Calculations for the Sandbox component

The hardware requirements for a server with the Sandbox component depend on the type and volume of processed traffic and on the permissible object scan time.

By default, the permissible object scan time is 1 hour. To reduce this time, you need a more powerful server or more servers with the Sandbox component.

It is recommended to calculate the configuration of the Sandbox component as follows:

Install the Central Node and Sensor components on one server and the Sandbox component on a different server for pilot operation of the application.
To receive sufficient statistical data, the application must process traffic of the organization for a week.
Run the data recording script by executing the following commands:
sudo kata-run.sh kata-collect --output-dir path-to-folder

--output-dir <path to directory>

When the script finishes running, the collect.tar.gz archive will be moved to the specified directory.
Forward this archive to Kaspersky Lab staff for analysis.
If multiple virtual machines are started simultaneously, the speed of processing objects from the queue is increased.

The Sandbox component is not supported on AMD processors.

Hardware requirements for the server hosting the Sandbox component

The calculation of the number of servers with the Sandbox component when using preset images of operating systems is shown in the table below.

Hardware requirements for the Sandbox component when using preset images of operating systems

Maximum number of email messages per second	Maximum volume of traffic from SPAN ports (Mbps)	Maximum number of computers with the Endpoint Agent component	Number of physical servers with the Sandbox component

Maximum number of email messages per second	Maximum volume of traffic from SPAN ports (Mbps)		When using all images	When using only two images of Linux
1	200	1000	1	1
2	500	3000	1	1
1	1000	5000	1	1
5	2000	5000	1	1
20	4000	10,000	2	1
20	7000	15,000	4	2
20	10,000	15,000	5	2

If you want to install the Sandbox component on a VMware ESXi virtual machine, you need 5 times more virtual servers to get the same performance you would get from a physical server. When installing the Sandbox component on the "Brest", "RED Virtualization", or zVirt Node virtual platform, you need 13 times as many servers. The estimate for the number of servers is given with the need to configure the object scan duration in mind.

Additional capacity may be required if you are using custom images for Sandbox servers. To calculate the number of physical Sandbox servers required when using custom operating system images, you can use the following formula:

<number of files that need to be processed per hour in accordance with to user-defined Sandbox rules> * <number of custom operating system images> / 1000

To calculate the number of VMware ESXi virtual machines with the Sandbox component required when using custom operating system images, you can use the following formula:

<number of files that need to be processed per hour in accordance with to user-defined Sandbox rules> * <number of custom operating system images> / 200

When installing the Sandbox component on the "Brest" or zVirt Node virtualization platforms, you can use the following formula to calculate the number of virtual machines required when using custom operating systems images:

<Number of physical servers with the Sandbox component> * 5 * 2.6

When installing the Sandbox component on the RED Virtualization platform, you can use the following formula to calculate the number of virtual machines required when using custom operating systems images:

<Number of physical servers with the Sandbox component> * 5 * 2.5

For the number of physical servers with the Sandbox component, see the Hardware requirements for the Sandbox component when using preset images of operating systems table above.

The estimation of the number of Sandbox servers is listed for servers with the following configuration:

When installing the Sandbox component on a physical server:
- 2 CPUs: Intel® Xeon® 8 Core™ (HT) at 2.6 GHz or higher.
- 80 GB of RAM.
- 2 HDDs, 300 GB each, combined into a RAID 1 array.
When installing the Sandbox component on a physical server with this configuration, you need to set the limit for the number of simultaneously running virtual machines to 48.
When installing the Sandbox component on a virtual machine:
- Intel Xeon 15 Core (HT) CPU at 2.1 GHz or higher.
  When installing the Sandbox component on "Brest", zVirt Node, or RED Virtualization platforms, we recommend using Intel processors of the Ice Lake generation or later.
- 32 GB of RAM.
- 300 GB HDD.
  On the virtual machine:
  1. Nested virtualization enabled.
  2. High Latency Sensitivity settings are enabled (only when installing on a VMware ESXi virtual machine).
  3. Entire RAM is reserved.
  4. Entire CPU frequency is reserved.
When installing the Sandbox component on a virtual machine with this configuration, you need to set the limit for the number of simultaneously running virtual machines to 12.

If you plan to use custom operating system images, we recommend increasing the disk space to 600 GB or more.