deaddrop requirements

This document describes the requirements to install the deaddrop appliance. The document also describe the relevant requirements of support systems needed by deaddrop.

Installation

Deaddrop is an unattended installation from an ISO-image and can be installed as a virtual guest or on a physical server.

Server setup recommendations

The basis for the hardware and virtual hardware recommendation is for a 200 user license with normal day-to-day usage of the service. With normal day-to-day usage we mean 20-30% of the licensed user use it daily for single dispatch operation of small-to-medium size files (1-100Mb files). Depending on the usage and the number of simultaneous deaddrop users the requirements may be different.

Virtual server

  • The same hardware specification as a physical server.
  • The virtualisation environment must ensure proper disk I/O (i.e. enough I/O bandwidth).
  • The virtualisation environment must ensure proper network connection.
  • The virtualisation environment must support UEFI boot.
  • The virtualisation environment should support Secure boot.
  • The virtualisation environment should support strong RNG to guests.

Physical Server

The table below will show the requirement for a physical server running deaddrop

  deaddrop deaddrop with AV-plugin
CPU1 1 64bit 2GHz, 8-core 2 64bits 2,3GHz, 8-core
Memory 8GB DDR4 ECC ~2000 MHz 16GB DDR4 ECC ~2000 Mhz
PSU 2, at least 1 with UPS 2, at least 1 with UPS
Boot-mode UEFI UEFI
Network card2 minimum 1Gbit minimum 1Gbit
Hard drives 2 in software raid 2 in software raid
SAS / RAID card Support direct access Support direct access
Chassis units 1U chassis 1U chassis
Rails Click rails Click rails
Cable Mgmt Arm 1U chassis 1U chassis

Disk usage (both virtual and physical server)

  • For speed, we recommend Enterprise SSD disks.
  • Deaddrop server requires 30 GB of disk space for the deaddrop application and Operating System. This is excluding the deaddrop end-users disk space.
  • Uploaded files can be stored up to 14 days before being removed.
  • Low traffic deaddrop server with 200+ users may use at least 50Gb of disk space

The calculation example below is the minimum disk space needed for uploaded files. The calculation is based on usage of X users in accordance with the number of files and file size in the Y column. column.

  10 users 100 users 500 users
5Mb files, 2 receivers 100MB 1GB 5GB
50Mb files, 5 receivers 2,5GB 25Gb 125GB
1Gb files, 2 receivers 20GB 200GB 1TB
1Gb files, 10 receivers 100GB 1TB 5TB

Permanent users can allow their contacts to use the system for a limited time. The limited users can also upload files that use the disk space

If the antivirus plugin is used, malware-tagged files will use disk space in the quarantine directory

IP

deaddrop support IPv4 and IPv6 addresses

DNS

deaddrop require to have a fully qualified domain name. Deaddrop must also have access to a DNS resolver

SMS

Deaddrop requires in the most common installations access to an SMS gateway. Deaddrop also support a physical GSM-modem for sending SMS

External firewall

Type Delivers to Receivers from Protocol
Application deaddrop end users HTTP TCP/80
Application deaddrop end users HTTPS TCP/443
SMS SMS gateway deaddrop HTTPS TCP/443
Admin ddadm admin users HTTPS TCP/8443
Admin console admin users SSH TCP/22
Mail smtp.tld deaddrop SMTP TCP/25
Time deaddrop ntp.tld NTP UDP/123
DNS deaddrop resolver.dns DNS UDP/53
Logs syslog.tld deaddrop Syslog UDP/514
Updates deaddrop updates.sysctl.se HTTPS TCP/443
Cert deaddrop letsencrypt.org ACME TCP/443
Cert letsencrypt.org deaddrop ACME TCP/80

It is extremely important that the interface used for administration (web via 8443/TCP) is only exposed towards an administrative network, not outward to the internet.

Additional firewall rules may be needed when integrating to other services (ie SMS gateway or external log server). An SMS gateway provider often allows for connections via HTTPS, so explicit outbound HTTPS connection to the specific provider needs to be added to the firewall.

PKI

deaddrop requires a trusted certificate, both for the admin application and the user application. This can be done with either the automated tool letsencrypt or by using a trusted CA.


© Copyright sysctl Aktiebolag 2013-2023. All rights reserved

  1. The CPU usage will be most intensive during malware scanning 

  2. 1Gbit network speed allows 100 users to simultany upload/download in 10Mbit/s which may be slow if deaddrop is used for large files