Planning and General Requirements
  • 6 Minutes to read
  • Dark
  • PDF

Planning and General Requirements

  • Dark
  • PDF

Article summary

Planning Your Installation

A CTERA Portal installation comprises a cluster of one or more VMs (servers). Each server can host any combination of the following services:

  • Main database. Only one server can host the main database. The server that hosts the main database is called the primary server.
  • Application service. This service accepts connections and handles requests from Web and CTTP clients.
  • Database replication server. A passive database service set to replicate an active database server. During server installation, you can turn on the replication service and select the database server from which to replicate.
  • Document preview server. This service is in charge of processing document preview requests. It is mandatory to launch a dedicated document preview server. The document preview service supports high availability. You can install one or more servers, in order to ensure uninterrupted document preview generation and redundancy in the event of a server failure.

By default, the first installed server is the primary database server, hosting the main database and application server. In the simplest topology, there are two servers: one server that includes a main database and application service, and a second server that provides document preview services. You can install any number of additional servers, for Scalability, Sizing, and Load Balancing and for Data Replication and Failover.

Scalability, Sizing, and Load Balancing

CTERA Portal is horizontally scalable. Additional servers can be added:

  • As application servers, to increase client handling capacity. Any servers that are enabled as application servers automatically balance the connected clients between them, allowing for maximized capacity and availability. The number of application servers deployed depends on the use case:
    • ROBO (remote office, branch office) use case – The users connect to the local CTERA Edge Filers, each edge filer connection to a virtual portal is one connection, even if there are thousands of users connected to each edge filer. You require one application server for every 100 edge filers.
    • FSS (file sync and share) use case – The users connect directly to a virtual portal. You require one application server for every 10,000 users and a minimum of one virtual portal for every 100,000 users.
  • As document preview servers.

Data Replication and Failover

The main database is stateful and contains critical data. You must replicate all such servers to maintain the availability of critical data. The application service is stateless, and therefore, any dedicated application servers do not require replication or backup. Failover between application servers is automatic.

For details about replicating the database, see Backing Up the Database.

CTERA Portal includes a built-in replication function for achieving higher level of availability. Replication can be achieved using other platform dependent replication methods (such as SAN or VMWare-level replication).


All internal communication between CTERA Portal servers is authenticated to prevent unauthorized access. Nevertheless, to follow the defense in-depth security philosophy, the primary database server, which stores sensitive data, should be placed in its own firewalled, isolated network, and only the application servers should be allowed to face the Internet.


The CTERA portal image for the platform, obtainable from CTERA support.

General Requirements

The following requirements apply to all platforms. For specific platform requirements, refer to the installation guide for the platform.

  • Web browser: The latest two releases of Apple Safari, Google Chrome, Microsoft Edge, and Mozilla Firefox.
  • SSH and SCP clients. For example, the freeware PuTTY.
  • In a production environment, with a multi-node deployment:
    • At least two application servers, for HA. Each application server requires a 64-bit virtual machine with a minimum 16GB RAM, 4 vCPUs and 100GB local hard disk drive (some images include a 110GB hard disk drive).
      When an application server will handle up to the maximum 10,000 clients, CTERA recommends a 64-bit virtual machine with a minimum of 32GB RAM and 8 vCPUs.
    • At least two database servers in Active/Passive mode. Each database server requires a 64-bit virtual machine witha minimum 32GB RAM and 8 vCPUs.
      • The size of the server datapool should be around 1% of the target data, using SSD storage with a provisioned IOPS volume with minimum 2000 IOPS. The archive pool can use magnetic disks and should be twice the size of the datapool.
      • The replication database server must have the same hardware configuration as the primary database server.

    CTERA recommends seeking guidance from CTERA support for a more accurate estimation of the required sizing.

  • In a small or test environment, with a single server deployment, the requirement is a 64-bit virtual machine with a minimum 8GB RAM, 2 CPU cores and 100GB local hard disk drive.
  • Access from the virtual machine to a Storage Area Network (SAN) or directly attached hard drives.
  • The virtual disk attached to the CTERA VMs running the CTERA database, applicable for the main database, must yield a minimum of 700 TPS (transactions per second). To test the TPS on your installation, contact CTERA support at
  • Preview servers require at least 16GB of RAM, 4 CPU cores, and 60GB of storage. CTERA recommends using SSD storage.
  • The ports listed in Port Considerations are open.

All resources allocated to a server must be dedicated to that server and not shared with other servers. You must not run non-CTERA applications on any of the portal servers.

Contact CTERA support for help sizing your environment.

Other requirements

Prepare the following:

  • A DNS name for the CTERA Portal installation. This can be changed after the installation.
  • An ICAP Server and license if either the antivirus or data loss prevention (DLP) features will be used.
  • An SMTP mail server address and port for sending notifications, such as Amazon Simple Email Service (SES).

Port Considerations

To allow access to and from the Internet on the firewall on each machine that will operate as an application server or database server, ensure the following network ports are open:

22TCPInbound and OutboundSSH. CTERA recommends limiting SSH access to specific IP addresses that may require access to the CTERA application servers, for example to perform scheduled maintenance and support related work.
53UDPInbound and OutboundDNS
80TCPInbound and OutboundHTTP
443TCPInbound and OutboundHTTPS
995TCPInboundCTTP. Communications with CTERA Edge Filers and agents.
xx (Use the port number that is used at your site for SMTP. The default port for SMTP is 25.)TCPOutboundSMTP

The following ports must be opened towards storage nodes:

80 or 443 (for HTTPS)TCPOutboundObject Storage (When Direct Mode is set for the storage node, HTTPS is set as and cannot be changed, requiring port 443.)
111, 2049TCPOutboundNFS
1191TCPOutboundGPFS. Required for accessing GPFS nodes.

If you are running a separated environment that consists of multiple CTERA servers residing on separate firewalled network segments (such as different AWS security groups), open the following additional ports between the CTERA servers. These ports do not need to be accessible from the Internet:

22TCPInbound and OutboundSSH management between the servers.
443TCPInbound and OutboundUpdates between the servers.
5432TCPInboundPostgreSQL. Applicable for the primary database server and database replication servers only.
18682TCPInbound and OutboundApplicable for document preview servers only.

If CTERA Portal will be connected to Active Directory, open the following ports towards the Active Directory servers

88TCP/UDPOutboundIf Kerberos is used
389TCP/UDPOutboundLDAP/LDAP GC (Global Catalog)
3268TCPOutboundLDAP/LDAP GC (Global Catalog)
636, 3269TCPOutboundLDAP and LDAP GC with SSL (CTERA recommends using LDAP and LDAP GC with SSL instead of LDAP and LDAP GC.)

CTERA Portal requires the following port open for RSync for database replication between the main and secondary databases. This port does not need to be accessible from the Internet:


CTERA Portal requires the following port open for antivirus and DLP scanning. This port does not need to be accessible from the Internet:


CTERA Portal operates behind a firewall, and it is important to leave all other ports closed.

Was this article helpful?

What's Next