Hardware and software requirements

Kaspersky SD-WAN has the following hardware and software requirements:

Hardware requirements depend on the number of CPE devices being managed (see the table below). If you need to connect more than 250 CPE devices, you need to deploy additional controllers. If you need to calculate hardware requirements for a specific deployment scheme more precisely, we recommend contacting Kaspersky Technical Support.

Solution component	Virtual CPU	RAM, GB	Disk, GB	IOPS
50 CPE devices
Redis replica server	2	1	100	1000
Redis Sentinel system	2	1
MongoDB database	2	2
Orchestrator	4	4
Virtual Network Function Manager (VNFM)	2	1
Proxy Virtual Network Function Manager (VNFM proxy)	2	1
Frontend part of the solution	2	1
Database of the Zabbix monitoring system	2	1	500	1000
Zabbix server	2	1
Frontend part of the Zabbix monitoring system	2	1
Zabbix proxy server	2	1
Syslog server	1	1	No value	No value
Data storage system	8	8	20	1000
Controller	8	8	64	1000
Total	41	32	684	4000
100 CPE devices
Redis replica server	2	1	100	1000
Redis Sentinel system	2	1
MongoDB database	4	4
Orchestrator	4	4
Virtual Network Function Manager (VNFM)	2	1
Proxy Virtual Network Function Manager (VNFM proxy)	2	1
Frontend part of the solution	2	2
Database of the Zabbix monitoring system	4	1	1000	1000
Zabbix server	2	1
Frontend part of the Zabbix monitoring system	2	1
Zabbix proxy server	2	1
Syslog server	2	1	No value	No value
Data storage system	8	8	20	1000
Controller	8	8	64	1000
Total	46	35	1184	4000
250 CPE devices
Redis replica server	2	2	100	1000
Redis Sentinel system	2	2
MongoDB database	4	4
Orchestrator	6	4
Virtual Network Function Manager (VNFM)	2	2
Proxy Virtual Network Function Manager (VNFM proxy)	2	2
Frontend part of the solution	2	2
Database of the Zabbix monitoring system	4	2	2500	1000
Zabbix server	4	2
Frontend part of the Zabbix monitoring system	2	2
Zabbix proxy server	2	2
Syslog server	2	2	No value	No value
Data storage system	8	10	20	1000
Controller	8	16	64	1000
Total	50	54	2864	4000
500 CPE devices
Redis replica server	2	2	100	1000
Redis Sentinel system	2	2
MongoDB database	6	4
Orchestrator	6	6
Virtual Network Function Manager (VNFM)	2	2
Proxy Virtual Network Function Manager (VNFM proxy)	2	2
Frontend part of the solution	2	2
Database of the Zabbix monitoring system	4	2	5000	1000
Zabbix server	4	2
Frontend part of the Zabbix monitoring system	4	2
Zabbix proxy server	4	2
Syslog server	2	2	No value	No value
Data storage system	8	10	20	1000
Controller	8	32	128	1000
Total	56	72	5248	4000
1000 CPE devices
Redis replica server	4	2	100	1000
Redis Sentinel system	2	2
MongoDB database	6	6
Orchestrator	6	8
Virtual Network Function Manager (VNFM)	2	2
Proxy Virtual Network Function Manager (VNFM proxy)	2	2
Frontend part of the solution	2	2
Database of the Zabbix monitoring system	6	2	1000	1000
Zabbix server	6	2
Frontend part of the Zabbix monitoring system	4	2
Zabbix proxy server	4	2
Syslog server	6	2	No value	No value
Data storage system	10	12	20	1000
Controller	8	64	256	1000
Total	68	110	1376	4000
2000 CPE devices
Redis replica server	4	4	200	2000
Redis Sentinel system	2	4
MongoDB database	6	8
Orchestrator	6	10
Virtual Network Function Manager (VNFM)	2	4
Proxy Virtual Network Function Manager (VNFM proxy)	2	4
Frontend part of the solution	4	4
Database of the Zabbix monitoring system	6	4	2000	2000
Zabbix server	6	4
Frontend part of the Zabbix monitoring system	6	4
Zabbix proxy server	6	4
Syslog server	6	4	No value	No value
Data storage system	12	16	20	1000
Controller	8	128	512	1000
Total	76	202	2732	6000
5000 CPE devices
Redis replica server	4	6	500	5000
Redis Sentinel system	2	6
MongoDB database	6	10
Orchestrator	6	12
Virtual Network Function Manager (VNFM)	4	6
Proxy Virtual Network Function Manager (VNFM proxy)	2	6
Frontend part of the solution	4	8
Database of the Zabbix monitoring system	8	6	5000	5000
Zabbix server	8	6
Frontend part of the Zabbix monitoring system	6	6
Zabbix proxy server	6	6
Syslog server	8	6	No value	No value
Data storage system	16	32	50	1000
Controller	8	320	1280	1000
Total	88	390	6330	7000
10,000 CPE devices
Redis replica server	4	8	1000	10,000
Redis Sentinel system	2	8
MongoDB database	8	12
Orchestrator	8	16
Virtual Network Function Manager (VNFM)	4	8
Proxy Virtual Network Function Manager (VNFM proxy)	2	8
Frontend part of the solution	4	8
Database of the Zabbix monitoring system	8	32	10,000	10,000
Zabbix server	8	16
Frontend part of the Zabbix monitoring system	8	8
Zabbix proxy server	8	8
Syslog server	8	8	No value	No value
Data storage system	32	64	100	1000
Controller	8	640	2560	1000
Total	112	844	13,660	22,000

The following table lists the hardware requirements that apply when a Kaspersky SD-WAN testbed is deployed in accordance with the all-in-one deployment scenario with 50 connected CPE devices.

Solution component	CPU	RAM, GB	Disk, GB	IOPS
Redis replica server	0.5	1	4	500
Redis Sentinel system	0.5	1	4	500
MongoDB database	1	2	16	1000
Orchestrator	2	4	4	500
Virtual Network Function Manager (VNFM)	1	1	4	1000
Proxy Virtual Network Function Manager (VNFM proxy)	1	1	4	500
Frontend part of the solution	1	1	4	500
Database of the Zabbix monitoring system	1	1	128	1000
Zabbix server	1	1	4	500
Frontend part of the Zabbix monitoring system	1	1	4	1000
Zabbix proxy server	0.5	1	4	500
Syslog server	0.5	1	32	1000
Controller	4	8	32	1000
Operating system	1	8	12	500
Total	With hyper-threading: 16. Without hyper-threading: 32.	32	256	10,000

Third-party solution requirements

The following third-party solutions are necessary to deploy the solution:

• The Zabbix monitoring system versions 5.0.26 or 6.0.0. For details, please refer to the official documentation of the Zabbix solution.
• The Docker cloud platform version 1.5 or later for deploying Docker containers of solution components. For details, please refer to the official documentation of the Docker cloud platform.
• The OpenStreetMap service for viewing the transport service topology overlaid on a map. If the infrastructure of your organization does not provide for an Internet connection, you can use offline maps. Offline maps take up additional disk space:
  • The offline map (central-fed-district-latest.osm.pbf) takes up approximately 100 GB.
  • Geocoding data takes up approximately 10 GB.

  For detailed information, please refer to the official documentation of the OpenStreetMap service.

Operating system requirements

The following 64-bit operating systems are supported:

• Ubuntu 22.04 LTS
• Astra Linux 1.7 (security level: "Orel").
• RED OS 7.3 "MUROM".

Requirements for deployment environments of solution components

The following deployment environments are supported for solution components:

• Physical servers (bare-metal servers):
  • CPU Intel® Xeon® E5-2600 v2 or later or an equivalent CPU.
  • IOPS 3000 or later.
• VMWare virtualization environment:
  • Version 7.0 or later.
  • The openvm-tools agent must be installed.
  • IOPS 3000 or later.
• KVM virtualization environment:

  Only the original KVM virtualization environment without additional orchestration tools is supported.

  • Kernel version 5.15 or later.
  • qemu-guest-agent must be installed.
  • The CPU must be in host mode.
  • IOPS 3000 or later.

Requirements for links between nodes of solution components

When deploying Kaspersky SD-WAN, you can deploy multiple nodes of solution components. The following requirements apply to links between nodes of solution components:

• Requirements for links between controller nodes:
  • Bandwidth: 1 Gbps
  • RTT (Round Trip Time): 200 ms or less
  • Packet loss: 0%
• Requirements for links between MongoDB database nodes:
  • Bandwidth: 1 Gbps
  • RTT: 50 ms or less
  • Packet loss: 0%
• Requirements for links between Redis database nodes:
  • Bandwidth: 1 Mbps
  • RTT: 50 ms or less
  • Packet loss: 0%

Browser requirements

The following browsers are supported for managing the orchestrator web interface:

• Google Chrome 100 or later
• Firefox 100 or later
• Microsoft Edge 100 or later
• Opera 90 or later
• Safari 15 or later

Requirements for the data storage system

We recommend using your own data storage system for fault tolerance. The following requirements apply to the data storage system:

• Support for simultaneous read and write from multiple hosts.
• The size of the data storage system depends on the size of the files being stored, but at least 40 GB of available protected space that supports further expansion.
• The bandwidth of the link between the storage system and the orchestrator must be at least 1 Gbps; 10-Gigabit Ethernet or 8-Gigabit FC (Fiber Channel) is recommended.
• At least 250 IOPS, at least 400 is recommended.
• The following types of data storage systems are supported:
  • NFS
  • iSCSI
  • FC
  • CephFS
• The data storage system must be mounted.
• Must stay available if the host restarts.

Administrator device requirements

The administrator device for deploying the solution must satisfy the following requirements:

• Operating system:
  • Ubuntu 20.04 LTS or 22.04 LTS
  • RED OS 8.

  The operating system must support internet access or contain a mounted disk image.

• 4 virtual CPU cores.
• 8 GB of RAM.
• 32 GB of free disk space.
• The name and password of root accounts must be the same on the administrator device and on the virtual machines or physical servers on which you want to deploy the solution components.

CPE device requirements

The following CPE device models are supported:

• KESR-M1-R-5G-2L-W
• KESR-M2-K-5G-1L-W
• KESR-M2-K-5G-1S
• KESR-M3-K-4G-4S
• KESR-M4-K-2X-1CPU
• KESR-M4-K-8G-4X-1CPU
• KESR-M5-K-8G-4X-2CPU
• KESR-M5-K-8X-2CPU

CPE devices of the KESR model are based on x86 (Intel 80x86) and MIPS (Microprocessor without Interlocked Pipeline Stages) processor architectures.

KESR M3–M5 CPE devices have Intel network adapters that are compatible with Intel SFP transceivers. For details about supported SFP transceivers, you can use the Intel Product Compatibility Tool

(in the territory of the Russian Federation, the link is accessible only via VPN). When using the Intel Product Compatibility Tool, you need to select one of the following product categories:

• 500 Series to view SFP transceivers that are compatible with KESR M3 CPE devices.
• 700 Series to view SFP transceivers that are compatible with KESR M4–M5 CPE devices.

Kaspersky experts carried out tests to confirm the functionality of CPE devices when providing the L3 VPN service (see the table below). DPI (Deep Packet Inspection) was not used on the tested devices, and traffic encryption was disabled.

Model	Packet size (bytes)	Bandwidth (Mbps)
KESR-M1	IMIX (417)	30
	Large (1300)	115
KESR-M2	IMIX (417)	165
	Large (1300)	241
KESR-M3	IMIX (417)	805
	Large (1300)	1150
KESR-M4	IMIX (417)	1430
	Large (1300)	2870

For detailed information about the characteristics of CPE devices, please refer to the official page of the solution.

You can deploy uCPE devices on servers with x86 (Intel 80x86) or ARM64 processor architectures.

vCPE device requirements

The distribution kit includes the following firmware for deploying vCPE devices:

• vKESR-M1
• vKESR-M2
• vKESR-M3
• vKESR-M4

The following virtualization environments are supported for vCPE devices:

• VMware 7.0 or later
• KVM with kernel version 5.15 or later

  Only the original KVM virtualization environment without additional orchestration tools is supported.

The following table lists the virtual resource requirements for deploying vCPE devices.

Firmware	CPU	RAM, GB	Disk, GB
vKESR-M1	2	0.5	1
vKESR-M2	4	8	1
vKESR-M3	12	16	1
vKESR-M4	24	32	1

When upgrading Kaspersky SD-WAN from version 2.2 to 2.3, you need to make sure that your previously deployed vCPE devices satisfy the requirements of the new version, after which you can update your vCPE devices using the vKESR-M1-5 firmware.

Page top