These calculations also apply when the program is deployed on a virtual platform.
When calculating the hardware requirements for the Sensor component, you must take into account that the maximum volume of processed traffic for one Sensor component is 4 Gbps. The most resource-intensive technology is the Intrusion Detection System.
You can use a server hosting the Sensor component as a proxy server during data exchange between Kaspersky Endpoint Agent and the Central Node component to simplify configuration of network rules. For example, if Kaspersky Endpoint Agent computers are located on a separate segment of the network, it will suffice to configure a connection between servers with the Central Node and Sensor components.
When configuring the forwarding of Kaspersky Endpoint Agent traffic to the Central Node component, the following limitations apply:
The hardware requirements for a server with the Sensor component depend on the volume of processed traffic. The required bandwidth of the communication channel between servers with the Central Node and Sensor components is the sum of the traffic of the Sensor component (10% of the traffic at the SPAN port + mail traffic + traffic over the ICAP protocol) and the requirements of the communication channel between the Central Node component and Kaspersky Endpoint Agent components (depending on the number of Kaspersky Endpoint Agent computers whose traffic the Sensor component redirects to the Central Node component).
If the bandwidth of the communication channel is more than 2 Gbps, you must configure the use of one processor core for processing network interrupts.
Hardware requirements for the Sensor component depending on the processed traffic
The Sensor component can be integrated with the IT infrastructure of an organization as follows:
The hardware requirements for the Sensor component are listed in the table below. The calculations are provided for a case in which the Sensor component does not process email messages or traffic over the ICAP protocol. If the Sensor component forwards traffic from Kaspersky Endpoint Agent computers, link requirements must also be taken into account.
Hardware requirements for the Sensor component depending on the volume of processed traffic from SPAN ports
Maximum number of Kaspersky Endpoint Agent hosts. |
Maximum volume of processed traffic (Mbps) |
Minimum RAM (GB) |
Minimum number of logical cores |
---|---|---|---|
10000 |
100 |
16 |
4 |
15000 |
500 |
16 |
8 |
15000 |
1000 |
24 |
16 |
15000 |
2000 |
32 |
32 |
15000 |
4000 |
32 |
48 |
The hardware requirements for a Sensor component that is integrated with a mail server are presented in the table below. The calculations are provided for a case in which the Sensor component does not process mirrored traffic or traffic over the ICAP protocol.
Hardware requirements for a Sensor component that is integrated with a mail server
Maximum number of email messages per second |
Minimum RAM (GB) |
Minimum number of logical cores |
---|---|---|
1-4 |
16 |
4 |
5-20 |
16 |
8 |
Processing traffic over the ICAP protocol requires less resources than processing email messages.
If the same Sensor component is used to process different protocol traffic, keep in mind the following recommendations:
To process traffic over the HTTPS protocol, the proxy server must support server certificate replacement.
Disk space requirements on a server with the Sensor component
It is recommended to use a RAID 1 disk array. The total disk space must be at least 500 GB. The minimum free disk space requirements for different data types are presented in the table below.
Minimum requirements for disk space on a server with the Sensor component
Data type |
Disk space (GB) |
---|---|
Redis database dump |
16 |
Operating system |
25 |
Temporary files |
32 |
Trace files and update packages |
151 |
Total |
224 |
If the volume of processed traffic is greater than 1 Gbps, it is recommended to allocate at least 600 GB of disk space.