Deploying the application on a virtual platform requires 10 percent more CPU resources than deploying the application on a physical server. In virtual disk settings, a Thick Provision disk type must be selected.
To avoid possible performance degradation when deploying the application on a virtual platform, we recommend to:
Hardware requirements for a server with the Central Node and Sensor components
The hardware requirements for a server on which the Central Node and Sensor components are installed depend on the following conditions:
The Endpoint Agent component can be installed on a terminal server, file server, or network attached storage (NAS).
Information about the compatibility of versions of applications that represent the Endpoint Agent component with versions of Kaspersky Anti Targeted Attack Platform is provided in the following Help sections: Kaspersky Endpoint Agent for Windows, Kaspersky Endpoint Agent for Linux, Kaspersky Endpoint Security for Windows, Kaspersky Endpoint Security for Linux.
If the Endpoint Agent component is installed on a terminal server, the load generated by the component is calculated as follows: one Endpoint Agent component on a terminal server serving X users generates the same load as X Endpoint Agent components on a host (X users = X Endpoint Agent components).
If the Endpoint Agent is installed on a file server or NAS, the load generated by the component is calculated as follows: one Endpoint Agent component on a file server or NAS generates the same load as 20 Endpoint Agents on a host.
When calculating the number of hosts with the Endpoint Agent component, please keep in mind that one instance of Kaspersky Endpoint Agent for Linux generates the same load as three instances of Kaspersky Endpoint Agent for Windows.
Kaspersky Endpoint Agent for Windows can also be installed on a SCADA server.
If Kaspersky Endpoint Agent for Windows is installed on a SCADA server, the load generated by the application is calculated as follows: one Kaspersky Endpoint Agent for Windows application on a SCADA server generates the same load as 20 Kaspersky Endpoint Agent for Windows applications on a host.
You can use Kaspersky Endpoint Agent for Linux and Kaspersky Endpoint Agent for Windows simultaneously.
If the volume of processed traffic is greater than 1 Gbps, it is recommended to install Central Node and Sensor components on separate servers.
On the server with the Central Node component, it is recommended to use two RAID disk subsystems:
Kaspersky Anti Targeted Attack Platform does not support operation with software RAID array.
The hardware requirements for the server with the Central Node component depending on the utilized functionality are presented in the table below.
Hardware requirements for the server with the Central Node component when using KEDR functionality
Maximum number of hosts with the Endpoint Agent component |
Minimum RAM (GB) |
Minimum number of logical cores at 3 GHz |
First disk subsystem |
Second disk subsystem |
||||||
|---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID 1 or RAID 10 disk array size (TB) |
Number of disks in RAID 1 or RAID 10 array |
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID 10 disk array size (TB) |
Number of disks in RAID 10 array |
|||
1000 |
64 |
8 |
100 |
1000 |
1 |
4 |
300 |
200 |
Up to 6, 2.4 TB each |
4 |
3000 |
80 |
12 |
100 |
1000 |
1 |
4 |
700 |
500 |
6 |
|
5000 |
96 |
12 |
100 |
1000 |
1 |
4 |
1000 |
600 |
6 |
|
10,000 |
160 |
20 |
100 |
1000 |
1 |
4 |
2000 |
800 |
10 |
|
15,000 |
192 |
32 |
100 |
1000 |
1 |
4 |
2000 |
800 |
12 |
|
Hardware requirements for the server with the Central Node component when using KATA and KEDR functionality
Maximum number of hosts with the Endpoint Agent component |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports on the server with the Central Node component |
Maximum volume of traffic from SPAN ports on servers with the Sensor component (Mbps) |
Minimum RAM (GB) |
Minimum number of logical cores at 3 GHz |
First disk subsystem |
Second disk subsystem |
||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID 1 or RAID 10 disk array size (TB) |
Number of disks in RAID 1 or RAID 10 array |
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID 10 disk array size (TB) |
Number of disks in RAID 10 array |
||||||
1000 |
1 |
200 |
Not processed |
96 |
12 |
100 |
1000 |
1.9 |
4 |
300 |
300 |
Up to 6, 2.4 TB each |
4 |
2000 |
2 |
500 |
Not processed |
128 |
20 |
100 |
1000 |
2 |
4 |
500 |
500 |
4 |
|
5000 |
1 |
1000 |
Not processed |
160 |
36 |
100 |
1000 |
2 |
4 |
1000 |
600 |
4 |
|
10,000 |
2 |
1000 |
Not processed |
192 |
40 |
100 |
1000 |
2 |
4 |
2000 |
800 |
12 |
|
5000 |
5 |
Not processed |
2000 |
144 |
20 |
100 |
1000 |
1.9 |
4 |
1000 |
600 |
6 |
|
10,000 |
20 |
Not processed |
4000 |
192 |
36 |
100 |
1000 |
1.9 |
4 |
2000 |
800 |
12 |
|
15,000 |
20 |
Not processed |
4000 |
256 |
48 |
100 |
1000 |
1.9 |
4 |
2000 |
800 |
12 |
|
Example calculations of required server configuration for Kaspersky Anti Targeted Attack Platform components If you want to:
you need two servers with the following hardware:
The above calculation is also valid for an infrastructure with 5,000 hosts with Kaspersky Endpoint Agent for Linux or a combination of applications (for example, 9,000 hosts with Kaspersky Endpoint Agent for Windows or Kaspersky Endpoint Security for Windows and 2,000 hosts with Kaspersky Endpoint Agent for Linux). |
Disk space requirements on the server with the Central Node component
When no Sensor component is used on the server with the Central Node component, it is obligatory to have at least 2,000 GB of free space on the first disk subsystem and at least 2,400 GB on the second disk subsystem. The amount of space required on the second disk subsystem depends on the preferred storage policy and can be calculated using the following formula:
150 GB + <number of Kaspersky Endpoint Agent or Kaspersky Endpoint Security for Windows hosts>/15,000 * (400 GB + 240 GB * <number of days to store data>)/0.65, but no more than 12 TB.
This formula can be used to roughly estimate the required disk space. The actual amount of stored data depends on the traffic profile of the organization and may differ from the calculated result.
If you have configured integration with the external system using REST API, you must allocate additional resources required for processing objects of this system. Additional hardware requirements are presented in the table below.
Hardware requirements for the server with the Central Node component with integrated external systems
Maximum number of processed objects per second |
Number of additional logical cores |
The number of additional servers with the Sandbox component |
|---|---|---|
8 |
2 |
1 |
16 |
4 |
2 |
24 |
7 |
3 |
Requirements for the PCN server in distributed solution mode
If the load on the SCN servers is light, hardware requirements for the PCN server are the same as for a server with Central Node component in standalone mode.
Hardware requirements for the PCN server with 10 SCN servers under heavy load are listed in the table below.
Hardware requirements for the PCN server
Maximum number of hosts with the Endpoint Agent component |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports (Mbps) |
Minimum RAM (GB) |
Minimum number of logical cores |
First disk subsystem |
Second disk subsystem |
||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID 1 or RAID 10 disk array size (TB) |
Number of disks in RAID 1 or RAID 10 array |
ROPS (read operations per second) |
WOPS (write operations per second) |
RAID 10 disk array size (TB) |
Number of disks in RAID 10 array |
|||||
10,000 |
0 |
0 |
160 |
24 |
100 |
1000 |
1 |
4 |
800 |
800 |
4 |
10 |
1000 |
1 |
200 |
112 |
40 |
100 |
1000 |
1.9 |
4 |
600 |
600 |
1.3 |
4 |
5000 |
5 |
2000 |
160 |
28 |
100 |
1000 |
1.9 |
4 |
300 |
300 |
2.5 |
6 |
10,000 |
20 |
4000 |
208 |
40 |
100 |
1000 |
1.9 |
4 |
1000 |
800 |
4 |
12 |
Communication channel requirements
The minimum requirements for the communication channel between computers with the Endpoint Agent component and the server with the Central Node component are presented in the table below.
Minimum requirements for the communication channel between computers with the Endpoint Agent component and the server with the Central Node component
Maximum number of hosts with the Endpoint Agent component |
Required bandwidth of the communication channel reserved for Endpoint Agent components (Mbps) |
|---|---|
10 |
1 |
50 |
2 |
100 |
3 |
1000 |
20 |
10,000 |
200 |
Minimum requirements for the communication channel between the PCN and SCN servers in distributed solution mode are listed in the table below.
Minimum requirements for the communication channel between the PCN and SCN servers
Maximum number of hosts with the Endpoint Agent component |
Maximum number of email messages per second |
Maximum volume of traffic from SPAN ports (Mbps) |
Required communication channel bandwidth (Mbps) |
|---|---|---|---|
5000 |
5 |
2000 |
20 |
10,000 |
20 |
4000 |
30 |
Hardware requirements for Central Node cluster servers
A cluster must include at least 4 servers: 2 storage servers and 2 processing servers. To process traffic from 15,000 hosts with the Kaspersky Endpoint Agent component, you need at least 2 storage servers and 2 processing servers. To process traffic from 30,000 hosts with the Kaspersky Endpoint Agent component, you need at least 2 storage servers and 3 processing servers.
Each cluster server must have two network adapters to configure cluster and external subnet. The cluster subnet must operate at 10 Gbit/s. The external subnet must operate at 1 Gbit/s.
For a clustered subnet, the following requirements must also be met:
The hardware requirements for cluster servers when using KEDR functionality are listed in the table below.
Hardware requirements for processing servers when using KEDR functionality
Minimum RAM (GB) |
Minimum number of logical cores |
RAID disk array type |
The number of disks in a RAID disk array |
Single HDD volume (GB) |
|---|---|---|---|---|
256 |
48 |
RAID 1 |
2 |
1200 |
Hardware requirements for storage servers when using KEDR functionality
Minimum RAM (GB) |
Minimum number of logical cores |
First disk subsystem |
Second disk subsystem |
|||
|---|---|---|---|---|---|---|
RAID disk array type |
The number of disks in a RAID disk array |
Single HDD volume (GB) |
Number of disks |
Single HDD volume (GB) |
||
128 |
16 |
RAID 1 |
2 |
1200 |
6 |
1200 |
The performance requirements for disk subsystems are equivalent to those specified in the table Hardware requirements for a server with the Central Node component when using KEDR functionality (see above).