Bridge System Requirements
Supported Platforms
Operating Systems
Qntrl Bridge can be installed on the following operating systems.
Windows
Version | Edition | Architecture |
Windows Server 2016 | Standard, Datacenter | 64-bit (x64) |
Windows Server 2019 | Standard, Datacenter | 64-bit (x64) |
Windows Server 2022 | Standard, Datacenter | 64-bit (x64) |
Windows 11 | — | 64-bit (x64) |
Linux
Distribution | Architecture |
Red Hat Enterprise Linux 8.x / 9.x | 64-bit (x86_64) |
Ubuntu Server 20.04 LTS / 22.04 LTS / 24.04 LTS | 64-bit (x86_64) |
SUSE Linux Enterprise Server 15 SPx | 64-bit (x86_64) |
macOS
Version | Architecture |
macOS 13 Ventura | 64-bit (ARM64) |
macOS 14 Sonoma | 64-bit (ARM64) |
macOS 15 Sequoia | 64-bit (ARM64) |
macOS 26 Tahoe | 64-bit (ARM64) |
Unsupported Platforms
32-bit operating systems
Non-LTS Linux desktop distributions
Container-only deployments unless explicitly documented as supported
Hardware Requirements
Qntrl Bridge is lightweight, but resource usage scales with the number and type of tasks (API, DB, SSH, PowerShell, AD, file operations).
Typical sizing recommendations:
Deployment Size | Task Volume | vCPU / Cores (min) | RAM (Minimum) | RAM (Recommended) | Disk Space |
Small | Up to ~50 tasks/hour | 2 | 4 GB | 8 GB | < 5 GB |
Medium | Up to ~500 tasks/hour | 4 | 8 GB | 16 GB | 5–10 GB |
Large | > 500 tasks/hour | 8 | 16 GB | 16 GB | 10 GB+ |
Disk space includes:
Bridge binaries
Bundled PostgreSQL database
Logs and operational data
Network Requirements
General Network Connectivity
The Bridge host must have:
Outbound connectivity to Qntrl
The Bridge host requires outbound access to the following Qntrl endpoints on port 443 over WSS/HTTPS (TCP):
Domain | Port | Protocol |
core.qntrl.com | 443 | HTTPS / WSS |
bridgews.qntrl.com | 443 | HTTPS / WSS |
Firewall Note: Ensure outbound HTTPS (port 443) from the Bridge to Qntrl endpoints is allowed and not intercepted in a way that breaks WebSocket connections.
Internal Network Connectivity
The Bridge host must also have inbound and outbound access within your LAN to reach internal systems:
REST / SOAP APIs
Databases
Linux or Unix servers via SSH
Windows servers via PowerShell / WinRM
Active Directory / LDAP
SFTP servers
File shares (SMB)
Recommended LAN bandwidth:
100 Mbps recommended
Lower bandwidth may reduce throughput for high task volumes.
Firewall Note:
Ensure outbound HTTPS traffic on port 443 is not intercepted in a way that breaks WebSocket communication.
IP Whitelisting
Ports and Protocols
Inbound to Bridge Host
Purpose | Protocol | Port | Source | Notes |
Bridge Web UI | HTTP / HTTPS | 8500 | Admin workstations | Used to view Bridge status and processed requests |
Outbound from Bridge Host
To Qntrl
Purpose | Protocol | Port | Target | Notes |
WebSocket connection | HTTPS / WSS | 443 | Qntrl endpoints | Required for command execution and result reporting |
Outbound to Internal Systems
Direction: Outbound
API Integration (REST/SOAP) | HTTP / HTTPS | 80 /443 /Custom | Internal API endpoints | Used to invoke internal HTTP(S) services. |
Database Access (Bundled DB) | TCP | Local only | Local PostgreSQL instance | Runs locally on the Bridge host and is not exposed externally. |
Database Access (External) | TCP | 1433 /1521/5432 | SQL Server / Oracle / PostgreSQL | Used when Bridge connects to customer-managed databases. |
SSH Connections | TCP | 22 | Linux / Unix servers | Used for remote command execution and file operations. |
WinRM / PowerShell Remoting | HTTP / HTTPS | 5985 /5986 | Windows servers/workstations | Used for executing PowerShell commands or scripts remotely. |
Active Directory / LDAP | TCP / UDP | 389 / 636 | Domain Controllers | LDAPS (port 636) is recommended for secure directory queries. |
File Transfer (SFTP) | TCP | 22 | Linux / Windows servers | Used for secure file read/write and transfer operations. |
Proxy (Optional) | HTTP / HTTPS | 8080 /3128 /443 | Corporate Proxy | Used when outbound traffic to Qntrl must pass through a proxy. |
Software Dependencies
Java Runtime
Property | Value |
Bundled JRE Version | 11.0.17 |
Default JVM Heap Size | 512 MB |
Configuration File | BRIDGE_DIR/conf/wrapper-bridge.conf |
Java Service Wrapper
Bundled PostgreSQL
Property | Value |
Version | 16.4 |
Default Port | 8501 |
Listens On | localhost only |
Managed Under | BRIDGE_DIR/pgsql |
Configuration File | BRIDGE_DIR/conf/postgres.xml |
Embedded Web Server
Property | Value |
Web Server | Jetty (embedded) |
Default Port | 8500 (HTTP) |
Configuration File | BRIDGE_DIR/conf/config.xml |
HTTPS can be enabled using customer-provided certificates.
OS Utilities
Linux
bash, systemd/init or equivalent for service management
curl or wget to download the installer via command line (optional)
Windows
PowerShell 5.1+ or PowerShell 7+
curl to download the installer via command line (optional)
Target / Integrated System Requirements
Windows Hosts (PowerShell / WinRM)
- WinRM must be enabled and accessible from the Bridge host.
- Minimum PowerShell version: 5.1
- For PowerShell 7+, ensure appropriate remoting configuration (e.g., pwsh remoting).
Linux / Unix Systems
OpenSSH server must be enabled and reachable from the Bridge host
Key-based or password authentication as per your security policy
Active Directory / LDAP
Supported AD environments:
Windows Server 2012 R2 or later
Recommended:
LDAPS (port 636) for secure queries.
Databases
Database | Supported Versions |
MySQL | 5.x, 8.x |
PostgreSQL | 14+ |
Oracle Database | 19c, 21c |
SQL Server | 2019, 2022 |
DBC drivers can be updated or replaced if newer database versions require them. Permissions and Accounts
Bridge Service Account
Bridge runs as a system service or daemon.
Windows
Use a dedicated local or domain service account (recommended)
Required privileges: Log on as a service, read/write access to BRIDGE_DIR
Avoid using domain administrator accounts — follow the least-privilege principle
Linux
A non-root user is required to run the Bridge service
Required privileges: read/write access to BRIDGE_DIR
sudo may be required only during installation or specific administrative operations, not for regular runtime
Security and Compliance
Connectivity to Qntrl
Connection Type: Outbound TLS-secured WebSocket
Protocols: WSS, HTTPS
Port: 443
TLS Version: TLS 1.3 or later
Certificates
Qntrl endpoints:
Use certificates issued by a trusted public CA
Qntrl Bridge validates Qntrl certificates using the host OS trust store
Bridge Web UI (optional HTTPS):
For the Bridge Web UI, you may configure a customer-provided certificate (internal or public CA).
Minimum key length: 2048-bit RSA or equivalent (e.g., ECDSA)
Logging and Auditing
Bridge Logs
Location: BRIDGE_DIR/logs
Retention: 5 most recent log files. Older files are removed.
Rotation: Size-based, max 5 MB per file
Task Logs
Location: BRIDGE_DIR/logs/SERVICE_DIR
Retention: 5 recent log files are retained; older files are removed.
Rotation: Size-based, max 5 MB per file
Browser Requirements (Bridge Web UI)
Supported browsers:
Google Chrome – latest two versions
Microsoft Edge (Chromium) – latest two versions
Mozilla Firefox – latest version and ESR
Not supported:
Internet Explorer
Legacy Edge (non-Chromium)
Minimum screen resolution:
1280 × 720
High Availability and Scalability
Multiple Bridges
You can deploy more than one Qntrl Bridge per environment for:
Different network segments (e.g., DMZ vs. internal)
Different environments (e.g., Production vs. Non-Production)
Functional segregation (e.g., DB-heavy vs. file-heavy tasks)
Each Bridge instance:
Maintains its own WebSocket connection
Has its own PostgreSQL instance
Load Handling
For high workloads:
Scale horizontally by adding additional Bridge instances.
Qntrl automatically distributes tasks across connected Bridges.
Failover
If one Bridge instance becomes unavailable:
Tasks can be automatically rerouted to other Bridge instances configured within Qntrl.
Refer to the Qntrl Bridge Clustering / Failover Guide for configuration details.
Backup and Recovery
Data to Back Up (on the Bridge Host)
Data | Location |
PostgreSQL data directory | BRIDGE_DIR/pgsql/data |
Configuration files (connection settings, certificates, encryption keys) | BRIDGE_DIR/conf |
Backup Methods
File-level backups using your standard backup solution (snapshot-based or agent-based)
Optional: Native PostgreSQL backups (pg_dump, base backups) if point-in-time recovery is required
Recovery Steps (High Level)
Install or redeploy Qntrl Bridge on a new host (with compatible OS and hardware).
Restore:
PostgreSQL data directory
Configuration directory (conf)
Start the Qntrl Bridge service.
Verify:
Qntrl Bridge reconnects to Qntrl.
Processed request history and status are visible in:
Qntrl
The Bridge Web UI
Deployment Considerations
Deployment Types
Single-server: One Bridge host per environment or network segment (typical)
Multiple Bridges: For environment segregation(prod vs non-prod), different security zones, or capacity and high availability
Offline / Restricted Environments
- Bridge requires outbound connectivity to Qntrl over HTTPS/WebSockets (443).
- Fully air-gapped environments are not supported.
- If direct internet access is restricted,configure outbound proxy access to Qntrl endpoints.
Time Synchronization
Accurate time synchronization is required on:
The Bridge host
AD / LDAP servers
Databases and remote systems
Recommended:
Use NTP or an equivalent time synchronization mechanism.
Keep clock skew within ±5 minutes maximum (or stricter, depending on authentication mechanisms such as Kerberos or certificate validation).
Terminology
Term | Description |
Qntrl Bridge | Bridge software installed in the customer environment |
Bridge Host | Server or VM where Bridge runs |
BRIDGE_DIR | Bridge installation directory |
Bridge Web UI | Local web interface exposed on the Bridge host |
Related Articles
Install and Configure Bridge
Follow the below step-by-step procedures to configure and use Bridge in Qntrl. Step 1: Download the Bridge agent Only one Bridge agent can be installed per machine. Log in to Qntrl. Navigate to (Settings) >> Advanced >> Bridge, and click Downloads. ...Bridge Agent Configuration
The Bridge Agent serves is the local management console for your Bridge installation. It provides access to service configurations, execution logs, messages, credentials, and communication settings. The Agent UI is accessible only from within the ...Other actions in Bridge
You can perform various additional actions from the Bridge page to manage, monitor, and troubleshoot your Bridge setup. To access the Bridge page: In Qntrl, click the settings gear icon in the left pane bottom. Navigate to Advanced >> Bridge and ...Custom Module
Early Access Custom Module is not enabled for all users. If you’d like to try it out, please email our support team for early access. The Custom Module in Qntrl Bridge lets you extend integration capabilities beyond predefined modules, such as API, ...Security Controls
Data Encryption In Qntrl All the sensitive data is encrypted and stored in the Qntrl database. Sensitive data: Task payload, response Credentials Tokens used to connect with the Bridge AES algorithm is used to encrypt the data at rest. Encryption ...
You are currently viewing the help articles of Qntrl 3.0. If you are still using our older version and require guidance with it, Click here.