This document describes the requirements to install the deaddrop appliance. The document also describe the relevant requirements of support systems needed by deaddrop.
Deaddrop is an unattended installation from an ISO-image and can be installed as a virtual guest or on a physical server.
The basis for the hardware and virtual hardware recommendation is for a 200 user license with normal day-to-day usage of the service. With normal day-to-day usage we mean 20-30% of the licensed user use it daily for single dispatch operation of small-to-medium size files (1-100Mb files). Depending on the usage and the number of simultaneous deaddrop users the requirements may be different.
The table below will show the requirement for a physical server running deaddrop
deaddrop | deaddrop with AV-plugin | |
---|---|---|
CPU1 | 1 64bit 2GHz, 8-core | 2 64bits 2,3GHz, 8-core |
Memory | 8GB DDR4 ECC ~2000 MHz | 16GB DDR4 ECC ~2000 Mhz |
PSU | 2, at least 1 with UPS | 2, at least 1 with UPS |
Boot-mode | UEFI | UEFI |
Network card2 | minimum 1Gbit | minimum 1Gbit |
Hard drives | 2 in software raid | 2 in software raid |
SAS / RAID card | Support direct access | Support direct access |
Chassis units | 1U chassis | 1U chassis |
Rails | Click rails | Click rails |
Cable Mgmt Arm | 1U chassis | 1U chassis |
The calculation example below is the minimum disk space needed for uploaded files. The calculation is based on usage of X users in accordance with the number of files and file size in the Y column. column.
10 users | 100 users | 500 users | |
---|---|---|---|
5Mb files, 2 receivers | 100MB | 1GB | 5GB |
50Mb files, 5 receivers | 2,5GB | 25Gb | 125GB |
1Gb files, 2 receivers | 20GB | 200GB | 1TB |
1Gb files, 10 receivers | 100GB | 1TB | 5TB |
Permanent users can allow their contacts to use the system for a limited time. The limited users can also upload files that use the disk space
If the antivirus plugin is used, malware-tagged files will use disk space in the quarantine directory
deaddrop support IPv4 and IPv6 addresses
deaddrop require to have a fully qualified domain name. Deaddrop must also have access to a DNS resolver
Deaddrop requires in the most common installations access to an SMS gateway. Deaddrop also support a physical GSM-modem for sending SMS
Type | Delivers to | Receivers from | Protocol |
---|---|---|---|
Application | deaddrop | end users | HTTP TCP/80 |
Application | deaddrop | end users | HTTPS TCP/443 |
SMS | SMS gateway | deaddrop | HTTPS TCP/443 |
Admin | ddadm | admin users | HTTPS TCP/8443 |
Admin | console | admin users | SSH TCP/22 |
smtp.tld | deaddrop | SMTP TCP/25 | |
Time | deaddrop | ntp.tld | NTP UDP/123 |
DNS | deaddrop | resolver.dns | DNS UDP/53 |
Logs | syslog.tld | deaddrop | Syslog UDP/514 |
Updates | deaddrop | updates.sysctl.se | HTTPS TCP/443 |
Cert | deaddrop | letsencrypt.org | ACME TCP/443 |
Cert | letsencrypt.org | deaddrop | ACME TCP/80 |
It is extremely important that the interface used for administration (web via 8443/TCP) is only exposed towards an administrative network, not outward to the internet.
Additional firewall rules may be needed when integrating to other services (ie SMS gateway or external log server). An SMS gateway provider often allows for connections via HTTPS, so explicit outbound HTTPS connection to the specific provider needs to be added to the firewall.
deaddrop requires a trusted certificate, both for the admin application and the user application. This can be done with either the automated tool letsencrypt or by using a trusted CA.
© Copyright sysctl Aktiebolag 2013-2023. All rights reserved