Hardware and software requirements

Recommended hardware requirements

This section lists the hardware requirements for processing a data stream of up to 40,000 events per second (EPS). The KUMA load value depends on the type of events being parsed and the efficiency of the normalizer.

Consider that for event processing efficiency, the CPU core count is more important than the clock rate. For example, eight CPU cores with a medium clock rate can process events more efficiently than four CPU cores with a high clock rate. The following table lists the hardware and software requirements of KUMA components.

Consider also that the amount of RAM utilized by the collector depends on configured enrichment methods (DNS, accounts, assets, enrichment with data from Kaspersky CyberTrace) and whether aggregation is used (RAM consumption is influenced by the data aggregation window setting, the number of fields used for aggregation of data, volume of data in fields being aggregated).

For example, with an event stream of 1,000 EPS and event enrichment disabled (event enrichment is disabled, event aggregation is disabled, 5,000 accounts, 5,000 assets per tenant), one collector requires the following resources:

• 1 CPU core or 1 virtual CPU
• 512 MB of RAM
• 1 GB of disk space (not counting event cache)

For example, to support 5 collectors that do not perform event enrichment, you must allocate the following resources: 5 CPU cores, 2.5 GB of RAM, and 5 GB of free disk space.

	KUMA Core	Collector	Correlator	Storage
CPU	Intel® or AMD™ with SSE 4.2 support: at least 4 cores/8 threads or 4 virtual CPUs.	Intel or AMD with SSE 4.2 support: at least 4 cores/8 threads or 8 virtual CPUs.	Intel or AMD with SSE 4.2 support: at least 4 cores/8 threads or 8 virtual CPUs.	Intel or AMD with SSE 4.2 support: at least 12 cores/24 threads or 24 virtual CPUs.
RAM	16 GB	16 GB	16 GB	48 GB
Free disk space	/opt directory size: at least 500 GB.	/opt directory size: at least 500 GB.	/opt directory size: at least 500 GB.	/opt directory size: at least 500 GB.
Operating systems	Oracle Linux 8.6, 8.7. Astra Linux Special Edition RUSB.10015-01 (2021-1126SE17 update 1.7.1). Astra Linux Special Edition RUSB.10015-01 (2022-1011SE17MD update 1.7.2.UU.1). Astra Linux Special Edition RUSB.10015-01 (2022-1110SE17 update 1.7.3). Core version 5.15.0.33 or higher is required.
Network bandwidth	100 Mbps	100 Mbps	100 Mbps	The transfer rate between ClickHouse nodes must be at least 10 Gbps if the data stream exceeds 20,000 EPS.

Installation of KUMA is supported in the following virtual environments:

• VMware 6.5 or later
• Hyper-V for Windows Server 2012 R2 or later
• QEMU-KVM 4.2 or later
• Software package of virtualization tools "Brest" RDTSP.10001-02

Kaspersky recommendations for storage servers

We recommend putting ClickHouse on solid state drives (SSD). SSDs help improve data access speed. Hard drives can be used to store data using the HDFS technology.

To connect a data storage system to storage servers, you must use high-speed protocols, such as Fibre Channel or iSCSI 10G. We do not recommend using application-level protocols such as NFS and SMB to connect data storage systems.

On ClickHouse cluster servers, using the ext4 file system is recommend.

If you are using RAID arrays, it is recommended to use RAID 0 for high performance, or RAID 10 for high performance and fault tolerance.

To ensure fault tolerance and performance of the data storage subsystem, we recommend making sure that ClickHouse nodes are deployed strictly on different disk arrays.

If you are using a virtualized infrastructure to host system components, we recommend deploying ClickHouse cluster nodes on different hypervisors. In this case, it is necessary to prevent two virtual machines with ClickHouse from working on the same hypervisor.

For high-load KUMA installations, we recommend installing ClickHouse on physical servers.

Requirements for devices for installing agents

To have data sent to the KUMA collector, you must install agents on the network infrastructure devices. Device requirements are listed in the following table.

	Windows devices	Linux devices
CPU	Single-core, 1.4 GHz or higher	Single-core, 1.4 GHz or higher
RAM	512 MB	512 MB
Free disk space	1 GB	1 GB
Operating systems	Microsoft® Windows® 2012 Microsoft Windows Server® 2012 R2 Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows 10 20H2, 21H1	Ubuntu 20.04 LTS, 21.04 Oracle® Linux version 8.6, 8.7 Astra Linux Special Edition RUSB.10015-01 (2021-1126SE17 update 1.7.1). Astra Linux Special Edition RUSB.10015-01 (2022-1011SE17MD update 1.7.2.UU.1). Astra Linux Special Edition RUSB.10015-01 (2022-1110SE17 update 1.7.3).

Requirements for client devices for managing the KUMA web interface

CPU: Intel® Core™ i3 8th generation

RAM: 8 GB

Supported browsers:

• Google™ Chrome™ 102 or later.
• Mozilla™ Firefox™ 103 or later.

Device requirements for installing KUMA on Kubernetes

The minimum configuration of a Kubernetes cluster for deployment of a fault-tolerant KUMA configuration includes the following:

• 1 load balancer node (not part of the cluster).
• 3 controller nodes.
• 2 worker nodes.

The minimum hardware requirements for devices for installing KUMA on Kubernetes are listed in the table below.

	Balancer	Controller	Worker node
CPU	1 core with 2 threads or 2 vCPUs.	1 core with 2 threads or 2 vCPUs.	12 threads or 12 vCPUs.
RAM	2 GB	2 GB	12 GB
Free disk space	30 GB	30 GB	500 GB
Network bandwidth	10 Gbps	10 Gbps	10 Gbps

Page top