Use the following checklist to ensure key considerations are covered for your 2020.6.4 deployment:
The Autonomous Identity Team is a global team. To support the needs of client teams, remote access to all servers is required for deployment and support of product.
|||Root Access|| |
Root access is required to run required package installations (YUM), perform Docker installation, Docker Swarm-based installation applicable boxes, and potential troubleshooting.
Please discuss with delivery team if this requirement is a concern. If so, submit a specified contact to run admin tasks.
|||Service Account|| |
The Autonomous Identity Team should have access to a single service account user (e.g., "autoid"), which will be used throughout as the primary owner of Autonomous Identity specific directories. Specific requirements regarding the service account are specified in this section.
|||File Transfer Process|| |
The Autonomous Identity Team require access to a file transfer process, which lets specified packages be transferred from the vendor to the client infrastructure.
|||Autonomous Identity Team Access|| |
Autonomous Identity team members must be able to switch to this user after logging in to the servers
|||SSH Ability|| |
The service account must be able to passwordless SSH between all Autonomous Identity servers; preferred method is RSA SSH key authentication.
|||Default Shell|| |
The default shell of the service account must be Bash.
|||Directory Ownership|| |
Ownership of the following directories must be given to the Service Account.
|||Docker Commands|| |
The service account must have permissions to run Docker commands. Note that Docker should NOT need to be installed as a prerequisite; this will be installed by deployment team.
|||Access to the Internet|| |
If available, the front-end servers downloads the required Docker images from the official Autonomous Identity image repository.
|||SSL Certificates|| |
If SSL is being implemented, SSL certificates are required for the UI, Cassandra nodes, and Spark nodes. These certificates can be generated using one of the following four options:
|||Ports Open (Internal)|| |
All internal ports specified in the Networking section of the Environment Specifications need to be opened for the specified servers.
|||Ports Open (external browser)|| |
The following ports must be accessible from a web browser within the client network:
The following packages must be installed on specified servers as prerequisites:
|||Infrastructure Support POC|| |
A point-of-contact (POC) with sufficient access to the infrastructure is required. The POC can support in case of infrastructure blockers arise (e.g., proxy, account access, or port issues).
SELinux must be disabled on the Docker boxes. The package "container-selinux" must be present (this can be done as part of the root scripts described in the "Root Access" category).
|||Components Not Pre-installed|| |
The following software must NOT be pre-installed on the box:
If any do come pre-installed, discuss the details with the Delivery Team ahead of time.