In this article, we will cover the prerequisites to deploying your Virtru Customer Hosted Gateway. The prerequisites are designed to ensure a smooth deployment. Please review this article prior to completing the installation process.
Skip to:
Configuration Options
Hosts
OS
Linux 64 bit OS that meets the Docker Minimum Requirements
Hardware
Standard Host is defined as:
- 2 CPU
- 8 gig Ram
- 60 gig Hard Drive
- 1 Network Card
Recommended Configuration
- Highly available load balancer connected to 2 or more hosts.
-
Each host can comfortably process 10 standard messages/second at once. Based on a standard 8 hour work day, 5 day work week, 20 work days a month this translates to 10/second, 600/minute, 36,000/hour, 288,000/day, 1,440,000/week, 5,760,000/month.
We recommend doubling the host count for redundancy and adding any additional hosts to handle the estimated load.
-
Minimum Configuration
- Minimums are exactly minimums. Additional resources and hosts are allowed and recommended. The additions will only enhance the resiliency of the environment.
- A single server deployment is allowed and will function as expected.
Access
Access to and approved rights to make decisions about the following will allow a smooth and expedient Virtru Gateway setup. Failure to secure approval and/or access to any item may cause a delay in the Virtru Gateway deployment and/or testing.
Service | Status |
Corporate Mail Services |
|
Corporate Mail Flow |
|
Virtru Gateway |
|
DNS |
|
Load Balancer |
|
Host |
|
Firewall |
|
Container Registry |
|
SSL Certificates |
|
Syslog/SIEM System (Optional) |
|
Firewall
Egress Firewall Requirements
Please see the Virtru Endpoints Guide.
Ingress Firewall Requirements
Endpoint | Port | Purpose |
Virtru Gateway (Optional) | TCP/22 | SSH Administration |
Virtru Gateway | TCP | Inbound port chosen during Mail Flow Planning |
Network
Load Balancer
Gateway can be deployed as a standalone instance or in a High Availability (HA) configuration behind your favorite load balancer (example: HAProxy, Nginx, DNS Round Robin or any other commercial load balancer). As the Gateway is stateless, there are no Inter-Gateway communication requirements.
Please note that Load Balancer specific steps are outside the scope of this document. Please consult your Load Balancer manual for more information.
Tip
You can make the load balancer configurations after you have successfully installed Gateway on individual servers.
Relay Hosts
These are the hosts that are allowed to send emails via the Virtru Email Gateway. Please gather list of IPv4 CIDR blocks that should be allowed to send emails via the Gateway. Please ensure that the hosts can connect by making appropriate Firewall changes mentioned in Section 2 above.
Upstream MTA IP:Port
If you are deploying Virtru Email Gateway as an intermediate MTA (relying on another MTA for final delivery), then please gather the following for that upstream MTA:
- IP address (or hostname) along with port number
Static IPs
Ensure you can create and assign static IP addresses to each server that hosts the Gateway docker container. Also, assign a static IP address to load balancer if one is used.
DNS
Configuration of Virtru Email Gateway will likely require changes to the DNS depending on the mode used. For example, in the outbound
mode with Gateway making the final delivery of the emails, the following DNS changes could be anticipated:
- Create A record (FQDN) for each of the host where Gateway is installed
- Create A record for load balancer, if one is used.
- Obtain a CA Signed TLS certificate to match your FQDN.
- Create or update DKIM records per your mail flow configuration
- Create or update SPF records per your mail flow configuration
- Create or update DMARC records per your mail flow configuration
- Create PTR records per your mail flow configuration