Requirements¶
Physical/Virtual Hardware Requirements¶
The following requirements are the minimum to run the Onegini Security Proxy.
- CPU: 2 cores
- Memory: 1GB
- Disk: 20 GB
Operating System Requirements¶
RHEL/CentOS¶
Minimal: 6.5 - Recommended: 7
CoreOS¶
Minimal: 647.0.0 - Recommended: 647.0.0
Software Requirements¶
Docker¶
To deploy the Security Proxy, you need a prepared Docker environment. Please follow the Docker installation guide from the Docker website.
Minimal: 1.6.2 - Recommended: 1.7.1
Compose¶
Compose is a tool for defining and running complex applications with Docker. With Compose, you define a multi-container application in a single file, then spin your application up in a single command which does everything that needs to be done to get it running. To install Docker Compose follow the guide on their website.
Minimal: 1.2.0 - Recommended: 1.2.0
Random number generation¶
If the Security Proxy is deployed using a virtual environment, you will need to ensure appropriate entropy is generated. Since the Security Proxy performs the generation of cryptographic secrets to achieve its security goals, appropriate entropy is necessary to ensure its secure operation.
We recommend using appropriate hardware with cryptographic number generation means. Hardware random number generation is available as a CPU feature in Intel Ivy
Bridge and later (Xeon series v2 and higher) and all AMD Epyc processors. We recommend enabling availability of any virtual machine hypervisor configuration of
the required RDRAND
instruction. This instruction is available to guest VMs by default in VMWare, Xen, KVM/Libvirt and Hyper-V and requires no special
configuration if default CPU configuration is used in these hypervisors.
Consul¶
For configuration we need a key/value store. You can install Consul by following the installation manual at www.consul.io or by using the official consul docker image.
Minimal: 1.2.1 - Recommended: 1.2.1
Token Server¶
The Security Proxy does not function without the Token Server. For crucial functions it requires communication with the Token Server. Please see the Onegini Token Server Quickstart for installation instructions.