Calculations for the Central Node component

If the program is deployed to a virtual platform, CPU resource requirements are to be increased by 10 percent. In virtual disk settings, a Thick Provision disk type must be selected.

To avoid possible performance degradation when deploying the application on a virtual platform, we recommend to:

Hardware requirements for a server with the Central Node and Sensor components

The hardware requirements for a server on which the Central Node and Sensor components are installed depend on the following conditions:

If the volume of processed traffic is greater than 1 Gbps, it is recommended to install Central Node and Sensor components on separate servers.

On the server with the Central Node component, it is recommended to use two RAID disk subsystems:

Kaspersky Anti Targeted Attack Platform does not support operation with software RAID array.

The hardware requirements for the server with the Central Node component depending on the utilized functionality are presented in the table below.

Hardware requirements for the server with the Central Node component when using KEDR functionality

Maximum number of Kaspersky Endpoint Agent for Windows hosts

Minimum RAM (GB)

Minimum number of logical cores at 3 GHz

First disk subsystem

Second disk subsystem

ROPS (read operations per second)

WOPS (write operations per second)

RAID disk array size (TB)

The number of disks in a RAID disk array

ROPS (read operations per second)

WOPS (write operations per second)

RAID disk array size (TB)

The number of disks in a RAID disk array

1000

64

8

100

1000

1

4

300

200

Depends on the preferred storage policy

4

3000

80

12

100

1000

1

4

700

500

6

5000

96

12

100

1000

1

4

1000

600

6

10,000

160

20

100

1000

1

4

2000

800

10

15,000

192

32

100

1000

1

4

2000

800

12

Hardware requirements for the server with the Central Node component when using KATA and KEDR functionality

Maximum number of Kaspersky Endpoint Agent for Windows hosts

Maximum number of email messages per second

Maximum volume of traffic from SPAN ports on the server with the Central Node component

Maximum volume of traffic from SPAN ports on servers with the Sensor component (Mbps)

Minimum RAM (GB)

Minimum number of logical cores at 3 GHz

First disk subsystem

Second disk subsystem

ROPS (read operations per second)

WOPS (write operations per second)

RAID disk array size (TB)

The number of disks in a RAID disk array

ROPS (read operations per second)

WOPS (write operations per second)

RAID disk array size (TB)

The number of disks in a RAID disk array

1000

1

200

Not processed

96

12

100

1000

1.9

4

300

300

Depends on the preferred storage policy

4

2000

2

500

Not processed

128

20

100

1000

2

4

500

500

4

5000

1

1000

Not processed

160

36

100

1000

2

4

1000

600

4

10,000

2

1000

Not processed

192

40

100

1000

2

4

2000

800

12

5000

5

Not processed

2000

144

20

100

1000

1.9

4

1000

600

6

10,000

20

Not processed

4000

192

36

100

1000

1.9

4

2000

800

12

15,000

20

Not processed

4000

256

48

100

1000

1.9

4

2000

800

12

Example calculations of required server configuration for Kaspersky Anti Targeted Attack Platform components

If you want to:

  • process traffic from a network device with a throughput up to 4 Gbps
  • process 20 email messages per second
  • use 15,000 hosts with Kaspersky Endpoint Agent for Windows or 5000 hosts with Kaspersky Endpoint Agent for Linux,

you need two servers with the following hardware:

  • Server with the Central Node component: at least 256 GB RAM and at least 48 logical CPU cores
  • Server with the Sensor component: at least 32 GB RAM and at least 48 logical CPU cores

The above calculation is also valid for an infrastructure with 5000 hosts with Kaspersky Endpoint Agent for Linux or a combination of components (for example, 9000 hosts with Kaspersky Endpoint Agent for Windows and 2000 hosts with Kaspersky Endpoint Agent for Linux).

Disk space requirements on the server with the Central Node component

When no Sensor component is used on the server with the Central Node component, it is obligatory to have at least 2,000 GB of free space on the first disk subsystem and at least 2,400 GB on the second disk subsystem. The amount of space required on the second disk subsystem depends on the preferred storage policy and can be calculated using the following formula:

150 GB + <number of Kaspersky Endpoint Agent for Windows hosts>/15,000 * (400 GB + 240 GB * <number of days to store data>)

This formula can be used to roughly estimate the required disk space. The actual amount of stored data depends on the traffic profile of the organization and may differ from the calculated result.

The minimum free disk space requirements for each data type are presented in the table below.

Minimum requirements for disk space on the server with the Central Node component when no Sensor component is used

Data type

First disk subsystem (GB)

Second disk subsystem (GB)

Targeted Attack Analyzer database

0

1500

Database of detected objects

50

0

Queues of detection technologies

390

0

Task queue

1

0

Data received after analysis by the Sandbox component

300

0

Quarantine

300

0

Files awaiting rescan

300

0

Redis database dump file

16

0

Operating system

25

0

Temporary files

64

0

Trace files

50

100

Update packages

1

0

Total

1497

1600

When the Sensor component is used on the server with the Central Node component, it is obligatory to have at least 1900 GB of free space on the first disk subsystem and at least 3900 GB on the second disk subsystem. The minimum free disk space requirements for each data type are presented in the table below.

Minimum requirements for disk space on the server with the Central Node component when a Sensor component is used

Data type

First disk subsystem on the server with the Central Node component (GB)

Second disk subsystem on the server with the Central Node component (GB)

Disk space on a server with the Sensor component (GB)

Targeted Attack Analyzer database

0

1500

0

Database of detected objects

50

0

0

Queues of detection technologies

390

0

0

Task queue

1

0

0

Data received after analysis by the Sandbox component

300

0

0

Quarantine

300

0

0

Files awaiting rescan

300

0

0

Redis database dump file

16

0

16

Operating system

25

0

25

Temporary files

32

0

32

Trace files

50

100

150

Update packages

1

0

1

Total

1465

1600

224

If you have configured integration with the external system using REST API, you must allocate additional resources required for processing objects of this system. Additional hardware requirements are presented in the table below.

Hardware requirements for the server with the Central Node component with integrated external systems

Maximum number of processed objects per second

Number of additional logical cores

The number of additional servers with the Sandbox component

8

2

1

16

4

2

24

7

3

Requirements for the PCN server in distributed solution mode

If the load on the SCN servers is light, hardware requirements for the PCN server are the same as for a server with Central Node component in standalone mode.

Hardware requirements for the PCN server with 10 SCN servers under heavy load are listed in the table below.

Hardware requirements for the PCN server

Maximum number of Kaspersky Endpoint Agent for Windows hosts

Maximum number of email messages per second

Maximum volume of traffic from SPAN ports (Mbps)

Minimum RAM (GB)

Minimum number of logical cores

First disk subsystem

Second disk subsystem

ROPS (read operations per second)

WOPS (write operations per second)

RAID disk array size (TB)

The number of disks in a RAID disk array

ROPS (read operations per second)

WOPS (write operations per second)

RAID disk array size (TB)

The number of disks in a RAID disk array

10,000

0

0

160

24

100

1000

1

4

800

800

4

10

1000

1

200

112

40

100

1000

1.9

4

600

600

1.3

4

5000

5

2000

160

28

100

1000

1.9

4

300

300

2.5

6

10,000

20

4000

208

40

100

1000

1.9

4

1000

800

4

12

Communication channel requirements

The minimum requirements for the communication channel between computers with the Endpoint Agent component and the server with the Central Node component are presented in the table below.

Minimum requirements for the communication channel between computers with the Endpoint Agent component and the server with the Central Node component

Maximum number of Kaspersky Endpoint Agent for Windows hosts

Required link bandwidth reserved for Endpoint Agent for Windows components (Mbps)

10

1

50

2

100

3

1000

20

10,000

200

Minimum requirements for the communication channel between the PCN and SCN servers in distributed solution mode are listed in the table below.

Minimum requirements for the communication channel between the PCN and SCN servers

Maximum number of Kaspersky Endpoint Agent for Windows hosts

Maximum number of email messages per second

Maximum volume of traffic from SPAN ports (Mbps)

Required communication channel bandwidth (Mbps)

5000

5

2000

20

10,000

20

4000

30

Hardware requirements for Central Node cluster servers

A cluster must include at least 4 servers: 2 storage servers and 2 processing servers. To process traffic from 15,000 hosts with Kaspersky Endpoint Agent, you need at least 2 storage servers and 2 processing servers. To process traffic from 30,000 hosts with Kaspersky Endpoint Agent, you need at least 2 storage servers and 3 processing servers.

Each cluster server must have two network adapters to configure cluster and external subnet. The cluster subnet must operate at 10 Gbit/s. The external subnet must operate at 1 Gbit/s.

For a clustered subnet, the following requirements must also be met:

The hardware requirements for cluster servers when using KEDR functionality are listed in the table below.

Hardware requirements for processing servers when using KEDR functionality

Minimum RAM (GB)

Minimum number of logical cores

RAID disk array type

The number of disks in a RAID disk array

Single HDD volume (GB)

256

48

RAID 1

2

1200

Hardware requirements for storage servers when using KEDR functionality

Minimum RAM (GB)

Minimum number of logical cores

First disk subsystem

Second disk subsystem

RAID disk array type

The number of disks in a RAID disk array

Single HDD volume (GB)

Number of disks

Single HDD volume (GB)

128

16

RAID 1

2

1200

6

1200

The performance requirements for disk subsystems are equivalent to those specified in the table Hardware requirements for a server with the Central Node component when using KEDR functionality (see above).

See also

Calculations for the Sensor component

Calculations for the Sandbox component

Page top