Idenprotect Core Platform Prerequisites
This article highlights prerequisites for the installation of idenprotect Core Platform
The RPM installation process will install everything required for this single-server installation, this includes internal database and internal CA, so the external CA and Databases are optional.
The diagram below shows a simple installation architecture.
The minimum system requirements for installing idenprotect are
- 64-bit Quad Core CPU
- 4 GB RAM
- 60 GB free hard disk space
- No additional web servers or other applications running on the server as this may cause port conflicts
idenprotect Core Platform has been primarily tested on:
- RHEL 6.8
- RHEL 7.2
- CentOS 6.8
- CentOS 7.2, 7.7
Other versions of RHEL / CentOS major releases 6 and 7 may work, but for maximum compatibility, we recommend using Centos 7
The server will need to have DNS configured and an account with root privileges is required.
The server will need to be able to connect to the public internet as it will need to download its dependencies from public Linux repositories
You will need the ability to copy the RPM files to the server or download them directly to the server.
Network / Host
The idenprotect Core Platform will need to be accessible for the idenprotect Clients. Therefore it needs a static IP address / hostname and needs to be accessible on Port 443
For production installations it is recommended that a publicly trusted certificate is installed on the server.
To support Push Notifications and other optional usages such as Active Directory, you may need to open some ports. Please see our Ports Configuration article
Before you can add users or devices, you will need a licence file from idenprotect. If you do not have one yet, please contact your idenprotect partner or email us at email@example.com
To create user accounts via Active Directory Synchronization details are required of an account that can be used to read user details via LDAP. This will only need read access to synchronize the users to the idenprotect Core Platform but may need write access if you wish to take advantage of some of the server's other features.
In addition a group needs to be specified or created to hold idenprotect users. AD users that are a member of this group will have accounts created for them on the idenprotect Core Platform.
Admin accounts can also be created via Synchronization with Active Directory. If this is required then additional groups need creating for defining for Admin Users and Helpdesk Users.
In order to send out enrollment emails to users, the idenprotect Core Platform needs to be able to connect to an SMTP server, using an account that is allowed to send emails to users that are created on idenprotect
idenprotect comes with its own in-built Certificate Authority. You can integrate with an external CA if required. If using an external CA, the following details will be required.
- CA Type eg, EJCBA, Microsoft
- Server hostname
- Credentials required
Also if using an external CA that CA will require a number of certificate templates to be available, as a minimum templates called "SECENC" and "ENDUSER".
An alternative approach is Chaining Certificate Authorities
The RPMs will create a database ready for the server to use. If you wish to use an external database then you need to create a user with database creation rights that the idenprotect Core Platform can use. The RPMs included drivers for MySql(Maria Db), and Oracle databases. For other technologies please contact your idenprotect partner or email us at firstname.lastname@example.org.
As authentications may fail due to clock drift, it is recommended that NTP is enabled on the server. NTP will be installed as part of the idenprotect RPMs. You may need to open firewall port 123 for NTP to work. NTP configuration is in /etc/ntp.conf
|Access to Software (RPMs)|
|Network with DNS|
|Host Internal IP|
|Host External IP||*With inbound access on ports 443, 80 and outbound on 443*|
|DNS entry||*With valid certificate for production* Trusted SSL Certificate|
|AD Server Host Name|
|AD account names|
|AD Connection Port||*Ensure open on firewall*|
|SMTP Port||*Ensure open on firewall*|
|External CA (if used)||hostname, credentials and required templates|
|External Database (if used)||User credential, url annd firewall changes|
|NTP||Supply server details/open firewall|
If you need to download the RPM files, please visit our Downloads and Links page.
If you already have the downloads, please proceed to our Installing with an RPM guide