ProxySG instances do not natively support AWS Auto Scaling. AWS Auto Scaling may provide some benefits, but it could also cause the following issues with stateful deployments:
- Auto Scaling infrastructure needs to be idempotent, which can make infrastructure inflexible/hard to manage in certain situations.
- Change management must be highly operationalized as you cannot make changes directly to the infrastructure in the ProxySG instance. Direct changes will not be reflected in any newly created instances, or in Management Center configurations or policy objects.
- Some ProxySG configurations do not support Auto Scaling, such as strict authentication methods.
- If a ProxySG instance experiences an issue or goes offline, troubleshooting might be impossible due to Auto Scaling repeatedly destroying and creating instances.
- Auto Scaling can be slow to respond to bursts or sudden spikes in traffic patterns.
Instead of using Auto Scaling, consider one of the following configurations or product options:
- To meet the scaling and HA requirements of your deployment, deploy a fixed-size cluster of ProxySG instances behind an appropriate AWS Load Balancer.
- According to your business needs and changing scaling requirements, right-size your deployment.
- Automate deploying new instances using ZTP and Management Center configuration objects to make scaling up your deployment repeatable and highly automated.
- If you want the flexibility that Auto Scaling provides and the ability to automatically deploy policy and configuration using Management Center, consider moving to Web Security Service (WSS). The WSS cloud solution offers the same security protections as the ProxySG instance and is compatible with Management Center. WSS is a SaaS, so scaling is handled by Symantec. For more information on WSS, see the WSS documentation.