Kaspersky Next XDR Expert

Deployment schemes

Expand all | Collapse all

There are two options for deploying Kaspersky Next XDR Expert: on multiple nodes or on a single node of the Kubernetes cluster. Before you start, we recommend that you familiarize yourself with the available deployment schemes, and then choose the one that best meets your organization's requirements. You can use the sizing guide that describes the hardware requirements and the recommended deployment option in relation to the number of devices in the organization.

Depending on the deployment option you choose, you may need the following hosts for the function of Kaspersky Next XDR Expert:

  • Administrator host

    The administrator host is a physical or virtual machine that is used to deploy and manage the Kubernetes cluster and Kaspersky Next XDR Expert. Since KDT runs on the administrator host, this host must meet the requirements for KDT.

  • Target hosts

    The target hosts are the physical or virtual machines that are used to deploy Kaspersky Next XDR Expert. The following target hosts are used:

    • Target hosts for installing the Kaspersky Next XDR Expert components

      The hosts that are included in the Kubernetes cluster and between which the workload is distributed.

      The target hosts must meet the requirements for the selected deployment option (the multi-node or single node deployment).

    • KUMA target hosts for installing the KUMA services

      The target hosts that are not included in the Kubernetes cluster and that are used to install the KUMA services (collectors, correlators, and storages). The number of the KUMA target hosts depends on the amount of events that Kaspersky Next XDR Expert has to process.

      The KUMA target hosts must meet the hardware, software, and installation requirements that are necessary for installing the KUMA services.

  • DBMS host (only for the multi-node deployment)

    The host for installing the DBMS is a separate server that is located outside the Kubernetes cluster. This host must meet the requirements for the database node.

  • KATA/KEDR host (optional)

    If you want to receive telemetry from Kaspersky Anti Targeted Attack Platform and manage threat response actions on assets connected to Kaspersky Endpoint Detection and Response servers, you can install and configure Kaspersky Anti Targeted Attack Platform with Kaspersky Endpoint Detection and Response. Kaspersky Anti Targeted Attack Platform is a standalone solution that must be installed on a separate server that is not included in the Kubernetes cluster. For details about KATA deployment scenarios, refer to the KATA documentation.

Multi-node deployment

In the multi-node deployment, the Kaspersky Next XDR Expert components are installed on several worker nodes of the Kubernetes cluster and if one node fails, the cluster can restore the operation of components on another node.

In this configuration, you need at least seven hosts:

  • 1 administrator host
  • 4 target hosts for installing the Kubernetes cluster and the Kaspersky Next XDR Expert components
  • 1 host for installing the DBMS
  • 1 KUMA target host for installing the KUMA services

Single-node deployment

In the single-node deployment, all Kaspersky Next XDR Expert components are installed on a single node of the Kubernetes cluster. You can perform the single-node deployment of Kaspersky Next XDR Expert if you need a solution that requires fewer computing resources.

In this configuration, you need at least three hosts:

  • 1 administrator host
  • 1 target host for installing the Kubernetes cluster, the Kaspersky Next XDR Expert components, and the DBMS
  • 1 KUMA target host for installing the KUMA services

In this configuration, the DBMS does not require a separate node but should be installed manually on the target host before the Kaspersky Next XDR Expert deployment.

Page top
[Topic 298639]

Multi-node deployment scheme

The figure below shows the Kaspersky Next XDR Expert deployment scheme on multiple nodes.

The distributed scheme of <XDR_ NAME> deployment.

Multi-node deployment scheme of Kaspersky Next XDR Expert

The multi-node deployment scheme of Kaspersky Next XDR Expert contains the following main components:

  • Administrator host. On this host, an administrator uses Kaspersky Deployment Toolkit to deploy and manage the Kubernetes cluster and Kaspersky Next XDR Expert. The administrator host is not included in the Kubernetes cluster.
  • Kubernetes cluster. A Kubernetes cluster includes the controller node (also referred to as primary node during the deployment procedure) and, at a minimum, three worker nodes. The number of worker nodes may vary. On the scheme, the distribution of Kaspersky Next XDR Expert components among the worker nodes is shown as an example. Actual component distribution may vary.
  • DBMS server. A server with an installed database management system is required for the proper function of Kaspersky Next XDR Expert components. An administrator installs the DBMS manually on the separated server outside the Kubernetes cluster.
  • Hosts with KUMA services. The KUMA services (collectors, correlators, and storages) are installed on the hosts that are located outside the Kubernetes cluster. The number of target hosts for KUMA services may vary.
  • KATA with KEDR. Kaspersky Anti Targeted Attack Platform with the Kaspersky Endpoint Detection and Response functional block. For details about KATA deployment scenarios, refer to the KATA documentation.
  • Kaspersky Next XDR Expert user host. A user device that is used to sign in to OSMP Console or KUMA Console.
  • Secondary Administration Servers (optional). Secondary Administration Servers are used to create a Server hierarchy.
  • Managed devices. Client devices protected by Kaspersky Next XDR Expert. Each managed device has Network Agent installed.

Ports

The scheme does not provide all of the ports required for successful deployment. For the full list of ports, refer to the Ports used by Kaspersky Next XDR Expert section.

Scheme legend:

Icon 1 on the deployment scheme. On the scheme, the communication within the Kubernetes cluster between hosts and between Kaspersky Next XDR Expert components is not shown. For details, refer to the Ports used by Kaspersky Next XDR Expert section.

Icon 2 on the deployment scheme. For the list of ports that must be opened on the managed devices, refer to the Ports used by Kaspersky Next XDR Expert section.

Icon 3 on the deployment scheme. For details about integration with KATA, including KEDR functional block, refer to the Integration with KATA/KEDR section.

Icon 4 on the deployment scheme. On the scheme, the KUMA services are deployed according to the multi-node deployment scheme. The number of target hosts for KUMA services may vary. The list of ports to be opened depends on the selected deployment scheme. For the full list of ports, refer to the Ports used by Kaspersky Next XDR Expert section.

Icon 5 on the deployment scheme. Port TCP 7221 and other ports to install services. You specify these ports as a value for --api.point <port>.

See also:

Architecture of Open Single Management Platform

Multi-node deployment: Preparing the administrator and target hosts

Multi-node deployment: Specifying the installation parameters

Adding and deleting nodes of the Kubernetes cluster

Page top
[Topic 270598]

Single-node deployment scheme

The figure below shows the Kaspersky Next XDR Expert deployment scheme on a single node.

The scheme of <XDR_ NAME> deployment that has a single host in the Kubernetes cluster.

Single-node deployment scheme of Kaspersky Next XDR Expert

The single-node deployment scheme of Kaspersky Next XDR Expert contains the following main components:

  • Administrator host. On this host, an administrator uses Kaspersky Deployment Toolkit to deploy and manage the Kubernetes cluster and Kaspersky Next XDR Expert. The administrator host is not included in the Kubernetes cluster.
  • Kubernetes cluster. A Kubernetes cluster includes the host that acts both as a controller node (also referred to as primary node during the deployment procedure) and a worker node.
  • DBMS server. A server with an installed database management system is required for the proper function of Kaspersky Next XDR Expert components. The DBMS server is not included in the Kubernetes cluster. An administrator installs the DBMS manually on the target host that will act as a primary worker node before the Kaspersky Next XDR Expert deployment.
  • Hosts with KUMA services. The KUMA services (collectors, correlators, and storages) are installed on the hosts that are located outside the Kubernetes cluster. The number of target hosts for KUMA services may vary.
  • KATA with KEDR. Kaspersky Anti Targeted Attack Platform with the Kaspersky Endpoint Detection and Response functional block. For details about KATA deployment scenarios, refer to the KATA documentation.
  • Kaspersky Next XDR Expert user host. A user device that is used to sign in to OSMP Console or KUMA Console.
  • Secondary Administration Servers (optional). Secondary Administration Servers are used to create a Server hierarchy.
  • Managed devices. Client devices protected by Kaspersky Next XDR Expert. Each managed device has Network Agent installed.

Ports

The scheme does not provide all of the ports required for successful deployment. For the full list of ports, refer to the Ports used by Kaspersky Next XDR Expert section.

Scheme legend:

Icon 1 on the deployment scheme. For the list of ports that must be opened on the managed devices, refer to the Ports used by Kaspersky Next XDR Expert section.

Icon 2 on the deployment scheme. For details about integration with KATA, including KEDR functional block, refer to the Integration with KATA/KEDR section.

Icon 3 on the deployment scheme. On the scheme, the KUMA services are deployed according to the multi-node deployment scheme. The number of target hosts for KUMA services may vary. The list of ports to be opened depends on the selected deployment scheme. For the full list of ports, refer to the Ports used by Kaspersky Next XDR Expert section.

Icon 4 on the deployment scheme. Port TCP 7221 and other ports to install services. You specify these ports as a value for --api.point <port>.

See also:

Architecture of Open Single Management Platform

Single node deployment: Preparing the administrator and target hosts

Single-node deployment: Specifying the installation parameters

Page top
[Topic 271071]