IDM (PRIME) 3.7 - Requirements and interoperability
This article provides installation requirements and interoperability data for PRIME.Â
Requirements
PRIME application server
Hardware
 | Minimum | Recommended |
---|---|---|
Hard disk storage | 5 GB The application generates log files, which consumes additional hard disk space. | Â |
CPU | 2 GHz | > 2 GHz |
RAM | 8 GB | 16 GB |
The sizing requirements listed above are only recommendations for a default setup. The sizing may differ, for example depending on the following things:
Number of concurrent users in the PRIME applications.
System architecture: for example high availability setup, combined or distributed setup of the PRIME applications.
OS footprint: different operating systems consume different RAM/CPU loads.
It is recommended to host the application server and the database server in the same data center (but on separated servers). Connecting a PRIME application server to a database server via a WAN connection would mean higher latencies and would affect the performance of the system.
Operating systems
The following operating systems are supported:
Windows 7, Windows 8/8.1, Windows 10 (Client OS not recommended for production environment)Â
Windows Server 2008 (recommended: 64-bit version)Â
Windows Server 2008 R2
Windows Server 2012
Windows Server 2012 R2
Windows Server 2016
Linux and others on request
Software
The following software is supported:
Oracle Java JDK/JRE:
Version 8.0 (32-bit and 64-bit) , Tested on JRE 8 Update 161
Application Server:
Apache Tomcat 8.5 and 8.0
IBM Websphere 8.5.5.11 (we expect Websphere expertise at the customer, Nexus does not offer integration services for deployment Websphere)
Required ports for Tomcat
On the Apache Tomcat at least two ports are required, one for HTTP and one for HTTPS. Tomcat default ports are 8080 (HTTP) and 8443 (HTTPS). To avoid port collisions, the PRIME distribution package is preconfigured with 18080/18443. The port numbers can be configured in the configuration file server.xml
. Technically, it is not necessary to use HTTPS, but it is highly recommended.
PRIME database server
Hardware
 | Minimum | Recommended |
---|---|---|
Hard disk storage | ~ 1 MB | Â |
CPU | 2 GHz | > 2 GHz |
RAM | 4 GB | 8 GB |
It is recommended to host the application server and the database server in the same data center (but on separated servers). Connecting a PRIME application server to a database server via a WAN connection would mean higher latencies and would affect the performance of the system.
Databases
The following databases are supported:
SQL Server 2008 and 2008 R2
SQL Server 2012 and 2012 R2
SQL Server 2014 and 2014 R2
SQL Server 2016
Oracle Database 11g
Oracle Database 12c
PostgreSQL 9.2 – 9.6
IBM DB2 10.5
Operating systems
All operating systems that can host the above databases are supported.
PRIME client workstation
On the client workstations, the following programs are executed, as either Java Rich client via a local JRE or as HTLM5 in web browsers:
Nexus PRIME Designer
Nexus PRIME Tenant
Nexus PRIME Explorer
Nexus PRIME User Self-Service Portal (USSP)
Hardware
 | Minimum | Recommended |
---|---|---|
Hard disk storage | ~ 100 MB for Nexus Card SDK installation | Â |
CPU | 2 GHz | > 2 GHz |
RAM | 4 GB | > 4 GB |
Operating systems
The following operating systems are supported:
Windows 7 (32- and 64-bit versions)
Windows 8 / 8.1 (32- and 64-bit versions)
Windows 10
Linux (for clients without image capture, printing and encoding)
Software
The following software is supported:
Oracle Java JDK/JRE:
Version 8.0 (32- and 64-bit), Tested on JRE 8 Update 161
The required application server port on Tomcat must be open to allow clients to access the network, or alternatively different ports. See Software, in PRIME Application Server.
Capture or production client: Card SDK
If a workstation is used as a capture client or production client, the Nexus Card SDK application must be installed and licensed.
This requires a Windows-based workstation (PC). For complete installation requirements for Card SDK, see the Nexus Card SDK documentation.
The following version is required:
Nexus Card SDK Version 5.3
Identity Manager Self-Service client: PKI cryptochip encoding
For cryptochip encoding, such as smartcards and USB tokens, PRIME relies on the PKCS#11 interface.
The following requirements apply:
A PKCS#11 compliant smartcard middleware is required. For a list of supported smartcard middleware, see Smartcards and smartcard middleware.
The smartcard middleware and client-side Java JRE must have the same OS architecture, either 32-bit or 64-bit, since PRIME Explorer and USSP connects from the client-side Java JRE to the middleware.
User Self-Service Portal: Browser
The following browsers are supported for the User Self-Service Portal (USSP):
Internet Explorer 10-11
Mozilla Firefox
Google ChromeÂ
User Self-Service Portal client: Software
If certain smartcard functions are used, for example card unblocking or certificate renewal, the following software is required:
Oracle Java JDK/JRE:
Version 8
The Java Webstart component will be loaded on startup of the USSP.
User Self-Service Portal client: Root certificate
A trusted root certificate is required on a USSP client, for encrypted client communication.
Browser for PRIME HTML Explorer
The PRIME HTML Explorer can be used in Browsers with full HTML5 support. It is tested on:
Internet Explorer 11
Mozilla Firefox 58
Google Chrome 64
Interoperability
Data connectors
Corporate directories
PRIME supports connection to directories compliant with the following standard:Â
LDAP v3
Microsoft Active Directory is a typical example of a supported directory.
JDBC databases
PRIME supports connection to databases based on Java database connectivity (JDBC).
The following databases are supported:
Microsoft SQL (MSSQL) Server 2008/2012/2014
Oracle 10/11/12
PostgreSQL
H2
IBM DB2 10.5
Certificate authorities
The following certificate authority (CA) products and services are supported:
Nexus Certificate Manager 7.16
Microsoft Active Directory Certificate Services (ADCS) 2008/2008 R2 / 2012 / 2012 R2
D-Trust Managed PKI
EJBCA Version 6.3 (without Key Backup/ Key Recovery)Â
DFN Managed PKI
Other CAs can be integrated on demand.
Physical access control systems (PACS)
These are the different levels of PACS integration in PRIME:
Basic PACS integration
Integration via standard data connectors, such as CSV files, JDBC, LDAP, and SCIM
Export of card data to PACS at card activation and deactivation
All PACS systems that can use any of the standard data connectors are supported.
Light entitlement PACS integration
Integration via dedicated PACS API
Export of card data and access profiles to PACS at card activation and deactivation
Manual creation of access profiles in PRIME
The following PACS systems are supported:
Vendor | System | Supported versions |
---|---|---|
ASSA | Arx | 4.1 |
dormakaba | KABA Exos 9300 | 4.0 |
Stanley | Stanley Security Manager (SSM) | 8.0 |
For some PACS systems you need an additional license to do this integration. Contact your PACS vendor for more information.
Full entitlement PACS integration
Full entitlement PACS integration is included as part of the Physical Entitlement Management module in PRIME:
Integration via standard connectors in PACS backend
Online sync of card data and access profiles
Virtual access profile groups on top of PACS access profiles
Updates of access profiles can be separated from card issuing
The following PACS systems are supported:
Vendor | System | Supported versions |
---|---|---|
ASSA | Arx | 4.1 |
Bravida | Integra | 5.x, 6.22 |
Evva Salto | SALTO | 12.2 |
dormakaba | KABA Exos 9300 | 4.0 |
Lenel | OnGuard | 6.6 |
RCO | RCARD M5 | 5.x |
Stanley | Stanley Security Manager (SSM) | 8.0 |
Stanley | Niscayah Integration Manager (NIM3) | 3.40 |
For some PACS systems you need an additional license to do this integration. Contact your PACS vendor for more information.
Mobile device management (MDM)
The following mobile device management (MDM) product is supported:
MobileIron 9.1
Other MDM systems can be integrated on demand.
Digital identities
Smart cards and middleware
Supported smart cards depend on the smart card middleware. Smart card middleware is not part of the Nexus PRIME product.
PRIME connects to a smart card via the PKCS#11 library provided by the middleware. For a list of supported cryptochips and smart cards, please refer to the corresponding technical specification of the middleware.
CardOS 4.4 and CardOS 5.0 are our reference cards for testing. Other cards listed in the middleware specification also normally work, but must be tested individually for the specific requirement.
The following smart card middleware products are supported:Â
Vendor or product | Version | Reference card |
---|---|---|
V 4.27 | CardOS 4.4 + 5.0 | |
AET SafeSign | V 3.0.93 | CardOS 4.4 Neowave Weneo |
Atos CardAPI | V 5.4 | CardOS 4.4 + 5.0 + 5.3 |
Charismathics CSSI | V 5.4 | CardOS 4.4 + 5.0 TPM |
Cryptovision cv act sc/interface | V 6.4.4 | CardOS 4.4 |
Gemalto IDGo800 Pkcs#11 Library | V 1.2.4 | IDPrime MD 830 |
Morpho Ypsid | 7.0.1 | Ypsid S3 |
Oberthur AWP | V 5.1.1 | V 7.0.1 |
Safenet Authentication Client | 10.2 | IDPrime MD 840 |
Language support
The following languages are supported:Â
English
French
German
Norwegian
Swedish
Additional information
Â
Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions