this document is for:

Deployment: Invicti Platform on-premises

Prerequisites

Part of Windows on-premises installation series

This is part 1 of 4 in the Windows on-premises installation series.
Next: Installation

This document covers the system, software, and configuration requirements for installing Invicti Platform on-premises using the Windows installer. Complete all steps in this document before running the installer.

Why this matters

Invicti Platform on Windows uses WSL2 to run a lightweight Kubernetes cluster (k3s) inside a custom Linux distribution. The prerequisites ensure your Windows environment can support this architecture - without them, the installer will either fail silently or produce errors that are difficult to diagnose.

Additional requirements

For AWS EC2 deployments, see the AWS EC2 prerequisites section for additional requirements.

System requirements

Requirement	Minimum
Operating system	Windows Server 2019+ with WSL2 support (recommended), or Windows 11
WSL version	2.4.x or later (2.6.x recommended)
CPU	6 cores
RAM	16 GB
Disk space	100 GB free on the installation drive*
Permissions	Local Administrator access

About disk space requirements

*The installer creates a 505 GB dynamic VHDX file that grows as needed and does not immediately consume the full allocated space. The 100 GB requirement is higher than equivalent Linux deployments because Windows and WSL2 consume additional memory and disk space. Allocate additional storage based on your expected scan volume - disk usage grows during active scans.

Resource planning

These are minimum requirements for running the platform's core services along with a few concurrent scans. In production environments, allocate additional resources based on your expected workload:

• Each concurrent scan can use significant CPU and RAM.
• Start with a small number of concurrent scans and scale up based on observed resource usage.
• Temporary disk usage grows during active scans and shrinks once scans complete.

Required Windows features

Setup differs between Windows 11 and Windows Server. Follow the section that matches your OS.

Windows 11

On Windows 11, WSL2 handles its own dependencies, so Hyper-V does not need to be manually enabled. Run the following in PowerShell as Administrator:

wsl --install

This automatically enables the required features (Virtual Machine Platform, Windows Subsystem for Linux) and installs WSL2. A reboot may be required but is not always necessary.

Verify WSL is working:

wsl --status

---

Windows Server (2019+)

Windows Server requires Hyper-V and related features to be manually enabled. These are not required on Windows 11. Open PowerShell as Administrator and run:

Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V -All
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Online -All
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Offline -All
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-Management-PowerShell -All
Enable-WindowsOptionalFeature -Online -FeatureName RSAT-Hyper-V-Tools-Feature -All
Enable-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform -All
Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux -All

A reboot is required after enabling these features.

After reboot, verify all features are enabled:

Get-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V | Select State
Get-WindowsOptionalFeature -Online -FeatureName VirtualMachinePlatform | Select State
Get-WindowsOptionalFeature -Online -FeatureName Microsoft-Windows-Subsystem-Linux | Select State

All three should return Enabled.

---

WSL2 configuration

1. Verify your WSL version:

   wsl --version

2. If your WSL version is below 2.4.x, upgrade it:

   wsl --update

3. Install a base WSL distribution (required for the installer's prerequisite check to pass). The installer validates that at least one WSL distribution is installed before proceeding:

   wsl --install -d Ubuntu-22.04 --no-launch

   About this step

   This installs Ubuntu 22.04 as a test distribution to verify WSL2 is functional. The installer later installs its own custom distribution (invicti-platform) and does not use this test distribution. You can remove it after installation if desired.

Required services (Windows Server only)

Expand for Windows Server-specific requirements

Ensure the following Windows services are running. These services are automatically managed on Windows 11 but must be manually configured on Windows Server:

Start-Service vds
Set-Service vds -StartupType Automatic
Start-Service vmms
Set-Service vmms -StartupType Automatic

Verify both services are running:

Get-Service vds, vmms | Select Name, Status

Both should show Running.

• VDS (Virtual Disk Service) - required for VHDX creation and attachment. If stopped, the installer fails silently at the VHDX step with exit code -1.
• vmms (Virtual Machine Management Service) - core Hyper-V service required for WSL2 to run distros as lightweight VMs.

WSL networking verification

Before proceeding with installation, confirm WSL networking is functional:

wsl -d Ubuntu-22.04 -- hostname -I

This should return an IP address. If no IP is returned, restart the networking services:

Restart-Service HNS
Restart-Service WinNat -ErrorAction SilentlyContinue
wsl --shutdown
wsl -d Ubuntu-22.04 -- hostname -I

If still no IP, reboot the machine and retry.

AWS EC2 prerequisites

Expand for AWS EC2-specific requirements

When deploying on AWS EC2, the following additional requirements apply.

Configure WSL networking for EC2

If installing on an AWS EC2 instance, explicitly configure WSL networking (NAT mode) before running the installer. This helps ensure WSL networking starts correctly in the EC2 environment:

@"
[wsl2]
networkingMode=NAT
"@ | Set-Content "$env:USERPROFILE\.wslconfig"

WSL networking on EC2

NAT is the default WSL2 networking mode. This explicit configuration helps in new cloud environments where WSL networking might not initialize correctly without it.

Supported instance types

Use instance types that support nested virtualization:

• M8i (general purpose) - for example, m8i.2xlarge
• C8i (compute optimized)
• R8i (memory optimized)

Instance types without Hyper-V support

Instance types such as t3 and m5 don't support Hyper-V and WSL2. Don't use these instance types for Invicti Platform on-premises deployments.

Enable nested virtualization using one of the following options:

At launch

aws ec2 run-instances \
  --image-id <AMI_ID> \
  --instance-type m8i.2xlarge \
  --cpu-options "NestedVirtualization=enabled" \
  --key-name <KEY_NAME> \
  --security-group-ids <SG_ID> \
  --subnet-id <SUBNET_ID>

---

Existing instance (CLI)

aws ec2 stop-instances --instance-id <INSTANCE_ID>
aws ec2 modify-instance-cpu-options \
  --instance-id <INSTANCE_ID> \
  --nested-virtualization enabled
aws ec2 start-instances --instance-id <INSTANCE_ID>

---

Existing instance (AWS console)

1. Go to EC2 → Instances → select your instance
2. Click Actions → Instance State → Stop
3. Once stopped, click Actions → Instance Settings → Change CPU Options
4. Enable Nested Virtualization
5. Start the instance

---

EC2 metadata access

If you're using IMDSv2 (the default on newer instances), verify instance metadata access:

$token = Invoke-RestMethod -Uri http://169.254.169.254/latest/api/token -Method PUT -Headers @{"X-aws-ec2-metadata-token-ttl-seconds"="21600"}
Invoke-RestMethod -Uri http://169.254.169.254/latest/meta-data/instance-type -Headers @{"X-aws-ec2-metadata-token"=$token}

---

Next steps

With prerequisites complete, you're ready to proceed with the installation:

→ Continue to Installation

Complete Windows installation series

• Part 1: Prerequisites ← You are here
• Part 2: Installation
• Part 3: Trustlist configuration
• Part 4: Update or uninstall

---

Need help?

Invicti Support team is ready to provide you with technical help. Go to Help Center