Learn about the requirements to run Enginsight on-premise on your own servers.
  1. 1.
    Virtual machines (VM)
  2. 3.
  3. 4.
    Remote support (in case of installation by Enginsight Support)


Application Server

The application server is used to operate the central API, the user interface and other services of the platform.
We orchestrate our services with Docker. For this reason, only Enginsight Docker instances are allowed to run on the app server. Please do not modify our setup configuration in the docker-compose.yml file, as this can lead to unpredictable side effects.
It is recommended that you use the Linux image versions we have provided. Unfortunately, we cannot support special custom builds.

Monitoring of up to 500 servers and clients with Pulsar Agent

Operation System
Debian 11, 64bit
4 Cores
8 GB
Mass storage
200 GB (SSD recommended)
Best Practice: Create a common partition for the entire system
Inbound: Port 80 bzw. with Reverse Proxy 443 for Enginsight Update-Server
Outbound: Port 27017 to Database Server

Monitoring of more than 500 servers and clients with Pulsar Agent

If your on-premises instance monitors more than 300 servers and clients with the Pulsar agent, you should consider the possibilities of load balancing on multiple application servers. If you have more than 500 Pulsar agents installed, load balancing across multiple application servers is necessary.
Maximale Anzahl an Pulsar-Agents
Number of application servers
1 virtual machine
3 virtual machines
8 virtual machines
16 virtual machines
32 virtual machines
If you want to use the Shield module to block network attacks, you should have more performance reserves. The required performance depends on how many events occur. Therefore, you should introduce Shield in several steps and observe the performance in monitoring to be able to scale up in time if necessary.
Make sure that the following external addresses are reachable and not blocked by firewall rules:
Please make sure that access via SSH is possible or VMware Tools are installed.

Database Server

The database server stores all monitoring data and communicates exclusively with the application server.
Operation System
Debian 11, 64bit
4 Cores
4 GB
Mass storage
100 GB (SSD recommended)
in the directory \var
Inbound: Port 27017 for Enginsight Application-Server
Please make sure that access via SSH is possible or VMware Tools are installed.


For the software components Observer, Hacktor and Watchdog you may need additional VMs. The individual software components can be operated together on one system, but separate operation is recommended. In case of shared operation, the resources have to be doubled.
These are minimum requirements. Upgrade the instances with more power so that the software components have more performance reserves.
One observer with the specified resources can take over the monitoring of up to 50 endpoints. For endpoints, note the option to define parallel processing of endpoints. The default setting is "2". Depending on the performance reserves, you can adjust the setting down or up. You also have the option to assign multiple observers to the same region, so that the observers share the monitoring of the endpoints among themselves.
Consider also the options for the Configuration of the Hacktor software component, especially the possibility to increase the Number of parallel scans.
Operating System
Linux: Debian 9/10/11, CentOS 7/8, no Windows AMD64 and ARMv7/ARMv8
2 Core / 4 Cores (for shared operation)
2 GB / 4 GB (for shared operation)
Mass Storage
20 GB / 50 GB (for shared operation)
Outgoing: Port 80 resp. 443
Number of maximum processes (numproc)
Minimum: 20,000
Best practice: unlimited
Please make sure that access via SSH is possible or VMware Tools are installed.

Firewall rules

Please release the following ports in the firewall:
27017 (only from App Server, SIEM Management Server)
if LetsEncrypt is used: APP / SIEM MANAGEMENT
If your instance is not encrypted, the APP server must also be accessible via 80 and 8080. This is not recommended! Also, please make sure that all servers reach your DNS.
Furthermore, the following domains must be reachable from the servers:
All servers:
  • Debian mirror selected during installation (default:
APP server:


To ensure that network traffic between the sensors (Pulsar Agent, Observer, Watchdog, Hacktor) and the Enginsight API is encrypted, you need an SSL/TLS certificate. As a best practice, we recommend a public certificate (e.g. from Let's encrypt) that you resolve internally.
Use a reverse proxy (external or on the server itself) that forwards requests to port 80 (app) and port 8080 (API).
For a smooth operation of the Enginsight application, the call via HTTPS is mandatory.
For the operation of the standard installation we recommend two DNS names:
Please make sure that the certificate is in PEM format.

Docker Credentials

To run Enginsight on-premises, you need Docker credentials, which you can get from us.
Just contact us via email: [email protected].

Licence File

You can purchase the necessary license file directly from us.
Just contact us via email: [email protected].

Remote support

If you want to install Enginsight on-premises with assistance from our support, please make sure that a remote control option is available. In our experience, TeamViewer works the most reliably.