Calculations for the Sandbox component
8 November 2023
ID 247180
The hardware requirements for a server with the Sandbox component depend on the type and volume of processed traffic and on the permissible object scan time.
By default, the permissible object scan time is 1 hour. To reduce this time, you need a more powerful server or more servers with the Sandbox component.
It is recommended to calculate the configuration of the Sandbox component as follows:
- Install the Central Node and Sensor components on one server and the Sandbox component on a different server for pilot operation of the application.
To receive sufficient statistical data, the application must process traffic of the organization for a week.
- Run the data recording script by executing the following commands:
kata-collect --output-dir path-to-folder--output-dir <path to directory>When the script finishes running, the collect.tar.gz archive will be moved to the specified directory.
- Forward this archive to Kaspersky Lab staff for analysis.
If multiple virtual machines are started simultaneously, the speed of processing objects from the queue is increased.
The Sandbox component is not supported on AMD processors.
Hardware requirements for the server hosting the Sandbox component
The calculation of the number of servers with the Sandbox component when using preset images of operating systems is shown in the table below.
Hardware requirements for the Sandbox component when using preset images of operating systems
Maximum number of email messages per second | Maximum volume of traffic from SPAN ports (Mbps) | Maximum number of computers with the Endpoint Agent component | Number of physical servers with the Sandbox component | |
|---|---|---|---|---|
When using | When using | |||
1 | 200 | 1,000 | 1 | 1 |
2 | 500 | 3,000 | 1 | 1 |
1 | 1,000 | 5,000 | 1 | 1 |
5 | 2,000 | 5,000 | 1 | 1 |
20 | 4,000 | 10,000 | 2 | 1 |
If you want to install the Sandbox component on a virtual server, you need 3 to 4 times more virtual servers to get the same performance you would get from a physical server.
Additional capacity may be required when using custom images for servers with the Sandbox component. To calculate the number of physical Sandbox servers required when using custom operating system images, you can use the following formula:
<number of files that need to be processed per hour in accordance with to user-defined Sandbox rules> * <number of custom operating system images> / 1000
To calculate the number of virtual Sandbox servers required when using custom operating system images, you can use the following formula:
<number of files that need to be processed per hour in accordance with to user-defined Sandbox rules> * <number of custom operating system images> / 280
The estimation of the number of Sandbox servers is listed for servers with the following configuration:
- When installing the Sandbox component on a physical server:
- 2 CPUs: Intel Xeon 8 Core (HT) at 2.6 GHz or higher.
- 80 GB of RAM.
- 2 HDDs, 300 GB each, combined into a RAID 1 array.
- When installing the Sandbox component on a VMware ESXi virtual machine:
- Intel Xeon 15 Core (HT) processor at 2.1 GHz or higher
- 32 GB of RAM.
- 300 GB HDD.
On the virtual machine:
- Nested virtualization enabled.
- Latency Sensitivity option set to High.
- Entire RAM is reserved.
- Entire CPU frequency is reserved.
When installing the Sandbox component on a VMware ESXi virtual machine, you must set the limit for simultaneously running virtual machines to 12.
