System Requirements
Here you get information about the system requirements of the software components Pulsar-Agent, Observer, Hacktor and Watchdog.
Please note that AVX is required for the installation of MongoDB!
Virtual Machines (VM)
for Databaseserver
Licensefile for Enginsight
Remote support (for installation by Enginsight Support)
Ressources
Application Server
The application server is used to operate the central API, the user interface (UI), and other platform services.
Monitoring of up to 500 servers and clients with Pulsar Agent
Operating System (OS)
Debian 12, 64bit
CPU
4 Cores
RAM
8GB
mass storage
200 GB (SSD recommended)
Best Practice: Create a shared partition for the entire system
Connectivity
Incoming: Port 80 (redirect to 443 + Let’s Encrypt) and port 443
Outgoing: Port 27017 to the database server and ports 80 & 443 to the servers listed in the firewall rules
Monitoring of more than 500 servers and clients with Pulsar Agent
If you are monitoring more than 300 servers and clients with the Pulsar agent on your on-premises instance, you should consider load balancing across multiple application servers. If you have more than 500 Pulsar agents installed, load balancing across multiple application servers is necessary.
500
1 virtual machine
1000
3 virtual machines
2500
8 virtual machines
5000
16 virtual machines
10000
32 virtual machines
If you want to use the Shield module to block network attacks, you should have more performance reserves available. The required performance depends on how many events occur. Therefore, you should introduce Shield in several steps and monitor performance so that you can scale up in good time if necessary.
Database Server
The database server stores all monitoring data and communicates exclusively with the application server.
Operating System (OS)
Debian 11, Debian 12, 64bit
Software
MongoDB in current version
CPU
4 Cores
RAM
4GB
mass storage
100 GB (SSD recommended)
Best Practice: Create a shared partition for the entire system
Connectivity
Incoming: Port 27017 for Applicationserver
Outgoing: Port 80 & 443 to the servers listed in the firewall rules
Benchmarktests for Servers
Perform the following tests to evaluate the performance of your servers: These measurements enable a precise assessment of hard disk performance and CPU efficiency to ensure that your IT infrastructure is functioning optimally and meeting the requirements of your applications.
Measuring hard disk performance:
To check hard disk performance, run the following script:
apt install fio
fio --name=random-readwrite --ioengine=libaio --iodepth=1 --rw=randrw --bs=4k --direct=1 --size=1G --numjobs=1 --runtime=60 --filename=/tmp/testfile
Expected performance: At least 10 MB/s for read and write operations.
CPU measurement
To check CPU performance, run the following script:
apt install sysbench
sysbench --test=cpu --cpu-max-prime=20000 run
Expected performance: Result of 1500.
Hacktor/Watchdog/Observer
You will need additional VMs for the Hacktor, Watchdog, and Observer software components. The software components can be run together on one system, but separate operation is recommended. If running them together, the resources must be doubled.
These are minimum requirements. Equip the instances with more power so that the software components have more performance reserves.
An observer with the specified resources can monitor up to 50 endpoints. For endpoints, note the option to define parallel processing of endpoints. The default setting is “2”. Depending on the performance reserves, you can adjust the setting up or down. You also have the option of assigning multiple observers to the same region so that the observers share the monitoring of the endpoints among themselves.
Also note the options for configuring the Hacktor software component, in particular the option to increase the number of parallel scans.
Operating System (OS)
Linux: Debian 9/10/11, CentOS 7/8, no Windows
AMD64 and ARMv7/ARMv8
CPU
2 Cores / 4 Cores (in the joint operation of the services)
RAM
2 GB / 4 GB (in the joint operation of the services)
mass storage
20 GB / 50 GB (in the joint operation of the services)
Connectivity
Outgoing: Port 80 & 443
Maximum number of processes (numproc)
Minimum: 20.000
Best Practice: unlimited
Firewall rules
OnPrem
App Server
Direction
Target
Target-Port
Protocol
Use
Outgoing
Update Server
443
TCP
Updates for OS and Platform
Outgoing
DB
6379
TCP
If Redis is installed on the DB (e.g., load balancer)
Incoming
App Server
443
TCP
Incoming
App Server
80
TCP
If LetsEncrypt is used
Incoming
App Server
8080
TCP
For unencrypted instances (not recommended!)
Database Server
Direction
Target/ Source
Target-Port
Protocol
Use
Outgoing
Update Server
80/443
TCP
Updates for OS and Platform
Incoming
App Server
27017
Incoming
SIEM Management Server
27017
Incoming
App Server
6379
TCP
If Redis is installed on the DB (e.g., load balancer)
Component Server
Direction
Target/Source
Target-Port
Protocol
Use
Outgoing
Update Server
80/443
Updates for OS and Platform
Agents and Sensors
Component
Direction
Target
Target-Port
Protocol
Pulsar Agent
Outgoing
App Server
443
TCP
Enginsight Agent (Client/Server Agent)
Outgoing
App Server
443
TCP
Watchdog
Outgoing
App Server
443
TCP
Hacktor
Outgoing
App Server
443
TCP
Observer
Outgoing
App Server
443
TCP
Where
Rule
customer network
Sensor → Enginsight App Server: 443/TCP
customer network
Sensor → DNS: 53/UDP
Enginsight App Server
No detailed rules required for each sensor
If your instance is not encrypted, the APP server must also be accessible via 80 and 8080. This is not recommended! Please also ensure that all servers can reach your DNS.
Furthermore, the following domains must be accessible from the servers:
All Servers:
Debian mirror server selected during installation (default: deb.debian.org)
APP Server:
registry.enginsight.com
get.enginsight.com
registry-auth.enginsight.com
github.com
download.docker.com
raw.githubusercontent.com
dls.enginsight.com
registry-1.docker.io
Database Server:
repo.mongodb.org
www.mongodb.org
SIEM
The SIEM consists of the following components:
Pulsar
Loggernaut
Apache Zookeeper
Apache Solr
(Traicer)
Loggernaut
Direction
Target/Source
Target-Port
Protocol
Outgoing
server-m2
443 or 80 without https
TCP
Outgoing
solr
8983
TCP
Outgoing
zookeeper
2181
TCP
Outgoing
sftp backup server
SSH-Port (configured)
TCP
Outgoing
s3 backup server
443 / 80
TCP
Incoming
server-m2
443 or 80 without https
TCP
Incoming
traicer
443 or 80 without https
TCP
Solr
Direction
Target/Source
Target-Port
Protocol
Outgoing
solr
8983
TCP
Outgoing
zookeeper
2181
TCP
Incoming
loggernaut
8983
TCP
Incoming
solr
8983
TCP
Zookeeper
Direction
Source
Target-Port
Protocol
Incoming
loggernaut
2181
TCP
Incoming
solr
2181
TCP
Server-m2
Direction
Target/Source
Target-Port
Protocol
Outgoing
loggernaut
443 or 80 without https
TCP
Incoming
loggernaut
443 or 80 without https
TCP
Traicer
Direction
Target
Port
Protokoll
Outgoing
loggernaut
443 or 80 without https
TCP
SFTP Backup Server
Direction
Source
Target
Target-Port
Protocol
Incoming
loggernaut
SSH-Port (konfiguriert)
SSH Port (Definiert in Config)
TCP
S3 Backup Server
Direction
Source
Target-Port
Protocol
Use
Incoming
loggernaut
443 / 80
TCP
Receiving the backups
Certificate
To ensure that network traffic between the sensors (Pulsar Agent, Observer, Watchdog, Hacktor) and the Enginsight API is encrypted, you need an SSL/TLS certificate. As a best practice, we recommend a public certificate (e.g., from Let's Encrypt), which you resolve internally.
Use a reverse proxy (external or on the server itself) that forwards requests to port 80 (app) and port 8080 (API).
For the Enginsight application to run smoothly, it is essential that it is accessed via HTTPS.
We recommend two DNS names for operating the standard installation:
ngs-api.ihre-domain.de
ngs-app.ihre-domain.de
Docker Credentials
To run Enginsight on-premises, you need Docker credentials, which we will provide. Simply contact us by email: [email protected]
Licensefile
You can purchase the necessary license file directly from us. Simply contact us by email: [email protected].
Remote support
If you want to install Enginsight On-Premises with the help of our support team, please make sure that remote control is possible. In our experience, TeamViewer works most reliably.
Last updated
Was this helpful?