Deployment Checklist

Use the following checklist to ensure key considerations are covered for your 2020.10.1 deployment:

Deployment Checklist
Check RequirementDetails
Access
[ ]Remote Access

The Autonomous Identity Team is a global team. To support the needs of client teams, remote access to all servers is required for deployment and support of product.

[ ]Root Access

Root access is required to run required package installations (YUM), perform Docker installation, Docker Swarm-based installation applicable boxes, and potential troubleshooting.

Please discuss with delivery team if this requirement is a concern. If so, submit a specified contact to run admin tasks.

[ ]Service Account

The Autonomous Identity Team should have access to a single service account user (e.g., "autoid"), which will be used throughout as the primary owner of Autonomous Identity specific directories. Specific requirements regarding the service account are specified in this section.

[ ]File Transfer Process

The Autonomous Identity Team require access to a file transfer process, which lets specified packages be transferred from the vendor to the client infrastructure.

Service Account
[ ]Autonomous Identity Team Access

Autonomous Identity team members must be able to switch to this user after logging in to the servers

[ ]SSH Ability

The service account must be able to passwordless SSH between all Autonomous Identity servers; preferred method is RSA SSH key authentication.

[ ]Default Shell

The default shell of the service account must be Bash.

[ ]Docker Commands

The service account must have permissions to run Docker commands. Note that Docker should NOT need to be installed as a prerequisite; this will be installed by deployment team.

[ ]Directory Ownership

Ownership of the following directories must be given to the Service Account.

  • /data (all servers)

  • /opt/autoid (all servers)

  • /shared (if applicable - Docker & Spark servers

  • /tmp (20 GB of disk allocated to /tmp, NOEXEC flag removed, and R/W/E required at least for the service account)

Networking/Internet
[ ]Access to the Internet

If available, the front-end servers downloads the required Docker images from the official Autonomous Identity image repository.

[ ]SSL Certificates

If SSL is being implemented, SSL certificates are required for the UI, Cassandra or MongoDB nodes, and Spark nodes. These certificates can be generated using one of the following four options:

  • Self-signed certificates for all 3 components

  • Valid certificate for the UI and self-signed certificates for Cassandra, MongoDB, and Spark nodes (self-signed certs only used in server-server traffic)

  • Valid and separate certificates for the UI, Cassandra, MongoDB, and Spark

  • *.domainname.com certificate (wildcard)

[ ]Ports Open (Internal)

All internal ports specified in the Networking section of the Environment Specifications need to be opened for the specified servers.

[ ]Ports Open (external browser)

The following ports must be accessible from a web browser within the client network:

  • 443 (Front-end)

  • 8080 (Spark)

  • 8081 (Spark)

Required Packages
[ ]Dependencies

The following packages must be installed on specified servers as prerequisites:

  • All Servers: Python 2.7 or Python 3 (3.5+)

  • Cassandra Servers: java-1.8.0-openjdk-devel.x86_64

  • MongoDB: see Deployment Prerequisites.

  • Analytics Servers: java-1.8.0-openjdk-devel.x86_64

Other
[ ]Infrastructure Support POC

A point-of-contact (POC) with sufficient access to the infrastructure is required. The POC can support in case of infrastructure blockers arise (e.g., proxy, account access, or port issues).

[ ]SELinux

SELinux must be disabled on the Docker boxes. The package "container-selinux" must be present (this can be done as part of the root scripts described in the "Root Access" category).

[ ]Components Not Pre-installed

The following software must NOT be pre-installed on the box:

  • Docker

  • Cassandra

  • MongoDB

  • Spark

If any do come pre-installed, discuss the details with the Delivery Team ahead of time.


Read a different version of :