Installing a Server and external sensors

When installing a Server with external sensors, multiple computers can be used for installing application components. The Server is installed on one of the computers. The sensors that will receive data from computer networks are installed on the other computers. The application can have up to 50 sensors.

To receive traffic from the industrial network, you must add monitoring points to computers:

No more than 8 monitoring points on a sensor
No more than 4 monitoring points on the Server
Total, no more than 50 monitoring points in the application

Monitoring points must be added to those network interfaces that will receive traffic from segments of the industrial network. A computer must have one network interface per each monitoring point.

Computers must also have separate network interfaces that will be used for the following purposes:

Connection with the Server (on computers that perform sensor functions)
Connection with other computers through the web interface
Other connections from the dedicated Kaspersky Industrial CyberSecurity network

For these purposes, each computer can use either multiple separate network interfaces or one shared network interface. There must be no monitoring points on these network interfaces.

It is recommended to install the Kaspersky Industrial CyberSecurity for Networks sensors near the traffic sources and/or in the same network segments where Kaspersky Industrial CyberSecurity for Nodes and/or Kaspersky Industrial CyberSecurity for Linux Nodes are installed. This approach simplifies the configuration of integration between applications, does not require additional steps to set up device access and access to configuring the network equipment, and minimizes network connections between various segments.

The figure below shows an example scenario for deploying a Server and three sensors. The network interfaces of computers that perform sensor functions are connected to the SPAN ports of network switches (SPAN ports and connections are marked yellow) and receive a copy of traffic from their respective segments of the industrial network. The dedicated Kaspersky Industrial CyberSecurity network is designated by green lines.

Diagram illustrating the physical connections of industrial network devices to the internal switches of this network. A copy of traffic is transmitted to the sensor monitoring points and then to the Server via SPAN ports of the network switches using separate communication channels.

Example deployment of a Server and three sensors

Page top