ESET Online Help

Search
Select the category
Select the topic

Hardware Requirements


important

Hardware requirements depend on the number of events. The event from the ESET Inspect side of view includes File system events (read file, write file, etc.), TCP events, Registry events, HTTP events, DNS events, etc.

There are two ways to get the number of events.

Before installing the ESET Inspect Server:

1.Install the ESET Inspect Connector on at least three endpoints (ESET Inspect Connector is operable without ESET Inspect Server).

2.Activate the product with a valid ESET Inspect license. The activation is done via ESET PROTECT by creating a "Product activation" task. To do this, contact your ESET PROTECT Administrator or create a Product Activation task.

3.Wait for at least a day.

4.Navigate to the folder where ESET Inspect Connector is installed (by default C:\Program Files\ESET\Inspect Connector) and run the command EIConnector.exe --stats.

5.From the output, use Average Events Per Day.

After the ESET Inspect Server is already installed and working:

1.Go to Dashboard > Events load tab and check the highest values of events received per 24h in the Events processed and stored per computer chart.

To calculate the estimated CPU, RAM, and disk space requirements for ESET Inspect Server and database on the same machine, use the following calculator:










The values in the table below are based on the assumption that the endpoint does not have more than a hundred thousand events generated per day, and the default data retention is 31 days. If the number of events in your environment exceeds a hundred thousand, you should proportionally scale the number from the table.

Minimum requirements

 

Microsoft SQL Server

MySQL

Number of Endpoints

500

1000

5000

500

1000

5000

Memory

4 GB

4 GB

12 GB

4 GB

4 GB

12 GB

Disk space

566 GB

1.24 TB

6.2 TB

566 GB

1.1 TB

5.6 TB

Disk IOPS

1500

1500

3000

1000

2000

3000

Number of CPU cores

2

2

10

2

2

8


note

The current scalability limit is approximately 30 000 endpoints per ESET Inspect Server when considering the average event rate from global telemetry. The limit can vary based on the exact conditions and environment specifics; therefore, use the configuration calculator for accurate hardware/resource specifications.


important

The estimated database size does not consider various logs (MySql general query log, MySql binary log, or SQL Server transaction log). If you do not need to store them for your purposes, consider disabling them or clearing the logs regularly to reduce their disk space.

Disk Space Consumption Reduction

We recommend these steps for disk space consumption reduction.

This can significantly save the disk space used by stored events.


warning

If the Windows Server OS's space goes under 10 percent of the partition capacity (C:\), ESET Inspect stops accepting data from endpoints.

The disk IOPS

To get the information regarding the IOPS that your disk can provide, use the tool described below:

66% of IOPS triggered by ESET Inspect are write-related operations, and the block size is 32KB.

IOPS achieved by the customer’s hardware can be measured using the following command line: diskspd -b32K -d60 -o4 -t8 -h -r -w65 -L -Z1G -c20G C:\iotest.dat > C:\DiskSpeedResults.txt.

diskspd is a Microsoft tool that can be downloaded from: https://learn.microsoft.com/azure-stack/hci/manage/diskspd-overview

The CPU and RAM impact reduction

To reduce the impact on CPU and RAM, you can use two approaches:

1.Navigate to Dashboard > Server Status > Event Packet Queue Length. If the chart shows that most of the time, 500, then consider upgrading your hardware or lowering the server load by using the steps described in the Disk Space Consumption Reduction.

2.You can change the interval of sending the events from connectors to the server. By default, the interval is every 7 minutes. You can change this in ESET PROTECT by going into Policies > New Policy > click Settings and select ESET Inspect Connector from drop-down menu > Interval of sending events to the server (minutes). The available interval is 5–1440 minutes.


important

To support a specific number of endpoints, ensure that the ephemeral port pool size is twice as big as the endpoint's count.

Command to check the current size of the ephemeral port pool:

netsh int ipv4 show dynamicport tcp

 

Command to set ephemeral port pool size:

netsh int ipv4 set dynamicport tcp start=<number> num=<size>

 

For example: To set the ephemeral port pool to 60k, type the following:

netsh int ipv4 set dynamicport tcp start=5536 num=60000

 

NOTE: Maximal port number can be 65536. It is recommended to set starting port at 1500.