Prerequisites

Before starting your deployment the following prerequisites must be met for the Domain Controller and EPM Server.

Domain Controller

Prerequisite	Description
Operating system	The Domain Controller must be Windows Server version 2012 or higher.
Ports	For information on the ports required between the EPM Server and Domain Controller click here.
LDAPS enabled	Ensure LDAPS is enabled on your Domain Controller. To confirm if your Domain Controller has LDAPS enabled click here. For a step-by-step guide to setup LDAPS click here.
DNS	The DNS must be able to resolve the hostname of the EPM Server. Add a Forward Look Up Zone: Open DNS Manager and navigate to your domain folder: DNS Manager -> DNS -> Computer Name -> Forward Lookup Zones -> Domain. Right click in the list and select New Host (A or AAAA). Fill in the required details and add the host.
Service Account and privileges	Create a service account that will be used by EPM to perform a number of operations. Ensure the service account: Password never expires Can join a computer to the domain Has permission to write to the userPrincipleName Join a computer to the domain To allow the service account to join the EPM Server to the domain, we need to assign the correct permissions through the default domain group policy: Launch the Group Policy Management Console (gpmc.msc), right click the Default Domain Policy and click `Edit`. Navigate to Computer configuration > Policies > Windows Settings > Security Settings > Local Policies > User Rights Assignment. Select Add workstations to domain, check the box Define these policy settings, and select the EPM service account in Add User or Group. Write to the userPrincipleName The service account requires permission to write to the userPrincipleName of the container where the EPM Server computer object will be created. By default, this is the Computers container. Example Launch Active Directory Users and Computers, right click Computers and click `Properties`. in the Computer Properties window select the Security tab and click `Advanced`. On the Security tab, click `Add`. Within the Permissions Entry for Computers window, click `Select a principle` and enter the object name to select. Click `OK`. Click the Applies to: dropdown, select Descendant Computer Objects and check the `Write userPrincipalName` listed in the permissions. Save the settings.
User Account Control settings	To prompt the user for credentials when an elevation attempt is made, the following setting is required: Launch the Control Panel, select System and Security, and then Security and Maintenance. Within the Security and Maintenance window, Change User Account Control settings. Within the User Account Control Settings window, set to Always notify.
User groups	Licence group: A group which contains all users who will be using the Osirium EPM Client is required. If the number of users within this group exceeds the licence limit then no users will be able to use the EPM Client until the user number is within the licence limit. Administrators group: A group that contains a list of users who will be responsible for administering EPM. Users in this group can log onto the EPM Management Interface.

EPM Server

Prerequisite	Description
Hardware and Software	Ensure the correct resources are available before deploying. The following outlines the hardware and software requirements.
Ports	For information on the ports required by EPM click here.
Software downloads	The software installation package is supplied in Open Virtual Appliance (OVA) and International Organization for Standardization (ISO) formats, ready for deployment into your existing virtual infrastructure. To download the latest software, click here. NOTE: SHA256 checksum is available to verify the integrity of the download.
Licencing	A valid license file will be required during the system configuration step. If you do not have a license file contact Osirium.
TLS Certificate	Trusted certificate valid within your organisation will be required.