Skip to main content
This guide outlines the hardware, software, and network requirements needed to successfully deploy UTMStack v11.

Operating System

UTMStack v11 is designed to run on:
  • Ubuntu 24.04 LTS (Recommended)
  • Red Hat Enterprise Linux compatible distributions
This installation guide provides instructions to perform the UTMStack installation on Ubuntu 24.04 LTS.

Hardware Resources

The following specifications are based on typical deployment scenarios. Resource requirements scale with the number of data sources and data volume.

Definitions

Non-archived data that can be accessed for analysis at any time. This is the actively indexed data in Elasticsearch.
Archived data that must be restored before accessing it. Used for long-term compliance and historical analysis.
Any individual source of logs, including devices, agents, SaaS integrations, network equipment, servers, and applications.

Baseline Assumptions

  • 60 data sources generate approximately 100 GB of monthly data
  • Specifications below are for one month of hot log storage

Resource Tiers

Small Deployment

50 data sources (120 GB/month)
  • CPU: 4 Cores
  • RAM: 16 GB
  • Disk: 150 GB SSD
  • Ideal for: Small businesses, branch offices

Medium Deployment

120 data sources (250 GB/month)
  • CPU: 8 Cores
  • RAM: 16 GB
  • Disk: 250 GB SSD
  • Ideal for: Mid-size organizations

Large Deployment

240 data sources (500 GB/month)
  • CPU: 16 Cores
  • RAM: 32 GB
  • Disk: 500 GB SSD
  • Ideal for: Enterprises, MSPs

Enterprise Deployment

500 data sources (1 TB/month)
  • CPU: 32 Cores
  • RAM: 64 GB
  • Disk: 1 TB SSD
  • Ideal for: Large enterprises
Horizontal Scaling Required: Deployments exceeding 500 data sources require adding secondary worker nodes for horizontal scaling. See the Architecture guide for multi-node deployment patterns.

Combining Resource Tiers

You may combine these tiers to allocate resources based on:
  • Number of devices and data sources
  • Desired hot log storage retention period
  • Expected log volume and ingestion rate
  • Analysis and query performance requirements
Example: If you need 6 months of hot storage for 120 data sources:
  • Base: 8 Cores, 16 GB RAM, 250 GB Disk
  • Multiply storage by 6: 1.5 TB Disk
  • Consider increasing RAM to 32 GB for better query performance

Network Requirements

Required Ports

The following ports must be accessible for UTMStack to function properly:
Purpose: Server administration and managementSecurity Recommendation:
  • Create a firewall rule to allow access only from administrator workstations
  • Use key-based authentication
  • Disable password authentication
  • Consider changing the default port
Purpose: Web interface HTTP redirector to HTTPSSecurity Recommendation:
  • Allow access only from admin and security analyst workstations
  • Automatically redirects to HTTPS (port 443)
Purpose: UTMStack web-based graphical user interfaceSecurity Recommendation:
  • Allow access only from admin and security analyst workstations
  • Use valid SSL/TLS certificates
  • Enable HSTS (HTTP Strict Transport Security)
Purpose: Web-based graphical interface for server managementSecurity Recommendation:
  • Restrict access to administrator workstations only
  • Consider disabling if not used

Integration Ports

Additional ports will be required during the configuration of UTMStack integrations to receive logs from various data sources.These ports vary by integration type (syslog, agents, APIs, etc.). Please follow the security recommendations provided in each specific integration guide.
Common integration ports include:
  • 514/UDP & 514/TCP: Syslog
  • 6514/TCP: Syslog over TLS
  • 5044/TCP: Beats protocol (for agents)
  • 9200/TCP: Elasticsearch (internal cluster communication)
  • Various: API endpoints for cloud integrations

Storage Recommendations

Disk Type

  • SSD strongly recommended for Elasticsearch data
  • NVMe SSDs provide optimal performance for high-volume deployments
  • Standard HDDs acceptable only for cold storage archives

Filesystem

  • ext4 or XFS recommended
  • Disable atime updates for better performance
  • Consider separate volumes for:
    • System (/)
    • Docker (/var/lib/docker)
    • UTMStack data (/opt/utmstack or custom path)

IOPS Considerations

  • Minimum 3,000 IOPS for small deployments
  • 10,000+ IOPS recommended for large deployments
  • Monitor disk I/O and scale accordingly

Network Bandwidth

Minimum Requirements

  • 100 Mbps for small deployments (up to 50 sources)
  • 1 Gbps for medium to large deployments
  • 10 Gbps for enterprise deployments with 500+ sources

Considerations

  • Factor in peak ingestion rates
  • Account for user access and dashboard queries
  • Consider bandwidth for backup and data replication

Browser Compatibility

UTMStack v11 web interface is compatible with:
  • Google Chrome (recommended) - Latest 2 versions
  • Mozilla Firefox - Latest 2 versions
  • Microsoft Edge (Chromium-based) - Latest 2 versions
  • Safari - Latest 2 versions
Internet Explorer is not supported. JavaScript must be enabled.

Additional Considerations

Virtualization

UTMStack can run on:
  • VMware ESXi
  • Proxmox VE
  • KVM/QEMU
  • Microsoft Hyper-V
  • Cloud platforms (AWS, Azure, GCP)
Ensure CPU cores are dedicated (not overcommitted) for production deployments.

Time Synchronization

  • NTP/Chrony must be configured and synchronized
  • Critical for accurate log correlation and timestamp analysis
  • All nodes in a multi-node deployment must be time-synchronized

DNS Resolution

  • Proper DNS configuration required for hostname resolution
  • Forward and reverse DNS should be correctly configured
  • Important for multi-node deployments and integrations

Next Steps

Architecture

Learn about UTMStack v11 architecture and deployment models

Installation Guide

Follow the step-by-step installation instructions