Virtual Modular Sensor Provisioning and Performance

This article describes the resources required for the successful installation and operation of Stellar Cyber virtual modular sensors. Virtual modular sensors install as dedicated VMs with Stellar Cyber software pre-installed.

Refer to the following sections for details:

• What Determines Sensor Performance?

• Sensor Provisioning Rules

• Sensor Provisioning by Module

What Determines Sensor Performance?

Virtual modular sensor performance depends on the following key factors:

• Allocated VM resources (CPU and Memory). Sensor performance scales with CPU and RAM.

• Enabled features (Log Forwarder, Network Traffic, Sandbox, and IDS).

• Traffic volume (both peak and sustained events per second, connections per second, and bandwidth usage).

More features, deeper inspection, and more traffic always require more CPU and RAM.

Sensor Provisioning Rules

Guarantee your virtual modular sensor performance by following these rules for sensor provisioning:

• Reserve CPU and memory resources in the hypervisor.

• Enable SS3 for Linux-based sensors.

• Use ≥2.1 GHz processors for validated performance.

• Provision at least 1.5 times as much memory as the number of CPU cores to ensure stable performance. So, for example, if you provision 8 CPUs, you should provision at least 8 x 1.5 = 12GB of memory.

• Provision sensor disk space using the rules in Provisioning Disk Space for Virtual Modular Sensors.

As a simple rule, more traffic and inspection depth require more CPU and memory.

Sensor Provisioning by Module

Stellar Cyber provides virtual modular sensors using specific modules. This section lists the provisioning you must provide to achieve the performance for your purchased module. See the sections below for details.

Stated specifications support the corresponding maximum network traffic inspection throughput. Performance may vary depending on your environment, configuration, and other variables.