System Requirements
Ensure that you create components with the following recommended requirements in Azure:
Components | VM Name | Sample Name | VM Type/Size | OS | CPU | RAM(GB) | Autoscaling | Minimum Replicas | Maximum Replicas | Labels | Storage (Type/Size) | VNet/Subnet | NSG Configuration | Public IP required | IAM Role/Access |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
TIP-Webapp-Node-Pool | Web and App Services | workerctixwebapp | Standard_D8s_v3 | AKSAzureLinux-V2gen2-202407.08.0 | 8 | 32 GB | Enabled | 3 | 9 | cyware.com/worker-role=worker-ctix-webapp | 256 GB SSD | by du | All traffic from VNET CIDR | No | Admin Access for Deployment |
TIP-Background-Node-Pool | Background Services | workerctixbg | Standard_D8s_v3 | AKSAzureLinux-V2gen2-202407.08.0 | 8 | 32GB | Enabled | 3 | 9 | cyware.com/worker-role=worker-ctix-background | 256 GB SSD | by du | All traffic from VNET CIDR | No | Admin Access for Deployment |
TIP-Database-Node-Pool | Database Services | workerctixdb | Standard_D16s_v3 | AKSAzureLinux-V2gen2-202407.08.0 | 16 | 64 GB | Disabled | 3 | 3 | cyware.com/worker-role:worker-ctix-db | 1 TB SSD | by du | All traffic from VNET CIDR | No | Admin Access for Deployment |
Edge-Node-Pool | Ingress Controller | workeredge | Standard_D2s_v3 | AKSAzureLinux-V2gen2-202407.08.0 | 2 | 8 GB | Enabled | 1 | 3 | cyware.com/worker-role:worker-edge | 1 GB SSD | by du |
| No | Admin Access for Deployment |
System-Node-Pool | AKS System Nodes | agentpool | NA | AKSAzureLinux-V2gen2-202407.08.0 | NA | NA | Enabled | 2 | 5 | NA | 128 GB SSD | by du | All traffic from VNET CIDR | No | Admin Access for Deployment |
Azure Database for PostgreSQL flexible servers | TIP-Postgres | NA | Burstable, B8ms | Postgres v13 | 8 | 32 | Storage Auto-growth Enabled | NA | NA | NA | 1 TB SSD | by du | All traffic from VNET CIDR | No | Admin Access for Deployment |
Ensure that your servers meet the following requirements:
Ensure that you use a Solid State Drive (SSD) for system storage to perform the read and write operations faster. It also ensures the quick and smooth performance of the application.
An Application Gateway is essential for routing requests to the Threat Intelligence Platform (TIP).
A domain must be allocated for the TIP deployment, and SSL certificates should be available for installation.
Access to Kubectl should be provided by either adding the Cyware VPN IP to the allowed list on the Azure AKS cluster or through a bastion server for deployment.
The following table displays the maximum capacity for the specifications:
Specifications | Maximum Capacity |
|---|---|
Polling and ingestion count per day (Includes Duplicates) | 400,000 - 600,000 IOCs |
Enrichment | Quota - 10K/hr Number of tools - 10 Number of policies - 5 Tools per policy - 3 |
Publishing count per day | 200,000 IOCs |
Number of Subscribers | 50-100 |