Installing a Server and external sensors

When installing a Server with external sensors, multiple computers can be used for installing application components. The Server is installed on one of the computers. The sensors that will receive data from computer networks are installed on the other computers. The application can have up to 50 sensors.

To receive traffic from the industrial network, you must add monitoring points to computers:

No more than 8 monitoring points on a sensor
No more than 4 monitoring points on the Server
Total, no more than 50 monitoring points in the application

When using sensors in a network with a distributed network architecture, it is recommended to configure receiving all industrial network traffic at the sensor monitoring points, and not at the Server.

Monitoring points must be added to those network interfaces that will receive traffic from segments of the industrial network. A computer must have one network interface per each monitoring point.

Computers must also have separate network interfaces that will be used for the following purposes:

Connection with the Server (on computers that perform sensor functions)
Connection with other computers through the web interface
Other connections from the dedicated Kaspersky Industrial CyberSecurity network

For these purposes, each computer can use either multiple separate network interfaces or one shared network interface. There must be no monitoring points on these network interfaces.

If you need to configure integration with Kaspersky Industrial CyberSecurity for Nodes and/or Kaspersky Industrial CyberSecurity for Linux Nodes installed in different network segments (for example, separated into industrial and corporate network segments), it is recommended to install sensors of Kaspersky Industrial CyberSecurity for Networks in the same segments where Kaspersky Industrial CyberSecurity for Nodes and/or Kaspersky Industrial CyberSecurity for Linux Nodes are installed. This configuration protects data transfer channels thanks to the interaction between the Server and sensors via a dedicated network, and does not require additional actions to configure access to devices and configure network segments.

The figure below shows an example scenario for deploying a Server and three sensors. The network interfaces of computers that perform sensor functions are connected to the SPAN ports of network switches (SPAN ports and connections are marked yellow) and receive a copy of traffic from their respective segments of the industrial network. The dedicated Kaspersky Industrial CyberSecurity network is designated by green lines.

Diagram illustrating the physical connections of industrial network devices to the internal switches of this network. A copy of traffic is transmitted to the sensor monitoring points and then to the Server via SPAN ports of the network switches using separate communication channels.

Example deployment of a Server and three sensors

Page top