Deaddrop Requirements

This document outlines the prerequisites for installing the Deaddrop appliance, including system requirements and dependencies. It also describes the necessary specifications for supporting infrastructure components required by Deaddrop.

Installation

Deaddrop is deployed via an unattended installation using a dedicated ISO image. It can be installed on both virtual machines and physical servers, providing flexibility for various deployment environments.

Server Setup Recommendations

The following hardware and virtual hardware recommendations are based on a 200-user license under typical day-to-day usage conditions.

Typical usage is defined as 20–30% of licensed users actively using the system daily, primarily for single dispatch operations involving small to medium-sized files (1–100 MB per file).

Note:

Actual resource requirements may vary depending on:

The size and frequency of file transfers
The number of concurrent users
Integration with external systems
Logging and audit policies

Scaling adjustments should be made accordingly for heavier workloads or larger deployments.

Virtual Server Requirements

When deploying Deaddrop in a virtualized environment, the following requirements must be met to ensure stability and performance:

The virtual server must match the hardware specifications recommended for physical servers.
The virtualization platform must provide adequate disk I/O performance, ensuring sufficient throughput and low latency for storage operations.
A reliable and high-performance network connection must be ensured for the virtual instance.
UEFI boot support is required.
Secure Boot support is recommended, but not mandatory.
The platform should provide a strong random number generator (RNG) to the guest system to support cryptographic operations and secure entropy generation.

Note: Ensure hypervisor settings do not throttle or overcommit resources in a way that could compromise the performance or reliability of the Deaddrop service.

Physical Server Requirements

The table below outlines the recommended hardware specifications for running Deaddrop on a physical server, based on a standard deployment for up to 200 users under typical usage conditions:

	deaddrop	deaddrop with AV-plugin
CPU¹	2 or more cores	4 or more cores
Memory	Minimum 16 GB	Minimum 16 GB
PSU	2 at least 1 with UPS	2 at least 1 with UPS
Boot-mode	UEFI	UEFI
Network card²	minimum 1Gbit	minimum 1Gbit
Hard drives	2 in raid	2 in raid
SAS / RAID card	Support direct access	Support direct access
Chassis units	1U chassis	1U chassis
Rails	Click rails	Click rails
Cable Mgmt Arm	1U chassis	1U chassis

Note: These specifications are intended as a baseline. Higher performance may be required depending on file sizes, concurrent usage, and additional services.

Disk Usage (Virtual and Physical Servers)

Disk performance is a critical factor for both virtual and physical Deaddrop servers. To ensure stability and responsiveness, the following disk-related recommendations and considerations apply:

Enterprise-grade SSDs are strongly recommended for optimal read/write performance.
The Deaddrop application and operating system require approximately 30 GB of disk space. (This does not include space needed for user file storage.)
Uploaded files can be retained for up to 14 days before automatic removal.
A low-traffic Deaddrop server (e.g., with ~200 users) should allocate at least 50 GB of additional storage to accommodate incoming file uploads.

Storage Sizing – Example Calculation

Below is a conceptual example for estimating minimum disk space required for uploaded files. The actual requirement depends on:

The number of active users (X)
The average number of files per user
The average file size (Y)

	10 users	100 users	500 users
5Mb files, 2 receivers	100MB	1GB	5GB
50Mb files, 5 receivers	2,5GB	25Gb	125GB
1Gb files, 2 receivers	20GB	200GB	1TB
1Gb files, 10 receivers	100GB	1TB	5TB

Note: These are conservative estimates. Consider additional overhead for logging, backups, and encryption metadata.

Additional Considerations for Disk Usage:

Permanent users can grant temporary access to limited-time users, who are also able to upload files. These uploads will consume disk space just like standard user activity.
If the antivirus plugin is enabled, any files flagged as malicious will be quarantined. These quarantined files are stored in a separate directory, which can also contribute to overall disk space consumption.

IP Support

Deaddrop supports both IPv4 and IPv6 addressing, allowing flexible integration into modern network environments. This enables compatibility with dual-stack networks and ensures future-proof connectivity across diverse infrastructure setups.

DNS Requirements

Deaddrop requires a fully qualified domain name (FQDN) to function correctly. The FQDN is essential for certificate validation, secure communication, and proper operation of the web interface.

In addition, the server must have access to a DNS resolver to enable hostname resolution for both internal and external network communications.

Note: Ensure that the FQDN is correctly registered and resolves to the appropriate IP address (IPv4 and/or IPv6), and that reverse DNS is configured if required by your security policies.

SMS Requirements

In most installations, Deaddrop requires access to an SMS gateway to support features such as user notifications, authentication, and alerting.

Alternatively, Deaddrop also supports the use of a physical GSM modem for sending SMS messages. This option may be suitable for isolated or high-security environments where external gateways are not preferred.

Note: Configuration of SMS delivery—whether via gateway or modem—can be managed through the administrative web interface.

External Firewall Configuration

The following table outlines the recommended firewall rules for external communication between Deaddrop and its various components and services:

Type	Delivers to	Receivers from	Protocol
Application	deaddrop	end users	HTTP TCP/80
Application	deaddrop	end users	HTTPS TCP/443
SMS	SMS gateway	deaddrop	HTTPS TCP/443
Admin	ddadm	admin users	HTTPS TCP/8443
Admin	console	admin users	SSH TCP/22
Mail	smtp.tld	deaddrop	SMTP TCP/25
Time	deaddrop	ntp.tld	NTP UDP/123
DNS	deaddrop	resolver.dns	DNS UDP/53
Logs	syslog.tld	deaddrop	Syslog UDP/514
Updates	deaddrop	updates.sysctl.se	HTTPS TCP/443
Cert	deaddrop	letsencrypt.org	ACME TCP/443
Cert	letsencrypt.org	deaddrop	ACME TCP/80

Security Considerations

The administrative web interface (port 8443/TCP) must only be accessible from a secure administrative network. It should not be exposed to the public internet under any circumstances.
Additional firewall rules may be necessary for integrations such as:
- External SMS gateways (typically via HTTPS)
- Remote log servers or SIEM solutions

Be sure to allow outbound HTTPS connections to your specific SMS provider if applicable.

Always review your firewall policies in the context of your organization’s security architecture and network segmentation strategy.

Public Key Infrastructure (PKI)

Deaddrop requires a trusted TLS certificate to secure communication for both the administrative interface and the user-facing application.

Certificates can be provisioned in one of two ways:

Automated via Let’s Encrypt:

Deaddrop supports integration with Let’s Encrypt for streamlined certificate issuance and renewal using the ACME protocol.

anual provisioning from a trusted Certificate Authority (CA):

Alternatively, certificates may be obtained from an internal or external CA and manually configured in the system.

Note: The certificate must match the server’s fully qualified domain name (FQDN) and should be renewed before expiration to avoid service disruption.

Modern processor (e.g. Intel Xeon, AMD EPYC), the CPU usage will be most intensive during malware scanning ↩
1Gbit network speed allows 100 users to simultany upload/download in 10Mbit/s which may be slow if deaddrop is used for large files ↩