Three-server deployment scenario

When using KATA and KEDR functionality, you can install the Endpoint Agent component on corporate LAN computers. When using KATA functionality, the Endpoint Agent component is not installed.

When using this deployment scenario, the Sensor, Central Node and Sandbox components are installed on separate servers. The Central Node component can also be deployed as a cluster. The server with the Sensor component receives traffic, performs an initial analysis, extracts files and forwards them to the Central Node component for a deeper analysis.

Using this deployment scenario, the Central Node component can receive traffic and perform an initial analysis of data in the main infrastructure. In this case, you can install the Sensor component on a server of a remote infrastructure whose traffic needs to be analyzed. If the channel bandwidth in the main infrastructure is more than 2 Gbps, you are advised to install the server with the Sensor component in the main infrastructure.

The traffic exchanged between the Central Node and Sensor components comprises up to 20% of traffic received by the Sensor component.

The application operating scenario when deployed on three servers is presented in the figure below.

Application operating scenario when deployed on three servers