If the program is deployed to a virtual platform, CPU resource requirements are to be increased by 10 percent. In virtual disk settings, a Thick Provision disk type must be selected.
To avoid possible performance degradation when deploying the application on a virtual platform, we recommend to:
Hardware requirements for a server with the Central Node and Sensor components
The hardware requirements for a server on which the Central Node and Sensor components are installed depend on the following conditions:
Kaspersky Endpoint Agent can be installed on a terminal server, file server, or network attached storage (NAS).
If Kaspersky Endpoint Agent is installed on a terminal server, the load generated by the component is calculated as follows: one Kaspersky Endpoint Agent program on a terminal server serving X users generates the same load as X Kaspersky Endpoint Agent programs on a host (X users = X Kaspersky Endpoint Agent programs).
If Kaspersky Endpoint Agent is installed on a file server or NAS, the load generated by the component is calculated as follows: one Kaspersky Endpoint Agent program on a file server or NAS generates the same load as 20 Kaspersky Endpoint Agent programs on a host.
When calculating the number of hosts with Kaspersky Endpoint Agent, please keep in mind that one instance of Kaspersky Endpoint Agent for Linux generates the same load as three instances of Kaspersky Endpoint Agent for Windows.
Kaspersky Endpoint Agent for Windows can also be installed on a SCADA server.
If Kaspersky Endpoint Agent for Windows is installed on a SCADA server, the load generated by the program is calculated as follows: one Kaspersky Endpoint Agent for Windows program on a SCADA server generates the same load as 20 Kaspersky Endpoint Agent for Windows programs on a host.
You can use Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Agent for Windows simultaneously.
If the volume of processed traffic is greater than 1 Gbps, it is recommended to install Central Node and Sensor components on separate servers.
On the server with the Central Node component, it is recommended to use two RAID disk subsystems:
Kaspersky Anti Targeted Attack Platform does not support operation with software RAID array.
The hardware requirements for the server with the Central Node component depending on the utilized functionality are presented in the table below.
Hardware requirements for the server with the Central Node component when using KEDR functionality
Maximum number of Kaspersky Endpoint Agent for Windows hosts |
Minimum RAM (GB) |
Minimum number of logical cores at 3 GHz |
First disk subsystem |
Second disk subsystem |
||||||
---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
|||
1000 |
64 |
8 |
100 |
1000 |
1 |
4 |
300 |
200 |
Depends on the preferred storage policy |
4 |
3000 |
80 |
12 |
100 |
1000 |
1 |
4 |
700 |
500 |
6 |
|
5000 |
96 |
12 |
100 |
1000 |
1 |
4 |
1000 |
600 |
6 |
|
10,000 |
160 |
20 |
100 |
1000 |
1 |
4 |
2000 |
800 |
10 |
|
15,000 |
192 |
32 |
100 |
1000 |
1 |
4 |
2000 |
800 |
12 |
Hardware requirements for the server with the Central Node component when using KATA and KEDR functionality
Maximum number of Kaspersky Endpoint Agent for Windows hosts |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports on the server with the Central Node component |
Maximum volume of traffic from SPAN ports on servers with the Sensor component (Mbps) |
Minimum RAM (GB) |
Minimum number of logical cores at 3 GHz |
First disk subsystem |
Second disk subsystem |
||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
||||||
1000 |
1 |
200 |
Not processed |
96 |
12 |
100 |
1000 |
1.9 |
4 |
300 |
300 |
Depends on the preferred storage policy |
4 |
2000 |
2 |
500 |
Not processed |
128 |
20 |
100 |
1000 |
2 |
4 |
500 |
500 |
4 |
|
5000 |
1 |
1000 |
Not processed |
160 |
36 |
100 |
1000 |
2 |
4 |
1000 |
600 |
4 |
|
10,000 |
2 |
1000 |
Not processed |
192 |
40 |
100 |
1000 |
2 |
4 |
2000 |
800 |
12 |
|
5000 |
5 |
Not processed |
2000 |
144 |
20 |
100 |
1000 |
1.9 |
4 |
1000 |
600 |
6 |
|
10,000 |
20 |
Not processed |
4000 |
192 |
36 |
100 |
1000 |
1.9 |
4 |
2000 |
800 |
12 |
|
15,000 |
20 |
Not processed |
4000 |
256 |
48 |
100 |
1000 |
1.9 |
4 |
2000 |
800 |
12 |
Example calculations of required server configuration for Kaspersky Anti Targeted Attack Platform components If you want to:
you need two servers with the following hardware:
The above calculation is also valid for an infrastructure with 5000 hosts with Kaspersky Endpoint Agent for Linux or a combination of components (for example, 9000 hosts with Kaspersky Endpoint Agent for Windows and 2000 hosts with Kaspersky Endpoint Agent for Linux). |
Disk space requirements on the server with the Central Node component
When no Sensor component is used on the server with the Central Node component, it is obligatory to have at least 2,000 GB of free space on the first disk subsystem and at least 2,400 GB on the second disk subsystem. The amount of space required on the second disk subsystem depends on the preferred storage policy and can be calculated using the following formula:
150 GB + <number of Kaspersky Endpoint Agent for Windows hosts>/15,000 * (400 GB + 240 GB * <number of days to store data>)
This formula can be used to roughly estimate the required disk space. The actual amount of stored data depends on the traffic profile of the organization and may differ from the calculated result.
The minimum free disk space requirements for each data type are presented in the table below.
Minimum requirements for disk space on the server with the Central Node component when no Sensor component is used
Data type |
First disk subsystem (GB) |
Second disk subsystem (GB) |
---|---|---|
Targeted Attack Analyzer database |
0 |
1500 |
Database of detected objects |
50 |
0 |
Queues of detection technologies |
390 |
0 |
Task queue |
1 |
0 |
Data received after analysis by the Sandbox component |
300 |
0 |
Quarantine |
300 |
0 |
Files awaiting rescan |
300 |
0 |
Redis database dump file |
16 |
0 |
Operating system |
25 |
0 |
Temporary files |
64 |
0 |
Trace files |
50 |
100 |
Update packages |
1 |
0 |
Total |
1497 |
1600 |
When the Sensor component is used on the server with the Central Node component, it is obligatory to have at least 1900 GB of free space on the first disk subsystem and at least 3900 GB on the second disk subsystem. The minimum free disk space requirements for each data type are presented in the table below.
Minimum requirements for disk space on the server with the Central Node component when a Sensor component is used
Data type |
First disk subsystem on the server with the Central Node component (GB) |
Second disk subsystem on the server with the Central Node component (GB) |
Disk space on a server with the Sensor component (GB) |
---|---|---|---|
Targeted Attack Analyzer database |
0 |
1500 |
0 |
Database of detected objects |
50 |
0 |
0 |
Queues of detection technologies |
390 |
0 |
0 |
Task queue |
1 |
0 |
0 |
Data received after analysis by the Sandbox component |
300 |
0 |
0 |
Quarantine |
300 |
0 |
0 |
Files awaiting rescan |
300 |
0 |
0 |
Redis database dump file |
16 |
0 |
16 |
Operating system |
25 |
0 |
25 |
Temporary files |
32 |
0 |
32 |
Trace files |
50 |
100 |
150 |
Update packages |
1 |
0 |
1 |
Total |
1465 |
1600 |
224 |
If you have configured integration with the external system using REST API, you must allocate additional resources required for processing objects of this system. Additional hardware requirements are presented in the table below.
Hardware requirements for the server with the Central Node component with integrated external systems
Maximum number of processed objects per second |
Number of additional logical cores |
The number of additional servers with the Sandbox component |
---|---|---|
8 |
2 |
1 |
16 |
4 |
2 |
24 |
7 |
3 |
Requirements for the PCN server in distributed solution mode
If the load on the SCN servers is light, hardware requirements for the PCN server are the same as for a server with Central Node component in standalone mode.
Hardware requirements for the PCN server with 10 SCN servers under heavy load are listed in the table below.
Hardware requirements for the PCN server
Maximum number of Kaspersky Endpoint Agent for Windows hosts |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports (Mbps) |
Minimum RAM (GB) |
Minimum number of logical cores |
First disk subsystem |
Second disk subsystem |
||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID disk array size (TB) |
The number of disks in a RAID disk array |
|||||
10,000 |
0 |
0 |
160 |
24 |
100 |
1000 |
1 |
4 |
800 |
800 |
4 |
10 |
1000 |
1 |
200 |
112 |
40 |
100 |
1000 |
1.9 |
4 |
600 |
600 |
1.3 |
4 |
5000 |
5 |
2000 |
160 |
28 |
100 |
1000 |
1.9 |
4 |
300 |
300 |
2.5 |
6 |
10,000 |
20 |
4000 |
208 |
40 |
100 |
1000 |
1.9 |
4 |
1000 |
800 |
4 |
12 |
Communication channel requirements
The minimum requirements for the communication channel between computers with the Endpoint Agent component and the server with the Central Node component are presented in the table below.
Minimum requirements for the communication channel between computers with the Endpoint Agent component and the server with the Central Node component
Maximum number of Kaspersky Endpoint Agent for Windows hosts |
Required link bandwidth reserved for Endpoint Agent for Windows components (Mbps) |
---|---|
10 |
1 |
50 |
2 |
100 |
3 |
1000 |
20 |
10,000 |
200 |
Minimum requirements for the communication channel between the PCN and SCN servers in distributed solution mode are listed in the table below.
Minimum requirements for the communication channel between the PCN and SCN servers
Maximum number of Kaspersky Endpoint Agent for Windows hosts |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports (Mbps) |
Required communication channel bandwidth (Mbps) |
---|---|---|---|
5000 |
5 |
2000 |
20 |
10,000 |
20 |
4000 |
30 |
Hardware requirements for Central Node cluster servers
A cluster must include at least 4 servers: 2 storage servers and 2 processing servers. To process traffic from 15,000 hosts with Kaspersky Endpoint Agent, you need at least 2 storage servers and 2 processing servers. To process traffic from 30,000 hosts with Kaspersky Endpoint Agent, you need at least 2 storage servers and 3 processing servers.
Each cluster server must have two network adapters to configure cluster and external subnet. The cluster subnet must operate at 10 Gbit/s. The external subnet must operate at 1 Gbit/s.
For a clustered subnet, the following requirements must also be met:
The hardware requirements for cluster servers when using KEDR functionality are listed in the table below.
Hardware requirements for processing servers when using KEDR functionality
Minimum RAM (GB) |
Minimum number of logical cores |
RAID disk array type |
The number of disks in a RAID disk array |
Single HDD volume (GB) |
---|---|---|---|---|
256 |
48 |
RAID 1 |
2 |
1200 |
Hardware requirements for storage servers when using KEDR functionality
Minimum RAM (GB) |
Minimum number of logical cores |
First disk subsystem |
Second disk subsystem |
|||
---|---|---|---|---|---|---|
RAID disk array type |
The number of disks in a RAID disk array |
Single HDD volume (GB) |
Number of disks |
Single HDD volume (GB) |
||
128 |
16 |
RAID 1 |
2 |
1200 |
6 |
1200 |
The performance requirements for disk subsystems are equivalent to those specified in the table Hardware requirements for a server with the Central Node component when using KEDR functionality (see above).