NFO Deployment Hub
Choosing the right architecture is the first step toward a high-performance monitoring pipeline. NetFlow Optimizer (NFO) is designed to scale from a single virtual machine to a global, distributed footprint.
Choose Your Architecture
Depending on your data volume and security requirements, choose one of the two primary deployment models:
Model A: All-in-One (Standard)
Best for: Small to medium enterprises and lab environments. In this model, NFO and the External Data Feeder (EDFN) reside on the same host. This is the simplest setup and is the default behavior for NFO version 2.7 and higher.
Model B: Distributed (Enterprise)
Best for: Large-scale environments or "Dark" segments. If your NFO instance is located in a high-security segment without internet access, you can deploy the EDFN separately in a DMZ. The EDFN collects threat intel and geolocation data from the internet and pushes it to NFO internally.
Deployment Planning Checklist
Before you begin, ensure your target host meets these "Production-Ready" specifications.
| Component | Minimum Requirement | Recommended (Production) |
|---|---|---|
| CPU | 2 Cores | 4 - 8 Cores |
| Memory | 8 GB RAM | 16 GB RAM (Best for Enrichment) |
| Disk Space | 20 GB | 100 GB+ (For logs and local caching) |
| OS (Linux) | RHEL/Rocky 8+, Ubuntu 20.04+ | RHEL 9 or Rocky Linux 9 |
| OS (Windows) | Windows Server 2016 | Windows Server 2022 |
Critical Port Requirements
- Ingestion: UDP 9995 (NetFlow/IPFIX)
- Management: TCP 8443 (Web UI)
- Enrichment: TCP 443 (Outbound from EDFN to Internet)
Action Paths: Start Your Installation
Select the guide that matches your target environment:
1. Single-Node Installation (NFO + EDFN)
- Linux Installation Guide: Step-by-step for RPM and TAR.GZ deployments.
- Windows Installation Guide: Using the
.exeinstaller for Windows Server. - AWS Deployment: Launching via the Amazon Machine Image (AMI).
2. Distributed & High-Scale Components
- Standalone EDFN Setup: Only follow this if NFO is in a segment without internet access.
- NFO Central Setup: For horizontally scaling multiple NFO nodes under a single management pane.
Deployment FAQ
Do I need to install EDFN separately? No. Starting with NFO 2.7, the EDFN is bundled with NFO. You only need a separate EDFN installation if your NFO server cannot reach the internet to download threat lists and GeoIP updates.
Can I run NFO as a non-root user? Yes. We highly recommend this for production security. See our [Non-Root Configuration Guide] for post-install steps.