Distributed deployment: Specifying the installation parameters

Deployment of Kaspersky Next XDR Expert > Preparation work and deployment > Distributed deployment: Specifying the installation parameters

Distributed deployment: Specifying the installation parameters

Expand all | Collapse all

The configuration file is a file in the YAML format and contains a set of installation parameters for the Kaspersky Next XDR Expert components.

The installation parameters listed in the tables below are required for the distributed deployment of Kaspersky Next XDR Expert. To deploy Kaspersky Next XDR Expert on a single node, use the configuration file that contains the installation parameters specific for the single node deployment.

The template of the configuration file (smp_param.yaml.template) is located in the distribution package in the archive with the KDT utility. You can fill out the configuration file template manually; or use the Configuration wizard to specify the installation parameters that are required for the Kaspersky Next XDR Expert deployment, and then generate the configuration file.

For correct function of KDT with the configuration file, enter an empty line at the end of the file.

The nodes section of the configuration file contains the target host parameters that are listed in the table below.

Installation parameters of the nodes section

Parameter name	Required	Description
`desc`	Yes	The name of the node.
`type`	Yes	The node type. Possible parameter values: `primary` `worker`
`host`	Yes	The IP address of the node. All nodes must be included in the same subnet.
`kind`	No	The node type that specifies the Kaspersky Next XDR Expert component that will be installed on this node. Possible parameter values: `admsrv`—The value for the node on which Administration Server will be installed. `db`—The value for the node on which the DBMS will be installed. It is used if you want to install the DBMS on the node inside the cluster. For Kaspersky Next XDR Expert to work correctly, we recommend that you select the node on which Administration Server will work. Also, you can select the node on which you want to install the DBMS. Specify the appropriate values of the `kind` parameter for these nodes. Do not specify this parameter for other nodes.
`user`	Yes	The username of the user account created on the target host and used for connection to the node by KDT.
`key`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT.

The parameters section of the configuration file contains the parameters listed in the table below.

Installation parameters of the parameters section

Parameter name	Required	Description
`psql_dsn`	Yes	The connection string for accessing the DBMS that is installed and configured on a separate server. Specify this parameter as follows: `psql_dsn=postgres://<dbms_username>:<password>@<fqdn>:<port>`. `dbms_username`—The user name of a privileged internal DBMS account. This account is granted permissions to create databases and other DBMS accounts. By using this privileged DBMS account, the databases and other DBMS accounts required for the Kaspersky Next XDR Expert components will be created during the deployment. `password`—The password of the privileged internal DBMS account. `fqdn:port`—The FQDN and connection port of a separate server on which the DBMS is installed. If the `psql_dsn` parameter is set, the Kaspersky Next XDR Expert components use the DBMS located at the specified FQDN. Otherwise, the Kaspersky Next XDR Expert components use the DBMS inside the cluster. We recommend installing a DBMS on a separate server outside the cluster. After you deploy Kaspersky Next XDR Expert, changing the DBMS installed inside the cluster to a DBMS installed on a separate server is not available.
`nwc-language`	Yes	The language of the OSMP Console interface specified by default. After installation, you can change the OSMP Console language. Possible parameter values: `enUS` `ruRu`
`ipaddress`	Yes	The reserved static IP address of the Kubernetes cluster gateway. The gateway must be included in the same subnet as all cluster nodes. If you install the DBMS on a separate server, the gateway IP address must contain the subnet mask /32. If you install the DBMS inside the cluster, set the gateway IP address to an IP range in the format `0.0.0.0-0.0.0.0`, where the first IP address of the range is the gateway IP address itself and the second IP address of the range is the DBMS IP address.
`ssh_pk`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the node by KDT.
`sshKey`	Yes	The path to the private part of the SSH key located on the administrator host and used for connection to the nodes with the KUMA services (collectors, correlators, and storages).
`kscpassword` `adminPassword`	Yes	The `kscpassword` and `adminPassword` parameters specify the password of the same Kaspersky Next XDR Expert user account that will be created by KDT during the installation. The default username of this account is "admin". The Main administrator role is assigned to this user account. The `kscpassword` and `adminPassword` parameter values must match. The `adminPassword` parameter is used for uploading the KUMA license and out-of-the-box resources. The password must comply with the following rules: The user password cannot have fewer than 8 or more than 16 characters. The password must contain characters from at least three of the groups listed below: Uppercase letters (A–Z) Lowercase letters (a–z) Numbers (0–9) Special characters (@ # $ % ^ & * - _ ! + = [ ] { } \| : ' , . ? / \ ` ~ " ( ) ;)
`lowResources`	No	The parameter that indicates that Kaspersky Next XDR Expert is installed on the target host with limited computing resources. Set the `lowResources` parameter to `false` for distributed deployment. Possible parameter values: `true` `false`
`coreDiskRequest`	Yes	The parameter that specifies the amount of disk space for the operation of KUMA Core. This parameter is used only if the `lowResources` parameter is set to `false`. If the `lowResources` parameter is set to `true`, the `coreDiskRequest` parameter is ignored and 4 GB of the disk space for the operation of KUMA Core is allocated. If you do not specify the `coreDiskRequest` parameter and the `lowResources` parameter is set to `false`, the default amount of disk space for the operation of KUMA Core is allocated. The default amount of disk space is 512 GB.
`inventory`	Yes	The path to the KUMA inventory file located on the administrator host. The inventory file contains the installation parameters for deployment of the KUMA services that are not included in the Kubernetes cluster.
`hostInventory`	No	The path to the additional KUMA inventory file located on the administrator host. This file contains the installation parameters used to partially add or remove hosts with the KUMA services. If you perform an initial deployment of Kaspersky Next XDR Expert or you do not need to partially add or remove hosts with the KUMA services, set this parameter to `/dev/null`.
`license`	Yes	The path to the license key of KUMA.
`smp_domain`	Yes	The domain name that is used in the addresses of the public Kaspersky Next XDR Expert services.
`pki_domain`	Yes	The domain name for which a self-signed or custom certificate is to be generated. The `pki_domain` and `smp_domain` parameter values must match.
`iam-nwc_host` `flow_host` `hydra_host` `login_host` `admsrv_fqdn` `console_fqdn` `api_fqdn` `kuma_fqdn` `psql_fqdn` `monitoring_fqdn` `coreIngressHost` `gateway_host` `hydra_fqdn` `IAMHydraServerPublicExternal`	Yes	The addresses of the Kaspersky Next XDR Expert services. These addresses contain the domain name, which must match the `smp_domain` parameter value.
`pki_fqdn_list`	Yes	The list of addresses of the public Kaspersky Next XDR Expert services for which a self-signed or custom certificate is to be generated. These addresses contain the domain name, which must match the `smp_domain` parameter value.
`intermediate_bundle`	No	The path to the custom intermediate certificate used to work with public Kaspersky Next XDR Expert services.
`intermediate_enabled`	No	The parameter that indicates whether to use the custom intermediate certificate instead of the self-signed certificates for the public Kaspersky Next XDR Expert services. Possible parameter values: `true` `false`
`admsrv_bundle` `api_bundle` `console_bundle` `psql_bundle`	No	The paths to the custom leaf certificates used to work with the corresponding public Kaspersky Next XDR Expert services: admsrv.<smp_domain>, api.<smp_domain>, console.<smp_domain>, psql.<smp_domain>. Specify the `psql_bundle` parameter if you installed the DBMS inside the Kubernetes cluster on the DBMS node. If you want to specify the leaf custom certificates, set the `intermediate_enabled` parameter to `false` and do not specify the `intermediate_bundle` parameter.
`KUMAUIURL`	Yes	The address of KUMA Console. This address contains the domain name, which must match the `smp_domain` parameter value.
`webConsoleURL`	Yes	The address of OSMP Console. This address contains the domain name, which must match the `smp_domain` parameter value.
`encrypt_secret` `sign_secret`	Yes	The names of the secret files that are stored in the Kubernetes cluster. These names contain the domain name, which must match the `smp_domain` parameter value.
`ksc_state_size`	Yes	The amount of free disk space allocated to store the Administration Server data (updates, installation packages, and other internal service data). Measured in gigabytes, specified as "<amount>Gi". The required amount of free disk space depends on the number of managed devices and other parameters, and can be calculated. The minimum recommended value is 10 GB.
`kdtStateSize`	No	The amount of free disk space allocated to store the internal service KDT data. Measured in gigabytes, specified as "<amount>Gi". The minimum recommended value is 1 GB.
`ksc_backup_size`	Yes	The amount of free disk space allocated to store the backups of the Administration Server data. Measured in gigabytes, specified as "<amount>Gi".The minimum recommended value is 10 GB.
`prometheus_size`	Yes	The amount of free disk space allocated to store metrics. Measured in gigabytes, specified as "<amount>GB". The minimum recommended value is 5 GB.
`loki_size`	Yes	The amount of free disk space allocated to store OSMP logs. Measured in gigabytes, specified as "<amount>Gi". The minimum recommended value is 20 GB.
`adminLogin`	Yes	The `adminLogin` parameter specifies the username of the Kaspersky Next XDR Expert user account that will be created by KDT during the installation. This parameter is used for uploading KUMA resources. The `adminLogin` and `kumaLogin` parameter values must match. The default parameter value is `admin`. Do not change the parameter value.
`psql_tls_off`	No	The parameter that indicates whether to encrypt the traffic between the Kaspersky Next XDR Expert components and the DBMS by using the TLS protocol. Possible parameter values: `true` `false`
`psql_trusted_cas`	No	The path to the PEM file that can contain the TLS certificate of the DBMS server or a root certificate from which the TLS server certificate can be issued.
`psql_client_certificate`	No	The path to the PEM file that contains a certificate and a private key of the Kaspersky Next XDR Expert component. This certificate is used to establish the TLS connection between the Kaspersky Next XDR Expert components and the DBMS.
`proxy_enabled`	No	The parameter that indicates whether to use the proxy server to connect the Kaspersky Next XDR Expert components to the internet. If the host on which Kaspersky Next XDR Expert is installed has internet access, you can also provide internet access for operation of Kaspersky Next XDR Expert components (for example, Administration Server) and for specific integrations, both Kaspersky and third-party. To establish the proxy connection, you must also specify the proxy server parameters in the Administration Server properties. Possible parameter values: `true` `false`
`proxy_addresses`	No	The IP address of the proxy server. If the proxy server uses multiple IP addresses, specify these addresses separated by a space (for example, "`0.0.0.0` `0.0.0.1` `0.0.0.2`").
`proxy_port`	No	The number of the port through which the proxy connection will be established.
`psql_ns` `psql_instance` `kumaUrl` `kumaLogin`	Yes	Parameters for internal use. Do not change the parameter value.

Sample of the configuration file for the distributed deployment of Kaspersky Next XDR Expert

Article ID: 249240, Last review: Aug 5, 2024

Page top