The hardware requirements for the Central Node server with the event chain scanning feature enabled are listed in the tables below.
Hardware requirements for the server with the Central Node component when using KEDR functionality
Maximum number of hosts with the Endpoint Agent component |
Minimum RAM (GB) |
Minimum number of logical cores at 3 GHz |
First disk subsystem (RAID 1 or RAID 10) |
Second disk subsystem (RAID 10 or hardware RAID 5 with cache and battery) |
|||||
|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
Disk array size (TB) |
The number of disks in the array |
ROPS (read operations per second) |
WOPS (write operations per second) |
Disk array size (TB) |
|||
1000 |
64 |
12 |
100 |
250 |
1 |
4 |
300 |
300 |
Up to 12 TB |
3000 |
96 |
16 |
100 |
500 |
1 |
4 |
700 |
750 |
|
5000 |
112 |
20 |
100 |
500 |
1 |
4 |
1000 |
900 |
|
10,000 |
160 |
34 |
100 |
500 |
1 |
4 |
1500 |
1200 |
|
15,000 |
224 |
48 |
100 |
750 |
1 |
4 |
1500 |
1600 |
|
20,000* |
256 |
64 |
150 |
75 |
1 |
4 |
2000 |
2000 |
|
* We recommend using SSD drives.
The total minimum effective storage capacity of the second disk subsystem is calculated using the formula:
1.5 * (<permanent storage capacity> + <temporary storage capacity> + <space for KATA data> + <space for system files> + <space for NDR data>)
In the above formula:
32 MB * <effective number of Endpoint Agents> * <storage duration in days>.The permanent storage capacity may not exceed 10 TB.
28 MB * <effective number of Endpoint Agents>. (<number of Endpoint Agents integrated with the NDR functionality> * 0,02 GB + <volume of mirrored SPAN traffic in Gbps> * 10 GB) * <storage duration in days>.If you do not use the NDR functionality, do not include the space for NDR data in the calculations.
Hardware requirements for a Central Node server with the when using the KEDR functionality and 2.1 GHz CPUs
Maximum number of hosts with the Endpoint Agent component |
Minimum RAM (GB) |
Minimum number of logical cores at 2.1 GHz |
First disk subsystem (RAID 1 or RAID 10) |
Second disk subsystem (RAID 10 or hardware RAID 5 with cache and battery) |
|||||
|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
Disk array size (TB) |
The number of disks in the array |
ROPS (read operations per second) |
WOPS (write operations per second) |
Disk array size (TB) |
|||
1000 |
64 |
18 |
100 |
250 |
1 |
4 |
300 |
300 |
Up to 12 TB |
3000 |
96 |
24 |
100 |
500 |
1 |
4 |
700 |
750 |
|
5000 |
112 |
28 |
100 |
500 |
1 |
4 |
1000 |
900 |
|
10,000 |
160 |
52 |
100 |
500 |
1 |
4 |
1500 |
1200 |
|
15,000 |
224 |
72 |
100 |
750 |
1 |
4 |
1500 |
1600 |
|
Hardware requirements for the server with the Central Node component when using KATA and KEDR functionality
Maximum number of hosts with the Endpoint Agent component |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports on the server with the Central Node component |
Maximum volume of traffic from SPAN ports on servers with the Sensor component (Mbps) |
Minimum RAM (GB) |
Minimum number of logical cores at 3 GHz |
First disk subsystem (RAID 1 or RAID 10) |
Second disk subsystem (RAID 10) |
||||
|---|---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
Disk array size (TB) |
The number of disks in the array |
ROPS (read operations per second) |
WOPS (write operations per second) |
||||||
1000 |
1 |
200 |
Not processed |
144 |
24 |
100 |
1000 |
1.9 |
4 |
300 |
300 |
2000 |
2 |
500 |
Not processed |
160 |
32 |
100 |
1000 |
2 |
4 |
700 |
700 |
5000 |
1 |
1000 |
Not processed |
192 |
48 |
100 |
1000 |
2 |
4 |
1000 |
900 |
10,000 |
2 |
1000 |
Not processed |
240 |
64 |
100 |
1000 |
2 |
4 |
1500 |
1200 |
5000 |
5 |
Not processed |
2000 |
192 |
60 |
100 |
1000 |
1.9 |
4 |
1000 |
900 |
10,000 |
20 |
Not processed |
4000 |
256 |
100 |
100 |
1000 |
1.9 |
4 |
1500 |
1200 |
15,000 |
20 |
Not processed |
4000 |
304 |
112 |
100 |
1000 |
1.9 |
4 |
1500 |
1600 |
15,000 |
20 |
Not processed |
7000 |
320 |
148 |
100 |
1000 |
1.9 |
4 |
1500 |
1600 |
15,000 |
20 |
Not processed |
10,000 |
336 |
184 |
100 |
1000 |
1.9 |
4 |
1500 |
1600 |
If you want to install the Central Node component on the "Brest" or "RED Virtualization" virtual platform and use the KEDR or KATA+KEDR functionality, you need to increase the minimum number of logical cores by 20%. If you want to mitigate Spectre or Meltdown type vulnerabilities at the level of the hypervisor OS, you need to additionally increase the minimum number of logical cores by 1.5 times. The other hardware requirements for virtual servers are similar to the requirements for physical servers, listed in the tables above.
Page top