2.4 Hardware and Software Requirements

The following section describes the verified components. However, customers running on any component not provided in this list or with untested configurations will be supported until the point it is determined that the root cause is the untested component or configuration. Issues that can be reproduced on the verified component will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies.

Ensure that the systems you install and use with Identity Governance meet the hardware and software requirements listed here.

2.4.1 Identity Governance Server System Requirements

This section provides the minimum requirements for the servers where you want to install Identity Governance. You can install Identity Governance and the required components in different configurations. For more information, see Section 2.3, Recommended Production Environment Installation Scenarios.

These system requirements provide server settings according to the size of your Identity Governance catalog. In a small catalog, you might collect fewer than 100,000 identities with 100,000 permissions and 80,000 groups.

Category

Minimum Requirement

Processor

  • 4.0 GHz, single processor (small catalog)

  • 4 physical cores of 2.0 GHz or higher per processor

Disk Space

50 GB

Memory

  • 16 GB (small catalog)

  • 32 GB

Utilities

Identity Governance Configuration Update utility (ConfigUpdate) 5.0

Operating System

  • Red Hat Enterprise Linux 8.8 (64-bit) or later patched versions of 8.x

  • SUSE Linux Enterprise Server 15.4 or later patched version of 15.x

  • Microsoft Windows Server 2022 or later patched versions of Windows Server 2022

IMPORTANT:Before installing Identity Governance, apply the latest operating system patches.

Virtual Systems

We support Identity Governance on enterprise-class virtual systems that provide official support for the operating systems where our products are running. As long as the vendors of the virtual systems officially support these operating systems, we support Identity Governance running on them.

IMPORTANT:Ensure to configure the virtual machines running Identity Governance as Thick Provisioned.

Java

Azul JDK 11.0.24 or later respective patched versions of 11.0.xx

Application Server

Apache Tomcat 9.0.91 and later patched versions of 9.0.xx

NOTE:(Conditional) For guaranteed delivery of email notifications, your application server must include support for Apache ActiveMQ Java Message Service (JMS) and clustering.

LDAP Identity Service

  • Microsoft Active Directory that comes with Windows Server 2022

  • eDirectory 9.2.8 or later patched versions of 9.2.x

  • Identity Manager 4.8.7 or 4.9 or later patched versions of 4.8.x or 4.9.x

Authentication Service

  • OSP 6.7.6 or later versions of 6.7.x when deployed with Identity Governance 4.3.1 or Identity Manager 4.9

  • Access Manager 5.0.4, or later patched versions of 5.0.x

Secure Communication

TLS 1.2 or later for secure communication

Third-Party Connector Libraries

(Optional) The Identity Governance JDBC Collectors and SAP User Management Collector use third-party client connector software that is not distributed with the product. Find and download the appropriate JDBC driver file for your database from the database vendor.

  • DB2: com.ibm.db2.jcc.DB2Driver

  • Generic jTDS: net.sourceforge.jtds.jdbc.Driver

  • Microsoft SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver

  • MySQL: com.mysql.jdbc.Driver

  • Oracle Thin Client: oracle.jdbc.driver.OracleDriver

  • PostgreSQL: org.postgresql.Driver

  • SAP: sapjco3.jar

    NOTE:Ensure that all required SAP Java Connector Native library components are installed on the host system. For more information, refer to the vendor documentation.

  • Sybase: com.sybase.jdbc3.jdbc.SybDriver

To gather identity and application data from one of these sources, put one or more of the these client .jar files into the Apache Tomcat /lib folder, then restart the Apache Tomcat server. The default installation location is:

  • Linux: /opt/netiq/idm/apps/tomcat/lib

  • Windows: c:\netiq\idm\apps\tomcat\lib

2.4.2 Database Requirements

This section provides the minimum requirements for the server where you want to install the databases for Identity Governance and the supported versions of the databases. The databases for Identity Governance are required for the product to work.

These system requirements provide server settings according to the size of your Identity Governance catalog. In a small catalog, you might collect fewer than 100,000 identities with 100,000 permissions and 80,000 groups.

On a virtual machine, set up the VM as Thick Provisioned.

Category

Minimum Requirement

Processor

  • 4.0 GHz, single processor (small catalog)

  • 4 physical cores of 2.0 GHz or higher per processor

Disk Space

  • 60 GB (small catalog)

  • 100 GB

Memory

  • 16 GB (small catalog)

  • 32 GB

Operating System

  • Red Hat Enterprise Linux 8.8 (64-bit) or later patched versions of 8.x

  • SUSE Linux Enterprise Server 15.4 or later patched version of 15.x

  • Microsoft Windows Server 2022 or later patched versions of Windows Server 2022

IMPORTANT:Before installing Identity Governance, apply the latest operating system patches.

Virtual Systems

We support the databases for Identity Governance on enterprise-class virtual systems that provide official support for the operating systems where our products are running. As long as the vendors of the virtual systems officially support these operating systems, we support Identity Governance running on them.

IMPORTANT:Ensure to configure the virtual machines running Identity Governance as Thick Provisioned.

Database

One of the following:

  • Microsoft SQL Server

    • Microsoft SQL Server 2019 or later patched versions of the SQL Server 2019

    • Microsoft SQL JDBC driver 10.2 or later patched versions of the Microsoft SQL JDBC driver

  • Oracle

    • Oracle 19c, or later patched versions of 19x

    • Oracle JDBC driver ojdbc8.jar

  • PostgreSQL

    • PostgreSQL 14.13, or later patched versions of 14.x

    • PostgreSQL JDBC driver 42.6.0 or later patched versions of the PostgreSQL JDBC driver

  • Vertica

    NOTE:Identity Governance supports Vertica as an Identity Governance custom metrics data store and as an external archive. You cannot use Vertica as a runtime database for Identity Governance, Identity Reporting, or Workflow Service.

    • Vertica 12.0 or later patched versions of 12.0.x

    • Vertica JDBC driver 12.0.x

Secure Communication

TLS 1.2 or later for secure communication

For information about the different options on how to create and populate the different Identity Governance databases, see Section 5.0, Creating Databases for Identity Governance and Components.

2.4.3 Identity Reporting Server System Requirements

Servers that host Identity Reporting when installing only for Identity Governance have the same minimum requirements as for the Identity Governance server and support the same databases.

Identity Reporting is a separate product that comes with Identity Governance that provides detailed reports about your business-critical processes and systems. It is optional to install Identity Reporting. If you determine that you will install Identity Reporting, you install it after you have completed the Identity Governance installation.

This section lists the requirements for the server that hosts Identity Reporting when installing only for Identity Governance. For more information about whether to install the components on the same server, see Section 2.3, Recommended Production Environment Installation Scenarios.

Identity Reporting comes with Identity Manager and Identity Governance, however, the reports provided are different if you install the version that comes with Identity Manager than the version of Identity Reporting that comes with Identity Governance. There are different requirements if you want to install Identity Reporting in an Identity Manager environment. For more information about the system requirements for installing in an Identity Manager environment that includes Identity Governance, see System Requirements for Identity Manager.

To see how to install Identity Reporting that comes with Identity Governance, see Section 7.0, Installing Identity Reporting.

2.4.4 Workflow Engine Server System Requirements

The Workflow Engine runs the workflows at runtime and manages the approval tasks for approvers. It comes with Identity Governance but it is optional to install the Workflow Engine. To see how to install the Workflow Engine see Section 8.0, Installing Workflow Engine.

IMPORTANT:Installing Workflow Engine on a remote server will be supported in a future release. If installing Workflow Engine, install it on the same Tomcat Server as Identity Governance.

2.4.5 Browser Requirements for Identity Governance and its Components

To log in to Identity Governance on their local devices, users must have one of the following browser versions, at a minimum:

Computers

  • Apple Safari 17.6

  • Google Chrome 128.0.6613.119

  • Microsoft Edge Browser 128.0.2739.42

  • Mozilla Firefox 129.0.2

IMPORTANT:The browser must have cookies enabled. If cookies are disabled, the product does not work.

2.4.6 Audit Server System Requirements

Identity Governance generates the common event format (CEF) events which you can forward to an audit server to generate audit logs that can help prove compliance with regulations. Enabling auditing in Identity Governance is optional.

If you decide to use auditing, you must have your audit server installed and running. Identity Governance does not install the third-party audit servers for you. This section provides the minimum version of the audit servers where you want to send audit events from Identity Governance. We support the following audit servers using syslogger for use with Identity Governance:

  • ArcSight Enterprise Security Manager Suite 7.6 (Including ArcSight Enterprise SmartConnector 8.4)

  • Sentinel 8.5

  • Sentinel Log Manager 8.5

  • Splunk 9.0.80

To determine where you should install the audit server, see Section 2.3, Recommended Production Environment Installation Scenarios. You can enable auditing during the installation of the components or you can enable auditing after you have installed the components. It depends on your environment and your needs.

2.4.7 Email Notification Server System Requirements

Identity Governance can send email notifications to managers, reviewers, administrators, or other people who must receive notifications about events or processes occurring. To be able to send emails and ensure that there are not any lapses in communication, you can install Apache ActiveMQ to guarantee that Identity Governance sends notifications using SMTP. Enabling email notifications is optional. If you choose to enable email notifications, Identity Governance supports the following:

  • Apache ActiveMQ 5.17.6

You can enable email notification during the installation of Identity Governance, Identity Reporting, and Workflow Engine or you can enable email notifications after the installation. It depends on your environment and your needs.