Document toolboxDocument toolbox

IDM (PRIME) 3.12.8 - Requirements and interoperability

This article provides installation requirements and interoperability data for Smart ID Identity Manager

Requirements

Identity Manager application server

Hardware

 

Minimum

Recommended

 

Minimum

Recommended

Hard disk storage

5 GB

The application generates log files, which consumes additional hard disk space.

 

CPU

2 GHz

> 2 GHz

RAM

8 GB

16 GB

The sizing requirements listed above are only recommendations for a default setup. The sizing may differ, for example depending on the following things:

  • Number of concurrent users in the Identity Manager applications.

  • System architecture: for example high availability setup, combined or distributed setup of the Identity Manager applications.

  • OS footprint: different operating systems consume different RAM/CPU loads.

It is recommended to host the application server and the database server in the same data center (but on separated servers). Connecting a Identity Manager application server to a database server via a WAN connection would mean higher latencies and would affect the performance of the system.

Operating systems

The following operating systems are supported:

  • Windows 10 (Client OS not recommended for production environment) 

  • Windows Server 2012 / 2012 R2

  • Windows Server 2016

  • Windows Server 2019

  • Linux (setup routine may differ per Linux distribution and might cause additional efforts)

Software

The following software is supported:

  • OpenJDK or Oracle Java

    • Version 11 (64-bit), Tested on OpenJDK 11.0.6+10

  • Application Server:

    • Apache Tomcat 9.0 ( >= version 9.0.33)

Required ports for Tomcat

On the Apache Tomcat at least two ports are required, one for HTTP and one for HTTPS. Tomcat default ports are 8080 (HTTP) and 8443 (HTTPS). To avoid port collisions, the Identity Manager distribution package is preconfigured with 18080/18443. The port numbers can be configured in the configuration file server.xml. Technically, it is not necessary to use HTTPS, but it is highly recommended.

Identity Manager database server

Hardware

 

Minimum

Recommended

 

Minimum

Recommended

Hard disk storage

~ 1 MB
per person record with photo

 

CPU

2 GHz

> 2 GHz

RAM

4 GB

8 GB

It is recommended to host the application server and the database server in the same data center (but on separated servers). Connecting a Identity Manager application server to a database server via a WAN connection would mean higher latencies and would affect the performance of the system.

Databases

The following databases are supported:

  • SQL Server 2012 and 2012 R2

  • SQL Server 2014 and 2014 R2

  • SQL Server 2016

  • SQL Server 2017

  • SQL Server 2019

  • Azure SQL

  • Oracle Database 11g

  • Oracle Database 12c

  • Oracle Database 19c

  • PostgreSQL 9.2 – 9.6

  • IBM DB2 10.5

For SQL Server and Azure SQL see also the transaction isolation level requirements here: Set transaction isolation level for MS SQL when used with Identity Manager

Operating systems

All operating systems that can host the above databases are supported.

Identity Manager client workstation

Web browsers

All Identity Manager clients are executed in up-to-date HTML5 web browsers such as:

  • Mozilla Firefox

  • Google Chrome

  • Safari

  • Microsoft Edge (Edge HTML engine)

Identity Manager releases are always tested with the latest browser versions.

Hardware

 

Minimum

Recommended

 

Minimum

Recommended

Hard disk storage

~ 100 MB for Nexus Card SDK installation

Nexus Card SDK is only necessary on a capture or production client.

 

CPU

2 GHz

> 2 GHz

RAM

4 GB

> 4 GB

Operating systems

The following operating systems are supported:

  • Windows 10

  • Linux (for clients without image capture, printing and encoding)

JasperReports

The following version of JasperReports is supported:

  • Templates in JasperReports format (.jrxml) version 6.5.1 are supported

Capture or production client: Software

If a workstation is used as a capture client or production client, the Nexus Card SDK application must be installed and licensed.

This requires a Windows-based workstation (PC). For complete installation requirements for Card SDK, see the Nexus Card SDK documentation.

The following version is required:

  • Nexus Card SDK version 5.6, 5.7.

For PKI cryptochip encoding the following is also required:

  • A PKCS#11 compliant smart card middleware.

    • For a list of supported smart card middleware, see Smartcards and smartcard middleware.

  • OpenJDK or Oracle Java

    • Version 11 (64-bit), tested on OpenJDK 11.0.6+10

    • Architecture: 32-bit (for any smart card middleware) or 64-bit (for any smart card middleware except Nexus Personal)

  • The smart card middleware and client-side Java must have the same OS architecture, either 32-bit or 64-bit, since Identity Manager's encoding component connects from the client-side Java to the middleware.

Identity Manager Self-Service client: PKI cryptochip encoding

The following requirements apply for the use of PKI cryptochip encoding features on Identity Manager Self-Service clients:

  • A PKCS#11 compliant smart card middleware.

    • For a list of supported smartcard middleware, see “Smartcards and smartcard middleware”.

  • Smart ID Desktop App version 1.3.

Interoperability

Data connectors

Identity Manager allows synchronization of data with external systems for many different use cases, for example card data, employee data from corporate directories, and entitlements from physical access control systems. Import and export of data can be done for various formats, for example LDAP, JDBC, CSV and SCIM. 

Corporate directories

Identity Manager supports connection to directories compliant with the following standard: 

  • LDAP v3

Microsoft Active Directory is a typical example of a supported directory.

For more information, see Integrate Identity Manager with Microsoft services.

JDBC databases

Identity Manager supports connection to databases based on Java database connectivity (JDBC).

The following databases are supported:

  • SQL Server 2012 and 2012 R2

  • SQL Server 2014 and 2014 R2

  • SQL Server 2016

  • SQL Server 2017

  • SQL Server 2019

  • Azure SQL

    The above Microsoft SQL databases only support case insensitive queries (which is the default option).

  • Oracle Database 11g

  • Oracle Database 12c

  • PostgreSQL 9.2 – 9.6

  • IBM DB2 10.5

  • H2

Certificate authorities

The following certificate authority (CA) products and services are supported:

  • Smart ID Certificate Manager 8.1. A downgrade package is available for CM 7.18.

  • Microsoft Active Directory Certificate Services (ADCS) 2012 / 2012 R2 / 2016 / 2019

  • D-Trust Managed PKI

  • IDNomic version 4.8.1

  • EJBCA version 6.15

  • DFN Managed PKI

  • QuoVadis PKI

For more information, see Integrate Identity Manager with certificate authority (CA)

Other CAs can be integrated on demand.

Physical access control systems (PACS)

The following physical access systems (PACS) are supported by Identity Manager:

Vendor

System

Supported versions

Comment

Vendor

System

Supported versions

Comment

ASSA

Arx

4.1

 

Siemens

Bewator 2010 Omnis

6.2

 

Bravida

Integra

7.2

 

Evva Salto

SALTO

12.2

 

dormakaba

KABA Exos 9300

4.0

 

Lenel

OnGuard

6.6

Limited support

Pacom

Unison

5.8.6

 

RCO

RCARD M5

5.39.4

 

Security Shells

iSecure

  • for integration with HID controllers

2.4

 

Siemens

SiPort

3.0.1

 

Stanley

Stanley Security Manager (SSM)

8.0, 8.1

Limited support

Stanley

Niscayah Integration Manager (NIM3)

3.40

Limited support

Unitek

Unilock

2.0

Limited support

For some PACS systems you need an additional license to do this integration. Contact your PACS vendor for more information.

Set up integrations

For more information, see Integrate Identity Manager with physical access control system (PACS)

Mobile device management (MDM)

The following mobile device management (MDM) product is supported in Identity Manager:

  • MobileIron 9.1

Other MDM systems can be integrated on demand.

Digital identities

Smart cards and middleware in Identity Manager

Supported smart cards depend on the smart card middleware. Smart card middleware is not part of Identity Manager.

Identity Manager connects to a smart card via the PKCS#11 library provided by the middleware. For a list of supported cryptochips and smart cards, please refer to the corresponding technical specification of the middleware.

CardOS 4.4 and CardOS 5.0 are our reference cards for testing. Other cards listed in the middleware specification also normally work, but must be tested individually for the specific requirement.

The following smart card middleware products are supported: 

Vendor or product 

Version

Reference card 

Vendor or product 

Version

Reference card 

Nexus Personal Desktop Client

4.30.2 and 5.1

CardOS 4.4 + 5.0

AET SafeSign

3.0.93

CardOS 4.4
Neowave Weneo

Atos CardOS API

5.4 (1)

CardOS 4.2C + 4.4 + 5.0 + 5.3

Charismathics CSSI

5.4

CardOS 4.4 + 5.0 TPM

Cryptovision cv act sc/interface

7.0.5

CardOS 4.4

Gemalto IDGo800 Pkcs#11 Library

1.2.4

IDPrime MD830

Morpho Ypsid

7.0.1

Ypsid S3

Oberthur AWP

5.1.1

V 7.0.1

Safenet Authentication Client

10.7

IDPrime MD840 and MD940

T-Systems TCOS3 NetKey

1.8.3.1 (2)

TeleSec Signature Card V2.0
TeleSec IDKey 1.0

(1) 5.4W14 or later is required for certain features

(2) 1.8.3.1 is the minimum compatible version, we recommend 1.8.3.2

Yubikey Yubikeys

Identity Manager supports certificate enrollment to Yubico YubiKey 5 PIV tokens via Smart ID Desktop App

Virtual smartcards

The following virtual smartcard is supported:

Vendor/ Product

Version

Smart ID Desktop App

1.2

For more information, see Set up virtual smart card management in Identity Manager

Language support

The following languages are supported: 

  • English

  • French

  • German

  • Swedish

Additional information

 

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions