WebsiteLoginKostenloser Testzugang

Requirements

Learn about the requirements to run Enginsight on-premise on your own servers.

Please note that we orchestrate our services using Docker. For this reason, it is important that only the Enginsight Docker instances run on the servers. Changes to the setup configuration in the docker-compose.yml file can lead to unpredictable side effects.

We strongly recommend that you use the Linux image versions we have identified, as we are unfortunately unable to support special custom builds!

Furthermore, only Debian-based systems are supported. Any deviations from our documentation, such as unauthorized changes to the configuration, changes to the setup or the addition of further services on the server, cannot be supported by us.

  1. Virtual machines (VM)

    1. as an Application Server

    2. as an Database Server

    3. for the Observer/Watchdog/Hacktor

  2. Docker Credentials

  3. Licence File

  4. Remote support (in case of installation by Enginsight Support)

  5. SSL/TLS Certificate

Capabilities

Application Server

The application server is used to operate the central API, the user interface and other services of the platform.

Monitoring of up to 500 servers and clients with Pulsar Agent

Operation System
Debian 12, 64bit

CPU

4 Cores

RAM

8 GB

Mass storage

200 GB (SSD recommended)

Best Practice: Create a common partition for the entire system

Connectivity

Inbound: Port 80 (Redirect to 443 + Let’s Encrypt) and Port 443

Outbound: Port 27017 to Database Server and Port 80 & 443 to the servers which are listed in the firewall rules

In addition, we recommend setting up at least 4 GB of swap-memory to mitigate potential out-of-memory (OOM) problems. Especially during the generation of the user interface (UI) by Ember, the RAM consumption can increase significantly, which in combination with the processing of incoming data can lead to increased resource requirements.

Monitoring of more than 500 servers and clients with Pulsar Agent

If your on-premises instance monitors more than 300 servers and clients with the Pulsar agent, you should consider the possibilities of load balancing on multiple application servers. If you have more than 500 Pulsar agents installed, load balancing across multiple application servers is necessary.

Maximale Anzahl an Pulsar-Agents
Number of application servers

500

1 virtual machine

1000

3 virtual machines

2500

8 virtual machines

5000

16 virtual machines

10000

32 virtual machines

If you want to use the Shield module to block network attacks, you should have more performance reserves. The required performance depends on how many events occur. Therefore, you should introduce Shield in several steps and observe the performance in monitoring to be able to scale up in time if necessary.

Make sure that the following external addresses are reachable and not blocked by firewall rules:

  • registry.enginsight.com

  • get.enginsight.com

  • registry-auth.enginsight.com

Please make sure that access via SSH is possible or VMware Tools are installed.

Database Server

The database server stores all monitoring data and communicates exclusively with the application server.

Operation System

Debian 11, Debian 12,64bit

CPU

4 Cores

RAM

4 GB

Mass storage

100 GB (SSD recommended)

in the directory \var

Connectivity

Inbound: Port 27017 for Enginsight Application-Server Outbound: Port 80 & 443 to the servers which are listed in the firewall rules

Please make sure that access via SSH is possible or VMware Tools are installed.

Observer/Watchdog/Hacktor

For the software components Observer, Hacktor and Watchdog you may need additional VMs. The individual software components can be operated together on one system, but separate operation is recommended. In case of shared operation, the resources have to be doubled.

These are minimum requirements. Upgrade the instances with more power so that the software components have more performance reserves.

One observer with the specified resources can take over the monitoring of up to 50 endpoints. For endpoints, note the option to define parallel processing of endpoints. The default setting is "2". Depending on the performance reserves, you can adjust the setting down or up. You also have the option to assign multiple observers to the same region, so that the observers share the monitoring of the endpoints among themselves.

Consider also the options for the Configuration of the Hacktor software component, especially the possibility to increase the Number of parallel scans.

Operating System

Linux: Debian 9/10/11, CentOS 7/8, no Windows AMD64 and ARMv7/ARMv8

CPU

2 Core / 4 Cores (for shared operation)

RAM

2 GB / 4 GB (for shared operation)

Mass Storage

20 GB / 50 GB (for shared operation)

Connectivity

Outgoing: Port 80 resp. 443

Number of maximum processes (numproc)

Minimum: 20,000

Best practice: unlimited

Please make sure that access via SSH is possible or VMware Tools are installed.

Firewall rules

OnPrem

App Server

Direction

Target

Target-Port

Protocol

Usage

Outgoing

Update Server

443

TCP

Updates for operating system and platform

Outgoing

DB

6379

TCP

If Redis is installed on the DB (e.g., load balancer)

Incoming

App Server

443

TCP

Incoming

App Server

80

TCP

If LetsEncrypt is used

Incoming

App Server

8080

TCP

For unencrypted instances (not recommended!)

Datenbank Server

Direction

Target/Source

Target-Port

Protocol

Usage

Ausgehend

Update Server

80/443

TCP

Updates for operating system and platform

Incoming

App Server

27017

Incoming

SIEM Management Server

27017

Incoming

App Server

6379

TCP

If Redis is installed on the DB (e.g., load balancer)

Component Server

Direction

Target/Source

Target-Port

Protocol

Usage

Outgoing

Update Server

80/443

Updates for operating system and platform

Agents und Sensoren

Component

Direction

Target

Target-Port

Protocol

Pulsar Agent

Outgoing

App Server

443

TCP

Enginsight Agent (Client/Server Agent)

Outgoing

App Server

443

TCP

Watchdog

Outgoing

App Server

443

TCP

Hacktor

Outgoing

App Server

443

TCP

Observer

Outgoing

App Server

443

TCP

Where

Rules

customer network

Sensor → Enginsight App Server: 443/TCP

customer network

Sensor → DNS: 53/UDP

Enginsight App Server

No detailed rules required for each sensor

If your instance is not encrypted, the APP server must also be accessible via 80 and 8080. This is not recommended! Please also ensure that all servers can reach your DNS.

Furthermore, the following domains must be accessible from the servers:

All servers:

  • Debian mirror server selected during installation (default: deb.debian.org)

APP server:

  • registry.enginsight.com

  • get.enginsight.com

  • registry-auth.enginsight.com

  • github.com

  • download.docker.com

  • raw.githubusercontent.com

  • dls.enginsight.com

  • registry-1.docker.io

  • debian.pool.ntp.org

  • auth.docker.io

  • codeload.github.com

  • production.cloudflare.docker.com

Database:

  • repo.mongodb.org

  • www.mongodb.org

  • debian.pool.ntp.org

SIEM

The SIEM consists of the following components:

  • Pulsar

  • Loggernaut

  • Apache Zookeeper

  • Apache Solr

  • (Traicer)

Loggernaut

Direction

Target/Source

Target-Port

Protocol

Outgoing

server-m2

443 or 80 without https

TCP

Outgoing

solr

8983

TCP

Outgoing

zookeeper

2181

TCP

Outgoing

sftp backup server

SSH-Port (configured)

TCP

Outgoing

s3 backup server

443 / 80

TCP

Incoming

server-m2

443 or 80 without https

TCP

Incoming

traicer

443 or 80 without https

TCP

Solr

Direction

Target/Source

Target-Port

Protocol

Outgoing

solr

8983

TCP

Outgoing

zookeeper

2181

TCP

Incoming

loggernaut

8983

TCP

Incoming

solr

8983

TCP

Zookeeper

Direction

Source

Target-Port

Protocol

Incoming

loggernaut

2181

TCP

Incoming

solr

2181

TCP

Server-m2

Direction

Target/Source

Target-Port

Protocol

Outgoing

loggernaut

443 or 80 without https

TCP

Incoming

loggernaut

443 or 80 without https

TCP

Traicer

Direction

Target

Target-Port

Protocol

Outgoing

loggernaut

443 or 80 without https

TCP

SFTP Backup Server

Direction

Source

Target

Target-Port

Protocol

Incoming

loggernaut

SSH-Port (configured)

SSH Port (defined in config)

TCP

S3 Backup Server

Direction

Source

Target-Port

Protocol

Usage

Eingehend

loggernaut

443 / 80

TCP

Receipt of backups

Certificate

To ensure that network traffic between the sensors (Pulsar Agent, Observer, Watchdog, Hacktor) and the Enginsight API is encrypted, you need an SSL/TLS certificate. As a best practice, we recommend a public certificate (e.g. from Let's encrypt) that you resolve internally.

Use a reverse proxy (external or on the server itself) that forwards requests to port 80 (app) and port 8080 (API).

For a smooth operation of the Enginsight application, the call via HTTPS is mandatory.

For the operation of the standard installation we recommend two DNS names:

  • ngs-api.your-domain.com

  • ngs-app.your-domain.com

Please make sure that the certificate is in PEM format.

Docker Credentials

To run Enginsight on-premises, you need Docker credentials, which you can get from us.

Just contact us via email: [email protected].

Licence File

You can purchase the necessary license file directly from us.

Just contact us via email: [email protected].

Remote support

If you want to install Enginsight on-premises with assistance from our support, please make sure that a remote control option is available. In our experience, TeamViewer works the most reliably.

PreviousSearchbarNextInstallation

Last updated

Was this helpful?