Skip to content

System Requirements

Your operating environment must meet the following requirements to ensure that this software will function properly.

Client Machines

The following client web browsers and platforms are supported:

Host Machine

Hardware Requirements

Hardware Minimum Recommended
Memory 8GB 16GB
Processor >=2GHz with >=2 Cores/Virtual Processors >=2GHz with >=4 Cores/Virtual Processors
Storage 80GB of available space 250GB+ of available space with disk encryption

NEC recommends using Ubuntu Server Certified Hardware for 20.04 LTS. Refer to https://certification.ubuntu.com/server/ for more information.

Operating System Requirements

The operating system hosting UIP should not have other software installed on it (including docker).

It is recommended to install the operating system on a virtual machine hosted by a hypervisor. Taking a checkpoint before system updates is recommended to capture a restore point.

To ensure a maximum degree of data protection and privacy, it is recommended to install Ubuntu Server 20.04 LTS with disk encryption support provided by LVM/LUKS.

Network Requirements

For details on setting up the network on Ubuntu, refer to Ubuntu network configuration

  • A network adapter which has Internet access and an IPv4 address is required to install and update this software
    • During install and operation several websites are accessed and must be allowed from the UIP or outgoing proxy. Some times this is called a "whitelist"

      • https:

        • uip.nec-help.com - this UIP user documentation website
        • *.nec-downloads.com - download site for UIP installer and UIP software image registry
        • s3.us-east-2.amazonaws.com - download site for UIP software and updates
        • *.ubuntu.com - download site for Ubuntu OS and updates
        • download.docker.com - download site for Docker software and updates
      • http:

        • *.ubuntu.com - needed if apt is not set for secure connections
      • Configure the host with a static IP address or configure a DHCP lease reservation so the IP address will not change
      • Private DNS servers must be configured using the steps described below in the Configure DNS Servers section
      • HTTP or HTTPS web proxies must be configured if they restrict access to the Internet. Follow the steps described below in the Configure HTTP|HTTPS Proxy section. Be sure to include any related certificate authority certificates that must be trusted to use the proxy.
      • Additional steps to modify docker networks may be needed during the install of the Integration Platform, if the following networks are used within your network environment: 172.17.0.0/16, 172.18.0.0/16, 10.0.0.0/24, 10.116.187.0/24, 10.117.0.0/16

Configure DNS Servers

Warning

The following instructions are only applicable to systems which use netplan for their network configuration. If your system uses a different tool for network configuration, such as cloud-init (the default for the "live-server" Ubuntu ISO) or ifupdown the procedure for configuring DNS Servers will be different.

If the host system must use any private DNS servers to resolve the names of other machines, they must be configured on the host machine using the netplan application.

All DNS servers should be listed in order of priority within the *.yaml configuration file located in /etc/netplan/, similar to the following example.

network:
    ethernets:
        ens160:
            addresses: []
            dhcp4: true
            optional: true
            nameservers:
                addresses: [192.168.1.100,192.168.1.101]
    version: 2

In order for the change to take place, you must run sudo netplan apply. The structure of the configuration file as well as more information about DNS server settings can be found here.

Any change of the host system's DNS server must be propagated to the networks that exist within the system's internal virtual environment. Use the /etc/docker/daemon.json file to make this change. Add or modify the following line. If more than one DNS server is needed, separate each entry by a comma.

"dns": ["192.168.1.100","192.168.1.101"]

After the changes to the /etc/docker/daemon.json file are made, a Docker service restart is required for the new settings to take effect:

sudo systemctl daemon-reload
sudo systemctl restart docker

To confirm that your DNS server settings are configured properly, you should be able to perform a DNS query on your machine of its own FQDN. This can be done using the nslookup bash command.

If the answer does not return the IP address that you are using for Integration Platform it will not allow you to use that FQDN. A list of your machines current IP addresses can be displayed using the command hostname -I.

Configure HTTP|HTTPS Proxy

The following configuration steps must be completed in order to install Integration Platform successfully on a machine which must use a web proxy to gain access to the Internet.

In the steps below, replace ProxyURL with the URL of your web proxy. If the proxy requires authentication a valid username and password must also be included within the proxy URL value. (http://Username:Password@host.domain.tld:783)

Warning

If the proxy username or password contain any reserved characters that are not permitted within a URL they must be percent-encoded using their equivalent escape character sequence.

For example, the credentials domain\user:P@ss#1 would need to be input as domain%5Cuser:P%40ss%231.

Refer to IETF RFC 3986 sections 2.1 and 2.2 for more information about percent-encoding and reserved characters.

  1. Update or create the file /etc/environment with the following content:

    http_proxy="http://ProxyURL"
    https_proxy="http://ProxyURL"
    no_proxy="localhost,127.0.0.1"
    HTTP_PROXY="http://ProxyURL"
    HTTPS_PROXY="http://ProxyURL"
    NO_PROXY="localhost,127.0.0.1"
    
  2. Reload your environment using the command:

    source /etc/environment
    
  3. Update or create the file /etc/apt/apt.conf.d/30apt-proxy with the following content:

    Acquire::http::Proxy "http://ProxyURL";
    Acquire::https::Proxy "http://ProxyURL";
    
  4. Create a file /etc/default/docker-proxy with the following content:

    HTTP_PROXY="http://ProxyURL"
    HTTPS_PROXY="http://ProxyURL"
    NO_PROXY="localhost,127.0.0.1"
    
  5. Create the directory /etc/systemd/system/docker.service.d

  6. Create the file /etc/systemd/system/docker.service.d/http-proxy.conf with the following content:

    [Service]
    EnvironmentFile=/etc/default/docker-proxy
    
  7. Create the file /etc/systemd/system/docker.service.d/https-proxy.conf with the following content:

    [Service]
    EnvironmentFile=/etc/default/docker-proxy
    
  8. If your web proxy uses a custom CA certificate, it must be installed into the host machine in order for it to trust HTTPS Internet traffic. This process must be repeated any time the CA certificate is due for renewal/replacement. UIP administrators should include this in their annual maintenance planning for the UIP system. Follow the steps below to trust the CA certificate:

    1. Copy certificate from proxy machine to the host
    2. Convert certificate to .crt file extension using the recommended commands depending on your starting file format.
      • Convert PEM to PEM (.crt): openssl x509 -in proxy-ca.pem -inform PEM -out proxy-ca.crt
      • Convert DER to PEM (.crt): openssl x509 -in proxy-ca.der -inform der -out proxy-ca.crt
    3. Make a new folder for the extra CA cert: sudo mkdir /usr/share/ca-certificates/extra
    4. Copy the certificate into the new folder: sudo cp proxy-ca.crt /usr/share/ca-certificates/extra/proxy-ca.crt
    5. Select the extra folder to be used in the following command: sudo dpkg-reconfigure ca-certificates
  9. If Integration Platform is already installed, the Docker service must be restarted in order for the proxy setting changes to take effect.

    sudo systemctl daemon-reload
    sudo systemctl restart docker
    
  10. If your web proxy uses a custom CA certificate, it should be imported into Integration Platform using the Administration > Trusted CA page after the installation is complete. This process must be repeated any time the CA certificate is due for renewal/replacement. UIP administrators should include this in their annual maintenance planning for the UIP system.

Modify Docker Networks

There are various networks that exist within the system's internal virtual environment. In some cases you may find that the subnet of one of these virtual networks may conflict with a subnet that is already being used in your local environment. To resolve such an issue, it may be necessary to modify the default IP address range used by one or more of the virtual networks.

"bridge" Network

The default IP address ranger for the docker0 bridge network is 172.17.0.0/16. This can be modified using a /etc/docker/daemon.json file similar to the following example.

{ "bip": "192.168.100.1/24" }

You must restart the Docker service in order for the changes made in the daemon.json file to take effect. This can be done by executing the following command.

sudo systemctl restart docker
"docker_gwbridge" Network

The default IP address range for the docker_gwbridge network is 172.18.0.0/16. To customize this network, you must do so before joining the Docker host to the swarm or after temporarily removing the host from the swarm.

  1. Stop Docker.

    sudo systemctl stop docker
    
  2. Delete the existing docker_gwbridge interface.

    sudo ip link set docker_gwbridge down
    sudo ip link del dev docker_gwbridge
    
  3. Start Docker. Do not join or initialize the swarm.

    sudo systemctl start docker
    
  4. Create or re-create the docker_gwbridge bridge manually with your custom settings, using the docker network create command:

    docker network create \
        --subnet 172.18.0.0/16 \
        --gateway 172.18.0.1 \
        --opt com.docker.network.bridge.name=docker_gwbridge \
        --opt com.docker.network.bridge.enable_icc=false \
        --opt com.docker.network.bridge.enable_ip_masquerade=true \
        docker_gwbridge
    
  5. Initialize or join the swarm. Since the bridge already exists, Docker does not create it with automatic settings.

"ingress" Network

The default IP address range for the ingress network is 10.0.0.0/24. To customize this network, you must do so after running the nap-install.sh script but before starting the installation wizard by browsing to http://###.###.###.###:9090. At this point there should be no services whose containers are connected to this network.

  1. Remove the existing ingress network:

    docker network rm ingress
    
  2. Create a new overlay network using the --ingress flag, along with the custom options you want to set.

    docker network create \
        --driver overlay \
        --ingress \
        --subnet=10.255.0.0/24 \
        --gateway=10.255.0.1 \
        ingress
    

In this example the network used will be 10.255.0.0/24. You should choose a class C network that does not conflict with your environment.

"nap-network" Network

The default IP address range for the nap-network is 10.116.187.0/24. To customize this network, you must do so after running the nap-install.sh script but before starting the installation wizard by browsing to http://###.###.###.###:9090

  1. Create the nap-network bridge manually with your custom settings, using the docker network create command:
docker network create \
    --driver overlay \
    --attachable \
    --subnet 10.20.0.0/24 \
    --gateway 10.20.0.1 \
    --opt com.docker.network.bridge.name=nap-network \
nap-network

In this example the network used will be 10.20.0.0/24. You should choose a class C network that does not conflict with your environment.

"nap-wfa-network" Network

The default IP address range for the nap-network is 10.117.0.0/16. To customize this network, you must do so after running the nap-install.sh script but before starting the installation wizard by browsing to http://###.###.###.###:9090

Create the nap-wfa-network bridge manually with your custom settings, using the docker network create command:

docker network create \
    --driver overlay \
    --attachable \
    --subnet 10.21.0.0/16 \
    --gateway 10.21.0.1 \
    --opt com.docker.network.bridge.name=nap-wfa-network \
 nap-wfa-network

In this example the network used will be 10.21.0.0/16. You should choose a class B network that does not conflict with your environment.

External MongoDB Database Support

It is possible to install UIP into an existing MongoDB database service as long as it is a supported version and it has been configured for TLS access. This may be preferred in cases when a site already has a MongoDB service and/or wishes to keep their UIP database encrypted at rest.

  • MongoDB version 5.0 based systems are supported
  • TLS connection is required

Always refer to the documentation of your external MongoDB platform for guidance on how to install, configure, and maintain your external MongoDB service.

NEC recommends that a MongoDB user is used which only has access rights to the UIP databases to isolate it from any unrelated data that may be stored on the same MongoDB service. The following is an example of a command that can be run within the MongoDB command line interface (CLI) to create a new user for UIP databases prefixed with "uip_".

db.createUser({
    user: "mongouipusername",
    pwd: "mongouipstrongpassword",
    roles:[
        {role: "readWrite" , db:"uip_backuprestore"},
        {role: "readWrite" , db:"uip_dockerregistry"},
        {role: "readWrite" , db:"uip_loglevel"},
        {role: "readWrite" , db:"uip_license"},
        {role: "readWrite" , db:"uip_logging"},
        {role: "readWrite" , db:"uip_identityServer"},
        {role: "readWrite" , db:"uip_notification"},
        {role: "readWrite" , db:"uip_workflow"}
    ]
})

When the UIP installation script is executed there are extra parameters which are used to instruct the UIP installer to use an external MongoDB service.

  • --dbprefix - prefix to use for the UIP database names to help identity them
    e.g., uip_
  • --dburl - the MongoDB connection string
    e.g., mongodb://mongouipusername:mongouipstrongpassword@mongoserver:27017/?tls=true&authSource=admin"
    • username and password for UIP connections to MongoDB must be specified
    • port is required if it is not the default 27017
    • UIP database names should not be specified in connection string
    • authSource is required if the MongoDB user account for UIP is not associated with the default admin authentication database

The following is an example of executing the UIP installation script with an external MongoDB service that has a default port, default authentication database, and the UIP database prefix "uip_".

sudo bash nap-install.sh --dbprefix uip_ --dburl "mongodb://mongouipusername:mongouipstrongpassword@mongoserver/?tls=true"