Prerequisites¶
Hardware¶
| What | Minimum | Recommended | With AI (local Ollama) |
|---|---|---|---|
| Operating system | Linux (Debian 12+, Ubuntu 22.04+, RHEL 9+) | Debian 13 | Debian 13 |
| Architecture | amd64 | amd64 | amd64 + optional NVIDIA GPU |
| RAM | 2 GB (idle) | 4 GB at ~50 hosts | + 4–48 GB depending on model |
| CPU | 1 core | 2 cores at ~50 hosts | 4+ cores |
| Disk | 10 GB | 50 GB SSD (for log retention) | + 20 GB for models |
Rule of thumb
The stack needs ~1 GB RAM idle. About +500 MB and an extra CPU core per 100 additional hosts. Logs and long retention windows mostly drive disk usage.
The setup wizard's sizing question helps you pick a profile: see scaling.
Software¶
- Docker Engine ≥ 24.0
- Docker Compose ≥ 2.20 (V2, built in)
- openssl and curl (auto-installed by setup script on Debian/Ubuntu/RHEL/AlmaLinux/SUSE/Arch)
Check:
If Docker is missing — the setup script installs it via get.docker.com. Manually:
Network¶
Inbound to the Vesana server¶
| Port | Purpose | Source |
|---|---|---|
| 80 (TCP) | HTTP → redirect to 443 | Internet / LAN |
| 443 (TCP) | Frontend, API, receiver, agent config | Agents, collectors, browsers, mobile |
| 5667 (TCP) | NSCA receiver | only if NSCA migration mode is on |
Outbound from the Vesana server¶
| Target | Purpose | Required |
|---|---|---|
Docker registry (ghcr.io) |
Image pull on update | Yes (except offline) |
license.vesana.org |
Update check, install file distribution, feedback | Recommended |
console.firebase.googleapis.com |
Send push notifications | Optional (only with mobile push) |
api.anthropic.com |
AI provider Anthropic | Optional |
| SMTP server | Email notifications | Optional |
| NTP pool | Time sync (license validation needs correct clock) | Required |
DNS¶
A domain pointing to the server is strongly recommended. The setup wizard can then issue a Let's Encrypt certificate automatically. Without a domain, Vesana uses a self-signed cert — browsers warn, the agent installer needs --insecure.
What Vesana does NOT need¶
- No inbound port on monitored machines — the data stream is outbound HTTPS 443 from agent/collector to server.
- No VPN between server and customer network — the collector lives in the customer network and phones home.
- No external database — Postgres + Redis run inside the compose stack.
- No outbound telemetry — the only optional outbound contact is the update check against
license.vesana.org.
Next¶
If prerequisites check out, continue with the setup script or manual installation.