2 (64-bit)

Supported Hyper-V Servers for Earlier Appliance Versions

The following Windows Servers are supported as Hyper-V Servers when earlier appliance versions are installed.

  • For SWG 7.8.2, 8.0, 8.1, 8.2, and 9.0:
    • Windows Server 2019 (64-bit)
    • Windows Server 2016 (64-bit)
    • Windows Server 2012 R2 (64-bit)
    • Windows Server 2008 R2 (64-bit)
  • For SWG 7.6.1, 7.6.2, 7.7.0, 7.7.1, 7.7.2, 7.8.0, and 7.8.1:
    • Windows Server 2012 R2 (64-bit)
    • Windows Server 2008 R2 (64-bit)

Static MAC address for a Virtual Appliance on Hyper-V

A virtual machine on a Hyper-V server platform is by default configured to use dynamic MAC addresses. When Secure Web Gateway runs as a virtual appliance on this platform, using dynamic MAC addresses will result in losing IP address information after a restart.

For this reason, the default settings must be changed to let the virtual appliance use a static MAC address.

  • Was this article helpful?