Contents
Network load
This section contains information about the volume of network traffic that the client devices and Administration Server exchange during key administrative scenarios.
The main load on the network is caused by the following administrative scenarios in progress:
- Initial deployment of anti-virus protection
- Initial update of anti-virus databases
- Synchronization of a client device with Administration Server
- Regular updates of anti-virus databases
- Processing of events on client devices by Administration Server
Initial deployment of anti-virus protection
This section provides information about traffic volume values after Network Agent 13.1 and Kaspersky Endpoint Security for Windows are installed on the client device (see the table below).
The Network Agent is installed using forced installation, when the files required for setup are copied by Administration Server to a shared folder on the client device. After installation, the Network Agent retrieves the distribution package of Kaspersky Endpoint Security for Windows, using the connection to the Administration Server.
Traffic
Scenario |
Network Agent installation for a single client device |
Installing Kaspersky Endpoint Security for Windows on one client device (with databases updated) |
Concurrent installation of Network Agent and Kaspersky Endpoint Security for Windows |
|---|---|---|---|
Traffic from a client device to Administration Server, KB |
1638.4 |
7843.84 |
9707.52 |
Traffic from Administration Server to a client device, KB |
69,990.4 |
259,317.76 |
329,318.4 |
Total traffic (for a single client device), KB |
71,628.8 |
267,161.6 |
339,025.92 |
After Network Agents are installed on the client devices, one of the devices in the administration group can be assigned to act as distribution point. It is used for distribution of installation packages. In this case, traffic volume transferred during initial deployment of anti-virus protection varies significantly depending on whether you are using IP multicasting.
If IP multicasting is used, installation packages are sent once to all running devices in the administration group. Thus, total traffic becomes N times smaller, where N stands for the total number of running devices in the administration group. If you are not using IP multicasting, the total traffic is identical to the traffic calculated as if the distribution packages are downloaded from the Administration Server. However, the package source is the distribution point, not the Administration Server.
Page topInitial update of anti-virus databases
The traffic rates during initial update of anti-virus databases (when starting the database update task for the first time on a client device), are as follows:
- Traffic from a client device to Administration Server: 1,8 MB.
- Traffic from Administration Server to a client device: 113 MB.
- Total traffic (for a single client device): 114 MB.
The data may vary slightly depending upon the current version of the anti-virus database.
Page topSynchronizing a client with the Administration Server
This scenario describes the state of the administration system when intensive data synchronization occurs between a client device and the Administration Server. Client devices connect to the Administration Server with the interval defined by the administrator. The Administration Server compares the status of data on a client device with that on the Server, records information in the database about the last client device connection, and synchronizes data.
This section contains information about traffic values for basic administration scenarios when connecting a client to the Administration Server (see table below). The data in the table may vary slightly depending upon the current version of the anti-virus database.
Traffic
Scenario |
Traffic from client devices to Administration Server, KB |
Traffic from Administration Server to client devices, KB |
Total traffic (for a single client device), KB |
Initial synchronization prior to updating databases on a client device |
699.44 |
568.42 |
1267.86 |
Initial synchronization after updating databases on a client device |
735.8 |
4474.88 |
5210.68 |
Synchronization with no changes on a client device and the Administration Server |
11.99 |
6.73 |
18.72 |
Synchronization after changing the value of a setting in a group policy |
9.79 |
11.39 |
21.18 |
Synchronization after changing the value of a setting in a group task |
11.27 |
11.72 |
22.99 |
Forced synchronization with no changes on a client device |
77.59 |
99.45 |
177.04 |
Overall traffic volume varies considerably depending on whether IP multicasting is used within administration groups. If IP multicasting is used, the total traffic volume decreases approximately by N times for the group, where N stands for the total number of devices included in the administration group.
The volume of traffic at initial synchronization before and after an update of the databases is specified for the following cases:
- Installing Network Agent and a security application on a client device
- Moving a client device to an administration group
- Applying a policy and tasks that have been created for the group by default, to a client device
The table specifies traffic rates in case of changes to one of the protection settings that are included in the Kaspersky Endpoint Security policy settings. Data for other policy settings may differ from data displayed in the table.
Page topAdditional update of anti-virus databases
The traffic rates in case of an incremental update of anti-virus databases 20 hours after the previous update are as follows:
- Traffic from a client device to Administration Server: 169 KB.
- Traffic from Administration Server to a client device: 16 MB.
- Total traffic (for a single client device): 16.3 MB.
The data in the table may vary slightly depending upon the current version of the anti-virus database.
Traffic volume varies significantly depending on whether IP multicasting is used within administration groups. If IP multicasting is used, the total traffic volume decreases approximately by N times for the group, where N stands for the total number of devices included in the administration group.
Page topProcessing of events from clients by Administration Server
This section provides information about traffic volume values when a client device encounters a "Virus detected" event, which is then sent to the Administration Server and registered in the database (see table below).
Traffic
Scenario |
Data transfer to Administration Server when a "Virus detected" event occurs |
Data transfer to Administration Server when nine "Virus detected" events occur |
|---|---|---|
Traffic from a client device to Administration Server, KB |
49.66 |
64.05 |
Traffic from Administration Server to a client device, KB |
28.64 |
31.97 |
Total traffic (for a single client device), KB |
78.3 |
96.02 |
Data in the table may vary slightly depending upon the current version of the anti-virus application and the events that are defined in its policy for registration in the Administration Server database.
Page topTraffic per 24 hours
This section contains information about traffic rates for 24 hours of the administration system's activity in a "quiet" condition, when no data changes are made either by client devices or by the Administration Server (see table below).
Data presented in the table describe the network's condition after standard installation of Kaspersky Security Center and completion of the Quick Start Wizard. The frequency of synchronization of the client device with Administration Server was 20 minutes; updates were downloaded to the Administration Server repository once per hour.
Traffic rates per 24 hours in idle state
Traffic flow |
Value |
|---|---|
Traffic from a client device to Administration Server, KB |
3235.84 |
Traffic from Administration Server to a client device, KB |
64,378.88 |
Total traffic (for a single client device), KB |
67,614.72 |