WebsiteLoginKostenloser Testzugang

System Requirements

Here you get information about the system requirements of the software components Pulsar-Agent, Observer, Hacktor and Watchdog.

Please note that we orchestrate our services using Docker. For this reason, it is important that only Enginsight Docker instances run on the servers. Changes to the setup configuration in the docker-compose.yml file can lead to unpredictable side effects.

We strongly recommend using the Linux image versions specified by us, as we are unfortunately unable to support special custom builds!

Furthermore, only Debian-based systems are supported. We can't support any deviations from our documentation, such as unauthorized changes to the configuration, changes to the setup, or the addition of further services to the server.

Please note that AVX is required for the installation of MongoDB!

  1. Virtual Machines (VM)

    1. for Applicationserver

    2. for Databaseserver

    3. for Observer/Watchdog/Hacktor

  2. Firewall permissions

  3. Docker Credentials

  4. Licensefile for Enginsight

  5. Remote support (for installation by Enginsight Support)

  6. SSL/TLS-Certificate

Ressources

Application Server

The application server is used to operate the central API, the user interface (UI), and other platform services.

Monitoring of up to 500 servers and clients with Pulsar Agent

Operating System (OS)

Debian 12, 64bit

CPU

4 Cores

RAM

8GB

mass storage

200 GB (SSD recommended)

Best Practice: Create a shared partition for the entire system

Connectivity

Incoming: Port 80 (redirect to 443 + Let’s Encrypt) and port 443

Outgoing: Port 27017 to the database server and ports 80 & 443 to the servers listed in the firewall rules

In addition, we recommend setting up at least 4 GB of swap memory to mitigate potential out-of-memory (OOM) issues. RAM consumption can increase significantly, especially during the generation of the user interface (UI) by Ember, which, in combination with the processing of incoming data, can lead to increased resource requirements. Without sufficient swap memory, there is a risk of restart loops in the event of resource bottlenecks.

Monitoring of more than 500 servers and clients with Pulsar Agent

If you are monitoring more than 300 servers and clients with the Pulsar agent on your on-premises instance, you should consider load balancing across multiple application servers. If you have more than 500 Pulsar agents installed, load balancing across multiple application servers is necessary.

Maximum amount of Pulsar Agents
Number of Applicationservers

500

1 virtual machine

1000

3 virtual machines

2500

8 virtual machines

5000

16 virtual machines

10000

32 virtual machines

If you want to use the Shield module to block network attacks, you should have more performance reserves available. The required performance depends on how many events occur. Therefore, you should introduce Shield in several steps and monitor performance so that you can scale up in good time if necessary.

Please ensure that access via SSH is possible or that VMware Tools are installed.

Database Server

The database server stores all monitoring data and communicates exclusively with the application server.

Operating System (OS)

Debian 11, Debian 12, 64bit

Software

MongoDB in current version

CPU

4 Cores

RAM

4GB

mass storage

100 GB (SSD recommended)

Best Practice: Create a shared partition for the entire system

Connectivity

Incoming: Port 27017 for Applicationserver

Outgoing: Port 80 & 443 to the servers listed in the firewall rules

Please ensure that access via SSH is possible or that VMware Tools are installed.

Benchmarktests for Servers

Perform the following tests to evaluate the performance of your servers: These measurements enable a precise assessment of hard disk performance and CPU efficiency to ensure that your IT infrastructure is functioning optimally and meeting the requirements of your applications.

Measuring hard disk performance:

To check hard disk performance, run the following script:

apt install fio 

fio --name=random-readwrite --ioengine=libaio --iodepth=1 --rw=randrw --bs=4k --direct=1 --size=1G --numjobs=1 --runtime=60 --filename=/tmp/testfile

Expected performance: At least 10 MB/s for read and write operations.

CPU measurement

To check CPU performance, run the following script:

apt install sysbench

sysbench --test=cpu --cpu-max-prime=20000 run

Expected performance: Result of 1500.

Hacktor/Watchdog/Observer

You will need additional VMs for the Hacktor, Watchdog, and Observer software components. The software components can be run together on one system, but separate operation is recommended. If running them together, the resources must be doubled.

These are minimum requirements. Equip the instances with more power so that the software components have more performance reserves.

An observer with the specified resources can monitor up to 50 endpoints. For endpoints, note the option to define parallel processing of endpoints. The default setting is “2”. Depending on the performance reserves, you can adjust the setting up or down. You also have the option of assigning multiple observers to the same region so that the observers share the monitoring of the endpoints among themselves.

Also note the options for configuring the Hacktor software component, in particular the option to increase the number of parallel scans.

Operating System (OS)

Linux: Debian 9/10/11, CentOS 7/8, no Windows

AMD64 and ARMv7/ARMv8

CPU

2 Cores / 4 Cores (in the joint operation of the services)

RAM

2 GB / 4 GB (in the joint operation of the services)

mass storage

20 GB / 50 GB (in the joint operation of the services)

Connectivity

Outgoing: Port 80 & 443

Maximum number of processes (numproc)

Minimum: 20.000

Best Practice: unlimited

Please ensure that access via SSH is possible or that VMware Tools are installed.

Firewall rules

OnPrem

App Server

Direction

Target

Target-Port

Protocol

Use

Outgoing

Update Server

443

TCP

Updates for OS and Platform

Outgoing

DB

6379

TCP

If Redis is installed on the DB (e.g., load balancer)

Incoming

App Server

443

TCP

Incoming

App Server

80

TCP

If LetsEncrypt is used

Incoming

App Server

8080

TCP

For unencrypted instances (not recommended!)

Database Server

Direction

Target/ Source

Target-Port

Protocol

Use

Outgoing

Update Server

80/443

TCP

Updates for OS and Platform

Incoming

App Server

27017

Incoming

SIEM Management Server

27017

Incoming

App Server

6379

TCP

If Redis is installed on the DB (e.g., load balancer)

Component Server

Direction

Target/Source

Target-Port

Protocol

Use

Outgoing

Update Server

80/443

Updates for OS and Platform

Agents and Sensors

Component

Direction

Target

Target-Port

Protocol

Pulsar Agent

Outgoing

App Server

443

TCP

Enginsight Agent (Client/Server Agent)

Outgoing

App Server

443

TCP

Watchdog

Outgoing

App Server

443

TCP

Hacktor

Outgoing

App Server

443

TCP

Observer

Outgoing

App Server

443

TCP

Where

Rule

customer network

Sensor → Enginsight App Server: 443/TCP

customer network

Sensor → DNS: 53/UDP

Enginsight App Server

No detailed rules required for each sensor

If your instance is not encrypted, the APP server must also be accessible via 80 and 8080. This is not recommended! Please also ensure that all servers can reach your DNS.

Furthermore, the following domains must be accessible from the servers:

All Servers:

  • Debian mirror server selected during installation (default: deb.debian.org)

APP Server:

  • registry.enginsight.com

  • get.enginsight.com

  • registry-auth.enginsight.com

  • github.com

  • download.docker.com

  • raw.githubusercontent.com

  • dls.enginsight.com

  • registry-1.docker.io

Database Server:

  • repo.mongodb.org

  • www.mongodb.org

SIEM

The SIEM consists of the following components:

  • Pulsar

  • Loggernaut

  • Apache Zookeeper

  • Apache Solr

  • (Traicer)

Loggernaut

Direction

Target/Source

Target-Port

Protocol

Outgoing

server-m2

443 or 80 without https

TCP

Outgoing

solr

8983

TCP

Outgoing

zookeeper

2181

TCP

Outgoing

sftp backup server

SSH-Port (configured)

TCP

Outgoing

s3 backup server

443 / 80

TCP

Incoming

server-m2

443 or 80 without https

TCP

Incoming

traicer

443 or 80 without https

TCP

Solr

Direction

Target/Source

Target-Port

Protocol

Outgoing

solr

8983

TCP

Outgoing

zookeeper

2181

TCP

Incoming

loggernaut

8983

TCP

Incoming

solr

8983

TCP

Zookeeper

Direction

Source

Target-Port

Protocol

Incoming

loggernaut

2181

TCP

Incoming

solr

2181

TCP

Server-m2

Direction

Target/Source

Target-Port

Protocol

Outgoing

loggernaut

443 or 80 without https

TCP

Incoming

loggernaut

443 or 80 without https

TCP

Traicer

Direction

Target

Port

Protokoll

Outgoing

loggernaut

443 or 80 without https

TCP

SFTP Backup Server

Direction

Source

Target

Target-Port

Protocol

Incoming

loggernaut

SSH-Port (konfiguriert)

SSH Port (Definiert in Config)

TCP

S3 Backup Server

Direction

Source

Target-Port

Protocol

Use

Incoming

loggernaut

443 / 80

TCP

Receiving the backups

Certificate

To ensure that network traffic between the sensors (Pulsar Agent, Observer, Watchdog, Hacktor) and the Enginsight API is encrypted, you need an SSL/TLS certificate. As a best practice, we recommend a public certificate (e.g., from Let's Encrypt), which you resolve internally.

Use a reverse proxy (external or on the server itself) that forwards requests to port 80 (app) and port 8080 (API).

For the Enginsight application to run smoothly, it is essential that it is accessed via HTTPS.

We recommend two DNS names for operating the standard installation:

  • ngs-api.ihre-domain.de

  • ngs-app.ihre-domain.de

Please ensure that the certificate is in PEM format.

Docker Credentials

To run Enginsight on-premises, you need Docker credentials, which we will provide. Simply contact us by email: [email protected]

Licensefile

You can purchase the necessary license file directly from us. Simply contact us by email: [email protected].

Remote support

If you want to install Enginsight On-Premises with the help of our support team, please make sure that remote control is possible. In our experience, TeamViewer works most reliably.

PreviousLoggernaut-ConfigurationsNextPulsar: Operating Systems

Last updated

Was this helpful?