Some of the configuration parameters must be delivered to sysctl before a deaddrop appliance can be built and delivered.
After the delivery of an appliance additional configuration must be applied.
deaddrop appliance requirements before delivery
The following information is required before an appliance server can be built
Appliance server type
- Virtual appliance or a physical appliance
- Server specification (see server-spec.pdf document)
- Virtualization technology
- Version of virtualization software
- Can you receive qcow2 harddrive yes/no?
- Support for UEFI yes/no?
- Desired disk size
- ip address (ipv4 and/or ipv6)
- netmask (ipv4 and/or ipv6)
- default gateway (ipv4 and/or ipv6)
- hostname (ie. deaddrop)
- fqdn (ie. deaddrop.sysctl.se)
- desired SMS solution (ie. GSM-modem or SMS-gateway provider)
- GSM modem
- Link Mobility
- Telia Telemat
- mailbox for administrators (ie. system mail, ie hardware failures, malware detection etc)
- mail address to use as sender address from deaddrop to end users (ie “you have received a protected file”)
- minimum password length
- complexity (capital letters, lower case, number, special characters)
- sms password (character list)
- sms password length
- user session timeout time
- internal service desk support number
- internal service desk support email
- maximum size of files that is allowed for upload
The following must be ready during delivery
One person on site that is able to give access to the console on the delivered appliance.
The following is the minimal network connection requirements, relating to firewall rules and opening of UDP and TCP ports, that deaddrop needs to work properly.
inbound from internet (access to deaddrop service)
inbound from administrative network or similar
outbound to dmz or similar (DNS server[s])
outbound to desired NTP server(s)
outbound to desired SMTP relay
outbound connection to updates.sysctl.se (software updates, system patches, AV updates)
It is extremely important that the interface used for administration (web via 8443/TCP) is only exposed towards an administrative network, not outward to the internet.
Additional firewall rules may be needed when integrating to other services (ie SMS gateway or external log server). An SMS gateway provider often allows for connections via HTTPS, so explicit outbound HTTPS connection to the specific provider needs to be added to the firewall.
For explanation about network connections see deaddrop-net document.
For correct DNS setup, at least the following information is needed:
- An A record in DNS for FQDN
- A PTR record for IPv4 and/or IPv6 address
For correct SMS setup, at least one of the following choices needs to be completely configured:
- GSM modem
- sim card
- pin code to sim card
- SMS gateway
- additional tokens
- Access to an account (or personnel that has access to account) that can issue x509 certificates from a webtrust PKI.
All password and secrets will be created or changed onsite during the installation time, please be
prepared to handle the new passwords.
After delivery requirements
- A email address to a person or group account which information about updates and similar information can be sent to
- If the API is used, a email address to a person or group account which information about planned changed in the API can be sent to
- If sysctl are handling software updates, a contact person to request service windows
- If sysctl are handling software updates, a fixed service window when possible
© Copyright sysctl Aktiebolag 2013-2023. All rights reserved