Hardware and software requirements
The solution includes the following software modules:
- Orchestrator, which is part of the backend of the solution.
- Orchestrator web interface, which is part of the frontend of the solution.
- Orchestrator database (MongoDB version 5.0.7).
- VNFM.
- NGINX web server for balancing HTTP and HTTPS requests to VNFMs and providing web proxies to CPE devices and VNFs.
- Redis 6.2.7 resident database.
- SD-WAN Controller.
Modules are deployed as Docker containers for stand-alone installation and scaling. If necessary, you can provision additional resources (CPU cores, RAM) to each module and distribute them among multiple servers to increase the overall performance of the solution.
Kaspersky SD-WAN components can be deployed on multiple physical servers or virtual machines (VMs). KVM and VMware virtualization platforms are supported. You must ensure the availability of servers or virtual machines for installing Kaspersky SD-WAN, an external Zabbix 5.0.26 monitoring system, and an SD-WAN Controller.
The controller can be deployed in two ways:
- As a VNF in the OpenStack cloud platform (Xena release). Controller nodes are hosted on compute nodes.
- As a PNF on separate virtual machines.
Before deploying Kaspersky SD-WAN, make sure that your network infrastructure meets the following hardware and software requirements.
Hardware requirements
Hardware requirements are listed in the following tables. Note that these requirements depend on the number of managed CPE devices used in the SD-WAN instance. The tables provide typical values, so if you need to calculate the exact requirements for your deployment scheme, please contact Kaspersky technical support.
Hardware requirements for servers or virtual machines for orchestrator deployment
CPE devices | CPU cores | RAM, GB | Disk space, GB | Network adapters | Virtual machines |
|---|---|---|---|---|---|
up to 50 | 8 | 8 | 105 | 2 | 3 |
up to 100 | 8 | 10 | 110 | 2 | 3 |
up to 250 | 8 | 12 | 125 | 2 | 3 |
up to 500 | 8 | 16 | 150 | 2 | 3 |
up to 1,000 | 10 | 24 | 200 | 2 | 3 |
up to 5,000 | 12 | 32 | 600 | 2 | 3 |
up to 10,000 | 16 | 64 | 1100 | 2 | 5 |
Hardware requirements for servers or virtual machines for deployment of other components of the solution
CPE devices | CPU cores | RAM, GB | Disk space, GB | Network adapters | Containers |
|---|---|---|---|---|---|
SD-WAN Controller | |||||
up to 50 | 4 | 8 | 64 | 2 | 3 |
up to 100 | 6 | 8 | 64 | 2 | 3 |
up to 250 | 8 | 16 | 64 | 2 | 3 |
up to 500 | 8 | 16 | 64 | 2 | 6 |
up to 1,000 | 8 | 16 | 64 | 2 | 12 |
up to 5000 | 8 | 16 | 64 | 2 | 60 |
up to 10,000 | 8 | 16 | 64 | 2 | 120 |
VNFM | |||||
up to 50 | 4 | 8 | 20 | 2 | 3 |
up to 100 | 4 | 8 | 20 | 2 | 3 |
up to 250 | 4 | 8 | 20 | 2 | 3 |
up to 500 | 4 | 8 | 20 | 2 | 3 |
up to 1000 | 4 | 10 | 20 | 2 | 3 |
up to 5000 | 4 | 12 | 20 | 2 | 3 |
up to 10000 | 4 | 16 | 20 | 2 | 3 |
Zabbix monitoring system | |||||
up to 50 | 4 | 8 | 100 | 2 | 3 |
up to 100 | 4 | 10 | 200 | 2 | 3 |
up to 250 | 6 | 12 | 350 | 2 | 3 |
up to 500 | 8 | 24 | 600 | 2 | 3 |
up to 1,000 | 10 | 32 | 1100 | 2 | 3 |
up to 5,000 | 12 | 64 | 5100 | 2 | 3 |
up to 10,000 | 16 | 128 | 10100 | 2 | 3 |
If you need to connect more than 250 CPE devices, deploy additional SD-WAN Controller clusters.
For detailed information about the hardware requirements of the Zabbix monitoring system, see the official documentation of the Zabbix solution.
When deploying the solution, an offline map is configured. Consider the following disk space requirements:
- The offline map (central-fed-district-latest.osm.pbf) takes up approximately 100 GB.
- Geocoding data takes up approximately 10 GB.
We recommend considering the possibility of overcommitment at the resource planning stage for your SD-WAN instance deployment. The maximum overcommitment ratio available when deploying containers is 3. The ratio is determined by the following characteristics of the SD-WAN instance:
- Number of CPE devices in use
- Frequency of network state changes
- Traffic bandwidth
- Size of transmitted traffic packets
Channel requirements
The following channels are supported:
- MPLS transport networks
- Broadband channels for connecting to the internet
- Leased communication lines
- Wireless connections including 3G, 4G, LTE, and 5G
- Satellite communication channels
Software requirements
Docker 1.5 or later is required. The following 64-bit operating systems are supported:
- Ubuntu 20 LTS or later
- Astra Linux 1.7 or later (security level: "Orel").
Supported browsers
You can use the following browsers to manage the orchestrator web interface:
- Google Chrome 100 or later
- Firefox 100 or later
- Microsoft Edge 100 or later
- Opera 90 or later
- Safari 15 or later
CPE device requirements
Kaspersky SD-WAN supports the following devices:
- KESR-M1-R-5G-2L-W
- KESR-M2-K-5G-1L-W
- KESR-M2-K-5G-1S
- KESR-M3-K-4G-4S
- KESR-M4-K-2X-1CPU
- KESR-M4-K-8G-4X-1CPU
- KESR-M5-K-8G-4X-2CPU
- KESR-M5-K-8X-2CPU
Kaspersky experts carried out tests to confirm the functionality of CPE devices when providing the L3 VPN service (see the table below). DPI (Deep Packet Inspection) was not used on the tested devices, and traffic encryption was disabled.
Tested CPE device models (L3 VPN Service)
Model | Packet size, bytes | Bandwidth (Mbps) |
|---|---|---|
KESR-M1
| IMIX (417) | 30 |
Large (1300) | 115 | |
KESR-M2
| IMIX (417) | 165 |
Large (1300) | 241 | |
KESR-M3
| IMIX (417) | 805 |
Large (1300) | 1150 | |
KESR-M4 | IMIX (417) | 1430 |
Large (1300) | 2870 | |
KESR-M5
| IMIX (417) | 2875 |
Large (1300) | 5750 |
For more details about the specifications of CPE devices that you can use in Kaspersky SD-WAN, see the website of the solution.
