In this article, we will cover the prerequisites to deploying your Virtru Customer Hosted Gateway. The prerequisites are designed to ensure a smooth deployment. Please review this article prior to completing the installation process.
Docker Community Edition has not been FIPS 140-2 certified. Docker requires the Enterprise Edition to help ensure your docker environment is FIPS 140-2 compliant.
Linux 64 bit OS that meets the Docker Minimum Requirements
Standard Host is defined as:
- 2 CPU
- 8 gig Ram
- 60 gig Hard Drive
- 1 Network Card
- Highly available load balancer connected to 2 or more hosts.
Each host can comfortably process 10 standard messages/second at once. Based on a standard 8 hour work day, 5 day work week, 20 work days a month this translates to 10/second, 600/minute, 36,000/hour, 288,000/day, 1,440,000/week, 5,760,000/month.
We recommend doubling the host count for redundancy and adding any additional hosts to handle the estimated load.
- Minimums are exactly minimums. Additional resources and hosts are allowed and recommended. The additions will only enhance the resiliency of the environment.
- A single server deployment is allowed and will function as expected.
Access to and approved rights to make decisions about the following will allow a smooth and expedient Virtru Gateway setup. Failure to secure approval and/or access to any item may cause a delay in the Virtru Gateway deployment and/or testing.
|Corporate Mail Services||
|Corporate Mail Flow||
|Syslog/SIEM System (Optional)||
Egress Firewall Requirements
Please see the Virtru Endpoints Guide.
Ingress Firewall Requirements
|Virtru Gateway (Optional)||TCP/22||SSH Administration|
|Virtru Gateway||TCP||Inbound port chosen during Mail Flow Planning|
Gateway can be deployed as a standalone instance or in a High Availability (HA) configuration behind your favorite load balancer (example: HAProxy, Nginx, DNS Round Robin or any other commercial load balancer). As the Gateway is stateless, there are no Inter-Gateway communication requirements.
Please note that Load Balancer specific steps are outside the scope of this document. Please consult your Load Balancer manual for more information.
You can make the load balancer configurations after you have successfully installed Gateway on individual servers.
These are the hosts that are allowed to send emails via the Virtru Email Gateway. Please gather list of IPv4 CIDR blocks that should be allowed to send emails via the Gateway. Please ensure that the hosts can connect by making appropriate Firewall changes mentioned in Section 2 above.
Upstream MTA IP:Port
If you are deploying Virtru Email Gateway as an intermediate MTA (relying on another MTA for final delivery), then please gather the following for that upstream MTA:
- IP address (or hostname) along with port number
Ensure you can create and assign static IP addresses to each server that hosts the Gateway docker container. Also, assign a static IP address to load balancer if one is used.
Configuration of Virtru Email Gateway will likely require changes to the DNS depending on the mode used. For example, in the
outbound mode with Gateway making the final delivery of the emails, the following DNS changes could be anticipated:
- Create A record (FQDN) for each of the host where Gateway is installed
- Create A record for load balancer, if one is used.
- Create or update DKIM records per your mail flow configuration
- Create or update SPF records per your mail flow configuration
- Create or update DMARC records per your mail flow configuration
- Create PTR records per your mail flow configuration