Carbon Black EDR consists of two main components: sensors, which reside on and monitor the endpoints, and the centralized server infrastructure, which stores the sensor data and serves the Carbon Black EDR console. The centralized server infrastructure can be one server or multiple servers in a cluster.

• Carbon Black EDR can support up to 18,750 sensors and/or up to 10.5 TB of process event data per server.
• Up to eight-servers, plus one head node, can be grouped in a cluster under a single user console to support up to 150,000 sensors per cluster (provided that event data volume per minion server remains under 10.5 TB).
• The number of sensors supported and the duration of stored sensor data are primarily driven by the number and the process activity launched by each endpoint. Endpoints vary widely in the volume of processes generated depending on the operating system (OS) and the software that is running on the endpoints. These are the most important factors that drive scale.
• The Carbon Black EDR data store is Apache Solr for events with a Postgres management database.
• Proper sizing of server infrastructure to support a high-performance installation for each installation is critical to successful implementations.