To estimate the hardware requirements for a Kaspersky Web Traffic Security node and the number of nodes necessary for processing traffic according to the input data, the following steps must be performed:
Processor category
Architecture and family |
Model |
Clock rate and frequency, GHz |
||
---|---|---|---|---|
Low |
Medium |
High |
||
Sandy Bridge, Ivy Bridge |
Intel Xeon E3/E5/E7 v1, v2 |
2.1–2.6 |
2.7–3.2 |
Over 3.3 |
Haswell, Broadwell |
Intel Xeon E3/E5/E7 v3, v4 |
1.9–2.2 |
2.3–2.9 |
Over 2.9 |
Skylake, Kaby Lake and newer |
Intel Xeon Silver/Gold/Platinum |
1.7–2.1 |
2.2–2.7 |
Over 2.8 |
Kaspersky Web Traffic Security is not tested on AMD processors.
For the physical processor core bandwidth values, please refer to Appendix 7.
For the virtual processor bandwidth values, please refer to Appendix 8.
<core bandwidth value> * <number of processor cores>
<virtual processor bandwidth value> * <number of virtual processors>
The maximum number of virtual processors on one virtual machine must not exceed the number of physical cores of the server where the hypervisor is installed.
When calculating the node performance on a virtual machine according to the formula provided above, the load that could be generated by other virtual machines installed in the hypervisor is not taken into account. You need to make sure that the virtual infrastructure has the appropriate reserve capacity.
The server requirements for RAM and hard drive capacity are determined based on the resulting node performance value.
If one node does not provide the required bandwidth, you can use multiple nodes with the same configuration and a load balancer. If you want to use a load balancer, the cumulative bandwidth of all nodes must be increased by 10%.
When combining multiple Kaspersky Web Traffic Security nodes into a cluster, you can add a backup worker node to the cluster to provide fault tolerance. The server configuration for a backup node must be identical to the configuration of servers for other nodes of the cluster.
It is recommended to add one backup node for every 5 active nodes that process traffic.
The maximum number of nodes in one cluster (including backup nodes) is 20. When using a large number of nodes, you need to divide them into independent clusters.
On each cluster node, you need to indicate the number of scan threads, which is equal to the number of processor cores (on a physical server) or to the number of virtual processors (on a virtual machine), but no less than 5.
To reduce the load on the disk subsystem, you can disable logging of Kaspersky Web Traffic Security events and logging of traffic processing events to the Syslog event log.
Page top