System requirements
Server configuration
| Item | Requirement |
|---|---|
| Orion Devices per server | There is no physical limit on the number of Orion Devices per server. The specification here is capable of providing a response time of 2 seconds or less for every user when access requests are made simultaneously by 70 Orion Devices with Salto Space and Salto Orion installed on the same hardware. Consideration needs to be given to the number of concurrent access requests that can be expected. Increasing processor core count and clock speed will provide more concurrent requests if needed. In this context simultaneously means within a 10 second window. |
| Network interfaces | This must be a wired connection. |
| CPUs | Min. 3.2 GHz 8 Cores |
| Memory | 32 GB |
| Storage | Mirrored SSD - 480 GB We strongly recommend that physical storage is encrypted. |
| Architecture | Intel/AMD x64 must support AVX2 instruction set Supported processors: AMD Ryzen 7 and 9, Threadripper Intel Core i9, Corre i7 This is only a guide, you should confirm that the processor of your selectted hardware (or virtualisation driver) supports AVX2 instructions. |
| Operating system | Ubuntu Server 24.04 LTS. This must be the minimized install option. The install process hardens the server, installing and configuring a firewall and OS updates. The server specified above is sufficient to have Windows 11 Pro installed with Hyper-V. Salto Space can be installed on the Windows operating system with Orion installed in a Hyper-V virtual machine with Ubuntu Server minimal. |
| Firewall | The Orion Server requires the following inbound traffic to be allowed from the Orion Devices on the following ports:UDP/123 - NTP. The Orion Server uses Cloudflare Time Services for time synchronization.TCP/443 - HTTPSThe Orion installation process installs and configures the server firewall to only permit these inbound ports. |
Network configuration
An Access Control Virtual LAN should be created to separate the Orion Devices from corporate and guest networks. This can be the same network used by other Salto network devices. The network subnet size is dictated by the number of Orion Devices on the network.
The network should be configured for no inbound or outbound traffic with the single exception of the Orion Server. The Orion server requires outbound traffic on the following ports:
123- to allow the Orion Server to synchronize time.443- to enable access to Orion Enrolment Service, download software updates for the Orion Server and Orion Devices from Orion Connect and provide diagnostic and performance information.8883- to enable MQTT connectivity with Orion Connect for system commissioning, monitoring and updates.
A DHCP server is required to allocate IP addresses to the Orion Devices, with a reserved IP address allocated to the Orion Server.
The Orion Server requires a DNS server which must be provided by the DHCP server.
The Orion Devices, however, do not use DNS. Instead, they are provided with the IP address of the Orion Server during the commissioning phase.
For this reason, the Orion Server IP must not change.
| Item | Requirement |
|---|---|
| VLAN | An isolated (V)LAN is required for all cameras and locks. |
| Physical characteristics | Cat 5e or Cat 6 network with Gigabit switches. |
| IP subnet | Must be large enough to allocate addresses to all locks, camera units and servers/controllers Must not be in the range: 172.31.255.0/24. |
| Outbound ports | Restrict to:123 - NTP443 - HTTPS/TLS8883 - MQTT/mTLSShould also only permit Orion Servers to access outbound ports. Orion Devices do not require access outside of the VLAN. |
| DHCP | DHCP is required to provide IP addresses to Orion Devices. The Orion Server must have a reserved IP address that can not change once Orion Devices have been commissioned. |
| DNS | The Orion Server requires access to DNS. |
Installing Ubuntu server