Hardware and software requirements
Kaspersky SD-WAN has the following hardware and software requirements:
Hardware requirements
When deploying the solution, you must take into account the hardware requirements for deploying the orchestrator, SD-WAN controller, VNFM, and the monitoring system. Kaspersky SD-WAN uses the Zabbix monitoring system, versions 5.0.26 and 6.0.0. For detailed information about the hardware requirements of the monitoring system, see the official documentation of the Zabbix solution.
Hardware requirements depend on the number of CPE devices being managed. If you need to connect more than 250 CPE devices, deploy additional SD-WAN Controller clusters. If you need to calculate hardware requirements for a specific deployment scheme more precisely, we recommend contacting Kaspersky Technical Support.
- Hardware requirements for up to 50 CPE devices.
- Hardware requirements for up to 100 CPE devices.
- Hardware requirements for up to 250 CPE devices.
- Hardware requirements for up to 500 CPE devices.
- Hardware requirements for up to 1000 CPE devices.
- Hardware requirements for up to 5000 CPE devices.
- Hardware requirements for up to 10,000 CPE devices.
Software requirements
Docker 1.5 or later is required. The following 64-bit operating systems are supported:
- Ubuntu 20 LTS or later
- Astra Linux 1.7 or later (security level: "Orel").
The following browsers are supported for managing the orchestrator web interface:
- Google Chrome 100 or later
- Firefox 100 or later
- Microsoft Edge 100 or later
- Opera 90 or later
- Safari 15 or later
In Kaspersky SD-WAN, you can view the network topology overlaid on a geographical map. Maps of the OpenStreetMap service are used for this purpose. If the infrastructure of your organization does not provide for an Internet connection, you can use offline maps. Offline maps take up additional disk space:
- The offline map (central-fed-district-latest.osm.pbf) takes up approximately 100 GB.
- Geocoding data takes up approximately 10 GB.
For detailed information about maps, please refer to the official documentation of the OpenStreetMap service.
CPE device requirements
You can use standard CPE devices and universal CPE devices (uCPE devices; uCPEs). uCPE devices include a hypervisor, which lets you deploy virtual network functions and VIMs.
CPE devices have direct Internet access (DIA) without relaying traffic to the central office.
The following CPE devices are supported:
- KESR-M1-R-5G-2L-W
- KESR-M2-K-5G-1L-W
- KESR-M2-K-5G-1S
- KESR-M3-K-4G-4S
- KESR-M4-K-2X-1CPU
- KESR-M4-K-8G-4X-1CPU
- KESR-M5-K-8G-4X-2CPU
- KESR-M5-K-8X-2CPU
For detailed information about the characteristics of CPE devices, please refer to the official page of the solution.
Kaspersky experts carried out tests to confirm the functionality of CPE devices when providing the L3 VPN service (see the table below). DPI (Deep Packet Inspection) was not used on the tested devices, and traffic encryption was disabled.
Model | Packet size (bytes) | Bandwidth (Mbps) |
|---|---|---|
KESR-M1
| IMIX (417) | 30 |
Large (1300) | 115 | |
KESR-M2
| IMIX (417) | 165 |
Large (1300) | 241 | |
KESR-M3
| IMIX (417) | 805 |
Large (1300) | 1150 | |
KESR-M4 | IMIX (417) | 1430 |
Large (1300) | 2870 | |
KESR-M5
| IMIX (417) | 2875 |
Large (1300) | 5750 |
Shared storage requirements
We recommend using your own shared storage for fault tolerance. The requirements for the storage are as follows:
- Support for simultaneous read and write from multiple hosts.
- The size depends on the size of the files being stored, but at least 40 GB of available protected space that supports further expansion.
- Bandwidth of the communication links between the storage and the orchestrator must be at least 1 Gbps; 10-Gigabit Ethernet or 8-Gigabit FC (Fiber Channel) is recommended.
- The IOPS (input/output operations per second) value must be at least 250, at least 400 IOPS is recommended.
- The following types of shared storage are supported:
- NFS
- iSCSI
- FC
- CephFS
- The storage must be mounted.
- Must stay available if the host restarts.
