Estimating the hardware requirements for a server hosting Kaspersky Web Traffic Security
December 13, 2023
To estimate the hardware requirements for a Kaspersky Web Traffic Security node and the number of nodes necessary for processing traffic according to the input data, the following steps must be performed:
- Select the category that is appropriate for the clock rate and frequency of your processor: low, medium, or high (see the table below).
Architecture and family
Clock rate and frequency, GHz
Sandy Bridge, Ivy Bridge
Intel Xeon E3/E5/E7 v1, v2
Intel Xeon E3/E5/E7 v3, v4
Skylake, Kaby Lake and newer
Intel Xeon Silver/Gold/Platinum
Kaspersky Web Traffic Security is not tested on AMD processors.
- Select the bandwidth value for one virtual processor or physical processor core depending on the processor category, proxy server type and required protection level that were selected at the previous step.
For the physical processor core bandwidth values, please refer to Appendix 7.
For the virtual processor bandwidth values, please refer to Appendix 8.
- Estimate the peak node performance based on the following formula:
- For a physical server:
<core bandwidth value> * <number of processor cores>
- For a virtual server:
<virtual processor bandwidth value> * <number of virtual processors>
The maximum number of virtual processors on one virtual machine must not exceed the number of physical cores of the server where the hypervisor is installed.
When calculating the node performance on a virtual machine according to the formula provided above, the load that could be generated by other virtual machines installed in the hypervisor is not taken into account. You need to make sure that the virtual infrastructure has the appropriate reserve capacity.
- For a physical server:
- Determine the required RAM and hard drive capacity of the server.
The server requirements for RAM and hard drive capacity are determined based on the resulting node performance value.
If one node does not provide the required bandwidth, you can use multiple nodes with the same configuration and a load balancer. If you want to use a load balancer, the cumulative bandwidth of all nodes must be increased by 10%.
When combining multiple Kaspersky Web Traffic Security nodes into a cluster, you can add a backup worker node to the cluster to provide fault tolerance. The server configuration for a backup node must be identical to the configuration of servers for other nodes of the cluster.
It is recommended to add one backup node for every 5 active nodes that process traffic.
The maximum number of nodes in one cluster (including backup nodes) is 20. When using a large number of nodes, you need to divide them into independent clusters.
On each cluster node, you need to indicate the number of scan threads, which is equal to the number of processor cores (on a physical server) or to the number of virtual processors (on a virtual machine), but no less than 5.
To reduce the load on the disk subsystem, you can disable logging of Kaspersky Web Traffic Security events and logging of traffic processing events to the Syslog event log.