Document toolboxDocument toolbox

IDM (PRIME) 3.7 - Requirements and interoperability

This article provides installation requirements and interoperability data for PRIME. 

Requirements

PRIME application server

Hardware

 

Minimum

Recommended

 

Minimum

Recommended

Hard disk storage

5 GB

The application generates log files, which consumes additional hard disk space.

 

CPU

2 GHz

> 2 GHz

RAM

8 GB

16 GB

The sizing requirements listed above are only recommendations for a default setup. The sizing may differ, for example depending on the following things:

  • Number of concurrent users in the PRIME applications.

  • System architecture: for example high availability setup, combined or distributed setup of the PRIME applications.

  • OS footprint: different operating systems consume different RAM/CPU loads.

It is recommended to host the application server and the database server in the same data center (but on separated servers). Connecting a PRIME application server to a database server via a WAN connection would mean higher latencies and would affect the performance of the system.

Operating systems

The following operating systems are supported:

  • Windows 7, Windows 8/8.1, Windows 10 (Client OS not recommended for production environment) 

  • Windows Server 2008 (recommended: 64-bit version) 

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

  • Windows Server 2016

  • Linux and others on request

Software

The following software is supported:

  • Oracle Java JDK/JRE:

    • Version 8.0 (32-bit and 64-bit) , Tested on JRE 8 Update 161

  • Application Server:

    • Apache Tomcat 8.5 and 8.0

    • IBM Websphere 8.5.5.11 (we expect Websphere expertise at the customer, Nexus does not offer integration services for deployment Websphere)

Required ports for Tomcat

On the Apache Tomcat at least two ports are required, one for HTTP and one for HTTPS. Tomcat default ports are 8080 (HTTP) and 8443 (HTTPS). To avoid port collisions, the PRIME distribution package is preconfigured with 18080/18443. The port numbers can be configured in the configuration file server.xml. Technically, it is not necessary to use HTTPS, but it is highly recommended.

PRIME database server

Hardware

 

Minimum

Recommended

 

Minimum

Recommended

Hard disk storage

~ 1 MB
per person record with photo

 

CPU

2 GHz

> 2 GHz

RAM

4 GB

8 GB

It is recommended to host the application server and the database server in the same data center (but on separated servers). Connecting a PRIME application server to a database server via a WAN connection would mean higher latencies and would affect the performance of the system.

Databases

The following databases are supported:

  • SQL Server 2008 and 2008 R2

  • SQL Server 2012 and 2012 R2

  • SQL Server 2014 and 2014 R2

  • SQL Server 2016

  • Oracle Database 11g

  • Oracle Database 12c

  • PostgreSQL 9.2 – 9.6

  • IBM DB2 10.5

Operating systems

All operating systems that can host the above databases are supported.

PRIME client workstation

On the client workstations, the following programs are executed, as either Java Rich client via a local JRE or as HTLM5 in web browsers:

  • Nexus PRIME Designer

  • Nexus PRIME Tenant

  • Nexus PRIME Explorer

  • Nexus PRIME User Self-Service Portal (USSP)

Hardware

 

Minimum

Recommended

 

Minimum

Recommended

Hard disk storage

~ 100 MB for Nexus Card SDK installation

 

CPU

2 GHz

> 2 GHz

RAM

4 GB

> 4 GB

Operating systems

The following operating systems are supported:

  • Windows 7 (32- and 64-bit versions)

  • Windows 8 / 8.1 (32- and 64-bit versions)

  • Windows 10

  • Linux (for clients without image capture, printing and encoding)

Software

The following software is supported:

  • Oracle Java JDK/JRE:

    • Version 8.0 (32- and 64-bit), Tested on JRE 8 Update 161

The required application server port on Tomcat must be open to allow clients to access the network, or alternatively different ports. See Software, in PRIME Application Server.

Capture or production client: Card SDK

If a workstation is used as a capture client or production client, the Nexus Card SDK application must be installed and licensed.

This requires a Windows-based workstation (PC). For complete installation requirements for Card SDK, see the Nexus Card SDK documentation.

The following version is required:

  • Nexus Card SDK Version 5.3

Identity Manager Self-Service client: PKI cryptochip encoding

For cryptochip encoding, such as smartcards and USB tokens, PRIME relies on the PKCS#11 interface.

The following requirements apply:

  • A PKCS#11 compliant smartcard middleware is required. For a list of supported smartcard middleware, see Smartcards and smartcard middleware.

  • The smartcard middleware and client-side Java JRE must have the same OS architecture, either 32-bit or 64-bit, since PRIME Explorer and USSP connects from the client-side Java JRE to the middleware.

User Self-Service Portal: Browser

The following browsers are supported for the User Self-Service Portal (USSP):

  • Internet Explorer 10-11

  • Mozilla Firefox

  • Google Chrome 

User Self-Service Portal client: Software

If certain smartcard functions are used, for example card unblocking or certificate renewal, the following software is required:

  • Oracle Java JDK/JRE:

    • Version 8

The Java Webstart component will be loaded on startup of the USSP.

User Self-Service Portal client: Root certificate

A trusted root certificate is required on a USSP client, for encrypted client communication.

Browser for PRIME HTML Explorer

The PRIME HTML Explorer can be used in Browsers with full HTML5 support. It is tested on:

  • Internet Explorer 11

  • Mozilla Firefox 58

  • Google Chrome 64

Interoperability

Data connectors

Corporate directories

PRIME supports connection to directories compliant with the following standard: 

  • LDAP v3

Microsoft Active Directory is a typical example of a supported directory.

JDBC databases

PRIME supports connection to databases based on Java database connectivity (JDBC).

The following databases are supported:

  • Microsoft SQL (MSSQL) Server 2008/2012/2014

  • Oracle 10/11/12

  • PostgreSQL

  • H2

  • IBM DB2 10.5

Certificate authorities

The following certificate authority (CA) products and services are supported:

  • Nexus Certificate Manager 7.16

  • Microsoft Active Directory Certificate Services (ADCS) 2008/2008 R2 / 2012 / 2012 R2

  • D-Trust Managed PKI

  • EJBCA Version 6.3 (without Key Backup/ Key Recovery) 

  • DFN Managed PKI

Other CAs can be integrated on demand.

Physical access control systems (PACS)

These are the different levels of PACS integration in PRIME:

Basic PACS integration

  • Integration via standard data connectors, such as CSV files, JDBC, LDAP, and SCIM

  • Export of card data to PACS at card activation and deactivation

All PACS systems that can use any of the standard data connectors are supported.

Light entitlement PACS integration

  • Integration via dedicated PACS API

  • Export of card data and access profiles to PACS at card activation and deactivation

  • Manual creation of access profiles in PRIME

The following PACS systems are supported:

Vendor

System

Supported versions

Vendor

System

Supported versions

ASSA

Arx

4.1

dormakaba

KABA Exos 9300

4.0

Stanley

Stanley Security Manager (SSM)

8.0

For some PACS systems you need an additional license to do this integration. Contact your PACS vendor for more information.

Full entitlement PACS integration

Full entitlement PACS integration is included as part of the Physical Entitlement Management module in PRIME:

  • Integration via standard connectors in PACS backend

  • Online sync of card data and access profiles

  • Virtual access profile groups on top of PACS access profiles

  • Updates of access profiles can be separated from card issuing

The following PACS systems are supported:

Vendor

System

Supported versions

Vendor

System

Supported versions

ASSA

Arx

4.1

Bravida

Integra

5.x, 6.22

Evva Salto

SALTO

12.2

dormakaba

KABA Exos 9300

4.0

Lenel

OnGuard

6.6

RCO

RCARD M5

5.x

Stanley

Stanley Security Manager (SSM)

8.0

Stanley

Niscayah Integration Manager (NIM3)

3.40

For some PACS systems you need an additional license to do this integration. Contact your PACS vendor for more information.

Mobile device management (MDM)

The following mobile device management (MDM) product is supported:

  • MobileIron 9.1

Other MDM systems can be integrated on demand.

Digital identities

Smart cards and middleware

Supported smart cards depend on the smart card middleware. Smart card middleware is not part of the Nexus PRIME product.

PRIME connects to a smart card via the PKCS#11 library provided by the middleware. For a list of supported cryptochips and smart cards, please refer to the corresponding technical specification of the middleware.

CardOS 4.4 and CardOS 5.0 are our reference cards for testing. Other cards listed in the middleware specification also normally work, but must be tested individually for the specific requirement.

The following smart card middleware products are supported: 

Vendor or product 

Version

Reference card 

Vendor or product 

Version

Reference card 

Nexus Personal Desktop Client

V 4.27

CardOS 4.4 + 5.0

AET SafeSign

V 3.0.93

CardOS 4.4

Neowave Weneo

Atos CardAPI

V 5.4

CardOS 4.4 + 5.0 + 5.3

Charismathics CSSI

V 5.4

CardOS 4.4 + 5.0 TPM

Cryptovision cv act sc/interface

V 6.4.4

CardOS 4.4

Gemalto IDGo800 Pkcs#11 Library

V 1.2.4

IDPrime MD 830

Morpho Ypsid

7.0.1

Ypsid S3

Oberthur AWP

V 5.1.1

V 7.0.1

Safenet Authentication Client

10.2

IDPrime MD 840

Language support

The following languages are supported: 

  • English

  • French

  • German

  • Norwegian

  • Swedish

Additional information

 

Copyright 2024 Technology Nexus Secured Business Solutions AB. All rights reserved.
Contact Nexus | https://www.nexusgroup.com | Disclaimer | Terms & Conditions