Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.
Versions
  • London
  • Kingston
  • Jakarta
  • Istanbul
  • Helsinki
  • Geneva
  • Store
Close

Edge Encryption system requirements

Edge Encryption system requirements

The Edge Encryption proxy application can run on servers or virtual machines running Windows or Linux.

Java requirements

Java minimum requirements

The host machine installing or running the Edge Encryption proxy server must maintain a supported version of Java:
  • Java 8 update 121 (8u121)
  • Java 8 update 141 (8u141)
  • Java 8 update 151 (8u151) or higher
    Note: Java 8 update 131 (8u131) is not supported.
Important: Before installing the Edge Encryption proxy server, check that the $JAVA_HOME variable is pointing to a supported version of Java for each user that will run the proxy server. For example, if installing the proxy server as a local administrator on Windows, check that the $JAVA_HOME variable is pointing to the correct version of Java system-wide. If installing on Linux, check that each user that will run the proxy server has this variable correctly defined. If a supported version of Java is not found, the Edge Encryption proxy server will not run.

If using AES 256-bit encryption with Java 8 update 141 (8u141) or lower, you must install the Java Cryptography Extension (JCE) jurisdiction policy files by copying them into the system Java home directory of each Edge Encryption proxy server host. Add these files to the <Java-home-directory>/jre/lib/security folder before performing a scheduled or manual upgrade. To install the AES 256-bit encryption policy files, see Enable AES 256-bit encryption for Java 8 update 141 (8u141) or lower.

If using AES 256-bit encryption with Java 8 update 151 (8u151) or higher, a java.security file is downloaded with the update. You can simply edit the java.security file to enable AES 256-bit encryption. See Enable AES 256-bit encryption for Java 8 update 151 (8u151) or higher.
Note: If upgrading an Edge Encryption proxy server running on Windows to a new version of Java, you may need to copy the JCE policy files from your previous Java folder to the new Java folder.
Important: Java does not automatically allow unlimited strength keys.

Proxy server minimum configuration

The minimum configuration includes:
  • A minimum of 4 GB of available RAM per proxy server (6 GB is recommended for most deployments).

    Note: The host machine running the proxy server must have at least 1 more GB of RAM available for OS services than is needed to run the proxy server. Specifically, if a proxy server is set to use 4 GB of RAM, the VM or hardware must have at least 5 GB of RAM installed.
  • 3+ GHz CPU, with a 4-core CPU preferred.
  • Multiple proxy servers behind a load balancer. The number of proxy servers will depend on the number of application nodes, number of simultaneous users, and failover needs. See Sizing your Edge Encryption environment for considerations.
  • Ability to ride-along with other services, depending on the server utilization and resource availability.
  • Java 8 is required to run the installer.

Proxy server supported systems

The following systems are supported.
  • Windows Server 2012, 2012-R2, and 2016 editions
    • Virtual machines or physical hardware
    • 64-bit systems
  • Linux
    • Virtual machines or physical hardware
    • 64-bit systems
Note: Because the proxy server requires at least 4 GB of memory, 32-bit JREs and 32-bit operating systems are no longer supported starting with the Kingston release.

On 64-bit Linux systems, you must install the 32-bit GNU C library (glibc). The installation command for CentOS is: yum install glibc.i686

Proxy server connection requirements

The proxy server that runs the Edge Encryption application must be able to communicate with machines in your network. Make sure that the proxy server has these network privileges:
  • Firewall access: Configure any firewalls between the proxy server and the client devices to allow a connection. If your network uses a DMZ, and if your network security protocols limit port access from within the network to the DMZ, you might have to deploy a proxy server to a machine within the DMZ.
  • Network access: Configure each client to let the proxy server connect with it. If network security prevents you from configuring new machines that can connect to the clients, install the proxy server on an existing machine with connection privileges.
  • Instance access: Ensure network access to the instance from the proxy server. Make sure that the network used by the proxy server is configured to allow traffic over TCP port 443.
  • Network account: Install the proxy server with the proper account, either local or domain administrator.

Order-preserving and tokenization database system requirements

Order-preserving encryption and encryption patterns require a MySQL database configured for the Edge Encryption proxy. Use a dedicated machine to run the order-preserving and tokenization database. The minimum requirements include.
  • Version: MySQL database versions 5.5 to 7.x
  • OS: 64-bit systems
  • CPU: 2+ GHz CPU, with a 4-core CPU preferred
  • RAM: 16 GB
  • Disk: SAN or local storage (RAID 10 recommended)
  • Size: Determined by the number of potential records multiplied by record size. Calculate the order-preserving and tokenization database size.
  • Configuration: High Availability cluster. If you are unsure of how to configure your MySQL server, contact MySQL for configuration information.