Support

Support for business applications

Kaspersky Symphony XDR: SMP

Deployment of Kaspersky Next XDR Expert

Preparation work and deployment

Single node deployment: Preparing the administrator and target hosts

Kaspersky Next XDR Expert
Online Help
FAQ Forum Contact support

Single node deployment: Preparing the administrator and target hosts

September 16, 2024

ID 280752

Save as PDF

The administrator host is used to deploy and manage the Kubernetes cluster and Kaspersky Next XDR Expert. Kaspersky Next XDR Expert is deployed on the target host by using KDT. KDT runs on the administrator host and connects to the target host via SSH.

In the single node configuration, one target host manages the Kubernetes cluster, stores metadata, and performs the workload of the Kaspersky Next XDR Expert components. The Kubernetes cluster and Kaspersky Next XDR Expert components are installed on this target host. Only the target host is included in the Kubernetes cluster.

Preparing the administrator host

To prepare the administrator host:

  1. Prepare a device that will act as the administrator host from which KDT will launch.

    The administrator host will not be included in the Kubernetes cluster that is created by KDT during the deployment.

    Make sure that the hardware and software on the administrator host meet the requirements for KDT.

    On the administrator host, allocate at least 10 GB of free space in the temporary files directory (/tmp) for KDT. If you do not have enough free space in this directory, run the following command to specify the path to another directory:

    export TMPDIR=<new_directory>/tmp

  2. Install the package for Docker version 20 or later, and then perform post-installation steps to configure the administration host for proper functioning with Docker.

    Do not install unofficial distributions of Docker packages from the operating system maintainer repositories.

Preparing the target host

To prepare the target host:

  1. Prepare a physical or virtual machine on which Kaspersky Next XDR Expert will be deployed.

    A minimum cluster configuration for the single node deployment includes one target host, which acts as the primary and worker nodes. On this primary-worker node, the Kubernetes cluster, Kaspersky Next XDR Expert components, and the DBMS are installed.

    Make sure that the hardware and software on the target host meet the requirements for the single node deployment.

    For proper functioning of Kaspersky Next XDR Expert, the Linux kernel version must be 5.15.0.107 or later on the target host with the Ubuntu family operating systems

    Do not install Docker on the target host. KDT will install all necessary software and dependencies during the deployment.

  2. Install the sudo package, if this package is not already installed. For Debian family operating systems, install the UFW package.
  3. Configure the /etc/environment file. If your organization's infrastructure uses the proxy server to access the internet, you also need to connect the target host to the internet.
  4. If the primary-worker node has the UFW configuration, allow IP forwarding. In the /etc/default/ufw file, set DEFAULT_FORWARD_POLICY to ACCEPT.
  5. Provide access to the package repository where the packages required for the function of Kaspersky Next XDR Expert are located:
    • nfs-common
    • tar
    • iscsi-package
    • wireguard
    • wireguard-tools

    KDT will try to install these packages during the deployment from the package repository. You can also install these packages manually.

  6. Ensure that the curl and libnfs packages are installed on the primary-worker node.

    The curl and libnfs packages are not installed during the deployment from the package repository by using KDT. You must install these packages manually if they are not already installed. The libnfs package version 12 and later is used.

  7. Reserve static IP addresses for the target host and for the Kubernetes cluster gateway.

    The Kubernetes cluster gateway is intended for connecting to the Kaspersky Next XDR Expert components installed inside the Kubernetes cluster.

    Since the DBMS is installed inside the cluster on the primary-worker node, the gateway IP address is an IP range (for example, 192.168.0.1-192.168.0.2). The gateway IP address is specified in the configuration file.

    Make sure that the target host and the Kubernetes cluster gateway are located in the same broadcast domain.

  8. On your DNS server, register the domain names to connect to the Kaspersky Next XDR Expert services.

    By default, the Kaspersky Next XDR Expert services are available at the following addresses:

    • console.<smp_domain>—Access to the OSMP Console functionality.
    • admsrv.<smp_domain>—Access to the Administration Server functionality.
    • kuma.<smp_domain>—Access to the KUMA functionality.
    • api.<smp_domain>—Access to the Kaspersky Next XDR Expert API functionality.
    • psql.<smp_domain>—Interaction with the DBMS (PostgreSQL).

      Where <smp_domain> is a common part of the service domain names that you can specify in the configuration file.

    The listed domain names must be resolved to the IP address of the Kubernetes cluster gateway. The first IP address of the gateway IP range is the address of the Kaspersky Next XDR Expert services (excluding the DBMS IP address), and the second IP address of the gateway IP range is the IP address of the DBMS. For example, if the gateway IP address is 192.168.0.1—192.168.0.2, the service domain names must be resolved as follows:

    • console.<smp_domain>—192.168.0.1
    • admsrv.<smp_domain>—192.168.0.1
    • kuma.<smp_domain>—192.168.0.1
    • api.<smp_domain>—192.168.0.1
    • psql.<smp_domain>—192.168.0.2
  9. Create the user accounts that will be used for the Kaspersky Next XDR Expert deployment.

    These accounts are used for the SSH connection and must be able to elevate privileges (sudo) without entering a password. To do this, add the created user accounts to the /etc/sudoers file.

  10. Configure the SSH connection between the administrator and target hosts:
    1. On the administrator host, generate SSH keys by using the ssh-keygen utility without a passphrase.
    2. After you generate a pair of SSH keys, copy the public key to the target host (for example, to the /home/<user_name>/.ssh directory) by using the ssh-copy-id utility.
  11. For proper function of the Kaspersky Next XDR Expert components, open the required ports on the firewall of the administrator and target hosts, if necessary.
  12. Configure time synchronization over Network Time Protocol (NTP) on the administrator and target hosts.
  13. If necessary, prepare custom certificates for working with Kaspersky Next XDR Expert public services.

    You can use one intermediate certificate that is issued off the organization's root certificate or leaf certificates for each of the services. The prepared custom certificates will be used instead of self-signed certificates.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.