VM Resource Requirements (POC)
This section outlines the resource requirements for server components for Cybereason On-Prem deployments in POC environments.
Important
Cybereason recommends that you deploy at least two Detection servers for recovery scenarios. The additional requirements listed in this topic are general guidelines only. Exact requirements vary depending on several factors, such as the number and type of endpoints, number of Detection servers, network traffic, and more. Consult with your Customer Success team for exact requirements for your deployment.
In this topic:
Virtualization Software Requirements
For Cybereason On-Prem deployments, Cybereason provides pre-built VMs for you to deploy.
Before you begin the installation, review the following requirements and recommendations:
- The Cybereason On-Prem server installation supports VMware vSphere ESXi version 6.5 or above.
Important
For each ESXi server, when calculating sizing requirements, keep in mind that 8GB of memory needs to be set aside for ESXi software.
For each ESXi instance:
We recommend that you enable hyperthreading on the physical host. If hyperthreading is disabled, multiply the CPU on each ESXi.
We recommend that you use an Intel/AMD processor with 64-bit support, specifically a 2.2 GHz or faster processor.
You must disable all BIOS power management options. For more information and best practices, see the VMWare documentation.
The vCPU/pCPU ratio per ESXi server ratio must be 2:1 or lower.
VM Hardware Requirements
Sizing requirements
The following table lists the VM hardware sizing requirements for each type of server. Following this table are specific details about each server.
Server Type |
Number of VMs |
CPU |
RAM |
Disk GB |
Disk 2 GB |
Disk 3 GB |
|---|---|---|---|---|---|---|
Detection |
1 |
4 |
32 |
50 |
512 |
|
Registration |
1 |
4 |
8 |
50 |
||
Webapp |
1 |
4 |
32 |
50 |
||
Configuration management |
1 |
6 |
12 |
50 |
50 |
50 |
Microservices (non-air-gapped) |
1 |
6 |
36 |
250 |
||
Microservices (air-gapped) |
1 |
6 |
42 |
250 |
||
Total |
5 |
24 |
120 |
450 |
562 |
50 |
Total disk |
1062 |
Detection server VM
General requirements
Topic |
Requirement/Note |
|---|---|
Total CPU |
The Detection server’s total CPU must not exceed the number of logical cores per socket when hyperthreading is enabled. |
Number of Detection servers |
Consult with your Sales Engineer to determine how many Detection servers you require to support your endpoints, to ensure optimal performance. Customer Success makes this calculation based on various factors, such as endpoint type (server/PC) and operating system. Cybereason recommends that you deploy at least two Detection servers for recovery scenarios. |
Memory reservation |
The Detection servers require full memory reservation and a set of advanced configuration settings and parameters for optimal performance (see Advanced configuration settings). These settings and parameters are automatically applied to each of the virtual machines as part of the deployment procedure. |
Resource consumption |
Important: Resource requirements may vary according to the environment. We recommend that you monitor resource consumption on a regular basis to ensure system performance. For more details on monitoring resource consumption, refer to the VMware documentation. |
Sizing requirements notes
The number of sensors in the Sizing section above is an estimate based on Windows sensors. Other endpoint types (e.g. Windows servers, Linux, and Mac machines) require additional resources. Contact your Customer Success team for details.
For the root disk sizes, the 50 GB storage enforces a log rotation of up to 50 MB per log, storing 30 log files backward.
The data disk enables saving approximately 21 days of recordings (of the sensor metadata). This is an estimated amount and should be evaluated according to the specific environment and retention prior to deployment. For assistance, contact Customer Success.
The data disk implementation includes automatic deletion according to the retention policy. In addition, a backup utility backs up all Cybereason components to the shared NFS repository. Cybereason takes daily snapshots of the entire memory graph backup every day at 12:00 AM UTC. Two backup copies are available per Detection server.
WebApp server VM
General requirements
Topic |
Requirement/Note |
|---|---|
Number of servers |
The WebApp server and Private Threat Intel server are on the same VM. Only one WebApp server and Private Threat Intel server VM is required for the deployment, regardless of the number of Detection servers. |
Memory reservation |
The WebApp server and Private Threat Intel server require full memory reservation and a set of advanced configuration settings and parameters for optimal performance (see Advanced configuration settings). These settings and parameters are automatically applied to each of the VMs as part of the deployment procedure. |
Resource consumption |
Important: Resource requirements may vary according to the environment. We recommend that you monitor resource consumption on a regular basis to ensure system performance. For more details on monitoring resource consumption, refer to the VMware documentation. |
Registration server VM
Only one Registration server VM is required for the deployment, regardless of the number of Detection servers.
Microservices VM
The SM Microservices VM includes the Arbiter microservice, Management microservice, and in some cases an additional microservice used for air-gapped deployments.
Configuration management server
The Configuration Management server is based on Ansible, an open-source software provisioning, configuration management, and application-deployment tool. Cybereason leverages Ansible to automate day 2 configuration tasks. Tasks include: connecting the Detection server to the WebApp server, changing the proxy configuration, monitoring, and more.
Endpoint requirements
Next steps
After you verify that your VMs satisfy the appropriate requirements, verify that the organization meets the Deployment Prerequisites.