This section covers:
PAM Server prerequisites
Before starting your deployment take note of the following prerequisites.
|Hardware & Software||Ensure the correct resources are available before deploying. The following outlines the hardware and software requirements.
|Ports||For information on the ports required by PAM and used between PAM components click here.|
|Software downloads||The software installation package is supplied in Open Virtual Appliance (OVA) and Virtual hard disk (VHD) formats, ready for deployment into your existing virtual infrastructure.
To download the latest software, click here.
To cluster your servers you must use release version 7.0.0 or above.
NOTE: SHA256 checksum is available to verify the integrity of the download.
|Disk space||Ensure the internal disk has a minimum of 5GB free disk space.|
A valid license file will be required during the system configuration step. If you don't have a license file contact Osirium.
Additional prerequisites for clustering
|Master Encryption Key||Ensure you have the Master Encryption Key (MEK) of the current PAM Server leader node.|
|Cluster joining bundle||Ensure you have the cluster joining bundle of the current PAM Server leader node.|
|Cluster sizing||PAM clusters must have a minimum of 2 nodes and a maximum of 7 nodes.|
|Bidirectional port connectivity||Bidirectional port connectivity is required between each and every node and must be open before adding followers. The list of ports can be found here.|
|Network time protocol (NTP)||The clocks of all nodes must be within two seconds drift of each other. The PAM Server OVA is preconfigured with public ntp.org NTP servers but these can be changed to your internal corporate servers (if required) by clicking here.|
|Node identifiers||Nodes are identified by their address which can either be a fully qualified domain name (FQDN) (i.e. clusterleader.companyABC.net) or an IP Address.
Cluster nodes communicate with each other using their assigned address, therefore the address must be unique to allow a node to resolve the address of other nodes.
If you wish to use FQDNs then the names must resolve to a local address on the node before the installation can continue. All nodes must be able to resolve all FQDNs of all other nodes.
|Server not NATted||If you wish to run nodes on premise and in the cloud, they must be able to communicate with each other bidirectionally using their given IP address (for example through a VPN) and not be NATted.|
|Matching node versions||Before adding a follower to a cluster, ensure all of the existing cluster nodes are the same version of PAM and ensure that the follower to be added matches that version.|