System Requirements¶
This page outlines the requirements for deploying the SPSA appliance in your environment.
Appliance Specifications¶
SPSA Foundation¶
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4 cores |
| RAM | 4 GB | 8 GB |
| Disk | 50 GB SSD | 100 GB SSD |
| Network | 1 Gbps | 1 Gbps |
SPSA Pro¶
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 4 cores | 8 cores |
| RAM | 8 GB | 16 GB |
| Disk | 100 GB SSD | 500 GB SSD |
| Network | 1 Gbps | 10 Gbps |
Session Recording Storage
SPSA Pro with session recording enabled requires additional disk space based on recording volume. Plan for 100-500 GB or more for environments with extensive recording requirements.
SPSA Demo Appliance¶
The SPSA Demo installation is a fully functional SPSA Foundation appliance for evaluation purposes:
| Parameter | Value |
|---|---|
| Runtime Limit | 30 days after first boot |
| Network Adapters | 1 (DHCP configured) |
| RAM | 4 GB |
| CPU | 2 cores |
| Disk | 64 GB |
Demo Limitations
- The demo appliance runtime is limited to 30 days
- Only one network adapter is configured (uses DHCP)
- Cannot be upgraded to a production license
- A fresh deployment is required for production use
Virtualization Platforms¶
SPSA is provided as a virtual appliance compatible with:
| Platform | Minimum Version | Template Format |
|---|---|---|
| VMware ESXi | 7.0 Update 1 | OVA |
| VMware vSphere | 7.0 Update 1 | OVA |
| Microsoft Hyper-V | 2016 | ZIP (VHDX) |
| Microsoft Hyper-V | 2019, 2022 | ZIP (VHDX) |
ESXi Standalone
SPSA can be deployed directly to ESXi hosts without vCenter Server.
Network Requirements¶
Firewall Rules (Inbound to SPSA)¶
| Source | Port | Protocol | Purpose |
|---|---|---|---|
| Users | 443 | TCP | SPSA Portal web interface (HTTPS) |
Integrated Firewall
SPSA includes an integrated host firewall that blocks all unnecessary inbound traffic. Only HTTPS (port 443) is accessible by default.
Firewall Rules (Outbound from SPSA)¶
| Destination | Port | Protocol | Purpose |
|---|---|---|---|
| Windows Targets | 3389 | TCP | RDP connections |
| Linux Targets | 22 | TCP | SSH connections |
| VNC Targets | 5900-5910 | TCP | VNC connections |
| Telnet Targets | 23 | TCP | Telnet connections |
| DNS Server | 53 | UDP/TCP | Name resolution |
| NTP Server | 123 | UDP | Time synchronization |
SPSA Pro Multi-Site (Additional)¶
For SPSA Pro with distributed SPSA Proxies:
| Source | Destination | Port | Protocol | Purpose |
|---|---|---|---|---|
| SPSA Portal | SPSA Proxy | VPN | UDP | Site-to-site connectivity |
| SPSA Proxy | SPSA Portal | VPN | UDP | Recording sync |
Browser Requirements¶
SPSA Portal is compatible with modern HTML5 browsers:
| Browser | Minimum Version |
|---|---|
| Google Chrome | 90+ (Recommended) |
| Microsoft Edge | 90+ (Recommended) |
| Mozilla Firefox | 88+ |
| Safari | 14+ |
No Plugins Required
SPSA uses HTML5 for remote sessions. No browser plugins, Java, or ActiveX are required.
Recommended Browsers
Google Chrome and Microsoft Edge provide the best experience with SPSA.
Target System Requirements¶
Windows (RDP)¶
- Remote Desktop enabled on target system
- Network Level Authentication (NLA) recommended
- Firewall allows port 3389 from SPSA appliance IP
Windows Settings:
System Properties > Remote > Allow remote connections
☑ Allow connections only from computers running Remote Desktop with NLA
Linux/Unix (SSH)¶
- SSH server running (OpenSSH recommended)
- Firewall allows port 22 from SPSA appliance IP
- Password or key-based authentication enabled
Verify SSH is running:
sudo systemctl status sshd
VNC¶
- VNC server installed and running
- VNC password configured
- Firewall allows VNC port (5900 + display number) from SPSA
Telnet (Legacy)¶
Security Warning
Telnet is unencrypted. Use only for legacy systems that cannot support SSH.
- Telnet service enabled on target
- Firewall allows port 23 from SPSA
Appliance Components¶
The SPSA appliance is a pre-configured system with:
| Component | Technology |
|---|---|
| Operating System | Alpine Linux |
| Remote Access | Apache Guacamole 1.6.0 |
| Container Runtime | Docker |
| Database | PostgreSQL |
| Reverse Proxy | Caddy |
| Firewall | nftables |
All components are pre-installed and configured. No manual installation required.
Pre-Deployment Checklist¶
Infrastructure¶
- [ ] Virtualization platform meets minimum version requirements
- [ ] Sufficient resources allocated (CPU, RAM, disk)
- [ ] VM template obtained from Skillplan
Network¶
- [ ] SPSA IP address planned (static recommended)
- [ ] Network firewall rules configured (inbound 443, outbound to targets)
- [ ] DNS entry created (optional but recommended)
- [ ] Target systems accessible from SPSA network segment
Security¶
- [ ] SSL certificate obtained (optional for initial setup)
- [ ] TOTP authenticator app available for MFA setup
- [ ] Initial credentials received from Skillplan
Target Systems¶
- [ ] Remote Desktop enabled (Windows targets)
- [ ] SSH server running (Linux targets)
- [ ] Firewall rules allow connections from SPSA
- [ ] Test credentials available
Related Documentation¶
- Installation Guide - Deployment instructions
- Network Configuration - Network setup details
- Security Guide - Security best practices