Kaspersky SD-WAN
2.4
English
About Kaspersky SD-WAN  >  Hardware and software requirements

Hardware and software requirements

Kaspersky SD-WAN has the following hardware and software requirements:

Hardware requirements depend on the number of CPE devices being managed (see the recommended deployment scenarios below). If you need to calculate hardware requirements for a specific deployment scheme more precisely, we recommend contacting Kaspersky Technical Support.

1. Recommended computing resources for solution components version 2.4 and higher.

The following are supported specifications for instances of Kaspersky SD-WAN Orchestrator (ORC), Kaspersky SD-WAN Controller (CTL), the monitoring component (MON), and the Kaspersky Deployment Toolkit (KDT) utility; these are valid as long as identical components and software versions are used.

1.1. SD-WAN Orchestrator

Table 1. ORC instance type definitions

Instance type

Number of CPE devices

Specifications (approximate)

CPU*

RAM

Storage size**

Storage IOPS**

Network adapter

Small ORC

1000

16 cores

32 GB

256 GB

3,000

2 x 1 Gbps

Medium ORC

5,000

24 cores

64 GB

512 GB

5,000

2 x 1 Gbps

Large ORC

10,000

16 cores

128 GB

1 TB

10,000

2 x 10 Gbps

* CPU without Hyper-Threading. Recommendations:

  • Xeon Silver 4314 for Small ORC instances
  • Xeon Gold 5318Y, Xeon Gold 5418Y, or higher for Medium ORC instances
  • Xeon Gold 6414U, Xeon Gold 6438Y+, or higher for Large ORC instances

** SSD

1.2. SD-WAN Controller

Table 2. CTL instance type definitions

Instance type

Number of CPE devices

Specifications (approximate)

CPU*

RAM

Storage size**

Storage IOPS**

Network adapter

Small CTL

250

16 cores

32 GB

64 GB

3,000

2 x 1 Gbps

Medium CTL

500

24 cores

48 GB

128 GB

5,000

2 x 1 Gbps

Large CTL

1000

32 cores

64 GB

256 GB

10,000

2 x 10 Gbps

* CPU without Hyper-Threading. Recommendations:

  • Xeon Silver 4314 for Small CTL instances
  • Xeon Gold 5318Y, Xeon Gold 5418Y, or higher for Medium CTL instances
  • Xeon Gold 6414U, Xeon Gold 6438Y+, or higher for Large CTL instances

** SSD

1.3. SD-WAN monitoring component

Table 3. MON instance type definitions

Instance type

Number of CPE devices

Specifications (approximate)

CPU*

RAM

Storage size**

Storage IOPS**

Network adapter

Small MON

1,000

8 cores

16 GB

1 TB

3,000

2 x 1 Gbps

Medium MON

5,000

24 cores

64 GB

5 TB

5,000

2 x 1 Gbps

Large MON

10,000

16 cores

96 GB

10 TB

10,000

2 x 10 Gbps

* CPU without Hyper-Threading. Recommendations:

  • Xeon Silver 4309Y for Small MON instances
  • Xeon Gold 5318Y, Xeon Gold 5418Y, or higher for Medium MON instances
  • Xeon Gold 6414U, Xeon Gold 6438Y+, or higher for Large MON instances

**SSD, RAID 10

1.4. SD-WAN All-in-One

An SD-WAN All-in-One (AIO) instance includes the following administration components: Kaspersky SD-WAN Orchestrator (ORC), Kaspersky SD-WAN Controller (CTL), and Kaspersky SD-WAN monitoring component (MON). The following instance specifications are supported:

Table 4. AIO instance type definitions

Instance type

Number of CPE devices

Specifications (approximate)

CPU*

RAM

Storage size**

Storage IOPS**

Network adapter

Small AIO

50

16 cores

32 GB

256 GB

3,000

1 Gbps

Medium AIO

100

24 cores

48 GB

512 GB

5,000

2 x 1 Gbps

Large AIO

250

32 cores

64 GB

1,024 GB

10,000

2 x 10 Gbps

1.5. Host for SD-WAN deployment

To deploy and update the management components of the solution in High Availability and Distributed Deployment scenarios, you need a dedicated host with the Kaspersky Deployment Toolkit (KDT).

Table 5. KDT instance type definitions

Deployment scenario

Specifications (approximate)

CPU*

RAM

Storage size**

Storage IOPS**

Network adapter

High Availability and Distributed Deployment

8 cores

16 GB

512 GB

5,000

1 Gbps

* CPU without Hyper-Threading. Recommendations:

  • Xeon Silver 4309Y for KDT instances

** SSD

2. Administration system deployment scenarios

2.1. Standalone deployment

The standalone deployment scenario of the Kaspersky SD-WAN administration system is intended for demonstration purposes only and is not recommended for a production environment.

2.2. High Availability deployment

Deploying the Kaspersky SD-WAN administration system in a High Availability (HA) scenario requires three AIO instances (HA3). The hardware requirements of the instances are specified in Table 4. The following table lists sizing recommendations for HA3 deployment.

Table 6. Requirements of instances for HA3 deployment

Number of CPE devices

HA3 instance

50

3 x Small AIO

100

3 x Medium AIO

250

3 x Large AIO

2.3. Distributed Deployment

Deploying the Kaspersky SD-WAN administration system in a Distributed Deployment scenario requires three dedicated ORC instances, three dedicated CTL instances, three dedicated MON instances, and one KDT host.

Table 7. Requirements of instances for deployment

Number of CPE devices

ORC

CTL

MON

KDT

250

3 x Small ORC

3 x Small CTL

3 x Small MON

1 x KDT

500

3 x Small ORC

3 x Medium CTL

3 x Small MON

1 x KDT

1,000

3 x Small ORC

3 x Large CTL

3 x Small MON

1 x KDT

2,500

3 x Small ORC

15 x Medium CTL

3 x Small MON

1 x KDT

5,000

3 x Medium ORC

30 x Medium CTL

3 x Medium MON

1 x KDT

7,500

3 x Medium ORC

45 x Medium CTL

3 x Medium MON

1 x KDT

10,000

3 x Large ORC

60 x Medium CTL

3 x Large MON

1 x KDT

20,000

6 x Large ORC

120 x Medium CTL

6 x Large MON

1 x KDT

25,000

9 x Large ORC

150 x Medium CTL

9 x Large MON

1 x KDT

3. Third-party solution requirements

The following third-party solutions are required to deploy Kaspersky SD-WAN:

Operating system requirements

The following 64-bit operating systems are supported:

  • Ubuntu 22.04 LTS.
  • Astra Linux 1.7 (security level: "Orel").
  • RED OS 7.3 "MUROM".

Requirements for links between nodes of solution components

When deploying Kaspersky SD-WAN, you can deploy multiple nodes of solution components. The following requirements apply to links between nodes of solution components:

  • Requirements for links between controller nodes:
    • Bandwidth: 1 Gbps
    • RTT (Round Trip Time): 200 ms or less
    • Packet loss: 0%
  • Requirements for links between MongoDB database nodes:
    • Bandwidth: 1 Gbps
    • RTT: 50 ms or less
    • Packet loss: 0%
  • Requirements for links between Redis database nodes:
    • Bandwidth: 1 Mbps
    • RTT: 50 ms or less
    • Packet loss: 0%

Browser requirements

The following browsers are supported for managing the orchestrator web interface:

  • Google Chrome 100 or later
  • Firefox 100 or later
  • Microsoft Edge 100 or later
  • Opera 90 or later
  • Safari 15 or later

Operating system:

Ubuntu 20.04 LTS or 22.04 LTS

RED OS 8

The operating system must support internet access or contain a mounted disk image.

4 virtual CPU cores.

8 GB of RAM.

32 GB of free disk space.

The name and password of root accounts must be the same on the administrator device and on the virtual machines or physical servers on which you want to deploy the solution components. //Hidden, will remove or rewrite this later

CPE device requirements

The following CPE device models are supported:

  • KESR-M1-R-5G-2L-W
  • KESR-M2-K-5G-1L-W
  • KESR-M2-K-5G-1S
  • KESR-M3-K-4G-4S
  • KESR-M4-K-2X-1CPU
  • KESR-M4-K-8G-4X-1CPU
  • KESR-M5-K-8G-4X-2CPU
  • KESR-M5-K-8X-2CPU

CPE devices of the KESR model are based on x86 (Intel 80x86) and MIPS (Microprocessor without Interlocked Pipeline Stages) processor architectures.

KESR M3–M5 CPE devices have Intel network adapters that are compatible with Intel SFP transceivers. For details about supported SFP transceivers, you can use the Intel Product Compatibility Tool

https://compatibleproducts.intel.com/ProductDetails?activeModule=Intel%C2%AE%20Ethernet#
(in the territory of the Russian Federation, the link is accessible only via VPN). When using the Intel Product Compatibility Tool, you need to select one of the following product categories:

  • 500 Series to view SFP transceivers that are compatible with KESR M3 CPE devices.
  • 700 Series to view SFP transceivers that are compatible with KESR M4–M5 CPE devices.

Kaspersky experts carried out tests to confirm the functionality of CPE devices when providing the L3 VPN service (see the table below). DPI (Deep Packet Inspection) was not used on the tested devices, and traffic encryption was disabled.

Model

Packet size (bytes)

Bandwidth (Mbps)

KESR-M1

IMIX (417)

30

Large (1300)

115

KESR-M2

IMIX (417)

165

Large (1300)

241

KESR-M3

IMIX (417)

805

Large (1300)

1150

KESR-M4

IMIX (417)

1430

Large (1300)

2870

For detailed information about the characteristics of CPE devices, please refer to the official page of the solution.

You can deploy uCPE devices on servers with x86 (Intel 80x86) or ARM64 processor architectures.

vCPE device requirements

The distribution kit includes the following firmware for deploying vCPE devices:

  • vKESR-M1
  • vKESR-M2
  • vKESR-M3
  • vKESR-M4

The following virtualization environments are supported for vCPE devices:

  • VMware 7.0 or later
  • KVM with kernel version 5.15 or later

    Only the original KVM virtualization environment without additional orchestration tools is supported.

The following table lists the virtual resource requirements for deploying vCPE devices.

Firmware

CPU

RAM, GB

Disk, GB

vKESR-M1

2

0.5

1

vKESR-M2

4

8

1

vKESR-M3

12

16

1

vKESR-M4

24

32

1

When upgrading Kaspersky SD-WAN from version 2.2 to 2.3, you need to make sure that your previously deployed vCPE devices satisfy the requirements of the new version, after which you can update your vCPE devices using the vKESR-M1-5 firmware.

Article ID: 239105, Last review: Apr 17, 2025
Page top