System Information

Hardware Requirements

Supported virtualisation software:

  • Proxmox VE (and other QEMU-based virtualisation)

  • VMware ESXi

  • Windows Hyper-V

  • XCP-ng (and other Xen-based virtualisation)

One NV node needs at least 12 GB of RAM, 6 vCPU cores at x86-64-v2-AES level and 20GB of free storage (without logs). For connectivity, two network interfaces are required.

Minimal requirements per no. of daily authorisations (primary/archive node):

No. of authorisations per day

Memory

Processor

Storage

Under 1 500

Min. 12 GB

4 vCPUs

100 GB

1 500 - 5 000

Min. 16 GB

4 vCPUs

200 GB

5 000 - 10 000

Min. 24 GB

8 vCPUs

500 GB

10 000 - 25 000

Min. 32 GB

8 vCPUs

1 TB

over 25 000

Min. 64 GB

16 vCPUs

2 TB

Minimal requirements per no. of daily authorisations (other node):

No. of authorisations per day

Memory

Processor

Storage

Under 1 500

Min. 8 GB

4 vCPUs

100 GB

1 500 - 5 000

Min. 16 GB

8 vCPUs

200 GB

5 000 - 25 000

Min. 32 GB

8 vCPUs

200 GB

over 25 000

Min. 64 GB

16 vCPUs

500 GB

Note

These are minimal requirements. Disk size depends on volume and retention policy of collected events and logs. Using NACVIEW as syslog server may require expanding disk’s size in the future. RAM size additionaly depends on number of monitored devices - extra 2 GB of RAM and disk space are required per 100 monitored devices.

Environment Requirements

Required services

Services needed for running NV:

  • SMTP (for mailing)

  • SMS gateway (optional, for 2FA)

  • NTP

  • DNS

  • Active Directory or other user/device authorisation database

Required open ports

Inbound

  • standard HTTPS (TCP/443)

  • out-of-band management (TCP/5443)

  • RADIUS (UDP/1812, UDP/1813)

  • RADSEC (TCP/2038)

  • OTP (UDP/1817)

  • Syslog (UDP/514)

  • DHCP (TCP/67-9, UDP/67-9)

  • TACACS+ (TCP/49)

  • RADIUS for OOB management of network devices (UDP/1849, UDP/1850)

  • SSH (TCP/22)

  • SCEP (TCP/2016)

  • OCSP (TCP/2560)

Outbound

  • NTP (TCP/123)

  • RADIUS CoA (usually UDP/3799, but may vary depending on configuration)

  • SNMP (UDP/161, UDP/162)

  • Syslog (UDP/514)

  • SCEP (TCP/2016)

  • OCSP (TCP/2560)

  • LDAP & LDAPS (TCP/389, TCP/636)

Note

Exact ports used depend on network environiment.

For captive portal

Each captive portal operates on set of 3 ports and 5 captive portals are available. Ports for each CP are as follows:

  • 8X43 - HTTPS

  • 8X80 - HTTP

  • 8X81 - redirect to HTTPS

For instance, HTTPS port for CP1 is 8143 and HTTP port for CP3 is 8380.

Note

These’re full sets of ports. Exact ones used depend on device vendor and captive portal type.