Calculations for the Sandbox component

The hardware requirements for a server with the Sandbox component depend on the type and volume of processed traffic and on the permissible object scan time.

By default, the permissible object scan time is 1 hour. To reduce this time, you need a more powerful server or more servers with the Sandbox component.

It is recommended to calculate the configuration of the Sandbox component as follows:

  1. Install the Central Node and Sensor components on one server and the Sandbox component on a different server for pilot operation of the application.

    To receive sufficient statistical data, the application must process traffic of the organization for a week.

  2. Run the data recording script by executing the following commands:

    sudo kata-run.sh kata-collect --output-dir path-to-folder

    --output-dir <path to directory>

    When the script finishes running, the collect.tar.gz archive will be moved to the specified directory.

  3. Forward this archive to Kaspersky Lab staff for analysis.

    If multiple virtual machines are started simultaneously, the speed of processing objects from the queue is increased.

The Sandbox component is not supported on AMD processors.

Hardware requirements for the server hosting the Sandbox component

The calculation of the number of servers with the Sandbox component when using preset images of operating systems is shown in the table below.

Hardware requirements for the Sandbox component when using preset images of operating systems

Maximum number of email messages per second

Maximum volume of traffic from SPAN ports (Mbps)

Maximum number of computers with the Endpoint Agent component

Number of physical servers with the Sandbox component

When using
all images

When using
only two images of Linux

1

200

1000

1

1

2

500

3000

1

1

1

1000

5000

1

1

5

2000

5000

1

1

20

4000

10,000

2

1

20

7000

15,000

4

2

20

10,000

15,000

5

2

If you want to install the Sandbox component on a virtual server, you need 3 to 4 times more virtual servers to get the same performance you would get from a physical server.

Additional capacity may be required when using custom images for servers with the Sandbox component. To calculate the number of physical Sandbox servers required when using custom operating system images, you can use the following formula:

<number of files that need to be processed per hour in accordance with to user-defined Sandbox rules> * <number of custom operating system images> / 1000

To calculate the number of virtual Sandbox servers required when using custom operating system images, you can use the following formula:

<number of files that need to be processed per hour in accordance with to user-defined Sandbox rules> * <number of custom operating system images> / 280

The estimation of the number of Sandbox servers is listed for servers with the following configuration:

See also

Calculations for the Sensor component

Calculations for the Central Node component

Calculations for the Central Node component deployed on the KVM virtualization platform

Page top