Password Depot – System Requirements

Mandatory minimum values and recommended sizing for operating Password Depot Enterprise Server and Windows clients in production environments.

Server Hardware

Memory (RAM)

Average RAM footprint per entry: 10 KB (minimum), 20 KB (recommended).
The server keeps all open databases in RAM.
Peak working set (server process incl. crypto, connection pools, caches, TLS buffers etc.): up to approx. 500 MB.
Additional buffer/headroom: 30 % to absorb load spikes and fragmentation.

Formula for RAM sizing (base 1 MB = 1024 KB):

Total RAM ≈ 1.3 × (entry_count × KB_per_entry + 500 MB)

Example calculation

Starting point: 2,000 users × 10 entries = 20,000 entries

Minimum (10 KB/entry)
Data RAM ≈ 195 MB; process ≈ 500 MB → with 30 % headroom ≈ ~900 MB ⇒ round up to 1 GB available RAM.
Recommended (20 KB/entry)
Data RAM ≈ 391 MB; process ≈ 500 MB → with 30 % headroom ≈ ~1.2 GB ⇒ at least 2 GB available for growth and additional open databases.

Conclusion: minimum: 1 GB (functional, tight) · recommended: 2 GB (comfortable), 4 GB ideal for maintenance/management operations.

CPU

Minimum: 2 cores, modern x86_64 CPU
Recommendation: 4 cores for higher parallelism, intensive cryptography or large attachments

Platform & operating system

OS: Windows Server (64-bit).
Ensure that sufficient RAM is available to avoid paging/swapping under load.

Disk space

The actual requirement strongly depends on the number/size of backups and documents. A realistic order of magnitude for the complete server directory incl. data, backups and logs is ≈ 2 GB.

Note: If you store many or large attachments or increase backup retention, plan accordingly for additional disk capacity.

Network & firewall

The following port matrix summarizes the required connections for server, clients, administration and updates.

Enterprise Server (pd_service.exe)

Incoming connections to the server

From:
Windows client
(PasswordDepot.exe)

To:
Enterprise Server
(pd_service.exe)

Port:
25018

Protocol:
TCP/UDP

Purpose:
Authentication & access to client databases

From:
Server Manager
(pd_admin.exe)

To:
Enterprise Server
(pd_service.exe)

Port:
25018

Protocol:
TCP

Purpose:
Server management

Outgoing connections from the server

From:
Enterprise Server
(pd_service.exe)

To:
DNS server

Port:
53

Protocol:
TCP/UDP

Purpose:
Name resolution

From:
Enterprise Server
(pd_service.exe)

To:
SMTP server

Port:
25 587 465

Protocol:
TCP

Purpose:
E-mail delivery

From:
Enterprise Server
(pd_service.exe)

To:
Domain controller

Port:
389 636
(+ optional custom)

Protocol:
TCP/UDP

Purpose:
Active Directory (LDAP/LDAPS)

From:
Enterprise Server
(pd_service.exe)

To:
Internet

Port:
443

Protocol:
TCP/UDP

Purpose:
Azure AD / OIDC

Windows client (PasswordDepot.exe) & browser callback

Outgoing connections from the client

From:
Windows client

To:
Enterprise Server

Port:
25018

Protocol:
TCP/UDP

Purpose:
Authentication & database access

From:
Windows client

To:
DNS server

Port:
53

Protocol:
TCP/UDP

Purpose:
Name resolution

From:
Windows client

To:
Internet

Port:
80 443

Protocol:
TCP/UDP

Purpose:
Cloud services, WebDAV (HTTP/HTTPS)

From:
Windows client

To:
Internet

Port:
21 22 990

Protocol:
TCP

Purpose:
FTP/SFTP/FTPES (if used)

Local browser callback (only localhost)

From:
Browser

To:
Windows client
Bind: 127.0.0.1

Ports:
8888 8989
25880 25889
10098

Protocol:
TCP

Purpose:
Callback for authentication with cloud services

Note: The callback ports are bound exclusively to localhost; no incoming rules on network interfaces are required.

Administration & updates

Server Manager (pd_admin.exe)

From:
Server Manager

To:
Enterprise Server

Port:
25018

Protocol:
TCP

Purpose:
Server management/administration

From:
Server Manager

To:
Updates server

Port:
443

Protocol:
TCP/UDP

Purpose:
Update check

From:
Server Manager

To:
Domain controller

Port:
389 636
(+ optional custom)

Protocol:
TCP/UDP

Purpose:
Active Directory

From:
Server Manager

To:
Internet

Port:
443

Protocol:
TCP/UDP

Purpose:
Azure Active Directory

From:
Server Manager

To:
DNS server

Port:
53

Protocol:
TCP/UDP

Purpose:
Name resolution

Password Depot Updater (pdUpdater.exe)

From:
PD Updater
(pdUpdater.exe)

To:
Updates server

Port:
443

Protocol:
TCP/UDP

Purpose:
Update check

For restrictive firewalls, we recommend an allow list based on the destination ports and services listed above. Also check any additional custom ports required by your AD or proxy environment.

Quick overview (planning reference values)

RAM: Formula 1.3 × (entries × KB/entry + 500 MB); minimum 1 GB, recommended 2 GB, ideal 4 GB.
CPU: ≥ 2 cores (x86_64), 4 cores recommended.
OS: Windows Server (64-bit); avoid swapping under load.
Storage: ~ 2 GB for program, data, backups & logs (more depending on usage).
Network: Allow e.g. 25018/TCP,UDP (server access), 53/TCP,UDP (DNS), 80/443/TCP,UDP (HTTP/S), 21/22/990/TCP (FTP/S), 25/587/465/TCP (SMTP), 389/636/TCP,UDP (LDAP/S), 443/TCP,UDP (Azure AD/OIDC). See the tables above for details.

Notes

The RAM values are based on the total number of password entries in all databases that are open at the same time; additional databases increase the requirement.
For peak loads (backups, mass imports, crypto operations), the 30 % headroom is already included.
Plan additional capacity for future growth and any extra attachments/objects.