Idenprotect Core Platform Prerequisites

From iDENprotect Knowledge Base
Jump to: navigation, search

If you already have an environment ready to install on. Please follow our Idenprotect Core Platform Quick Start Guide or for more detailed instructions, Start Here

Introduction

This article highlights prerequisites for the installation of idenprotect Core Platform

The RPM installation process will install everything required for this single-server installation, this includes internal database and internal CA, so the external CA and Databases are optional.

The diagram below shows a simple installation architecture.

Simple Installation


Prerequisites

Server Requirements

The minimum system requirements for installing idenprotect are

  • 64-bit Quad Core CPU
  • 4 GB RAM
  • 60 GB free hard disk space
  • No additional web servers or other applications running on the server as this may cause port conflicts

Operating System

idenprotect Core Platform has been primarily tested on:

  • RHEL 6.8
  • RHEL 7.2
  • CentOS 6.8
  • CentOS 7.2, 7.7

Other versions of RHEL / CentOS major releases 6 and 7 may work, but for maximum compatibility, we recommend using Centos 7

Server Configuration

The server will need to have DNS configured and an account with root privileges is required.

The server will need to be able to connect to the public internet as it will need to download its dependencies from public Linux repositories

You will need the ability to copy the RPM files to the server or download them directly to the server.

Network / Host

The idenprotect Core Platform will need to be accessible for the idenprotect Clients. Therefore it needs a static IP address / hostname and needs to be accessible on Port 443

For production installations it is recommended that a publicly trusted certificate is installed on the server.

To support Push Notifications and other optional usages such as Active Directory, you may need to open some ports. Please see our Ports Configuration article

Licence

Before you can add users or devices, you will need a licence file from idenprotect. If you do not have one yet, please contact your idenprotect partner or email us at support@idenprotect.com

Active Directory

To create user accounts via Active Directory Synchronization details are required of an account that can be used to read user details via LDAP. This will only need read access to synchronize the users to the idenprotect Core Platform but may need write access if you wish to take advantage of some of the server's other features.

In addition a group needs to be specified or created to hold idenprotect users. AD users that are a member of this group will have accounts created for them on the idenprotect Core Platform.

Admin accounts can also be created via Synchronization with Active Directory. If this is required then additional groups need creating for defining for Admin Users and Helpdesk Users.

Email

In order to send out enrollment emails to users, the idenprotect Core Platform needs to be able to connect to an SMTP server, using an account that is allowed to send emails to users that are created on idenprotect

Certificate Authority

idenprotect comes with its own in-built Certificate Authority. You can integrate with an external CA if required. If using an external CA, the following details will be required.

  • CA Type eg, EJCBA, Microsoft
  • Server hostname
  • Credentials required

Also if using an external CA that CA will require a number of certificate templates to be available, as a minimum templates called "SECENC" and "ENDUSER".

An alternative approach is Chaining Certificate Authorities

Database

The RPMs will create a database ready for the server to use. If you wish to use an external database then you need to create a user with database creation rights that the idenprotect Core Platform can use. The RPMs included drivers for MySql(Maria Db), and Oracle databases. For other technologies please contact your idenprotect partner or email us at support@idenprotect.com.

NTP

As authentications may fail due to clock drift, it is recommended that NTP is enabled on the server. NTP will be installed as part of the idenprotect RPMs. You may need to open firewall port 123 for NTP to work. NTP configuration is in /etc/ntp.conf


Check List

Name Value
Access to Software (RPMs)
Licence Key
Network with DNS
Host Internal IP
Host External IP *With inbound access on ports 443, 80 and outbound on 443*
DNS entry *With valid certificate for production* Trusted SSL Certificate
Hostname eg idenprotect.domain.com
AD Server Host Name
AD account names
AD Password
AD Connection Port *Ensure open on firewall*
SMTP Server
SMTP Port *Ensure open on firewall*
SMTP Username
SMTP Password
External CA (if used) hostname, credentials and required templates
External Database (if used) User credential, url annd firewall changes
NTP Supply server details/open firewall


Next Steps

If you need to download the RPM files, please visit our Downloads and Links page.

If you already have the downloads, please proceed to our Installing with an RPM guide