For Business For Home

Password Depot – System Requirements

Binding minimum values and recommended sizes for operating Password Depot Enterprise Server and Windows clients in production environments.

Server Hardware

Memory (RAM)

  • Average RAM footprint per entry: 10 KB (minimum), 20 KB (recommended).
  • The server keeps all open databases in RAM.
  • Peak working set (server process incl. crypto, connection pools, caches, TLS buffers, etc.): up to approx. 500 MB.
  • Additional buffer/headroom: 30 % to absorb load peaks and fragmentation.

Formula for RAM sizing (based on 1 MB = 1024 KB):

Total RAM ≈ 1.3 × (Number_of_entries × KB_per_entry + 500 MB)

Calculation example

Starting point: 2,000 users × 10 entries = 20,000 entries

  • Minimum (10 KB/entry)
    Data RAM ≈ 195 MB; process ≈ 500 MB → with 30% headroom ≈ ~900 MB ⇒ round up to 1 GB of available RAM.
  • Recommended (20 KB/entry)
    Data RAM ≈ 391 MB; process ≈ 500 MB → with 30% headroom ≈ ~1.2 GB ⇒ at least 2 GB available for growth and additional open databases.

Conclusion: Minimum: 1 GB (functional, tight) · Recommended: 2 GB (comfortable), 4 GB ideal for maintenance/management operations.

CPU

  • Minimum: 2 cores, modern x86_64 CPU
  • Recommended: 4 cores for greater parallelism, intensive cryptography, or large attachments

Platform & Operating System

  • OS: Windows Server (64-bit).
  • Ensure sufficient RAM to avoid paging/swapping under load.

Disk Space

Actual requirements depend heavily on the number/size of backups and documents. A realistic estimate for the complete server directory, including data, backups, and logs, is ≈ 2 GB.

Note: If you store many or large attachments or increase backup retention, plan for additional storage capacity accordingly.

Network & Firewall

The following port matrix summarizes the required connections for servers, clients, administration, and updates.

Enterprise Server (pd_service.exe)

Inbound connections to the server

From:
Windows Client
(PasswordDepot.exe)
To:
Enterprise Server
(pd_service.exe)
Port:
25019
Protocol:
TCP/UDP
Purpose:
Authentication & access to client databases
From:
Server Manager
(pd_admin.exe)
To:
Enterprise Server
(pd_service.exe)
Port:
25019
Protocol:
TCP
Purpose:
Server administration

Outbound connections from the server

From:
Enterprise Server
(pd_service.exe)
To:
DNS server
Port:
53
Protocol:
TCP/UDP
Purpose:
Name resolution
From:
Enterprise Server
(pd_service.exe)
To:
SMTP server
Ports:
25 587 465
Protocol:
TCP
Purpose:
Email delivery
From:
Enterprise Server
(pd_service.exe)
To:
Domain controller
Ports:
389 636
(+ custom if applicable)
Protocol:
TCP/UDP
Purpose:
Active Directory (LDAP/LDAPS)
From:
Enterprise Server
(pd_service.exe)
To:
Internet
Port:
443
Protocol:
TCP/UDP
Purpose:
Azure AD / OIDC

Windows client (PasswordDepot.exe) & browser callback

Outgoing connections from the client

From:
Windows client
To:
Enterprise Server
Port:
25019
Protocol:
TCP/UDP
Purpose:
Authentication & database access
From:
Windows client
To:
DNS server
Port:
53
Protocol:
TCP/UDP
Purpose:
Name resolution
From:
Windows client
To:
Internet
Ports:
80 443
Protocol:
TCP/UDP
Purpose:
Cloud services, WebDAV (HTTP/HTTPS)
From:
Windows client
To:
Internet
Ports:
21 22 990
Protocol:
TCP
Purpose:
FTP/SFTP/FTPES (if used)

Local browser callback (localhost only)

From:
Browser
To:
Windows Client
Bind: 127.0.0.1
Ports:
8888 8989 25880 25889 10098
Protocol:
TCP
Purpose:
Callback for authentication in Cloud services

Note: The callback ports are bound exclusively to localhost; no inbound rules are required on network interfaces.

Administration & Updates

Server Manager (pd_admin.exe)

From:
Server Manager
To:
Enterprise Server
Port:
25019
Protocol:
TCP
Purpose:
Server management/administration
From:
Server Manager
To:
Update server
Port:
443
Protocol:
TCP/UDP
Purpose:
Update check
From:
Server Manager
To:
Domain controller
Ports:
389 636
(+ if applicable, custom)
Protocol:
TCP/UDP
Purpose:
Active Directory
From:
Server Manager
To:
Internet
Port:
443
Protocol:
TCP/UDP
Purpose:
Azure Active Directory
From:
Server Manager
To:
DNS server
Port:
53
Protocol:
TCP/UDP
Purpose:
Name resolution

Password Depot Updater (pdUpdater.exe)

From:
PD Updater
(pdUpdater.exe)
To:
Update server
Port:
443
Protocol:
TCP/UDP
Purpose:
Update check

For restrictive firewalls, we recommend an allow list based on the destination ports and services listed above. If necessary, also check any additional “custom” ports required in your AD or proxy environment.

Quick overview (planning guidelines)

  • RAM: Formula 1.3 × (Entries × KB/entry + 500 MB); minimum 1 GB, recommended 2 GB, ideal 4 GB.
  • CPU: ≥ 2 cores (x86_64), 4 cores recommended.
  • OS: Windows Server (64-bit); avoid swapping under load.
  • Storage: ~ 2 GB for program, data, backups & logs (more depending on usage).
  • Network: Allow, among others, 25019/TCP,UDP (server access), 53/TCP,UDP (DNS), 80/443/TCP,UDP (HTTP/S), 21/22/990/TCP (FTP/S), 25/587/465/TCP (SMTP), 389/636/TCP,UDP (LDAP/S), 443/TCP,UDP (Azure AD/OIDC). See the tables above for details.

Notes

  • The RAM requirements depend on the total number of password entries in the databases opened at the same time; additional databases increase the requirement.
  • For peak loads (backups, bulk imports, crypto operations), the 30% headroom is already included.
  • Plan for buffer capacity for future growth and, if applicable, additional attachments/objects.