The machines running the Cryptographic Security Platform must meet the following requirements.
Memory requirements
Each node needs at least 16 GB of RAM
CPU requirements
Each node needs at least 8 CPU cores
Main disk requirements
You need a main disk with the following requirements.
Setting | Required value |
|---|---|
Size | 1 TiB or more |
Storage type | SSD (Solid-state Drive) |
Additional disk requirements
The etcd daemon requires a dedicated disk with the following requirements.
Setting | Required value |
|---|---|
Size | 15 GiB or more |
Storage type | SSD (Solid-state Drive) |
fsync latency | As explained https://etcd.io/docs/v3.4/metrics/#disk, the p99 percentile of the |
IOPS (input/output operations per second) | 50 or more sequential write operations per second. |
Specifically, to ensure optimal fsync latency, we recommend either:
- Allocate dedicated IOPS
- Use storage QoS
Do not:
- Overcommit storage on the hypervisor.
- Use storage features that introduce unpredictable delays, such as deduplication or tiered storage.
- Use virtual machine snapshots or disk-level backups, as these mechanisms rely on copy-on-write techniques, which can lead to additional latency and result in an inconsistent state.
Use the built-in Cryptographic Security Platform backup feature instead of disk-level snapshots.
- Run real-time antivirus or file scans on data directory, as these processes may lock files or slow down I/O operations, causing latency spikes.
- Move a Cryptographic Security Platform node to a different host (for example, using vMotion or live migration), as this can introduce I/O latency or disrupt clock consistency. If you need to move Cryptographic Security Platform nodes, migrate one node at a time and wait for it to be fully available on the new host before migrating the next one.