When using KATA and KEDR functionality, you can install Endpoint Sensors components to corporate LAN computers. When using KATA functionality, Endpoint Sensors components are not installed.
The Central Node component is always installed together with the Sensor component. If you need to use the Central Node component separately, do not configure the Sensor component.
When using this deployment scenario, the Sensor, Central Node and Sandbox components are installed on separate servers. The server with the Sensor component receives traffic, performs an initial analysis, extracts files and forwards them to the server with the Central Node component for a deeper analysis.
Using this deployment scenario, the Central Node component can receive traffic and perform an initial analysis of data in the main infrastructure. In this case, you can install the Sensor component on a server of a remote infrastructure whose traffic needs to be analyzed. If the channel bandwidth in the main infrastructure is more than 2 Gbps, you are advised to install the server with the Sensor component in the main infrastructure.
The traffic between the Central Node and Sensor components comprises up to 20% of traffic received by the Sensor component.
The program operating scenario when deployed on three servers is presented in the figure below.
Program operating scenario when deployed on three servers
Page top