Deployment Checklist

Use the following checklist to ensure key considerations are covered for your 2020.10.2 deployment:

Check 	Requirement	Details
Access
[ ]	Remote Access	The Autonomous Identity Team is a global team. To support the needs of client teams, remote access to all servers is required for deployment and support of product.
[ ]	Root Access	Root access is required to run required package installations (YUM), perform Docker installation, Docker Swarm-based installation applicable boxes, and potential troubleshooting. Please discuss with delivery team if this requirement is a concern. If so, submit a specified contact to run admin tasks.
[ ]	Service Account	The Autonomous Identity Team should have access to a single service account user (e.g., "autoid"), which will be used throughout as the primary owner of Autonomous Identity specific directories. Specific requirements regarding the service account are specified in this section.
[ ]	File Transfer Process	The Autonomous Identity Team require access to a file transfer process, which lets specified packages be transferred from the vendor to the client infrastructure.
Service Account
[ ]	Autonomous Identity Team Access	Autonomous Identity team members must be able to switch to this user after logging in to the servers
[ ]	SSH Ability	The service account must be able to passwordless SSH between all Autonomous Identity servers; preferred method is RSA SSH key authentication.
[ ]	Default Shell	The default shell of the service account must be Bash.
[ ]	Docker Commands	The service account must have permissions to run Docker commands. Note that Docker should NOT need to be installed as a prerequisite; this will be installed by deployment team.
[ ]	Directory Ownership	Ownership of the following directories must be given to the Service Account. /data (all servers) /opt/autoid (all servers) /shared (if applicable - Docker & Spark servers /tmp (20 GB of disk allocated to /tmp, NOEXEC flag removed, and R/W/E required at least for the service account)
Networking/Internet
[ ]	Access to the Internet	If available, the front-end servers downloads the required Docker images from the official Autonomous Identity image repository.
[ ]	SSL Certificates	If SSL is being implemented, SSL certificates are required for the UI, Cassandra or MongoDB nodes, and Spark nodes. These certificates can be generated using one of the following four options: Self-signed certificates for all 3 components Valid certificate for the UI and self-signed certificates for Cassandra, MongoDB, and Spark nodes (self-signed certs only used in server-server traffic) Valid and separate certificates for the UI, Cassandra, MongoDB, and Spark *.domainname.com certificate (wildcard)
[ ]	Ports Open (Internal)	All internal ports specified in the Networking section of the Environment Specifications need to be opened for the specified servers.
[ ]	Ports Open (external browser)	The following ports must be accessible from a web browser within the client network: 443 (Front-end) 8080 (Spark) 8081 (Spark)
Required Packages
[ ]	Dependencies	The following packages must be installed on specified servers as prerequisites: All Servers: Python 2.7 or Python 3 (3.5+) Cassandra Servers: java-1.8.0-openjdk-devel.x86_64 MongoDB: see Deployment Prerequisites. Analytics Servers: java-1.8.0-openjdk-devel.x86_64
Other
[ ]	Infrastructure Support POC	A point-of-contact (POC) with sufficient access to the infrastructure is required. The POC can support in case of infrastructure blockers arise (e.g., proxy, account access, or port issues).
[ ]	SELinux	SELinux must be disabled on the Docker boxes. The package "container-selinux" must be present (this can be done as part of the root scripts described in the "Root Access" category).
[ ]	Components Not Pre-installed	The following software must NOT be pre-installed on the box: Docker Cassandra MongoDB Spark If any do come pre-installed, discuss the details with the Delivery Team ahead of time.