Skip to content

System Requirements

Your operating environment must meet the following requirements to ensure that this software will function properly.

Client Machines

The following client web browsers and platforms are supported:

Host Machine

Hardware Requirements

Hardware Minimum Recommended
Memory 8GB 16GB
Processor >=2GHz with >=2 Cores/Virtual Processors
Advanced Vector Extensions (AVX)		 >=2GHz with >=4 Cores/Virtual Processors
Storage 80GB of available space 250GB+ of available space with disk encryption

NEC recommends using Ubuntu Server Certified Hardware for 20.04 LTS. Refer to https://certification.ubuntu.com/server/ for more information.

Operating System Requirements

The operating system hosting UIP should not have other software installed on it (including docker). The following operating systems are supported for hosting UIP:

It is recommended to install the operating system on a virtual machine hosted by a hypervisor. Taking a checkpoint before system updates is recommended to capture a restore point.

Important

To ensure a maximum degree of data protection and privacy, it is recommended to install Ubuntu Server with disk encryption support provided by LVM/LUKS.

See Ubuntu Time Management for issues relating to your systems time settings.

Network Requirements

For details on setting up the network on Ubuntu, refer to Ubuntu network configuration

  • A network adapter which has internet access and an IPv4 address is required to install and update this software
  • During install and operation software and documentation must be downloaded from several websites. UIP does not transmit your data to these sites. The sites listed below should be added to any necessary allow lists.
    • The machine hosting UIP must be able to access the following sites.
      • *.nec-downloads.com - download site for UIP utility scripts and UIP software image registry
      • s3.us-east-2.amazonaws.com - download site for UIP and Adapter Type software images
      • *.ubuntu.com - download site used by "apt" for Ubuntu OS and its software updates
      • download.docker.com - download site for Docker software and its updates
    • Any web browser that will be used to access UIP should be able to access the following sites in addition to the UIP machine's client access system name'.
      • uip.nec-help.com - website for UIP documentation, UIP Adapter Type documentation, UIP custom templates, use cases, and adapter hub services
      • *.nec-downloads.com - download site for UIP Adapter Type Store and Adapter Hub Service Template list
  • Configure the host with a static IP address or configure a DHCP lease reservation so the IP address will not change
  • Private DNS servers must be configured using the steps described below in the Configure DNS Servers section
  • HTTP or HTTPS web proxies must be configured if they restrict access to the internet. Follow the steps described below in the Configure HTTP|HTTPS Proxy section. It is important to obtain any related proxy CA certificate if it intercepts outbound HTTPS traffic from UIP adapters.
  • Additional steps to modify docker networks may be needed during the install of UIP, if the following networks are used within your network environment.
    • 10.115.0.0/16 - default address pool for overlay Docker networks
      • "ingress" network is automatically created from this address pool when Docker Swarm is initialized
    • 10.116.187.0/24 - "nap-network" used for communication among the UIP core services
    • 10.117.0.0/16 - "nap-wfa-network" used for communication among UIP adapter containers running on the same machine where UIP is installed
    • 172.17.0.0/16 - "bridge" default network used for Docker containers that are not assigned to a specific network such as the Setup Wizard used during UIP installation
    • 172.18.0.0/16 - "docker_gwbridge" bridge network that connects overlay networks (including the ingress network) to the host machine's physical network

Configure DNS Servers

Additional configuration steps must be completed in order to install UIP and Adapter Hub successfully on a machine which must use private DNS servers to resolve the names of other machines.

Important

Prior to beginning an install of UIP or Adapter Hub it is important to work with IT staff to configure any necessary DNS servers as described in the help topic DNS Configuration and Troubleshooting.

Configure HTTP|HTTPS Proxy

Additional configuration steps must be completed in order to install UIP and Adapter Hub successfully on a machine which must use a proxy to access the public internet.

Important

Prior to beginning an install of UIP or Adapter Hub it is important to work with IT staff to configure any necessary HTTP proxy servers as described in the help topic Proxy Configuration and Troubleshooting.

Modify Docker Networks

There are various networks that exist within the system's internal virtual environment. In some cases you may find that the subnet of one of these virtual networks may conflict with a subnet that is already being used in your local environment. To resolve such an issue, it may be necessary to modify the default IP address range used by one or more of the virtual networks.

"bridge" Network

The default IP address range for the docker0 bridge network is 172.17.0.0/16. This can be modified using a /etc/docker/daemon.json file similar to the following example.

{ "bip": "192.168.100.1/24" }

You must restart the Docker service in order for the changes made in the daemon.json file to take effect. This can be done by executing the following command.

sudo systemctl restart docker
"docker_gwbridge" Network

The default IP address range for the docker_gwbridge network is 172.18.0.0/16. To customize this network, you must do so before joining the Docker host to the swarm or after temporarily removing the host from the swarm.

  1. Stop Docker.

    sudo systemctl stop docker

  2. Delete the existing docker_gwbridge interface.

    sudo ip link set docker_gwbridge down
sudo ip link del dev docker_gwbridge

  3. Start Docker. Do not join or initialize the swarm.

    sudo systemctl start docker

  4. Create or re-create the docker_gwbridge bridge manually with your custom settings, using the docker network create command:

    docker network create \
    --subnet 172.18.0.0/16 \
    --gateway 172.18.0.1 \
    --opt com.docker.network.bridge.name=docker_gwbridge \
    --opt com.docker.network.bridge.enable_icc=false \
    --opt com.docker.network.bridge.enable_ip_masquerade=true \
    docker_gwbridge

  5. Initialize or join the swarm. Since the bridge already exists, Docker does not create it with automatic settings.

"ingress" Network

The default IP address range for the ingress network is 10.115.0.0/24. To customize this network, you must do so after running the nap-install.sh script but before starting the installation wizard by browsing to http://###.###.###.###:9090. At this point there should be no services whose containers are connected to this network.

  1. Remove the existing ingress network:

    docker network rm ingress

  2. Create a new overlay network using the --ingress flag, along with the custom options you want to set.

    docker network create \
    --driver overlay \
    --ingress \
    --subnet=10.255.0.0/24 \
    --gateway=10.255.0.1 \
    ingress

In this example the network used will be 10.255.0.0/24. You should choose a class C network that does not conflict with your environment.

"nap-network" Network

The default IP address range for the nap-network is 10.116.187.0/24. To customize this network, you must do so after running the nap-install.sh script but before starting the installation wizard by browsing to http://###.###.###.###:9090

  1. Create the nap-network bridge manually with your custom settings, using the docker network create command:
docker network create \
    --driver overlay \
    --attachable \
    --subnet 10.20.0.0/24 \
    --gateway 10.20.0.1 \
    --opt com.docker.network.bridge.name=nap-network \
nap-network

In this example the network used will be 10.20.0.0/24. You should choose a class C network that does not conflict with your environment.

"nap-wfa-network" Network

The default IP address range for the nap-network is 10.117.0.0/16. To customize this network, you must do so after running the nap-install.sh script but before starting the installation wizard by browsing to http://###.###.###.###:9090

Create the nap-wfa-network bridge manually with your custom settings, using the docker network create command:

docker network create \
    --driver overlay \
    --attachable \
    --subnet 10.21.0.0/16 \
    --gateway 10.21.0.1 \
    --opt com.docker.network.bridge.name=nap-wfa-network \
 nap-wfa-network

In this example the network used will be 10.21.0.0/16. You should choose a class B network that does not conflict with your environment.

External MongoDB Database Support

It is possible to install UIP into an existing MongoDB database service as long as it is a supported version and it has been configured for TLS access. This may be preferred in cases when a site already has a MongoDB service and/or wishes to keep their UIP database encrypted at rest.

  • MongoDB version 6.0 based systems are supported
  • TLS connection is required

Always refer to the documentation of your external MongoDB platform for guidance on how to install, configure, and maintain your external MongoDB service.

NEC recommends that a MongoDB user is used which only has access rights to the UIP databases to isolate it from any unrelated data that may be stored on the same MongoDB service. The following is an example of a command that can be run within the MongoDB command line interface (CLI) to create a new user for UIP databases prefixed with "uip_".

db.createUser({
    user: "mongouipusername",
    pwd: "mongouipstrongpassword",
    roles:[
        {role: "readWrite" , db:"uip_backuprestore"},
        {role: "readWrite" , db:"uip_dockerregistry"},
        {role: "readWrite" , db:"uip_loglevel"},
        {role: "readWrite" , db:"uip_license"},
        {role: "readWrite" , db:"uip_logging"},
        {role: "readWrite" , db:"uip_identityServer"},
        {role: "readWrite" , db:"uip_notification"},
        {role: "readWrite" , db:"uip_workflow"}
    ]
})

When the UIP installation script is executed there are extra parameters which are used to instruct the UIP installer to use an external MongoDB service.

  • --dbprefix - prefix to use for the UIP database names to help identity them
    e.g., uip_
  • --dburl - the MongoDB connection string
    e.g., mongodb://mongouipusername:mongouipstrongpassword@mongoserver:27017/?tls=true&authSource=admin"
    • username and password for UIP connections to MongoDB must be specified
    • port is required if it is not the default 27017
    • UIP database names should not be specified in connection string
    • authSource is required if the MongoDB user account for UIP is not associated with the default admin authentication database

The following is an example of executing the UIP installation script with an external MongoDB service that has a default port, default authentication database, and the UIP database prefix "uip_".

sudo bash nap-install.sh --dbprefix uip_ --dburl "mongodb://mongouipusername:mongouipstrongpassword@mongoserver/?tls=true"

If the external MondoDB uses a TLS certificate that is self-signed or signed by a private CA you must provide the CA certificate when the nap-install.sh script is executed. At install time an optional "--cacerts FOLDER" command line parameter can be used to supply a folder that contains CA certificate files. They must be in PEM format and have a file extension of .crt.

sudo bash nap-install.sh --dbprefix uip_ --dburl "mongodb://mongouipusername:mongouipstrongpassword@mongoserver/?tls=true" --cacerts ~/ca-certs-folder/