Calculations for the Sensor component

These calculations also apply when the application is deployed on a virtual platform.

When calculating the hardware requirements for the Sensor component, you must take into account that the maximum volume of processed traffic for one Sensor component is 4 Gbps. The most resource-intensive technology is the Intrusion Detection System.

You can use a server hosting the Sensor component as a proxy server during data exchange between the Endpoint Agent components and the Central Node component to simplify configuration of network rules. For example, if Endpoint Agent components are located in a separate segment of the network, it will suffice to configure a connection between servers with the Central Node and Sensor components.

When configuring the redirection of traffic from Endpoint Agent components to the Central Node component, please take into account the following limitations:

The hardware requirements for a server with the Sensor component depend on the volume of processed traffic. The required bandwidth of the communication channel between servers with the Central Node and Sensor components is calculated as follows:

10% SPAN port traffic at typical load or 20% of the SPAN port traffic at peak load + email traffic + ICAP traffic + requirement for the communication channel between the Central Node and Endpoint Agent components

The requirements for the communication channel between the Central Node and Endpoint Agent components depend on the number of Endpoint Agent components whose traffic the Sensor component forwards to the Central Node component. For more details on the requirements for the communication channel between the components, see the Calculations for the Central Node component section → Communication channel requirements.

If the bandwidth of the communication channel is more than 2 Gbps, you must configure the use of one processor core for processing network interrupts.

Hardware requirements for the Sensor component depending on the processed traffic

The Sensor component can be integrated with the IT infrastructure of an organization as follows:

The hardware requirements for the Sensor component are listed in the table below. The calculations are provided for a case in which the Sensor component does not process email messages or traffic over the ICAP protocol. If the Sensor component redirects the traffic of Endpoint Agent components, communication channel requirements must also be taken into account.

Hardware requirements for the Sensor component depending on the volume of processed traffic from SPAN ports

Number of Endpoint Agent components

Volume of processed traffic (Mbps)

Minimum RAM (GB)

Minimum number of logical cores

10,000

100

16

4

15,000

500

16

8

15,000

1,000

24

16

15,000

2,000

32

32

15,000

4,000

32

48

The hardware requirements for a Sensor component that is integrated with a mail server are presented in the table below. The calculations are provided for a case in which the Sensor component does not process mirrored traffic or traffic over the ICAP protocol.

Hardware requirements for a Sensor component that is integrated with a mail server

Number of email messages per second

Minimum RAM (GB)

Minimum number of logical cores

1-4

16

4

5-20

16

8

Processing traffic over the ICAP protocol requires less resources than processing email messages.

If one Sensor component processes traffic over multiple protocols, it is recommended to use the sizing calculator to calculate the server configuration. You should take into account the following recommendations:

Disk space requirements on a server with the Sensor component

It is recommended to use a RAID 1 disk array. The total disk space must be at least 500 GB. The minimum free disk space requirements for different data types are presented in the table below.

Minimum requirements for disk space on a server with the Sensor component

Data type

Disk space (GB)

Redis database dump

16

Operating system

25

Temporary files

32

Trace files and update packages

151

Total

224

If the volume of processed traffic is greater than 1 Gbps, it is recommended to allocate at least 600 GB of disk space.

Page top