Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
Artem
09/22/2020, 8:52 PMHello to all!
Can you please tell me if we can get some advice on a suitable server configuration for Kolide Fleet.
We are planning to order equipment (dedicated hardware), but did not find anywhere an obvious correlation from the number of users.
We plan to deploy a Kolide Fleet to collect data separately from users and separately from servers.
We think about 5-7 thousand users and, conditionally, 5 thousand servers (Kubernetes, virtualization, etc.)
Tell me please, what are the optimal resources for such load volumes?
f
fritz
09/22/2020, 9:07 PM@Artem if you need consulting on Kolide Fleet configuration I would recommend reaching out to @zwass he has helped other organizations get setup to run Fleet across 10k-100k endpoints
If you guys do not need to go the on-prem/home-rolled route you can also trial our SaaS offering of Kolide for free for 30 days to see if that fits your needs: https://k2.kolide.com/signup
It's primarily designed around user-focused security and may be a better fit than Fleet for your user-driven devices.
z
zwass
09/22/2020, 9:31 PMAre you going to run MySQL and Redis on that dedicated hardware as well? Or just the Fleet servers?
a
Artem
09/23/2020, 9:05 AMHello!
Yes, we plan to run MySQL and Redis on that servers too
As I know, a typical server configuration is 56+ cores (112 threads), 64 gb ram, 2x500GB ssh in raid1 for the OS. There is the possibility of additional RAM and drives.
Could you also hear some basic recommendations for fault tolerance?
@fritz thank you for the offer, we considered this option. Unfortunately, the company’s current information security policies require on-prem
Update: targeting 10k users and 35k servers
f
fritz
09/23/2020, 12:26 PM@Artem đź‘Ť On-prem is definitely a very binary and inflexible req. The upside is, you are in good hands if you guys end up bending Zach's ear for Fleet help. Good luck with the deployment!
z
zwass
09/23/2020, 3:24 PMYour servers sound pretty powerful. I think you'd do fine with 2 behind a load balancer (for fault tolerance). You could probably even host both instances on the same 2 servers.
a
Artem
09/23/2020, 4:19 PM@fritz thanks!
@zwass hello! Can you please explain this a bit?
Didn’t understand a bit how to deploy instances.
In theory, we need a replica of the database according to the master-slave scheme, so that in the event of a failure of one server, we can quickly switch to another.
There is also a suspicion that 500 GB ssd will not be enough for such amount of data (from servers) and it is worth making a separate raid1 for data
z
zwass
09/23/2020, 4:33 PMIt will be up to you to configure the DB instances in whatever architecture you need for reliability. What I am saying is that 2 of these servers will be plenty powerful to run Fleet, Redis, and MySQL for the 45,000 hosts.
a
Artem
09/24/2020, 7:23 AM@zwass got it, thanks!