The hardware requirements for a server with the Sandbox component depend on the type and volume of processed traffic and on the permissible object scan time.
By default, the permissible object scan time is 1 hour. To reduce this time, you need a more powerful server or more servers with the Sandbox component.
It is recommended to calculate the configuration of the Sandbox component as follows:
To receive sufficient statistical data, the application must process traffic of the organization for a week.
sudo kata-run.sh kata-collect --output-dir path-to-folder
--output-dir <path to directory>
When the script finishes running, the collect.tar.gz archive will be moved to the specified directory.
If multiple virtual machines are started simultaneously, the speed of processing objects from the queue is increased.
The Sandbox component is not supported on AMD processors.
Hardware requirements for the server hosting the Sandbox component
The calculation of the number of servers with the Sandbox component when using preset images of operating systems is shown in the table below.
Hardware requirements for the Sandbox component when using preset images of operating systems
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports (Mbps) |
Maximum number of computers with the Endpoint Agent component |
Number of physical servers with the Sandbox component |
|
---|---|---|---|---|
When using |
When using |
|||
1 |
200 |
1000 |
1 |
1 |
2 |
500 |
3000 |
1 |
1 |
1 |
1000 |
5000 |
1 |
1 |
5 |
2000 |
5000 |
1 |
1 |
20 |
4000 |
10,000 |
2 |
1 |
20 |
7000 |
15,000 |
4 |
2 |
20 |
10,000 |
15,000 |
5 |
2 |
If you want to install the Sandbox component on a virtual server, you need 3 to 4 times more virtual servers to get the same performance you would get from a physical server.
Additional capacity may be required when using custom images for servers with the Sandbox component. To calculate the number of physical Sandbox servers required when using custom operating system images, you can use the following formula:
<
number of files that need to be processed per hour in accordance with to user-defined Sandbox rules> * <number of custom operating system images> / 1000
To calculate the number of virtual Sandbox servers required when using custom operating system images, you can use the following formula:
<number of files that need to be processed per hour in accordance with to user-defined Sandbox rules> * <number of custom operating system images> / 280
The estimation of the number of Sandbox servers is listed for servers with the following configuration:
On the virtual machine:
When installing the Sandbox component on a VMware ESXi virtual machine, you must set the limit for simultaneously running virtual machines to 12.
If you plan to use custom operating system images, we recommend increasing the disk space to 600 GB or more.