Preparing a Server for Stellar Cyber Cluster Deployment

Stellar Cyber Academy icon Learn more at Stellar Cyber Academy.

The following link takes you to a course on the Stellar Cyber Academy technical training portal where you can learn more about this topic by watching the suggested lessons.

M01 Platform Installation and Configuration (03h:38m)

Learn the foundational steps for installing and configuring the Stellar Cyber Platform on ESXi. Get an overview of setting up the data processor, networking, and virtual machines for the data lake and data analyzer to ensure optimal platform functionality.

Explore the roles of key components within the Stellar Cyber Platform, including the data lake and data analyzer. See how these elements integrate to support secure data management, processing, and interaction with modular sensors and server sensors.

Configure ESXi datastores to meet platform storage requirements. Create dedicated datastores for data lake storage and virtual machines, ensuring efficient disk usage and scalability in production environments.

Watch a demonstration of ESXi datastore setup, including datastore expansion and partition configuration. Follow best practices for provisioning storage for the Stellar Cyber Platform on VMware.

Set up ESXi networking for the Stellar Cyber Platform. Configure vSwitches, port groups, and networking settings based on deployment type, ensuring secure and optimized data flow between platform components.

View a practical guide to configuring ESXi networking, focusing on the setup of vSwitches and port groups for both clustered and single-node environments. Enable secure communication for data analyzer and data lake components.

Set up the data lake virtual machine within ESXi, including storage, networking, and system resource requirements. Follow best practices for thick provisioning to ensure stable performance.

Follow a demonstration on creating the data lake virtual machine using an OVA file. Configure CPU, memory allocation, and network adapter settings to optimize data storage operations.

Configure the data lake VM to support data ingestion, storage, and retrieval. Adjust initial console and network settings to maximize storage efficiency in ESXi.

Watch a demo on finalizing data lake VM settings, including managing storage, setting network parameters, and verifying configurations for robust performance in production.

Create the data analyzer VM, focusing on resource allocation and setup within the ESXi environment. Use virtual machine provisioning techniques suited for data processing requirements.

View a demonstration of configuring the data analyzer VM, emphasizing network configuration and resource allocation to support processing-intensive tasks in threat analysis and alert generation.

Complete the initial setup for the data analyzer VM, adjusting settings for data flow and CPU utilization to integrate seamlessly with the data lake.

Follow a setup walkthrough for the data analyzer VM, covering essential configurations to optimize data processing performance and ensure system stability.

Configure the data processor settings within the Stellar Cyber Platform. Set up data ingestion points, verify network configurations, and ensure smooth data processing workflows.

See a practical example of configuring the data processor in ESXi, including adjustments for optimized data routing and resource usage to meet production standards.

Learn how to add extra storage drives to the data lake VM to expand storage capacity. Configure the additional storage to accommodate increased data retention and scalability.

Watch a demonstration on expanding data lake storage by adding new drives. Set up partitions and integrate with existing storage to support high data volumes.

Convert a single data processor setup to a clustered architecture. Separate communication channels between data lake and data analyzer nodes to enhance load distribution and fault tolerance.

The first time you access a link on the portal during a session, you must log in to access content.

This topic provides deployment guidelines and infrastructure requirements for hosting the Stellar Cyber Data Processor (DP) platform in an on-premises environment on a dedicated server with separate virtual machines for different platform components (a single-tenant virtualization host, such as a VMware ESXi server).

You must follow the guidelines in this topic to ensure successful deployment, performance stability, scalability, and operational reliability.

Next Steps

After you have prepared the target server using the rules in this topic:

  1. Use the information in Stellar Cyber Platform (DP) System Requirements and Capacity Planning to understand the quantities of different cluster node types you must deploy for your expected daily ingestion volume, as well as the vCPUs, memory, and disk space that must be provisioned for them.

  2. Use the instructions in Installing a Data Processor in VMware (Cluster) to deploy the necessary VMs on the target server you prepared in the first step.

Hardware, Hypervisor, and Virtual Machine Requirements

This section defines the mandatory requirements for preparing the platform hardware, hypervisor, and virtual machine environments to host a Stellar Cyber DP platform.

These requirements are critical to achieving:

  • Predictable latency
  • High throughput
  • Stable performance
  • Operational reliability

Any deviation from these requirements must be explicitly approved in writing by Stellar Cyber.

Core Requirements Summary

The table below summarizes the mandatory core requirements for the Stellar Cyber DP platform. Following the table, each requirement is described in detail.

Category Requirement Purpose
Compute Isolation

VM instances must run on dedicated/single-tenant hosts. No other customer workloads may share the physical host.

 Eliminates resource contention ("noisy neighbor" effects).
CPU Allocation No CPU oversubscription. vCPUs must map 1:1 to dedicated physical cores. Ensures full core availability and predictable CPU cycles.
CPU Pinning Static vCPU pinning/fixed CPU affinity to physical cores must be enabled. Guarantees stable cache locality and predictable latency by preventing vCPU migration.
Memory 100% memory reservation with no memory ballooning, swapping, or overcommiting. Ensures all allocated RAM is guaranteed and exclusively available.
NUMA NUMA-aware placement. CPU and memory must align within the same NUMA node where possible. Optimizes memory access speed for multi-socket systems.
Storage Dedicated, SSD-only storage meeting minimum performance thresholds. Ensures I/O performance and isolation required for high-volume data processing.
Cluster Networking

All nodes on the same local subnet:

  • RTT less than 2 ms.

  • Greater than or equal to 10 Gbps sustained throughput for inter-node traffic.

Ensures high-speed, low-latency inter-node communication for cluster stability and performance.
Management Networking Each Data Processor VM requires two virtual network interfaces. The management interface must have a minimum bandwidth of 1 Gbps, with 10 Gbps recommended. Ensures that the management networking interfaces provides adequate bandwidth for data ingestion.

Each of these requirements is mandatory to achieve stated performance and reliability levels.

Compute Isolation and Host Exclusivity

The underlying physical host must be exclusively dedicated to the Stellar Cyber platform.

  • Single-Tenant Host: The Stellar Cyber data and master nodes must be deployed on dedicated physical hosts (for example, dedicated host, bare metal, or equivalent cloud/hypervisor construct).
  • Exclusivity: No other workloads may share the same physical server.
  • Unacceptable Environments: Shared-host or multi-tenant compute environments are strictly prohibited.

CPU Allocation and Oversubscription

The compute platform must guarantee the isolation and dedication of CPU resources:

  • No CPU Oversubscription: The hypervisor must be configured with a CPU overcommit ratio of 1.0.
  • 1:1 Mapping: Each vCPU must map directly to a dedicated physical CPU core.
  • Dedicated Backing: All vCPUs must be backed by dedicated physical cores.
  • Hypervisor Scheduling: Hypervisor scheduling must not allow competing workloads on the allocated physical cores.

CPU Pinning and Affinity

Predictable latency and stable performance require fixed resource locality.

  • Static Pinning: The hypervisor platform must use static vCPU pinning to specific physical CPU cores.
  • Fixed Affinity: Fixed CPU affinity must be configured for all Stellar Cyber nodes.
  • Prohibited: Dynamic CPU scheduling or floating vCPUs are not allowed.

Result: This configuration prevents vCPU migration and ensures stable cache locality and predictable latency.

Refer to Configuring CPU Scheduling Affinity for more information.

Memory Reservation and Isolation

Memory resources must be fully guaranteed and isolated for each VM instance.

  • 100% Reservation: All nodes must have 100% memory reservation configured.
  • No Overcommit or Swapping: Memory overcommit, ballooning, and swapping are not permitted.
  • Guarantee: Allocated RAM must be fully guaranteed and exclusively available to the VM instance at all times.

NUMA Awareness

Proper resource alignment is critical for physical hosts with multiple processor sockets (multi-socket systems):

  • NUMA-Aware Placement:The platform must provide and enforce NUMA-aware VM placement.

  • Alignment: CPU and memory resources must be aligned within the same NUMA node where physically possible.

  • Documentation: The deployment documentation must explicitly describe the mechanism used to enforce NUMA locality.

Refer to Reviewing CPU/NUMA Configuration for more information.

Storage Performance Isolation

Storage must provide consistently high I/O performance with minimal latency.

  • Isolation: Storage provided to Stellar Cyber data nodes must be dedicated or performance-isolated to be free of "noisy neighbor" effects.

  • Technology: Storage must be SSD-only. Hard Disk Drives (HDD) are not permitted.

  • Performance Minimums: The underlying storage must meet or exceed the following sustained minimum performance metrics for 4KB random data operations:

    • Write IOPS: > 30,000

    • Read IOPS: > 60,000

    • Throughput: > 500MB/s (Read/Write)

  • Latency: The storage solution must be local with a write latency of < 1 ms.

Cluster Networking Requirements

The network configuration is critical for maintaining high-speed inter-node communication and cluster stability.

  • High-Speed Interconnect: The physical network infrastructure must support a minimum sustained throughput of >= 10 Gbps for all inter-node traffic. Nvidia (Mellanox) or Intel NICs are required.
  • Low Latency: The network latency between any two cluster nodes (Master, Data, or DP) must have a Round Trip Time (RTT) of < 2 ms. Lower latency is mandatory for optimal distributed processing.

  • Local Subnet Proximity: All nodes within the Stellar Cyber cluster must reside on the same Layer 2 local subnet.

  • Physical Switching: Where the cluster spans multiple physical hosts, the hosts must be connected to the same physical switch or a high-performing, low-latency spine/leaf fabric to minimize network hops and maintain low RTT.

  • Dedicated Network/Traffic Isolation: The network used for inter-node cluster communication must be dedicated or logically isolated (for example, using a separate VLAN or network segment) from external and management traffic. This prevents contention and the "noisy neighbor" effect on critical cluster operations.

  • MTU Consistency: The Maximum Transmission Unit (MTU) size must be consistent across all cluster nodes and network infrastructure (switches, routers) to prevent fragmentation and performance degradation.

  • No Network Address Translation (NAT): Inter-node communication must not be subjected to Network Address Translation (NAT) or firewall/proxy intervention that adds significant latency or complexity. Communication should be direct IP-to-IP within the dedicated subnet.

Management Networking Requirements

  • Each Data Processor VM requires two virtual network interfaces.

  • One network interface must be dedicated to the Management Network.

  • The Management Network interface must have a minimum bandwidth of 1 Gbps, with 10 Gbps recommended.