System Requirements for Key Manager Components
This section provides the minimum and recommended system requirements for Key Manager system components.
Key Manager Server Requirements
A Key Manager Server is a machine that runs a Key Manager back end and/or a Key Manager front end. Before installing Key Manager Server software on a machine, make sure that the machine fulfills the following system requirements:
| Minimum | Recommended |
|---|---|
| 4 processors or cores | 16 processors or cores |
| 8GB RAM | 32GB RAM |
| 30GB disk space | 100GB disk space |
| Tectia SSH Server 6.6.3 or newer | Tectia SSH Server 6.6.3 or newer |
The Key Manager back-end architecture supports multiprocessing and benefits from using multiple CPUs or multiple CPU cores. For 40 concurrent jobs (default maximum value), a modern multi-core CPU is recommended.
Each concurrent process running on a Key Manager back end requires up to 500MB of memory.
Key Manager Server software can be installed on the following platforms:
- Rocky Linux 8.4 version and later 8.x versions (x86-64), 9.x versions (x86-64).
- Red Hat Enterprise Linux 8.x versions (x86-64), 9.x versions (x86-64), 10.x versions (x86-64).
- Amazon Linux 2023.
See the table below for space allocation requirements:
| Area | Space requirement |
|---|---|
| Base OS in site-specific configuration | 5 GB |
| Key Manager related software | 1 GB/version |
| Database area with external database | 0 GB |
| Database area with local database | Hundreds of GB |
| Working areas (temporary directories) | > 10 GB |
| Home directories | 5 GB |
In case of temporary directories the minimum amount to allocate here is estimately 10 GB. This is
calculated as follows: number concurrently running KA scanners (max processes) * average number of logins during scan interval to the target server * 500 bytes. The result can be
anything between 1 GB to 100 GB depending on target activity, and if log-rotation (recommended) is used.
Note, do not put this area into virtual memory backed up filesystem (like tmpfs), as downloaded log files may be large, and would compete with memory available for processes processing them. We recommend cleaning up old files (last modified several days ago) from the temporary area.
Note, reserve also enough space to perform software upgrades (several GB) on Key Manager servers, and on hosts running the Key Manager client reserve enough space to store operator generated report data.
If you intend to use the script-based scans in large host environments, we recommended allocating additional disk space for caches utilized by the script-scan infrastructure. You should add 10 - 15 GB of additional disk space for each 100 000 deployed hosts.
Key Manager Database Requirements
The supported versions and the system requirements for an external database are as follows:
- PostgreSQL 14, 15, 16
- Oracle Enterprise Edition 19c
| Minimum | Recommended |
|---|---|
| 4 processors or cores | 16 processors or cores |
| 8GB RAM | 64GB RAM |
| 500GB disk space | 1TB disk space or more |
Key Manager also supports RDS and Aurora PostgreSQL instances of the listed PostgreSQL versions. However, RDS instances of Oracle Enterprise Editions are not supported.
Reserve enough space for log data and monitor the growth of the database.
The Key Manager system stores all collected log data in the Key Manager Database, and large deployments of hosts may generate considerable amounts of data over time.