Deployment of Kaspersky Next XDR Expert
Following this scenario, you can prepare your infrastructure for the deployment of Open Single Management Platform and all the required components for Kaspersky Next XDR Expert, prepare the configuration file containing the installation parameters, and deploy the solution by using the Kaspersky Deployment Toolkit utility (hereinafter referred to as KDT).
Before you start to deploy Open Single Management Platform and Kaspersky Next XDR Expert components, we recommend reading the Hardening Guide.
The deployment scenario proceeds in stages:
- Selecting the option for deploying Kaspersky Next XDR Expert
For the function of Kaspersky Next XDR Expert, the following hosts are required:
- Administrator host
The administrator host is a device that is used to deploy and manage the Kubernetes cluster and Kaspersky Next XDR Expert. The administrator host is not included in the Kubernetes cluster.
The administrator host must meet the requirements for KDT.
- Target hosts
The target hosts are the physical or virtual machines that are used to deploy Kaspersky Next XDR Expert. The following target hosts are used:
- Target hosts for installing the Kaspersky Next XDR Expert components
The hosts that are included in the Kubernetes cluster and that perform the workload of the Kaspersky Next XDR Expert components.
The target hosts must meet the requirements for the selected deployment option (the distributed or single node deployment). Also, the target hosts must be located in the same broadcast domain.
- KUMA target hosts for installing the KUMA services
The target hosts that are not included in the Kubernetes cluster and that are used to install the KUMA services (collectors, correlators, and storages). The number of the KUMA target hosts depends on the amount of events that Kaspersky Next XDR Expert has to process.
The KUMA target hosts must meet the hardware, software, and installation requirements that are necessary for installing the KUMA services.
- Target hosts for installing the Kaspersky Next XDR Expert components
- DBMS host (only for the distributed deployment)
The host for installing the DBMS can be a separate server that is located outside the Kubernetes cluster. Alternatively, the DBMS host can be included in the cluster. For the distribution deployment, we recommend installing the DBMS outside the cluster, because in this case the DBMS performance is higher. Installing the DBMS inside the cluster can be useful, for example, for demonstration purposes.
The DBMS host requirements are the same regardless of whether it is included in the cluster or not.
For the correct function of Kaspersky Next XDR Expert, you need to install and configure Kaspersky Anti Targeted Attack Platform with Kaspersky Endpoint Detection and Response. For details about KATA deployment scenarios, refer to the KATA documentation.
Select the configuration of Kaspersky Next XDR Expert that best suits your organization. You can use the sizing guide that describes the hardware requirements and the recommended deployment option in relation to the number of devices in the organization.
The distributed and single node deployment schemes are available:
- Distributed deployment
The recommended option for deploying Kaspersky Next XDR Expert. In the distributed deployment, the Kaspersky Next XDR Expert components are installed on several worker nodes of the Kubernetes cluster and if one node fails, the cluster can restore the operation of components on another node.
In this configuration, you need at least seven hosts:
- 1 administrator host
- 4 target hosts for installing the Kubernetes cluster and the Kaspersky Next XDR Expert components
- 1 host for installing the DBMS
- 1 KUMA target host for installing the KUMA services
In this configuration, the DBMS can be installed on a host that is located outside or inside the Kubernetes cluster.
- Single node deployment
In the single node deployment, all Kaspersky Next XDR Expert components are installed on a single node of the Kubernetes cluster. You can perform the single node deployment of Kaspersky Next XDR Expert if you need a solution that requires fewer computing resources (for example, for demonstration purposes).
In this configuration, you need at least three hosts:
- 1 administrator host
- 1 target host for installing the Kubernetes cluster, the Kaspersky Next XDR Expert components, and the DBMS
- 1 KUMA target host for installing the KUMA services
In this configuration, the DBMS is installed inside the Kubernetes cluster on the target host and it does not require a separate node.
- Administrator host
- Downloading the distribution package with the Kaspersky Next XDR Expert components
The distribution package contains the following components:
- Archive with the Kaspersky Next XDR Expert components
- Template of the configuration file
- Template of the KUMA inventory file
- KDT utility that allows you to deploy Kaspersky Next XDR Expert
- End User License Agreements for Kaspersky Next XDR Expert and KDT
- Installing a database management system (DBMS)
Manually install the DBMS on the separated server outside the Kubernetes cluster, if needed.
Skip this step if you want to install the DBMS inside the cluster. KDT will install the DBMS during the Kaspersky Next XDR Expert deployment. In this case, the Kaspersky Next XDR Expert components and the DBMS will use one target host.
- Preparing the administrator and target hosts
Based on the selected deployment scheme, define the number of target hosts on which you will deploy the Kubernetes cluster and the Kaspersky Next XDR Expert components included in this cluster. Prepare the selected administrator and target hosts for deployment of Kaspersky Next XDR Expert.
If you deploy Kaspersky Next XDR Expert on a single cluster node, perform all preparatory steps necessary for the target hosts (for both the primary and worker nodes).
- Preparing the hosts for installation of the KUMA services
The KUMA services (collectors, correlators, and storages) are installed on hosts that are located outside the Kubernetes cluster. Prepare the KUMA target hosts for the installation. The number of the KUMA target hosts depends on the amount of events that Kaspersky Next XDR Expert has to process.
- Preparing the KUMA inventory file for installation of the KUMA services
Prepare the KUMA inventory file in the YAML format. The KUMA inventory file contains parameters for installation of the KUMA services.
- Preparing the configuration file
Prepare the configuration file in the YAML format. The configuration file contains the list of target hosts for deployment and a set of installation parameters of the Kaspersky Next XDR Expert components.
The configuration file can be used, for example, for the Kaspersky Next XDR Expert deployment, updating Kaspersky Next XDR Expert components, and adding management plug-ins for Kaspersky applications.
If you deploy Kaspersky Next XDR Expert on a single node, use the configuration file that contains the installation parameters specific for the single node deployment.
You can fill out the configuration file template manually; or use the Configuration wizard to specify the installation parameters that are required for the Kaspersky Next XDR Expert deployment, and then generate the configuration file.
- Deployment of Kaspersky Next XDR Expert
KDT deploys Kaspersky Next XDR Expert by using the configuration file. KDT automatically deploys the Kubernetes cluster within which the Kaspersky Next XDR Expert components and other infrastructure components are installed.
- Installing the KUMA services
Install the KUMA services (collectors, correlators, and storages) on the prepared KUMA target hosts that are located outside the Kubernetes cluster.
- Configuring integration with Kaspersky Anti Targeted Attack Platform
Install Central Node to receive telemetry from Kaspersky Anti Targeted Attack Platform, and then configure integration between Kaspersky Next XDR Expert and KATA/KEDR to manage threat response actions on assets connected to Kaspersky Endpoint Detection and Response servers.
If necessary, you can install multiple Central Node components to use them independently of each other or to combine them for centralized management in the distributed solution mode. To combine multiple Central Node components, you have to organize the servers with the components into a hierarchy.
When configuring the Central Node servers, you have to specify the minimum possible value in the Storage field, to avoid duplication of data between the Kaspersky Next XDR Expert and KEDR databases.
