NTACurrent en:System Requirements: Unterschied zwischen den Versionen

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche
imported>Erhardts
KKeine Bearbeitungszusammenfassung
 
imported>Erhardts
(Changed Debian 10 to 11.)
 
Zeile 10: Zeile 10:
In general, a fast hard disk setup, for example using SSD or RAID-10, is recommended.
In general, a fast hard disk setup, for example using SSD or RAID-10, is recommended.
=== Operating System and Configuration ===
=== Operating System and Configuration ===
* '''Debian 10.X (Buster) Linux''': The Cryptshare Mail Gateway software package is made to be installed on a fresh '''Debian 10.X (Buster)''' Linux, 64 bit (x86 architecture). During the installation, other required software is pulled from the package sources.
* '''Debian 11.X (Bullseye) Linux''': The Cryptshare Mail Gateway software package is made to be installed on a fresh '''Debian 11.X (Bullseye)''' Linux, 64 bit (x86 architecture). During the installation, other required software is pulled from the package sources.
* '''Hard disk encryption''': To ensure the security of the data in rest that is handled by the Cryptshare Mail Gateway, '''hard disk encryption''' is required. We recommend to choose the appropriate hard disk setup during the OS installation ("encrypted LVM").
* '''Hard disk encryption''': To ensure the security of the data in rest that is handled by the Cryptshare Mail Gateway, '''hard disk encryption''' is required. We recommend to choose the appropriate hard disk setup during the OS installation ("encrypted LVM").
* '''Server TLS certificate''': To allow incoming SMTP traffic that is secured by TLS, a server certificate is required. This should be issued by a commonly trusted CA. The certificate needs to have a '''minimum key length of 3072 bits''', to comply to the technical agreements for NTA 7516.
* '''Server TLS certificate''': To allow incoming SMTP traffic that is secured by TLS, a server certificate is required. This should be issued by a commonly trusted CA. The certificate needs to have a '''minimum key length of 3072 bits''', to comply to the technical agreements for NTA 7516.
* '''Client TLS certificate''': Some NTA 7516 compliant organizations require the authentication with a client certificate during SMTP communication. This client certificate is issued to you during the licensing process.
* '''Client TLS certificate''': Some NTA 7516 compliant organizations require the authentication with a client certificate during SMTP communication. This client certificate is issued to you during the licensing process.
 
== Network ==
== Network ==
* '''Public IP address''': Messages that are sent by other NTA 7516 compliant parties are routed to the Cryptshare Mail Gateway. This requires a separate public IP address that can be assigned to it.   
* '''Public IP address''': Messages that are sent by other NTA 7516 compliant parties are routed to the Cryptshare Mail Gateway. This requires a separate public IP address that can be assigned to it.   

Aktuelle Version vom 3. Mai 2022, 10:24 Uhr

Cryptshare Mail Gateway

The Cryptshare Mail Gateway is the central component of Cryptshare for NTA 7516. See Overview for more details.

(Virtual) Hardware

The hardware requirements strongly depend on how many emails the system has to handle in a given time. Please note that all outgoing and a part of the incoming emails must be processed by the Cryptshare Mail Gateway.

The following requirements apply as a minimum:

  • 4 GB RAM
  • 2 GHz x86 dual core processor (64 bit)
  • 10 GB free hard disk space

In general, a fast hard disk setup, for example using SSD or RAID-10, is recommended.

Operating System and Configuration

  • Debian 11.X (Bullseye) Linux: The Cryptshare Mail Gateway software package is made to be installed on a fresh Debian 11.X (Bullseye) Linux, 64 bit (x86 architecture). During the installation, other required software is pulled from the package sources.
  • Hard disk encryption: To ensure the security of the data in rest that is handled by the Cryptshare Mail Gateway, hard disk encryption is required. We recommend to choose the appropriate hard disk setup during the OS installation ("encrypted LVM").
  • Server TLS certificate: To allow incoming SMTP traffic that is secured by TLS, a server certificate is required. This should be issued by a commonly trusted CA. The certificate needs to have a minimum key length of 3072 bits, to comply to the technical agreements for NTA 7516.
  • Client TLS certificate: Some NTA 7516 compliant organizations require the authentication with a client certificate during SMTP communication. This client certificate is issued to you during the licensing process.

Network

  • Public IP address: Messages that are sent by other NTA 7516 compliant parties are routed to the Cryptshare Mail Gateway. This requires a separate public IP address that can be assigned to it.
  • Firewall configuration: The table below shows the network traffic that has to be permitted to/from the Cryptshare Mail Gateway.
Port # Service Direction Source/Destination Purpose
25 SMTP Inbound Internet Receive incoming email from foreign mail servers.
25 SMTP Inbound Mail server(s) Receive outgoing email from the own mail server(s).
25 SMTP Outbound Internet Send outgoing emails to foreign mail servers.
25 SMTP Outbound Mail server(s) Send incoming emails to the own mail server(s).
53 DNS Outbound Internet Query DNS records. Please note that Cryptshare Mail Gateway contains a local DNS resolver.
22 SSH Inbound Administrative clients Maintenance shell access for administrators.
443 HTTPS Outbound Internet Fetch software packages and updates from package sources.
80 HTTP Outbound Internet Fetch software packages and updates from package sources.

Cryptshare Products / Compatibility

Cryptshare for NTA 7516 involves other Cryptshare products. Please refer to the following table to find the required versions.

Product Required Version
Cryptshare for Outlook 2.3.0 or higher
Cryptshare Server All versions