Hardware and software requirements
Recommended hardware requirements
The hardware listed below will ensure an event-processing capacity of 40,000 events per second. This figure depends on the type of parsed events and efficiency of the parser. Consider also that it is more efficient to have more cores than a lower number of cores with higher CPU frequency.
- Servers to install collectors:
- CPU: Intel or AMD with at least 4 cores (8 threads) and support for the SSE 4.2 instruction set or 8 vCPU (virtual processors).
- RAM: 16 GB
Each collector that uses geographic data event enrichment requires an additional amount of RAM equal to the size of the geographic database.
- Disk: 500 GB of available disk space mounted on /opt
- Servers to install correlators:
- CPU: Intel or AMD with at least 4 cores (8 threads) and support for the SSE 4.2 instruction set or 8 vCPU (virtual processors).
- RAM: 16 GB
- Disk: 500 GB of available disk space mounted on /opt
- Servers to install the Core:
- CPU: Intel or AMD with at least 4 cores (8 threads) and support for the SSE 4.2 instruction set or 4 vCPU (virtual processors).
- RAM: 16 GB
When importing geographic data, the server requires additional RAM equal to the size of the geographic database.
- Disk: 500 GB of available disk space mounted on /opt
- Servers to install storages:
- CPU: Intel or AMD with at least 12 cores (24 threads) and support for the SSE 4.2 instruction set or 24 vCPU (virtual processors).
Support is required for SSE4.2 commands.
- RAM: 48 GB
- Disk: 500 GB of available disk space mounted on /opt
To connect a data storage system to storage servers, you must use high-speed protocols (for example, Fibre Channel or iSCSI 10G). It is not recommended to connect storage systems using application-layer protocols (for example, NFS or SMB).
Using SSDs highly improves cluster node indexing and search efficiency.
Local mounted HDD/SSD are more efficient than external JBODs. RAID 0 is recommended for faster performance, while RAID 10 is recommended for redundancy.
To increase reliability, it is not recommended to deploy all cluster nodes on a single JBOD or single physical server (if virtual servers are used).
To increase efficiency, we recommend keeping all servers in a single data center.
Ext4 is the recommended file system for ClickHouse cluster servers.
- CPU: Intel or AMD with at least 12 cores (24 threads) and support for the SSE 4.2 instruction set or 24 vCPU (virtual processors).
- Machines to install Windows agents:
- Processor: single-core, 1.4 GHz or higher
- RAM: 512 MB
- Disk: 1 GB
- OS:
- Microsoft Windows 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2016
- Microsoft Windows Server 2019
- Microsoft Windows 10 (20H2, 21H1)
- Machines to install Linux agents:
- Processor: single-core, 1.4 GHz or higher
- RAM: 512 MB
- Disk: 1 GB
- OS:
- Ubuntu 20.04 LTS, 21.04
- Oracle Linux version 8.6
- Astra Linux Special Edition RUSB.10015-01 (2021-1126SE17 update 1.7.1)
- Installation in virtual environments is supported:
- VMware 6.5 or later
- Hyper-V for Windows Server 2012 R2 or later
- KVM Qumu version 4.2 or later
- Software package of virtualization tools "Brest" RDTSP.10001-02
Software requirements
The Collector, Correlator, Kernel, and Storage components can be deployed using only Oracle Linux 8.6, or Astra Linux Special Edition (version RUSB.10015-01, 2021-1126SE17 update 1.7.1).
Network requirements
The network interface bandwidth must be at least 100 Mbps.
For KUMA to be able to process more than 20,000 events per second, ensure a data transfer speed of at least 10 Gbps between ClickHouse nodes.
Additional requirements
Computers used for the KUMA web interface:
- CPU: Intel Core i3 8th generation
- RAM: 8 GB
- Installed Google Chrome browser version 102 or later, or Mozilla Firefox browser version 103 or later.