Product Documentation

Before getting started with the installation of the appliances, it is helpful to use the following checklist to smooth the process. All passwords should be written down on index cards, sealed in envelopes, and locked away. While the users responsible for the passwords will maintain them in memory, these envelopes will serve as backups in the event the responsible individual is unavailable to carry out a task. To print a copy, use this .PDF version instead.

Required Items

Physical space for two appliances. The dimensions of the 1U rack-mounted appliance are: 24.69” D × 1.69” H × 17.09” W (43.0 mm H × 434.0 mm W × 627.1mm D) weighing ~31 lbs. each. The rack-mounted 2U High Performance servers are 24.09” D × 17.53” W × 3.42” H (664.6 mm D × 445.2 mm W × 86.7 mm H) weighing ~71 lbs. each.

Two fixed IP addresses and fully qualified domain names (FQDN) in your Domain Name Service (DNS) tables. We recommend the use of the following:

saka01.[your-domain-name]

saka02.[your-domain-name]

Do not use dynamic IP addresses for the appliances. You must use static IP addresses to ensure the firewall works as configured, but may choose to have them assigned using the Dynamic Host Configuration Protocol (DHCP) rather than set them on the appliances.

Two ports on a Gigabit switch/hub with cables. While the machines are capable of standard Ethernet (10Mb) or fast Ethernet (100Mb), they have a Gigabit port.

USB keyboard and mouse are required. The graphics port is VGA supporting resolutions up to 1920×1200.

Index cards and envelopes to write down and seal strong passwords (including uppercase, lowercase, numeric and special characters) for the following users:

System Basic Input Output System (BIOS) (if using the TPM as the cryptographic module)

Linux System Administrator (root)

Linux user for running the SAKA application (strongauth)

Linux user for batch operation file transfers, if needed (domain1)

MariaDB Database Administrator (root)

MariaDB SAKA database schema owner (skles)

Payara JEE7 Application Server Administrator (admin)

Key Custodian 1

Key Custodian 2

Key Custodian 3

SAKA encryption domain Administrator (administrator1)

Passwords for at least two (2) application user IDs (which are indicative of their privileges within SAKA)

a) pinguser (this credential must have the decrypt privilege)

b) encryptdecrypt

Use these user IDs in the TEST phase. When the appliances are promoted into PRODUCTION, decide if they will be re-created or not.

Before starting the installation, both servers must be connected to the network. During the installation process, it is helpful for the appliances to be next to each to facilitate the exchange of key-material. After the installation is completed successfully, the Secondary SAKA can be relocated to its permanent destination. While the SAKA might undergo a change of the TCP/IP address when they move to their permanent location, the FQDN must remain the same.

As each operation is described, the server (Primary or Secondary) upon which it is performed will be bracketed in the heading.