- Deaddrop
- Documentaton
- deaddrop requirements
\pagebreak \tableofcontents \pagebreak
deaddrop requirements
This document describes the requirements to install the deaddrop appliance. The document also describe the relevant requirements of support systems needed by deaddrop.
Installation
Deaddrop is an unattended installation from an ISO-image and can be installed as a virtual guest or on a physical server.
Server setup recommendations
The basis for the hardware and virtual hardware recommendation is for a 200 user license with normal day-to-day usage of the service. With normal day-to-day usage we mean 20-30% of the licensed user use it daily for single dispatch operation of small-to-medium size files (1-100Mb files). Depending on the usage and the number of simultaneous deaddrop users the requirements may be different.
Virtual server
- The same hardware specification as a physical server.
- The virtualisation environment must ensure proper disk I/O (i.e. enough I/O bandwidth).
- The virtualisation environment must ensure proper network connection.
- The virtualisation environment must support UEFI boot.
- The virtualisation environment should support Secure boot.
- The virtualisation environment should support strong RNG to guests.
Physical Server
The table below will show the requirement for a physical server running deaddrop
| deaddrop | deaddrop with AV-plugin | |
|---|---|---|
| CPU1 | 1 64bit 2GHz, 8-core | 2 64bits 2,3GHz, 8-core |
| Memory | 8GB DDR4 ECC ~2000 MHz | 16GB DDR4 ECC ~2000 Mhz |
| PSU | 2, at least 1 with UPS | 2, at least 1 with UPS |
| Boot-mode | UEFI | UEFI |
| Network card2 | minimum 1Gbit | minimum 1Gbit |
| Hard drives | 2 in software raid | 2 in software raid |
| SAS / RAID card | Support direct access | Support direct access |
| Chassis units | 1U chassis | 1U chassis |
| Rails | Click rails | Click rails |
| Cable Mgmt Arm | 1U chassis | 1U chassis |
Disk usage (both virtual and physical server)
- For speed, we recommend Enterprise SSD disks.
- Deaddrop server requires 30 GB of disk space for the deaddrop application and Operating System. This is excluding the deaddrop end-users disk space.
- Uploaded files can be stored up to 14 days before being removed.
- Low traffic deaddrop server with 200+ users may use at least 50Gb of disk space
The calculation example below is the minimum disk space needed for uploaded files. The calculation is based on usage of X users in accordance with the number of files and file size in the Y column. column.
| 10 users | 100 users | 500 users | |
|---|---|---|---|
| 5Mb files, 2 receivers | 100MB | 1GB | 5GB |
| 50Mb files, 5 receivers | 2,5GB | 25Gb | 125GB |
| 1Gb files, 2 receivers | 20GB | 200GB | 1TB |
| 1Gb files, 10 receivers | 100GB | 1TB | 5TB |
Permanent users can allow their contacts to use the system for a limited time. The limited users can also upload files that use the disk space
If the antivirus plugin is used, malware-tagged files will use disk space in the quarantine directory
IP
deaddrop support IPv4 and IPv6 addresses
DNS
deaddrop require to have a fully qualified domain name. Deaddrop must also have access to a DNS resolver
SMS
Deaddrop requires in the most common installations access to an SMS gateway. Deaddrop also support a physical GSM-modem for sending SMS
External firewall
| Type | Delivers to | Receivers from | Protocol |
|---|---|---|---|
| Application | deaddrop | end users | HTTP TCP/80 |
| Application | deaddrop | end users | HTTPS TCP/443 |
| SMS | SMS gateway | deaddrop | HTTPS TCP/443 |
| Admin | ddadm | admin users | HTTPS TCP/8443 |
| Admin | console | admin users | SSH TCP/22 |
| smtp.tld | deaddrop | SMTP TCP/25 | |
| Time | deaddrop | ntp.tld | NTP UDP/123 |
| DNS | deaddrop | resolver.dns | DNS UDP/53 |
| Logs | syslog.tld | deaddrop | Syslog UDP/514 |
| Updates | deaddrop | updates.sysctl.se | HTTPS TCP/443 |
| Cert | deaddrop | letsencrypt.org | ACME TCP/443 |
| Cert | letsencrypt.org | deaddrop | ACME TCP/80 |
It is extremely important that the interface used for administration (web via 8443/TCP) is only exposed towards an administrative network, not outward to the internet.
Additional firewall rules may be needed when integrating to other services (ie SMS gateway or external log server). An SMS gateway provider often allows for connections via HTTPS, so explicit outbound HTTPS connection to the specific provider needs to be added to the firewall.
PKI
deaddrop requires a trusted certificate, both for the admin application and the user application. This can be done with either the automated tool letsencrypt or by using a trusted CA.
© Copyright sysctl Aktiebolag 2013-2023. All rights reserved