Kaspersky Next XDR Expert
1.2
Deployment of Kaspersky Next XDR Expert  >  Preparation work and deployment  >  Single node deployment: Preparing the administrator and target hosts

Single node deployment: Preparing the administrator and target hosts

Preparing for a single-node deployment includes configuring the administrator and target hosts. In the single-node configuration, the Kubernetes cluster and Kaspersky Next XDR Expert components are installed on one target host. After preparing the target host and specifying the configuration file, you will be able to deploy Kaspersky Next XDR Expert on the target host by using KDT.

Preparing the administrator host

You first need to prepare a device that will act as the administrator host from which KDT will launch. This host can be either included in the Kubernetes cluster that is created by KDT during the deployment or not. If the administrator host is not included in the cluster, it will be used only to deploy and manage the Kubernetes cluster and Kaspersky Next XDR Expert. If the administrator host is included in the cluster, it will also act as a target host that is used for operation of Kaspersky Next XDR Expert components. In this case, only one host will be used for deployment and operation of the solution.

To prepare the administrator host:

  1. Make sure that the hardware and software on the administrator host meet the requirements for KDT.
  2. Allocate at least 10 GB of free space in the temporary files directory (/tmp) for KDT. If you do not have enough free space in this directory, run the following command to specify the path to another directory:

    export TMPDIR=<new_directory>/tmp

  3. Install the package for Docker version 23 or later, and then perform the post-installation steps to configure the administration host for proper functioning with Docker.

    Do not install unofficial distributions of Docker packages from the operating system maintainer repositories.

  4. For the administrator host that will be included in the cluster, perform additional preparatory steps.

    View details

Preparing the target host

The target host is a physical or virtual machine that is used to deploy Kaspersky Next XDR Expert and included in the Kubernetes cluster. The target host manages the Kubernetes cluster, stores metadata, as well as the Kaspersky Next XDR Expert components work on this host. A minimum cluster configuration for the single-node deployment includes one target host, which acts as the primary and worker nodes. On this primary worker node, the Kubernetes cluster and Kaspersky Next XDR Expert components are installed.

For standard usage, you have to install the DBMS manually on the target host before the deployment. In this case, the DBMS will be installed on the target host, but not included in the Kubernetes cluster. For demonstration purposes, you can install the DBMS inside the cluster by using KDT during the deployment.

If you want to run the Kaspersky Next XDR Expert deployment from the target host, you must prepare this host as the administrator host, as described in the previous procedure, and then perform the preparing for the target host.

To prepare the target host:

  1. Make sure that the hardware and software on the target host meet the requirements for the single-node deployment.

    For proper functioning of Kaspersky Next XDR Expert, the Linux kernel version must be 5.15.0.107 or later on the target host with the Ubuntu family operating systems

    Do not install Docker on the target host unless the target host will be used as the administrator host. KDT will install all necessary software and dependencies during the deployment.

  2. Install the sudo package, if this package is not already installed. For Debian family operating systems, install the UFW package.
  3. Configure the /etc/environment file. If your organization's infrastructure uses a proxy server to access the internet, you also need to connect the target host to the internet.
  4. If the primary worker node has the UFW configuration, allow IP forwarding. In the /etc/default/ufw file, set DEFAULT_FORWARD_POLICY to ACCEPT.
  5. Provide access to the package repository. This repository stores the following packages required for Kaspersky Next XDR Expert:
    • nfs-common
    • tar
    • iscsi-package
    • wireguard
    • wireguard-tools

    KDT will try to install these packages during the deployment from the package repository. You can also install these packages manually.

  6. Ensure that the curl and libnfs packages are installed on the primary worker node.

    The curl and libnfs packages are not installed during the deployment from the package repository by using KDT. You must install these packages manually, if they are not already installed. The libnfs package version 12 and later is used.

  7. Reserve static IP addresses for the target host and for the Kubernetes cluster gateway.

    The Kubernetes cluster gateway is intended for connecting to the Kaspersky Next XDR Expert components installed inside the Kubernetes cluster.

    For standard usage of the solution, when you install the DBMS on the target host outside the cluster, the gateway IP address is an IP address in CIDR notation that contains the subnet mask /32 (for example, 192.168.0.0/32).

    For demonstration purposes, when you install the DBMS inside the Kubernetes cluster, the gateway IP address is an IP range (for example, 192.168.0.1—192.168.0.2).

    Make sure that the target host and the Kubernetes cluster gateway are located in the same broadcast domain.

  8. On your DNS server, register the service FQDNs to connect to the Kaspersky Next XDR Expert services.

    By default, the Kaspersky Next XDR Expert services are available at the following addresses:

    • <console_host>.<smp_domain>—Access to the OSMP Console interface.
    • <admsrv_host>.<smp_domain>—Interaction with Administration Server.
    • <kuma_host>.<smp_domain>—Access to the KUMA Console interface.
    • <api_host>.<smp_domain>—Access to the Kaspersky Next XDR Expert API.
    • <psql_host>.<smp_domain>—Interaction with the DBMS (PostgreSQL).

      Where <console_host>, <admsrv_host>, <kuma_host>, <api_host>, and <psql_host> are service host names, <smp_domain> is a service domain name. These parameters are parts of the service FQDNs, which you can specify in the configuration file. If you do not specify custom values of service host names, the default values are used: console_host—"console", admsrv_host—"admsrv", kuma_host—"kuma", api_host—"api", psql_host—"psql".

      Register the <psql_host>.<smp_domain> service FQDN if you installed the DBMS inside the Kubernetes cluster on the DBMS node and you need to connect to the DBMS.

    Depending on where you want to install the DBMS, the listed service FQDNs must be resolved to the IP address of the Kubernetes cluster as follows:

    • DBMS on the target host outside the Kubernetes cluster (standard usage)

      In this case, the gateway IP address is the address of the Kaspersky Next XDR Expert services (excluding the DBMS IP address). For example, if the gateway IP address is 192.168.0.0/32, the service FQDNs must be resolved as follows:

      • <console_host>.<smp_domain>—192.168.0.0/32
      • <admsrv_host>.<smp_domain>—192.168.0.0/32
      • <kuma_host>.<smp_domain>—192.168.0.0/32
      • <api_host>.<smp_domain>—192.168.0.0/32
    • DBMS inside the Kubernetes cluster (demonstration deployment)

      In this case, the gateway IP address is an IP range. The first IP address of the range is the address of the Kaspersky Next XDR Expert services (excluding the DBMS IP address), and the second IP address of the range is the IP address of the DBMS. For example, if the gateway IP range is 192.168.0.1—192.168.0.2, the service FQDNs must be resolved as follows:

      • <console_host>.<smp_domain>—192.168.0.1
      • <admsrv_host>.<smp_domain>—192.168.0.1
      • <kuma_host>.<smp_domain>—192.168.0.1
      • <api_host>.<smp_domain>—192.168.0.1
      • <psql_host>.<smp_domain>—192.168.0.2
  9. Create the user accounts that will be used for the Kaspersky Next XDR Expert deployment.

    These accounts are used for the SSH connection and must be able to elevate privileges (sudo) without entering a password. To do this, add the created user accounts to the /etc/sudoers file.

  10. Configure the SSH connection between the administrator and target hosts:
    1. On the administrator host, generate SSH keys by using the ssh-keygen utility without a passphrase.
    2. Copy the public key to the target host (for example, to the /home/<user_name>/.ssh directory) by using the ssh-copy-id utility.

      If you use the target host as the administrator host, you must copy the public key to it, too.

  11. For proper function of the Kaspersky Next XDR Expert components, open the required ports on the firewall of the administrator and target hosts, if necessary.
  12. Configure time synchronization over Network Time Protocol (NTP) on the administrator and target hosts.
  13. If necessary, prepare custom certificates for working with Kaspersky Next XDR Expert public services.

    You can use one intermediate certificate that is issued off the organization's root certificate or leaf certificates for each of the services. The prepared custom certificates will be used instead of self-signed certificates.

Article ID: 280752, Last review: Apr 14, 2025
Page top