Requirements¶
The appliance runs on Ubuntu Server 24.04 LTS. You can run it on dedicated hardware (a mini-PC) or as a virtual machine from the Acutis OVA. The two paths produce an identical collector.
Hardware (mini-PC)¶
A small, always-on x86-64 or ARM64 machine works well. Reference points:
| Resource | Minimum | Recommended |
|---|---|---|
| CPU | 2 cores | 4 cores |
| RAM | 2 GB | 4 GB+ (8 GB if you want the larger local AI models) |
| Disk | 20 GB | 32 GB+ SSD |
| Network | 1 wired Ethernet port | 1 wired Ethernet port |
| OS | Ubuntu Server 24.04 LTS | Ubuntu Server 24.04 LTS |
Why 4 GB+ if you want the on-box AI
The local "smart collector" AI pulls a small language model (llama3.2:3b) onto the box during first boot. The collector itself is light; the model is what benefits from extra RAM. The AI install is non-fatal — if the box is tight on resources the collector still runs and reports normally, it just skips the local field briefs.
Tested platforms include the Raspberry Pi 5 (8 GB) and compact Intel mini-PCs. Anything that runs Ubuntu Server 24.04 and stays powered on will work.
Virtual appliance (OVA / VM)¶
The Acutis OVA is built from Ubuntu Server 24.04 LTS with cloud-init enabled. The reference VM profile is:
| Resource | Value |
|---|---|
| vCPU | 2 |
| RAM | 2 GB (raise to 4 GB+ for the local AI) |
| Disk | 20 GB (thin-provisioned, grows as needed) |
| Firmware | BIOS or UEFI |
| Disk format | qcow2 (convertible to VMDK/OVA for your hypervisor) |
The OVA ships without any credentials baked in. It receives its identity on first boot from a per-tenant seed ISO (a small cloud-init disk you attach as a CD-ROM). See Install and Provisioning.
Network placement¶
- Put the appliance on your management network / VLAN — the same L2/L3 segment that can reach your switches', firewall's, and APs' management interfaces. The appliance reaches devices over SSH (TCP 22), the PAN-OS XML API (TCP 443), SNMP (UDP 161), and the UniFi controller API, so it must have a route to those management IPs.
- DHCP is fine. On boot the appliance auto-detects its own gateway and subnet from the OS routing table and reports them to the backend (used for the dashboard's ping-sweep). You can override with
GATEWAY_IP/SUBNETif you need to. - One wired interface is enough. A single NIC that can reach both the device-management network and the internet is the simplest, most common deployment.
Outbound connectivity to the backend¶
The appliance makes only outbound HTTPS connections to your Acutis backend — it never needs an inbound port opened to it. Allow the appliance to reach:
| Destination | Port | Purpose |
|---|---|---|
Your Acutis backend (https://app.acutisgo.com for cloud) |
443 | Submit telemetry, fetch device list, pull credentials from the vault, check in, receive CLI jobs, self-update |
https://ollama.ai and its install mirror |
443 | One-time download of the local AI engine + model during first boot (optional; non-fatal if blocked) |
| Ubuntu package mirrors | 443/80 | OS + Python package install during first boot |
Air-gapped device networks are supported
The appliance only needs outbound reach to the backend. Your managed devices never talk to the cloud — the appliance is the only thing that does, and it pushes, never listens.
What you need before you start¶
- An Acutis account and a site (tenant) — Free tier is fine to start.
- A provisioning token or installer bundle generated from your dashboard (see Provisioning).
- Install media — a USB stick (mini-PC path) or the OVA + seed ISO (VM path).
Next: Install.