Calculations for the Sensor component

These calculations also apply when the program is deployed on a virtual platform.

When calculating the hardware requirements for the Sensor component, you must take into account that the maximum volume of processed traffic for one Sensor component is 4 Gbps. The most resource-intensive technology is the Intrusion Detection System.

You can use a server hosting the Sensor component as a proxy server during data exchange between Kaspersky Endpoint Agent and the Central Node component to simplify configuration of network rules. For example, if Kaspersky Endpoint Agent computers are located on a separate segment of the network, it will suffice to configure a connection between servers with the Central Node and Sensor components.

When configuring the forwarding of Kaspersky Endpoint Agent traffic to the Central Node component, the following limitations apply:

The hardware requirements for a server with the Sensor component depend on the volume of processed traffic. The required bandwidth of the communication channel between servers with the Central Node and Sensor components is the sum of the traffic of the Sensor component (10% of the traffic at the SPAN port + mail traffic + traffic over the ICAP protocol) and the requirements of the communication channel between the Central Node component and Kaspersky Endpoint Agent components (depending on the number of Kaspersky Endpoint Agent computers whose traffic the Sensor component redirects to the Central Node component).

If the bandwidth of the communication channel is more than 2 Gbps, you must configure the use of one processor core for processing network interrupts.

Hardware requirements for the Sensor component depending on the processed traffic

The Sensor component can be integrated with the IT infrastructure of an organization as follows:

The hardware requirements for the Sensor component are listed in the table below. The calculations are provided for a case in which the Sensor component does not process email messages or traffic over the ICAP protocol. If the Sensor component forwards traffic from Kaspersky Endpoint Agent computers, link requirements must also be taken into account.

Hardware requirements for the Sensor component depending on the volume of processed traffic from SPAN ports

Maximum number of Kaspersky Endpoint Agent hosts.

Maximum volume of processed traffic (Mbps)

Minimum RAM (GB)

Minimum number of logical cores

10000

100

16

4

15000

500

16

8

15000

1000

24

16

15000

2000

32

32

15000

4000

32

48

The hardware requirements for a Sensor component that is integrated with a mail server are presented in the table below. The calculations are provided for a case in which the Sensor component does not process mirrored traffic or traffic over the ICAP protocol.

Hardware requirements for a Sensor component that is integrated with a mail server

Maximum number of email messages per second

Minimum RAM (GB)

Minimum number of logical cores

1-4

16

4

5-20

16

8

Processing traffic over the ICAP protocol requires less resources than processing email messages.

If the same Sensor component is used to process different protocol traffic, keep in mind the following recommendations:

Disk space requirements on a server with the Sensor component

It is recommended to use a RAID 1 disk array. The total disk space must be at least 500 GB. The minimum free disk space requirements for different data types are presented in the table below.

Minimum requirements for disk space on a server with the Sensor component

Data type

Disk space (GB)

Redis database dump

16

Operating system

25

Temporary files

32

Trace files and update packages

151

Total

224

If the volume of processed traffic is greater than 1 Gbps, it is recommended to allocate at least 600 GB of disk space.

See also

Calculations for the Central Node component

Calculations for the Sandbox component

Page top