Installation guide
Best Practices for IWSVA Installation and Deployment
C-5
• Redundant architectures must be designed to support your maximum number of
users when it fails over to the backup unit or secondary. Otherwise, performance
and response time expectations will drop when a unit fails.
Selecting Deployment Method and Redundancy
IWSVA is one of the most flexible Web gateway security products for deployment
options. IWSVA can be deployed in the following topologies:
•Forward Proxy
• Transparent Bridge
• Transparent Bridge for High Availability
• WCCP
•ICAP
•Reverse Proxy
• Simple Transparency
Each deployment mode has its benefits and services a specific need. You should be
aware of the advantages and disadvantages of each deployment mode before deciding on
how to install the IWSVA product into your network. Please see Deployment Primer on page
2-1 for detailed information on each deployment method and what key benefits are
offered by each one.
If you are considering redundant architectures, you must review and consider the
following points:
WCCP - IWSVA supports the Cisco WCCP protocol to allow you to build load sharing,
redundancy, and scalability into your IWSVA architecture. If your routers and/or
switches support Cisco WCCP, this is one of the most economical ways to add high
availability features. One drawback of WCCP is that it can only redirect popular Internet
protocols to the scanning devices efficiently. See the IWSVA ReadMe document for the
WCCP versions supported.
ICAP - IWSVA supports ICAP v1.0 devices to allow you to scan content from popular
caching servers. ICAP can also be used to create a scalable architecture through a
one-to-many configuration with several IWSVA servers connected to a single cache
server. This is a popular option for customers who need to cache web content to reduce
bandwidth consumption and to lower Internet latency.