Thank you for your feedback.
Form temporarily unavailable. Please try again or contact docfeedback@servicenow.com to submit your comments.

Edge Encryption system requirements

Log in to subscribe to topics and get notified when content changes.

Edge Encryption system requirements

You can run the Edge Encryption proxy application on servers or virtual machines that run on Microsoft Windows or Linux operating systems. For optimum performance, ensure that your configuration meets these requirements.

Java requirements

The host machine installing or running the Edge Encryption proxy server must maintain a supported version of Java:
  • Java 8 update 121 (8u121)
  • Java 8 update 141 (8u141)
  • Java 8 update 151 (8u151) or later
    Note: Java 8 update 131 (8u131) is not supported.
Note: Before installing the Edge Encryption proxy server, check that the $JAVA_HOME variable is pointing to a supported version of Java for each user that will run the proxy server. For example, if installing the proxy server as a local administrator on Windows, check that the $JAVA_HOME variable is pointing to the correct version of Java system-wide. If installing on Linux, check that each user that will run the proxy server has this variable correctly defined. If a supported version of Java is not found, the Edge Encryption proxy server will not run.
Java Version Enabling AES 256-bit Encryption
Java 8 update 141 (8u141) or earlier Install the Java Cryptography Extension (JCE) jurisdiction policy files by copying them into the system Java home directory of each Edge Encryption proxy server host. Add these files to the <Java-home-directory>/jre/lib/security folder before performing a scheduled or manual upgrade.

To install the AES 256-bit encryption policy files, see Enable AES 256-bit encryption for Java 8 update 141 (8u141) or earlier.

Java 8 update 151 (8u151) or later A java.security file is downloaded with the update. Edit the java.security file to enable AES 256-bit encryption.
To edit the java-security file, see Enable AES 256-bit encryption for Java 8 update 151 (8u151) or later.
Note: If upgrading an Edge Encryption proxy server running on Windows to a new version of Java, you may need to copy the JCE policy files from your previous Java folder to the new Java folder.
Note: Java does not automatically allow unlimited strength keys. You must specifically enable the use of AES 256-bit encryption.

Proxy server minimum configuration

A proxy server requires this minimum configuration:
  • 4 GB of RAM per proxy server (6 GB is recommended for most deployments).

    Note: The proxy server host requires at least 1 GB of RAM more than the proxy server. The proxy server host needs the extra 1 GB for operating system services. For example, if you configure a proxy server to use 4 GB of RAM, you must install at least 5 GB of RAM on the proxy server host.

    Because the proxy server requires at least 4 GB of memory, 32-bit JREs and 32-bit operating systems are no longer supported starting with the London release.

  • 3 or more GHz CPU (4-core CPU preferred for optimum performance).
  • Multiple proxy servers behind a load balancer. The number of proxy servers you need depends on the number of application nodes, the number of simultaneous users, and the number of servers needed for failover. See Sizing your Edge Encryption environment for more information.
  • Ability to run concurrently with other services, depending on the server utilization and resource availability.
  • Java 8.

Proxy server supported systems

The following systems are supported:
Supported System Description
Windows Server 2012, 2012-R2, and 2016 editions
  • Virtual machines or physical hardware
  • 64-bit systems
Linux
  • Virtual machines or physical hardware
  • 64-bit systems

On 64-bit Linux systems, you must install the 32-bit GNU C library (glibc). The installation command for CentOS is yum install glibc.i686.

Proxy server connection requirements

The proxy server that runs the Edge Encryption application must be able to communicate with machines in your network. Make sure that the proxy server has these network privileges:
Network Privilege Description
Firewall access Configure any firewalls between the proxy server and the client devices to allow a connection. If your network uses a DeMilitarized Zone (DMZ) to add an extra layer of security to your Local Area Network (LAN), and if your network security protocols limit port access from within the network to the DMZ, you might have to deploy a proxy server to a machine within the DMZ.
Network access Configure each client to enable the proxy server to connect with it. If network security prevents you from configuring new machines that can connect to the clients, install the proxy server on an existing machine with connection privileges.
Instance access Ensure that the proxy server has network access to the instance. Make sure that you configure the proxy server network to allow traffic over TCP port 443.
Network account Install the proxy server with either a local or domain administrator.

Order-preserving and tokenization database system requirements

Order-preserving encryption and encryption patterns require that you configure an Oracle MySQL database for the Edge Encryption proxy server. Order-preserving encryption allows any comparison operation to be directly applied on encrypted data, without first decrypting the data. Encryption patterns let you replace string patterns with tokens (called tokenization) before they are sent to and stored in the database. Because of the size of the MySQL database, use a dedicated proxy server to run the order-preserving and tokenization database.

The minimum database system requirements include:
MySQL Database Requirement
Version MySQL database versions 5.5 to 5.7
OS 64-bit systems
CPU 2 or more GHz CPU (4-core CPU preferred for optimum performance)
RAM 16 GB
Disk Storage Area Network (SAN) or local storage (RAID 10 recommended)
Size Determined by the number of potential records multiplied by the record size. See Calculate the order-preserving and tokenization database size.
Configuration High availability cluster. If you are unsure of how to configure your MySQL server, contact MySQL for configuration information.
Feedback