Sizing Guide
Based on the number of assets that will need to be secured, hardware specifications are listed as below.
Note: Customer is expected to provision virtual machines prior to deployment. We will share the necessary files required prior to the deployment date. Files must be copied to the Registry VM before installation.
Securing up to 100 assets
Hardware Requirements for Non HA setup
Non HA Kubernetes Cluster
| Layer | No of VMs | Specification | Resource |
|---|---|---|---|
| Platform Tier | 5 | - Each VM: - 4vCPU -16 GB RAM - 220 GB OS Disk on each VM - 128 GB additional unformatted raw disk on each VM - Ubuntu 22.04/RHEL9.4 | - VMWare servers for bringing up a Kubernetes cluster using Kubespray - K8s 1.29.5 or above will be deployed using manifests shared by ColorTokens using Kubespray |
| Registry VM | 1 | - VM Specification: - 4vCPU, - 8 GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM used for serving the ColorTokens platform docker images and binaries required to form the cluster during the deployment |
Non HA DB
| Layer | No of VMs | Specification | Resource |
|---|---|---|---|
| Data Tier | 1 | - VM Specification: - 4vCPU - 16GB Memory - 220 GB OS Disk - 200GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | For bringing up Postgres DB |
Hardware Requirements for HA setup
HA Kubernetes Cluster
“The below configuration provides full HA for platform and data tier across DC and DR.”
Note: We will require you to create the virtual machines on your end. We will share the necessary files required prior to the deployment date. These will need to be copied to the Registry VM (mentioned below)
| Layer | Site | No of VMs | Specification | Resource |
|---|---|---|---|---|
| Platform Tier | DC | 5 | - Each VM: - 4vCPU - 16GB RAM - 220 GB OS Disk - 128 GB unformatted raw disk - Ubuntu 22.04/RHEL9.4 | - VMWare servers for bringing up a Kubernetes cluster using Kubespray - K8s 1.29.5 or above deployed using manifests via Kubespray |
| DR | 5 | - Each VM: - 4vCPU - 16 GB RAM - 220 GB OS Disk - 128 GB unformatted raw disk - Ubuntu 22.04/RHEL9.4 | - VMWare servers for bringing up a Kubernetes cluster using Kubespray - K8s 1.29.5 or above deployed using manifests via Kubespray | |
| Registry VM | DC | 1 | - 4vCPU - 8GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM used for serving the ColorTokens platform docker images and binaries during deployment |
| DR | 1 | - 4vCPU, 8GB Memory - 220GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM used for serving the ColorTokens platform docker images and binaries during deployment |
HA DB
| Layer | Site | No of VMs | Specification | Resource |
|---|---|---|---|---|
| Data Tier | DC | 1 | - 4vCPU, 16GB Memory - 220 GB OS Disk + 200GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | - VM instance with an additional data disk |
| DR | 1 | - 4vCPU, 16GB Memory - 220 GB OS Disk + 200GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | - VM instance with an additional data disk | |
| DR | 1 | - 4vCPU, 16GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | - VM instance without an additional data disk |
Disk space allocation per node type for RHEL 9.4
K8s Nodes (Platform Tier)
| /USR | /VAR | / | /HOME | /OPT | Primary | Additional Disk (GB) |
|---|---|---|---|---|---|---|
| 15 | 170 | 10 | 15 | 10 | 220 | 128 |
DB VM (Data Tier)
| /USR | /VAR | / | /HOME | /OPT | Primary | Additional Disk (GB) |
|---|---|---|---|---|---|---|
| 10 | 170 | 20 | 10 | 10 | 220 | 200 |
Registry VM
| /HOME | /OPT | /VAR | / | Primary |
|---|---|---|---|---|
| 128 | 40 | 20 | 32 | 220 |
Securing up to 1000 assets
Hardware Requirements for Non HA setup
Note: Customer is expected to provision virtual machines prior to deployment. We will share the necessary files required prior to the deployment date. Files must be copied to the Registry VM before installation.
Non HA Kubernetes Cluster
| Layer | No of VMs | Specification | Resource |
|---|---|---|---|
| Platform Tier | 5 | - Each VM: - 4vCPU -16 GB RAM - 220 GB OS Disk on each VM - 256 GB additional unformatted raw disk on each VM - Ubuntu 22.04/RHEL9.4 | Kubernetes cluster (v1.29.5 or higher) will be provisioned on VMWare servers using Kubespray with manifests provided by ColorTokens. |
| Registry VM | 1 | - VM Specification: - 4vCPU, - 8 GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM serves ColorTokens platform Docker images and binaries necessary for cluster setup during deployment. |
Non HA DB
| Layer | No of VMs | Specification | Resource |
|---|---|---|---|
| Data Tier | 1 | - VM Specification: - 8vCPU - 64GB Memory - 220 GB OS Disk - 512 GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | Used to provision the PostgreSQL database |
Hardware Requirements for HA setup
HA Kubernetes Cluster
“The below configuration provides full HA for platform and data tier across DC and DR.”
Note: We will require you to create the virtual machines on your end. We will share the necessary files required prior to the deployment date. These will need to be copied on the Registry VM (mentioned below)
| Layer | Site | No of VMs | Specification | Resource |
|---|---|---|---|---|
| Platform Tier | DC | 5 | - Each VM: - 4vCPU - 16GB RAM - 220 GB OS Disk - 256 GB unformatted raw disk - Ubuntu 22.04/RHEL9.4 | Kubernetes cluster (v1.29.5 or higher) will be provisioned on VMWare servers using Kubespray with manifests provided by ColorTokens. |
| DR | 5 | - Each VM: - 4vCPU - 16 GB RAM - 220 GB OS Disk - 256 GB unformatted raw disk - Ubuntu 22.04/RHEL9.4 | Kubernetes cluster (v1.29.5 or higher) will be provisioned on VMWare servers using Kubespray with manifests provided by ColorTokens. | |
| Registry VM | DC | 1 | - 4vCPU - 8GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM serves ColorTokens platform Docker images and binaries necessary for cluster setup during deployment. |
| DR | 1 | - 4vCPU, 8GB Memory - 220GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM serves ColorTokens platform Docker images and binaries necessary for cluster setup during deployment. |
HA DB
| Layer | Site | No of VMs | Specification | Resource |
|---|---|---|---|---|
| Data Tier | DC | 1 | - 8vCPU - 64GB Memory - 220 GB OS Disk - 512 GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | Acts as the primary node for provisioning the PostgreSQL database. |
| DR | 1 | - 8vCPU - 64GB Memory - 220 GB OS Disk - 512 GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | Serves as the secondary PostgreSQL node for replication and failover. | |
| DR | 1 | - 8vCPU - 64GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Dedicated etcd node for DB cluster consensus and synchronization. |
Disk space allocation per node type for RHEL 9.4
K8s Nodes (Platform Tier)
| /USR | /VAR | / | /HOME | /OPT | Primary | Additional Disk (GB) |
|---|---|---|---|---|---|---|
| 15 | 170 | 10 | 15 | 10 | 220 | 256 |
DB VM (Data Tier)
| /USR | /VAR | / | /HOME | /OPT | Primary | Additional Disk (GB) |
|---|---|---|---|---|---|---|
| 10 | 170 | 20 | 10 | 10 | 220 | 512 |
Registry VM
| /HOME | /OPT | /VAR | / | Primary |
|---|---|---|---|---|
| 128 | 40 | 20 | 32 | 220 |
Securing up to 4000 assets
Hardware Requirements for Non HA setup
Note: Customer is expected to provision virtual machines prior to deployment. We will share the necessary files required prior to the deployment date. Files must be copied to the Registry VM before installation.
Non HA Kubernetes Cluster
| Layer | No of VMs | Specification | Resource |
|---|---|---|---|
| Platform Tier | 6 | - Each VM: - 8vCPU - 32 GB RAM - 250 GB OS Disk on each VM - 512 GB additional unformatted raw disk on each VM - Ubuntu 22.04/RHEL9.4 | Kubernetes cluster (v1.29.5 or higher) will be provisioned on VMWare servers using Kubespray with manifests provided by ColorTokens. |
| Registry VM | 1 | - VM Specification: - 4vCPU, - 8 GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM serves ColorTokens platform Docker images and binaries necessary for cluster setup during deployment. |
Non HA DB
| Layer | No of VMs | Specification | Resource |
|---|---|---|---|
| Data Tier | 1 | - VM Specification: - 8vCPU - 64GB Memory - 500 GB OS Disk - 512 GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | Used to provision the PostgreSQL database |
Hardware Requirements for HA setup
HA Kubernetes Cluster
Note: We will require you to create the virtual machines on your end. We will share the necessary files required prior to the deployment date. These will need to be copied on the Registry VM.
| Layer | Site | No of VMs | Specification | Resource |
|---|---|---|---|---|
| Platform Tier | DC | 6 | - Each VM: - 8vCPU - 32GB RAM - 250 GB OS Disk - 512 GB unformatted raw disk - Ubuntu 22.04/RHEL9.4 | Kubernetes cluster (v1.29.5 or higher) provisioned using Kubespray with ColorTokens manifests. |
| DR | 6 | - Each VM: - 8vCPU - 32GB RAM - 250 GB OS Disk - 512 GB unformatted raw disk - Ubuntu 22.04/RHEL9.4 | Kubernetes cluster (v1.29.5 or higher) provisioned using Kubespray with ColorTokens manifests. | |
| Registry VM | DC | 1 | - 4vCPU - 8GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM hosts Docker images and binaries needed for deployment. |
| DR | 1 | - 4vCPU - 8GB Memory - 220GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM hosts Docker images and binaries needed for deployment. |
HA DB
| Layer | Site | No of VMs | Specification | Resource |
|---|---|---|---|---|
| Data Tier | DC | 1 | - 8vCPU - 64GB Memory - 500 GB OS Disk - 512 GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | Primary PostgreSQL node |
| DR | 1 | - 8vCPU - 64GB Memory - 500 GB OS Disk - 512 GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | Secondary PostgreSQL node | |
| DR | 1 | - 8vCPU - 64GB Memory - 500 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Etcd node for DB cluster |
Disk space allocation per node type for RHEL 9.4
| Tier | Resource | Specification(s) |
|---|---|---|
| Platform Tier |
| Each VM specification:
|
| Data Tier |
| VM specification:
|
| Registry VM |
| VM Specification:
|
Securing up to 10000 assets
Hardware Requirements for Non HA setup
Note: Customer is expected to provision virtual machines prior to deployment. We will share the necessary files required prior to the deployment date. Files must be copied to the Registry VM before installation.
Non HA Kubernetes Cluster
| Layer | No of VMs | Specification | Resource |
|---|---|---|---|
| Platform Tier | 6 | - Each VM: - 8vCPU - 32 GB RAM - 550 GB OS Disk on each VM - 1024 GB additional unformatted raw disk on each VM - Ubuntu 22.04/RHEL9.4 | Kubernetes cluster (v1.29.5 or higher) will be provisioned on VMWare servers using Kubespray with manifests provided by ColorTokens. |
| Registry VM | 1 | - VM Specification: - 4vCPU, - 8 GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM serves ColorTokens platform Docker images and binaries necessary for cluster setup during deployment. |
Non HA DB
| Layer | No of VMs | Specification | Resource |
|---|---|---|---|
| Data Tier | 1 | - VM Specification: - 32vCPU - 128GB Memory - 1024 GB OS Disk - 1024 GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | Used to provision the PostgreSQL database |
Hardware Requirements for HA setup
HA Kubernetes Cluster
Note: We will require you to create the virtual machines on your end. We will share the necessary files required prior to the deployment date. These will need to be copied on the Registry VM.
| Layer | Site | No of VMs | Specification | Resource |
|---|---|---|---|---|
| Platform Tier | DC | 6 | - Each VM: - 8vCPU - 32GB RAM - 550 GB OS Disk - 1024 GB unformatted raw disk - Ubuntu 22.04/RHEL9.4 | Kubernetes cluster (v1.29.5 or higher) provisioned using Kubespray with ColorTokens manifests. |
| DR | 6 | - Each VM: - 8vCPU - 32GB RAM - 550 GB OS Disk - 1024 GB unformatted raw disk - Ubuntu 22.04/RHEL9.4 | Kubernetes cluster (v1.29.5 or higher) provisioned using Kubespray with ColorTokens manifests. | |
| Registry VM | DC | 1 | - 4vCPU - 8GB Memory - 220 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM hosts Docker images and binaries needed for deployment. |
| DR | 1 | - 4vCPU - 8GB Memory - 220GB OS Disk - Ubuntu 22.04/RHEL9.4 | Registry VM hosts Docker images and binaries needed for deployment. |
HA DB
| Layer | Site | No of VMs | Specification | Resource |
|---|---|---|---|---|
| Data Tier | DC | 1 | - 32vCPU - 128GB Memory - 1024 GB OS Disk - 1024 GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | Primary PostgreSQL node |
| DR | 1 | - 32vCPU - 128GB Memory - 1024 GB OS Disk - 1024 GB SSD Data Disk - Ubuntu 22.04/RHEL9.4 | Secondary PostgreSQL node | |
| DR | 1 | - - 32vCPU - 128GB Memory - 500 GB OS Disk - Ubuntu 22.04/RHEL9.4 | Etcd node for DB cluster |
Disk space allocation per node type for RHEL 9.4
K8s Nodes (Platform Tier)
| /USR | /VAR | / | /HOME | /OPT | Primary | Additional Disk (GB) |
|---|---|---|---|---|---|---|
| 15 | 500 | 10 | 15 | 10 | 550 | 1024 |
DB VM (Data Tier)
| /USR | /VAR | / | /HOME | /OPT | Primary | Additional Disk (GB) |
|---|---|---|---|---|---|---|
| 60 | 804 | 60 | 50 | 50 | 1024 | 1024 |
Registry VM
| /HOME | /OPT | /VAR | / | Primary |
|---|---|---|---|---|
| 128 | 40 | 20 | 32 | 220 |
Additional Requirements
- All the above shared server instances should be able to communicate with each other (preferably located in the same vNET).
- We require attaching static IPs to the above VMs. These IPs should be excluded from your DHCP pool, if any.
- In addition to the above, we require 3 unused static IPs which will be assigned to the platform ingress components.
- FQDN and TLS:
- FQDN(s) of your choice will be required to host the ColorTokens Xshield platform and other components (blob store, monitoring).
For example:
[colortokens].[your-domain-name].com (Xshield Platform UI) (IP1)
artifacts-[colortokens].[your-domain-name].com (Blob Storage) (IP2)
docs-[colortokens].[your-domain-name].com (Knowledge base) (IP1)
monitoring-[colortokens].[your-domain-name].com (Monitoring platform - Grafana) (IP3)
registry-[colortokens].[your-domain-name].com (To connect registry) (Registry VM IP)
- The FQDN(s) must be resolvable from all managed assets.
- TLS certificates issued by a well-known certificate authority for the FQDN(s).
- Certificates should have CN=[colortokens].[your-domain-name].com
- Certificates SAN entries should cover all the above FQDNs.
- The customer must have a valid DNS and NTP server configured to ensure DNS resolution for the chosen FQDN and time sync between the servers.
-
Bastion host should be RHEL 9.4 or Ubuntu 22.04 and we should be able to connect to:
- Access to Port 15432 for PostgreSQL
- Access to SSH port (22)
- Storage account (Read and write access)
- ACR or any similar registry (Read and write access)
- Access to DB (Read and write)
- Access to cluster (Read and write access)
- Permission to deploy CRDs on cluster
- Access to all of the above FQDNs
- TLS full Certificate chain and private key should be copied to bastion host
- Sudo access on Bastion host
- Connectivity to all Kubernetes nodes
-
Access to port 3000 of registry VM from any other windows machine.
-
Kubeconfig file of cluster should be present on bastion host.
-
For RHEL 9.4 and Ubuntu 22.04 we will share offline files that need to be copied to bastion host.
The following files must be copied to the specified locations prior to deployment:
| File Type | Location to Copy To | Delivery Mode |
|---|---|---|
| Platform deployment tar | Registry VM | Provided by CT |
| TLS certificate bundle | Registry VM | Customer-provided |
| OS package bundle | Registry VM | Provided by CT |
-
Public SFTP server to upload tar files from ColorTokens. These files should be eventually available on bastion host.
-
The following ports should be open between the DB nodes (only for CT managed HA DB):
- 8008: Patroni cluster communication
- 2379, 2380: Etcd cluster communication
-
The following ports should be open between the DC and DR Kubernetes cluster nodes (only for CT managed HA Kubernetes cluster):
- 30180: For multicluster rook healthcheck and auto failover
-
The following ports should be open from the platform tier nodes to the data tier nodes (only for CT managed HA DB setup):
- 15432 - Postgres access
- 8008 - Patroni management port (for db HA proxy to patroni cluster)
Identity Management:
- ColorTokens console can be configured to work with any OAuth compatible Identity Provider such as Active Directory, ADFS, Okta, Auth0, Keycloak etc.
DR Cluster:
- DR DB should have HA if managed by customer.
- Storage account should be in HA mode