System requirements
This topic describes minimal system requirements for ASMS hardware, software and networking. For more details, see also ASMS system architecture.
Note: ASMS performance on VMs depends on the other, non-AlgoSec machines residing on the same VMware platform. To ensure performance, we recommend working with dedicated resources.
Hardware minimum requirements
We recommend that ASMS deployments meet or exceed the following minimum hardware requirements.
These requirements apply for both primary and secondary nodes, and on standalone systems, Central Managers, Remote Agents, or Load Units.
| Hardware | Required |
|---|---|
| CPU |
6 cores * |
| Memory |
24 GB * |
| Storage | 300 GB |
| Network | For details, see Bandwidth requirements for distributed environments |
Note: These minimum requirements suffice for initial demo and testing environments, such as for up to 50 simple devices. For details about final sizing calculations for production environments, contact your AlgoSec partner or sales engineer.
Differences per environment configuration
Hardware requirements will differ, depending on your environment configuration and type. Main differences and considerations include:
| Configuration | Description |
|---|---|
| NAS storage |
If you configure AFA to store all reports on a remote NAS server, this will impact where the storage space is needed. For details, see Configure NAS storage. |
| HA/DR clusters |
Each node in an HA/DR cluster must be identical, including the same type of installation (AlgoSec hardware or VM appliance), and have the same amount of disk space. For details, see Manage clusters |
| Distributed architecture |
In distributed architecture environments, consider the requirements for the Central Manager and each Remote Agent (geographic distribution) or Load Unit (load distribution). Remote Agents and Load Units do not store reports. For details, see Configure a distributed architecture. |
| AWS deployments |
If you are deploying on AWS, we recommend:
For more details, see the AWS Documentation. |
Software requirements
ASMS requires the following software, depending on your deployment method:
| AlgoSec hardware appliances |
AlgoSec hardware appliances comes pre-installed with all require software. No additional software is needed. |
| Virtual appliances |
ASMS can be deployed on virtual machines that use VMWare ESX versions 5.5 and higher. For more details, see the Support page on the AlgoSec portal. |
Networking requirements and recommendations
This section includes the following data:
- Networking requirements and recommendations
- Required port connections
- Bandwidth requirements for distributed environments
- Email and device connectivity requirements
- AFA server DNS name / IP address recommendations
- Security certificate recommendations
For more details, see Manage clusters
Deploying ASMS requires the following port connectivity between nodes:
| Type |
Port |
Central Manager <> Load Unit |
Central Manager <> Remote Agent |
Load Unit <> Load Unit |
HA |
DR |
|---|---|---|---|---|---|---|
| ICMP |
✔ |
✔ | ✖ | ✔ | ✔ | |
|
SSH |
TCP/22 | ✔ | ✔ | ✖ | ✔ | ✔ |
| HTTPS | TCP/443 | ✔ | ✔ | ✖ | ✔ | ✔ |
| syslog | UDP/514 |
✖ |
✖ | ✖ |
✔ |
✖ |
| hazelcast | TCP/5701 | ✔ | ✖ | ✔ | ✔ | ✖ |
| activemq | TCP/61616 | ✔ | ✖ | ✖ | ✔ | ✖ |
| postgrsql | TCP/5432 | ✔ | ✖ | ✖ | ✔ | ✔ |
| postgrsql additional port | TCP/5433 | ✖ | ✖ | ✖ |
✔ |
✖ |
| HA/DR | TCP/9595 | ✖ | ✖ | ✖ | ✔ | ✔ |
Bandwidth requirements for distributed environments
Distributed environments must work with the following minimum bandwidths between nodes:
| Central Manager and load distribution agents | 1 Gb/s |
| Between High Availability nodes | 1 Gb/s |
| Central Manager and geographic distribution agents | 100 Mb/s |
| Between Disaster Recovery nodes | 100 Mb/s |
Tip: The faster your network speed, the faster your clusters will be completely synched.
Email and device connectivity requirements
Enable the following connectivity for AFA and FireFlow:
| Requirement | Description |
|---|---|
| Email address |
Define an e-mail address to be used by AFA and FireFlow, such as fireflow@mycorp.com, on a mail server that supports SMTP and POP3/IMAP4. Alternatively, emails can be forwarded to AFA and FireFlow as an MTA (message transfer agent). |
| Email access | Enable access from AFA and FireFlow to the mail server via SMTP and POP3/IMAP4 |
| Device access |
Enable access from the Central Manager, any high availability secondary nodes, and Remote Agents to devices via SSH, OPSEC, REST, or SNMP (as needed) |
This connectivity configuration includes configuring the necessary passwords for FireFlow.
AFA server DNS name / IP address recommendations
The AFA server must have a fixed DNS name or IP address that can be used to access the AFA user interface.
We recommend that you do not configure the server to obtain an IP address automatically or to use DHCP.
Security certificate recommendations
To prevent warnings from appearing about security certificates, install a certificate signed by a CA instead of a self-signed certificate.
For more details, see the Centos documentation.
Note: AlgoSec recommends using a 2048-bit certificate instead of the 1024-bit certificate recommended by the Centos documentation.
Supported deployments per architecture structure
The following table lists the supported deployment models for each architecture structure.
| Deployment | Standalone ASMS | High Availability | Disaster Recovery | Load Distribution | Geographic Distribution | NAS |
|---|---|---|---|---|---|---|
|
AlgoSec Physical Appliance (2XXX series) |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
Virtual Appliance (VMWare) |
✔ |
✔ |
✔ |
✔ |
✔ |
✔ |
|
ASMS on AWS (AMI) |
✔ |
✖ |
✔ |
✔ * |
✔ |
✖ |
|
ASMS on Azure |
✔ |
✖ |
✖ |
✖ |
✖ |
✖ |
Note: When deployed on AWS, any Load Units must also be located in AWS, in the same subnet as the Central Manager.
â See also:
Yes 
No 
