Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Trustwave and Cybereason Merge to Form Global MDR Powerhouse for Unparalleled Cybersecurity Value. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
Loading...
Loading...

INFO: What are the hardware and software requirements for MailMarshal SMTP (SEG)?

Expand / Collapse


This article applies to:

  • Trustwave MailMarshal (SEG)

Question:

  • What are the hardware and software requirements for Trustwave MailMarshal (SEG)?
  • Should SQL Express or SQL Server be used with SEG?

Information:

Hardware Required for Trustwave SEG Server

The hardware required for a SEG server naturally varies depending on the number of email users and the amount of email traffic. The following specifications are a suggested minimum for a single-server installation of SEG (recent supported versions):

  • 1,000 users: 4 cores 2.6GHz (Core i5 or similar), 20GB HD free, 4GB RAM
  • 10,000 users: 4 cores 3GHz (better Core i7 or similar), 100GB HD free, 6GB RAM

For SQL Express installed on the same server, add 2GB RAM to the above specifications. Use of full SQL Server is not recommended in a single-server deployment.

Sites with more than 10,000 users should generally use an array with separate Array Manager and multiple processing servers.

Note: Processor and memory suggestions are based on experience, but each installation differs. Where processing is slow and resource usage high, Trustwave recommends allocating additional resources.

Hardware planning considerations for SEG Array installations:

In an Array installation, SEG will typically include an Array Manager computer, multiple email processing servers, and a SQL Server computer.

  • Array Manager: Array Manager is not resource intensive. For a standalone Array Manager computer the most important component is the processor.
    • The Array Manager software can be installed on the SQL Server, in which case see the SQL Server hardware requirements.
    • If you install Array Manager with SQL, limit SQL memory usage. See Q14902.
  • SQL Server: SQL Server is memory and disk intensive. 25% or more of the SEG database is indices. Performance is improved when more of the indices fit into physical RAM. The SQL databases also use a lot of disk I/O, so careful planning with regard to the SQL data file location(s) is required. Large installations should consider using separate drives for the data and log files. Consult the chart below to understand potential SEG database size. Consult Microsoft documentation for specifics on optimizing a SQL server installation.

    Smaller sites can use SQL Express, the free version of Microsoft SQL Server.
    • Note that SQL Express enforces a database size limitation of 10 GB for SQL Express 2008 R2 and SQL Express 2012 (4GB in earlier versions). This limitation is set by Microsoft.

To determine SEG database size, allow 1100 bytes per message or classification logged.

The data provided in the table below assumes that an average user sends and receives 70 SMTP messages per day through the server. You can use these numbers as a guideline if the assumptions for email volume, log retention duration, and safety margin are appropriate for you.

Notes:

  • If additional classifications are logged for a message, allow an additional 1100 bytes per classification.
  • Indexing of the message table adds several hundred bytes per record.
  • Attached files are also logged in a database table. This table can be large if many attachments are being transmitted.
  • Higher volume of messages will significantly increase the growth of the database.  Volume varies widely depending on organization type and company policy. For additional guidelines, see the worksheet in the SEG User Guide.

 

Users
Email /
Day / User
Days to Keep Logs
Safety Margin
GB
(Rounded)
Database Version
to Use
100
70
100
1.25
2
Express
200
70
100
1.25
3.5
Express
250
70
100
1.25
4.5
Express
500
70
100
1.25
9
Express (2012 or later)
1000
70
100
1.25
20
SQL
2000
70
100
1.25
35
SQL
5000
70
100
1.25
90
SQL

  • Email processing server(s): Processing servers are disk intensive.  There is a lot of disk I/O during email processing.
    • The processor should be recent (less than 2 years old), but is not the most critical item.
    • For memory and disk sizing suggestions, see the following table. Note that quarantine size depends on archiving and retention policies.
    • In most cases SQL would not be installed on a standalone processing server.
    • For sites with more than 10,000 users, it may be more cost effective to add SEG processing servers (rather than having one larger server). Multiple servers also provide redundancy.
    • Don't under-specify. Allow for growth.
Email Users Messages per Day Text Log Size per day in MB Quarantine Directory and
Spam Logs per day in MB
CPU GHz Memory GB Hard Drive Free GB
100 2,000 21 9 2.6 dual
3 2
250 5,000 53 23 2.6 dual
3
5
500 10,000 106 46 2.6 dual
4 10
1000 20,000 212 93 2.6 quad
4 20
5000 100,000 1061 464 2.6 quad
5 50
10,000 200,000 2122 927 3 quad
6 100
25,000 500,000 5305 2318 3.3 quad
6 200
50,000 1,000,000 10610 4635 2x3.3 quad
6 500

 

Software Required for SEG 

For the requirements specific to your version of SEG refer to the release notes included with the installation or see the SEG documentation.

MailMarshal (SEG) 10.X supports installation on Windows Server 2012 and above. SEG 8.X supports installation on Windows Server 2008 R2 and above. Earlier versions support installation on Windows Server 2008.

Basic information about the requirements for the latest released version of SEG is available in Trustwave Knowledge Base article Q11358.

 

Best Practices

When sizing a SEG installation, consider the following best practices as well as the specific minimum requirements listed:

  • Don’t under-specify – allow for growth and unexpected load.
  • Do allow extra hard disk space – disk performance is reduced when free space is low. 30% free space is a recommended minimum.
  • Do allow for redundancy and peak flow – the server should be able to clear a backlog comfortably.
  • Do check the assumptions in this document against your organization’s email traffic patterns and message retention requirements.

Virtual Machines

SEG functions well in a virtualized environment. Note the following points:

  • The host server must have enough processor and memory resources for all guest VMs as well as the host operating system.
  • If you are hosting multiple virtual servers, use at least one PHYSICAL disk drive per server. SEG operation is disk intensive. A physical drive hosting multiple virtual drives can easily be overloaded.

Notes:

Please review the Hardware and Software Requirements section in the current version of the User Guide, which is included in the product download package, also copied within Help, and is available on the SEG documentation page.

Related Articles:

  • Q11358 : Prerequisites and supported operating systems
  • Q10423 : How do I performance tune SEG/MailMarshal?

This article was previously published as:
NETIQKB40931
NETIQKB40914
Q10723

To contact Trustwave about this article or to request support:


Rate this Article:
     

Add Your Comments


Comment submission is disabled for anonymous users.
Please send feedback to Trustwave Technical Support or the Webmaster
.