Prerequisites
Before deploying AegisWire, ensure your environment meets the following requirements. AegisWire is designed for enterprise environments and requires specific infrastructure depending on your deployment tier.
Supported Operating Systems
Server / Gateway
AegisWire gateways and the Go control plane run on Ubuntu 24.04 LTS exclusively. All Docker images are built on Ubuntu 24.04 LTS base images. Other Linux distributions are not officially supported for production deployments.
Client Applications (Coming Soon)
Native client applications are currently in development. The following platforms are targeted:
| Platform | Minimum Version | Notes | Status |
|---|---|---|---|
| macOS | 13 (Ventura) | Native VPN framework via NetworkExtension | In development |
| Windows | 10 (21H2) | WinTUN driver for tunnel integration | In development |
| iOS | 16.0 | NetworkExtension packet tunnel provider | In development |
| Android | 13 (API 33) | VpnService API integration | In development |
Infrastructure Requirements
Self-Hosted Tier
For organisations deploying AegisWire in their own cloud account or on-premises:
- Container runtime: Docker 24.0+ or compatible OCI runtime
- Database: PostgreSQL 15 or later (required — SQLite is not supported)
- Compute: Minimum 2 vCPUs, 4 GiB RAM for the Go control plane
- Network: UDP port access for tunnel traffic (configurable), HTTPS for control plane API
- TLS certificates: Valid TLS certificate for the control plane domain
- DNS: Resolvable hostname for the control plane endpoint
Managed Tier
For the managed SaaS deployment operated by AegisWire:
- No server infrastructure required on your side
- A supported client operating system (see table above)
- Internet access for client devices to reach AegisWire's regional gateway fleet
- Administrative access to configure your organisation's policies via the web admin interface
Hardware Appliance
For organisations deploying the AegisWire hardware appliance:
- Standard 1U rack space and power
- Ethernet connectivity (1 GbE minimum, 10 GbE recommended)
- Internet access for mandatory phone-home licensing (every 24 hours)
- No separate database server required — PostgreSQL runs locally on the appliance
Network Requirements
Firewall Rules
The following network access is required:
| Direction | Protocol | Port | Purpose |
|---|---|---|---|
| Inbound | UDP | Configurable (default 443) | AWT tunnel traffic |
| Inbound | TCP | 443 | Control plane HTTPS API |
| Outbound | TCP | 443 | License validation, updates |
| Outbound | TCP | 5432 | PostgreSQL (if external DB) |
DNS Configuration
For self-hosted and hardware deployments, configure DNS records for:
- Control plane:
AorAAAArecord pointing to your control plane host - Gateway endpoints:
AorAAAArecords for each gateway endpoint
For managed deployments, AegisWire handles all DNS configuration.
Authentication Prerequisites
AegisWire includes comprehensive built-in user management as the default identity system. No external identity provider is required for any tier to function.
If you plan to integrate with an external identity provider for SSO federation, ensure you have:
- OIDC: Issuer URL, client ID, and client secret from your identity provider
- SAML: Entity ID, SSO URL, and the identity provider's signing certificate
- Azure Entra ID: Tenant ID, client ID, and client secret
- Okta: Organisation URL, client ID, client secret, and authorisation server ID
External identity provider integration is optional. Built-in users and external IdP users can coexist simultaneously.
Next Steps
Once your environment meets these prerequisites, proceed to the Quickstart Guide to deploy your first AegisWire instance.