If the program is deployed to a virtual platform, CPU resource requirements are to be increased by 10 percent. In virtual disk settings, a Thick Provision disk type must be selected.
Hardware requirements for a server with the Central Node and Sensor components
The hardware requirements for a server on which the Central Node and Sensor components are installed depend on the following conditions:
Kaspersky Endpoint Agent can be installed on a terminal server, file server, or network attached storage (NAS).
If Kaspersky Endpoint Agent is installed on a terminal server, the load generated by the component is calculated as follows: one Kaspersky Endpoint Agent program on a terminal server serving X users generates the same load as X Kaspersky Endpoint Agent programs on a workstation (X users = X Kaspersky Endpoint Agent programs).
If Kaspersky Endpoint Agent is installed on a file server or NAS, the load generated by the component is calculated as follows: one Kaspersky Endpoint Agent program on a file server or NAS generates the same load as 20 Kaspersky Endpoint Agent programs on a workstation.
If the volume of processed traffic is greater than 1 Gbps, it is recommended to install Central Node and Sensor components on separate servers.
On the server with the Central Node component, it is recommended to use two RAID disk subsystems:
The hardware requirements for the server with the Central Node component depending on the utilized functionality are presented in the table below.
Hardware requirements for the server with the Central Node component when using KEDR functionality
Maximum number of Kaspersky Endpoint Agent computers |
Minimum RAM (GB) |
Minimum number of logical cores |
First disk subsystem |
Second disk subsystem |
||||||
---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
|||
1000 |
64 |
8 |
100 |
1000 |
1 |
4 |
300 |
200 |
Depends on the preferred storage policy |
4 |
3000 |
80 |
12 |
100 |
1000 |
1 |
4 |
700 |
500 |
6 |
|
5000 |
96 |
12 |
100 |
1000 |
1 |
4 |
1000 |
600 |
6 |
|
10000 |
160 |
20 |
100 |
1000 |
1 |
4 |
2000 |
800 |
10 |
|
15000 |
192 |
32 |
100 |
1000 |
1 |
4 |
2000 |
800 |
12 |
Hardware requirements for the server with the Central Node component when using KATA and KEDR functionality
Maximum number of Kaspersky Endpoint Agent computers |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports on the server with the Central Node component |
Maximum volume of traffic from SPAN ports on servers with the Sensor component |
Minimum RAM (GB) |
Minimum number of logical cores |
First disk subsystem |
Second disk subsystem |
||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
||||||
1000 |
1 |
200 |
Not processed |
96 |
12 |
100 |
1000 |
1.9 |
4 |
300 |
300 |
Depends on the preferred storage policy |
4 |
2000 |
2 |
500 |
Not processed |
128 |
20 |
100 |
1000 |
2 |
4 |
500 |
500 |
4 |
|
5000 |
1 |
1000 |
Not processed |
160 |
36 |
100 |
1000 |
2 |
4 |
1000 |
600 |
4 |
|
10000 |
2 |
1000 |
Not processed |
192 |
40 |
100 |
1000 |
2 |
4 |
2000 |
800 |
12 |
|
5000 |
5 |
Not processed |
2000 |
144 |
20 |
100 |
1000 |
1.9 |
4 |
1000 |
600 |
6 |
|
10000 |
20 |
Not processed |
4000 |
192 |
36 |
100 |
1000 |
1.9 |
4 |
2000 |
800 |
12 |
|
15000 |
20 |
Not processed |
4000 |
256 |
48 |
100 |
1000 |
1.9 |
4 |
2000 |
800 |
12 |
Disk space requirements on the server with the Central Node component
When no Sensor component is used on the server with the Central Node component, it is obligatory to have at least 2000 GB of free space on the first disk subsystem and at least 2400 GB on the second disk subsystem. The amount of space required on the second disk subsystem depends on the preferred storage policy and can be calculated using the following formula:
150 GB + <number of Endpoint Agent components>/15000 * (400 GB + 240 GB * <number of days to store data>)
This formula can be used to roughly estimate the required disk space. The actual amount of stored data depends on the traffic profile of the organization and may differ from the calculated result.
The minimum free disk space requirements for each data type are presented in the table below.
Minimum requirements for disk space on the server with the Central Node component when no Sensor component is used
Data type |
First disk subsystem (GB) |
Second disk subsystem (GB) |
---|---|---|
Targeted Attack Analyzer database |
0 |
1500 |
Database of detected objects |
50 |
0 |
Queues of detection technologies |
390 |
0 |
Task queue |
1 |
0 |
Data received after analysis by the Sandbox component |
300 |
0 |
Quarantine |
300 |
0 |
Files awaiting rescan |
300 |
0 |
Redis database dump file |
16 |
0 |
Operating system |
25 |
0 |
Temporary files |
64 |
0 |
Trace files |
50 |
100 |
Update packages |
1 |
0 |
Total |
1497 |
1600 |
When the Sensor component is used on the server with the Central Node component, it is obligatory to have at least 1900 GB of free space on the first disk subsystem and at least 3900 GB on the second disk subsystem. The minimum free disk space requirements for each data type are presented in the table below.
Minimum requirements for disk space on the server with the Central Node component when a Sensor component is used
Data type |
First disk subsystem on the server with the Central Node component (GB) |
Second disk subsystem on the server with the Central Node component (GB) |
Disk space on a server with the Sensor component (GB) |
---|---|---|---|
Targeted Attack Analyzer database |
0 |
1500 |
0 |
Database of detected objects |
50 |
0 |
0 |
Queues of detection technologies |
390 |
0 |
0 |
Task queue |
1 |
0 |
0 |
Data received after analysis by the Sandbox component |
300 |
0 |
0 |
Quarantine |
300 |
0 |
0 |
Files awaiting rescan |
300 |
0 |
0 |
Redis database dump file |
16 |
0 |
16 |
Operating system |
25 |
0 |
25 |
Temporary files |
32 |
0 |
32 |
Trace files |
50 |
100 |
150 |
Update packages |
1 |
0 |
1 |
Total |
1465 |
1600 |
224 |
If you have configured integration with the external system using REST API, you must allocate additional resources required for processing objects of this system. Additional hardware requirements are presented in the table below.
Hardware requirements for the server with the Central Node component with integrated external systems
Number of processed objects per second |
Number of additional logical cores |
The number of additional servers with the Sandbox component |
---|---|---|
8 |
2 |
1 |
16 |
4 |
2 |
24 |
7 |
3 |
Requirements for the PCN server in distributed solution mode
If the load on the SCN servers is light, hardware requirements for the PCN server are the same as for a server with Central Node component in standalone mode.
Hardware requirements for the PCN server with more than 10 SCN servers under heavy load are listed in the table below.
Hardware requirements for the PCN server
Maximum number of Kaspersky Endpoint Agent computers |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports (Mbps) |
Minimum RAM (GB) |
Minimum number of logical cores |
First disk subsystem |
Second disk subsystem |
||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
|||||
10000 |
0 |
0 |
160 |
24 |
100 |
1000 |
1 |
4 |
800 |
800 |
4 |
10 |
1000 |
1 |
200 |
112 |
40 |
100 |
1000 |
1.9 |
4 |
600 |
600 |
1.3 |
4 |
5000 |
5 |
2000 |
160 |
28 |
100 |
1000 |
1.9 |
4 |
300 |
300 |
2.5 |
6 |
10000 |
20 |
4000 |
208 |
40 |
100 |
1000 |
1.9 |
4 |
1000 |
800 |
4 |
12 |
Communication channel requirements
The minimum requirements for the communication channel between computers with Kaspersky Endpoint Agent and the server with the Central Node component are presented in the table below.
Minimum requirements for the communication channel between hosts with Kaspersky Endpoint Agent and the server with the Central Node component
Maximum number of Kaspersky Endpoint Agent computers |
Required bandwidth of the communication channel reserved for Kaspersky Endpoint Agent computers (Mbps) |
---|---|
10 |
1 |
50 |
2 |
100 |
3 |
1000 |
20 |
10000 |
200 |
Minimum requirements for the communication channel between the PCN and SCN servers in distributed solution mode are listed in the table below.
Minimum requirements for the communication channel between the PCN and SCN servers
Maximum number of Kaspersky Endpoint Agent computers |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports (Mbps) |
Required communication channel bandwidth (Mbps) |
---|---|---|---|
5000 |
5 |
2000 |
20 |
10000 |
20 |
4000 |
30 |