This is an Early Access feature. To enable it, contact Okta Support.
The processing and storage requirements for your gateways depends on your expected workload. You can use the guidelines in the following sections to plan the resources to allocate to your gateways
The type of server or instance that you use to host an Advanced Server Access gateway depends on which provider you use.
A set of benchmark tests were created and run on a single gateway with 120 concurrent SSH sessions. These tests found that an Amazon Web Services (AWS) t2.medium instance (2 vCPU, 4 GB RAM, EBS volume) had the sufficient resources necessary to handle this workload. The server had an approximate average CPU utilization of roughly 40%, with spikes of up to 50%, which scaled up and down with the number of sessions. Memory utilization never exceeded seven percent of available memory.
You must carefully consider both the type and amount of storage you'll need when when deploying SSH session capture with Advanced Server Access gateways.
The best type of storage to use is Solid State Drives (SSDs), whether a dedicated SSD that's attached to the gateway or an SSD-based storage solution like Amazon Elastic Block Stores.
How much storage you require depends on the workloads of your users. For example, a 30 minute interactive session that consists of performing a directory listing every 5 seconds is captured and stored in a binary file about 150 kilobytes in size. Note: If your users copy any files using scp as part of their session, those files are also copied and saved as part of the log when session recording is enabled.
If session recording is enabled and a gateway has insufficient storage available to store session logs, the gateway will prevent connections for security reasons. To avoid this situation, it's recommended that you monitor the storage utilization of your gateways to ensure that they have sufficient available storage for logs.
One method you can use to ensure sufficient storage capacity for session logs is to use an available cloud storage destination. To use this method, ensure that the temporary directory where in progress sessions are temporarily stored, which is usually /tmp on most systems, has sufficient space to store logs for your expected in-flight sessions.