Skip to main content

Prerequisites

  • You will need a machine on which the User Portal software is to be set up. The system requirements for such a machine are provided in User Portal System Requirements.

  • Ensure that you have the Key Manager installation package version 7.0.0, which contains the User Portal rpm package and the required support packages. The package is named as follows:

    sshmgr-7.0.0-*.x86_64.tar

  • Decide which data storage you shall use for User Portal. User Portal can be set up to store its data in a local cache, or in a PostgreSQL database. Note, that this choice cannot be changed later, and upgrading from a PostgreSQL database to a local cache, or vice versa, is not supported.

    If opting to use PostgreSQL, the PostgreSQL server can be set up on the User Portal machine and dedicated to User Portal use (internal database). Alternatively, you can configure User Portal to connect to a PostgreSQL server running on another machine (external database).

    The PostgreSQL server must be one of the versions supported by User Portal:

    • PostgreSQL 14, 15, 16

    Configure the PostgreSQL to allow md5 connections to the database (the default is ident). Manually edit the pg_hba.conf file to change it. Also manually edit the password encryption setting in postgresql.conf file to say password_encryption = md5.

    Restart PostgreSQL database service to apply your settings.

    The User Portal binaries include utilities for automatically configuring User Portal against a local cache or a PostgreSQL database. When configuring against a PostgreSQL database, the script requires that the PostgreSQL server is running, and that the PostgreSQL server is using the default server configuration.

    For instructions about setting up a PostgreSQL server, refer to its documentation at http://www.postgresql.org/.

  • Ensure that your network environment allows appropriate access to and from the User Portal machine. For more information about firewall requirements, see Firewall Configuration for User Portal.

  • For production environments, we strongly suggest that you acquire trusted server certificates for authenticating the User Portal management interfaces. Instructions for acquiring trusted certificates are provided in Obtaining Trusted Certificates.

    The User Portal binaries provide utilities for setting up the User Portal management interfaces using self-signed certificates, so the management interfaces shall be usable even without trusted certificates. However, note that setups with self-signed certificates are only recommended for evaluation deployments.

  • Make sure that the operating-system and software packages are up-to-date on the target machine. You can update all the packages by running:

    # yum update

User Portal System Requirements

User Portal is supported by the following OS platforms:

  • Red Hat Enterprise Linux 8.x versions (x86-64), 9.x versions (x86-64), 10.x versions (x86-64).

  • Rocky Linux 8.4 version or later (x86-64), 9.x versions (x86-64).

  • Amazon Linux 2023.

The locale of the machine must be set to an UTF-8-compliant locale, such as en_US.UTF-8. The us_ascii locale, which is default to many distributions, is not supported.

The following table describes the hardware requirements for a User Portal machine. For evaluation purposes, the appliance can be set up with the minimum requirements. For production installations, we recommend that you set up the User Portal appliance with the recommended system specifications.

MinimumRecommended
4 processors or cores8 processors or cores
8GB RAM16GB RAM
30GB disk space100GB disk space

Firewall Configuration for User Portal

This section describes the network services and the protocols that User Portal appliances are expected to communicate with. Ensure that your network firewall settings allow appropriate access to and from your User Portal appliances.

The firewall recommendations in this section should be viewed as guidelines. Some of the services listed here may not be specifically applicable in your network environment, whereas more-complex network environments may have additional restrictions that must be taken into account. Also, the port numbers specified for incoming connections are default values, and may be configured differently if desired. Please consult with your network administrators to determine the exact firewall requirements in your network environment.

User Portal appliances are expected to be able to communicate as follows:

  • Connect to the DNS for basic networking.

  • Connect to the NTP service for time synchronization.

  • Connect to a Key Manager front end via HTTPS. Used for accessing the Key Manager API.

  • Accept HTTPS connections to ports 443. This allows access to the User Portal GUI, and the Management Portal.

  • (Optional): Connect to LDAP and AD servers for LDAP/AD authentication, with LDAP or LDAPS protocol. Required when enabling LDAP authentication to Key Manager management interfaces.

  • (Optional): Accept SSH connections to port 22. Needed to allow remote-terminal sessions, which may be required for appliance maintenance and troubleshooting.

  • (Optional): Connect to SYSLOG services for remote syslog backup.

note

Network services required by User Portal may run on non-standard ports. It might be a good idea to allow connections to any port from Key Manager devices if you are not entirely certain about the ports used by the required network services.