Installation requirements
Before you install PingAccess, review the following system, hardware, and port requirements.
System requirements
Make sure that your system meets the following requirements for PingAccess deployment and configuration.
Ping Identity qualifies the following configurations and certifies that they are compatible with the product. Variations of these platforms, such as differences in operating system version or service pack, are supported until the platform or other required software creates potential conflicts.
PingAccess currently supports IPv4 addressing but not IPv6 addressing. |
System component | Requirements | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Operating systems |
|
||||||||||||||||
Docker support |
You can find the PingAccess Docker image on DockerHub and more information in Ping Identity’s DevOps documentation.
|
||||||||||||||||
Virtual systems |
Although Ping Identity doesn’t qualify or recommend any specific virtual machine (VM) products, PingAccess runs well on several, including:
|
||||||||||||||||
Java environments |
|
||||||||||||||||
PingFederate |
The following versions of PingFederate are fully certified with this version of PingAccess:
Other versions of PingFederate are expected to be compatible with this version of PingAccess as described in Ping Identity’s end of life policy.
|
||||||||||||||||
End-user browsers |
|
||||||||||||||||
Admin console browsers |
|
||||||||||||||||
Audit event storage (external database) |
|
||||||||||||||||
Hardware security module |
You can find more information about configuring a hardware security module (HSM) in Hardware security module providers. PingAccess certifies the following HSMs:
|
||||||||||||||||
Supported HTTP versions |
HTTP 1.1 |
||||||||||||||||
OpenID Connect (OIDC) providers |
Ping Identity strives to support any third-party OIDC-compliant provider. The following table includes some of the most common providers used with PingAccess:
|
Hardware requirements
Although it’s possible to run PingAccess on less powerful hardware, the following guidelines accommodate disk space for default logging and auditing profiles and CPU resources for a moderate level of concurrent request processing. |
Although the requirements for different environments vary, run PingAccess on hardware that meets or exceeds these specifications:
-
Multi-CPU/Cores (8 or more)
-
4 GB of RAM
-
2.1 GB of available hard drive space
Port requirements
PingAccess uses ports and protocols to communicate with external components. This information provides guidance for firewall administrators to ensure that the correct ports are available across network segments.
Direction refers to the direction of requests relative to PingAccess:
|
Service | Port details | Source | Description | ||
---|---|---|---|---|---|
PingAccess administrative console |
|
PingAccess administrator browser, PingAccess administrative application programming interface (API) REST calls, PingAccess replica admin and clustered engine nodes |
Used for incoming requests to the PingAccess administrative console. Configurable using the
|
||
PingAccess cluster communications port |
|
PingAccess administrator browser, PingAccess administrative API REST calls, PingAccess replica admin and clustered engine nodes |
Used for incoming requests where the clustered engines request their configuration data. Configurable using the
|
||
PingAccess engine |
|
Client browser, mobile devices, PingFederate engine |
Used for incoming requests to the PingAccess runtime engine. Configurable using the |
||
PingAccess agent |
|
PingAccess agent |
Used for incoming Agent requests to the PingAccess runtime engine. Configurable using the |
||
PingAccess sideband (optional) |
|
Sideband client (an API gateway such as Kong Gateway or Apigee) |
Used for incoming sideband requests to the PingAccess runtime engine. Configurable using the
|
||
PingFederate traffic |
|
PingAccess engine |
Used to validate OAuth access token and ID tokens, make Security Token Service (STS) calls for identity mediation, and return authorized information about a user. Configurable using the |