This document outlines key considerations and best practices for maintaining your Virtru Customer Hosted Gateway (CHG) after installation. Below is an organized summary:
1. Load Balancer
- Scenario 1: Traffic flows directly to the containers.
- Scenario 2: Traffic is terminated at a load balancer and re-initiated to containers.
2. Status Check
To validate the health and functionality of the Virtru Hosted Gateway, perform the following checks:
- Refer to the Customer Hosted Gateway Validation Article.
Ensure to verify that all hosts in the setup respond as expected.
3. Backup
Back up your environment by saving the base folder where the Virtru Gateway is installed:
/var/virtru/vg
This includes:
- Configuration files
- Certificates
4. Disaster Recovery
- A backup host with:
- Internet connection
- Docker installed
- A backup of the
/var/virtru/vgfolder.
Steps:
- Forward the same port used for the backup to the new host.
- Restore the backup folder to the new host.
- Verify functionality using a Status Check and examine container logs.
High Availability:
- Repeat the steps above for each host in your high-availability setup.
5. Logs
By default, the gateway logs are stored using Docker’s logging system.
- Recommendation: Log to server and manage logging at the system level.
For further customization and troubleshooting, refer to the Docker Documentation.
6. Upgrade
To upgrade your gateway please follow the instructions here:
- Kubernetes or Linux Server Gateway Upgrade
7. DKIM Signing
Regardless of whether the Self-Hosted Gateway is performing final delivery or relaying messages to another hop for final delivery, it’s strongly recommended to implement DKIM signing. This helps ensure email authenticity, improves deliverability, and supports DMARC alignment.
Please refer to the appropriate DKIM signing guide based on your deployment:
8. Server Minimum & Scalable Requirements
- Operating System: 64-bit Linux OS meeting Docker’s minimum requirements
- Hardware Guidelines
| Component | Minimum Specs | Recommended (2–3x) |
|---|---|---|
| On-Premise Gateway | 2 CPU, 8 GB RAM, 60 GB Disk | 4–6 CPU, 16–24 GB RAM, 120–180 GB Disk |
| Network Card | 1 per host | 2 or more for HA setups |
Scale your resources based on performance trends and mail flow volume. Refer to Docker Host Requirements for more detail.
While the minimum specs allow for a functional deployment, increasing server resources ensures stability, performance, and scalability.
Key Notes
- Regularly validate the status of your gateway using the official validation guide.
- Automate backups to ensure minimal downtime during recovery.
- Implement a robust load balancer configuration for better scalability and fault tolerance.
You should consider increasing CPU, memory, and disk space if:
-
Emails begin queuing at the gateway
Insufficient CPU or memory can cause delays in email processing, resulting in backlogs. -
Your organization has high email volume or traffic spikes
Larger organizations or those with frequent bulk sending (e.g., newsletters, alerts) should provision for peak usage, not just average load. -
You deploy multiple containers or add additional services
Running additional services like DLP, audit logging, or monitoring can increase the resource demand significantly. -
You experience slow processing, timeouts, or degraded performance
Under-resourced servers may struggle with encryption/decryption tasks, causing performance bottlenecks. -
You want high availability (HA) and redundancy
More CPU, RAM, and network cards support fault tolerance and load balancing across multiple nodes or hosts. -
You’re supporting a hybrid or distributed email environment
Environments with multiple inbound/outbound pathways (e.g., Microsoft 365, Google Workspace, and on-prem Exchange) benefit from additional capacity.