Deployment schemes
There are two options for deploying Kaspersky Next XDR Expert: on multiple nodes or on a single node of the Kubernetes cluster. Before you start, we recommend that you familiarize yourself with the available deployment schemes, and then choose the one that best meets your organization's requirements. You can use the sizing guide that describes the hardware requirements and the recommended deployment option in relation to the number of devices in the organization.
Depending on the deployment option you choose, you may need the following hosts for the function of Kaspersky Next XDR Expert:
- Administrator host
- Target hosts
- DBMS host (only for the multi-node deployment)
- KATA/KEDR host (optional)
Multi-node deployment
In the multi-node deployment, the Kaspersky Next XDR Expert components are installed on several worker nodes of the Kubernetes cluster and if one node fails, the cluster can restore the operation of components on another node.
In this configuration, you need at least seven hosts:
- 1 administrator host
- 4 target hosts for installing the Kubernetes cluster and the Kaspersky Next XDR Expert components
- 1 host for installing the DBMS
- 1 KUMA target host for installing the KUMA services
Single-node deployment
In the single-node deployment, all Kaspersky Next XDR Expert components are installed on a single node of the Kubernetes cluster. You can perform the single-node deployment of Kaspersky Next XDR Expert if you need a solution that requires fewer computing resources.
In this configuration, you need at least three hosts:
- 1 administrator host
- 1 target host for installing the Kubernetes cluster, the Kaspersky Next XDR Expert components, and the DBMS
- 1 KUMA target host for installing the KUMA services
In this configuration, the DBMS does not require a separate node but should be installed manually on the target host before the Kaspersky Next XDR Expert deployment.
Page topMulti-node deployment scheme
The figure below shows the Kaspersky Next XDR Expert deployment scheme on multiple nodes.
Multi-node deployment scheme of Kaspersky Next XDR Expert
The multi-node deployment scheme of Kaspersky Next XDR Expert contains the following main components:
- Administrator host. On this host, an administrator uses Kaspersky Deployment Toolkit to deploy and manage the Kubernetes cluster and Kaspersky Next XDR Expert. The administrator host is not included in the Kubernetes cluster.
- Kubernetes cluster. A Kubernetes cluster includes the controller node (also referred to as primary node during the deployment procedure) and, at a minimum, three worker nodes. The number of worker nodes may vary. On the scheme, the distribution of Kaspersky Next XDR Expert components among the worker nodes is shown as an example. Actual component distribution may vary.
- DBMS server. A server with an installed database management system is required for the proper function of Kaspersky Next XDR Expert components. An administrator installs the DBMS manually on the separated server outside the Kubernetes cluster.
- Hosts with KUMA services. The KUMA services (collectors, correlators, and storages) are installed on the hosts that are located outside the Kubernetes cluster. The number of target hosts for KUMA services may vary.
- KATA with KEDR. Kaspersky Anti Targeted Attack Platform with the Kaspersky Endpoint Detection and Response functional block. For details about KATA deployment scenarios, refer to the KATA documentation.
- Kaspersky Next XDR Expert user host. A user device that is used to sign in to OSMP Console or KUMA Console.
- Secondary Administration Servers (optional). Secondary Administration Servers are used to create a Server hierarchy.
- Managed devices. Client devices protected by Kaspersky Next XDR Expert. Each managed device has Network Agent installed.
Ports
The scheme does not provide all of the ports required for successful deployment. For the full list of ports, refer to the Ports used by Kaspersky Next XDR Expert section.
Scheme legend:
On the scheme, the communication within the Kubernetes cluster between hosts and between Kaspersky Next XDR Expert components is not shown. For details, refer to the Ports used by Kaspersky Next XDR Expert section.
For the list of ports that must be opened on the managed devices, refer to the Ports used by Kaspersky Next XDR Expert section.
For details about integration with KATA, including KEDR functional block, refer to the Integration with KATA/KEDR section.
On the scheme, the KUMA services are deployed according to the multi-node deployment scheme. The number of target hosts for KUMA services may vary. The list of ports to be opened depends on the selected deployment scheme. For the full list of ports, refer to the Ports used by Kaspersky Next XDR Expert section.
Port TCP 7221 and other ports to install services. You specify these ports as a value for --api.point <port>.
Single-node deployment scheme
The figure below shows the Kaspersky Next XDR Expert deployment scheme on a single node.
Single-node deployment scheme of Kaspersky Next XDR Expert
The single-node deployment scheme of Kaspersky Next XDR Expert contains the following main components:
- Administrator host. On this host, an administrator uses Kaspersky Deployment Toolkit to deploy and manage the Kubernetes cluster and Kaspersky Next XDR Expert. The administrator host is not included in the Kubernetes cluster.
- Kubernetes cluster. A Kubernetes cluster includes the host that acts both as a controller node (also referred to as primary node during the deployment procedure) and a worker node.
- DBMS server. A server with an installed database management system is required for the proper function of Kaspersky Next XDR Expert components. The DBMS server is not included in the Kubernetes cluster. An administrator installs the DBMS manually on the target host that will act as a primary worker node before the Kaspersky Next XDR Expert deployment.
- Hosts with KUMA services. The KUMA services (collectors, correlators, and storages) are installed on the hosts that are located outside the Kubernetes cluster. The number of target hosts for KUMA services may vary.
- KATA with KEDR. Kaspersky Anti Targeted Attack Platform with the Kaspersky Endpoint Detection and Response functional block. For details about KATA deployment scenarios, refer to the KATA documentation.
- Kaspersky Next XDR Expert user host. A user device that is used to sign in to OSMP Console or KUMA Console.
- Secondary Administration Servers (optional). Secondary Administration Servers are used to create a Server hierarchy.
- Managed devices. Client devices protected by Kaspersky Next XDR Expert. Each managed device has Network Agent installed.
Ports
The scheme does not provide all of the ports required for successful deployment. For the full list of ports, refer to the Ports used by Kaspersky Next XDR Expert section.
Scheme legend:
For the list of ports that must be opened on the managed devices, refer to the Ports used by Kaspersky Next XDR Expert section.
For details about integration with KATA, including KEDR functional block, refer to the Integration with KATA/KEDR section.
On the scheme, the KUMA services are deployed according to the multi-node deployment scheme. The number of target hosts for KUMA services may vary. The list of ports to be opened depends on the selected deployment scheme. For the full list of ports, refer to the Ports used by Kaspersky Next XDR Expert section.
Port TCP 7221 and other ports to install services. You specify these ports as a value for --api.point <port>.