This article provides general sizing information for RSA ECAT 4.X
In the ECAT 188.8.131.52 User Guide see the "Recommended Hardware and Software for the Server(s)", (Page 19). This configuration may be referenced as a general guideline for anywhere from 5k-10k agents, depending on use.
ECAT use dependencies include:
Scan frequency, a single server can support effectively up to 5K scans per day (hardware permitting). There is the assumption that there will be 1 scan per day per agent.
Quick scan vs Full scan. It is assumed Full scans (fetching files off disk) are run infrequently. Running Full scans frequently will reduce the total number of agents that can be supported on a given hardware config. Full scans should not be run more frequently than weekly, and is recommended only for machines under investigation when everything else fails.
Files storage. In a large environment you can exclude (in ‘options’) signed files, and files that have a hash match from being downloaded. Including these files will increase substantially the storage requirements in a large, mixed environment.
SQL Server setup. Most of the job is done by the SQL Server, so it is assumed the SQL Server is tuned per Microsoft recommendations for performance.
The ECAT 4.1 Installation Guide, "Recommended Hardware and Software for the Server(s) (Page 6), increases a couple of the above recommendations, with double the memory, and dual Quad-cores.
The multiserver environment is generally useful for 50k+ agents, and is not a solution for performance issues. When adding a Secondary the recommended minimum setup is 2 Secondaries and 1 Primary. Where the Secondaries are dedicated to Agent connections, and the Primary aggregates all data. The Primary would have Agent discovery disabled.