System Requirements
- Windows Server 2019 or Windows Server 2022
- Oracle Linux 7 or higher
- Red Hat Enterprise 7 or higher
- Ubuntu 16 or higher
Windows Server Requirements
The Universal Orchestrator has the following requirements on Windows.
-
2GB RAM, 2GHz CPU, 20GB disk space
For optimal performance when using SSL TLS (Transport Layer Security) and its predecessor SSL (Secure Sockets Layer) are protocols for establishing authenticated and encrypted links between networked computers. scanning, the server should have at least 16 logical processors.
-
The orchestrator requires the Microsoft .NET Runtime version 8.0 (x64). Version 8.0 is available for download from Microsoft:
You need only the .NET Runtime (x64), not the ASP.NET Core Runtime or ASP.NET Core Hosting Bundle. At the above link, this would be the Download x64 option under the Run console apps heading.
Figure 460: Select the Download x64 Option Under Run Console Apps
You can use the following PowerShell command to check the .NET core version(s) installed on a server (if any):
dotnet --list-runtimesOutput from this command will look something like this if you have the correct 8.0 x64 version of the .NET Runtime installed (notice the path is in C:\Program Files, not C:\Program Files (x86), indicating this is the x64 version):
Microsoft.NETCore.App 8.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] -
If you intend to use the orchestrator to manage certificates in remote Windows machine certificate stores (servers other than the server on which the orchestrator is installed) using the IIS Certificate Store Manager extension or Java Keystores, PKCS12 files, PEM A PEM format certificate file is a base64-encoded certificate. Since it's presented in ASCII, you can open it in any text editor. PEM certificates always begin and end with entries like ---- BEGIN CERTIFICATE---- and ----END CERTIFICATE----. PEM certificates can contain a single certificate or a full certifiate chain and may contain a private key. Usually, extensions of .cer and .crt are certificate files with no private key, .key is a separate private key file, and .pem is both a certificate and private key. files, DER A DER format certificate file is a DER-encoded binary certificate. It contains a single certificate and does not support storage of private keys. It sometimes has an extension of .der but is often seen with .cer or .crt. files, or IBM Key Database files on Windows servers with the Remote File Certificate Store Management extension (see Installing Custom-Built Extensions), make sure that TCP port 5985 or 5986 is open between the orchestrator and the remote servers (see Configure Windows Targets for Remote Management).
-
If you intend to use the orchestrator to manage certificates from remote Microsoft CAs (CAs outside the forest An Active Directory forest (AD forest) is the top most logical container in an Active Directory configuration that contains domains, and objects such as users and computers. in which Keyfactor Command is installed or forests in a two-way trust with this forest), the orchestrator requires the Microsoft Visual C++ 2022 (or later) redistributable for x64. This is available for download from Microsoft:
The Microsoft Visual C++ Redistributable appears as an application in the Windows Apps & features.
Linux Server Requirements
The Universal Orchestrator has the following requirements on Linux.
-
2GB RAM, 2GHz CPU, 20GB disk space
For optimal performance when using SSL scanning, the server should have at least 16 logical processors.
-
The following applications are required in order to install the Universal Orchestrator on Linux servers.
Microsoft .NET 8.0 RuntimeThe orchestrator requires the Microsoft .NET Runtime version 8.0 (x64). Information about this is available from Microsoft:
You need only the .NET Runtime (x64), not the ASP.NET Core Runtime, but it won't hurt anything to install both the .NET and ASP.NET Core runtimes as suggested in the Microsoft documentation for installing .NET on Linux.
For the most part, it can be installed via the OS package manager. The method to complete this varies depending on the Linux operating system. For example, for Ubuntu 20.04, the following commands will install the correct version of .NET:
wget https://packages.microsoft.com/config/ubuntu/20.04/packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install apt-transport-https
sudo apt-get install dotnet-runtime-8.0
You can use the following command to check the .NET version installed on a server (if any):
dotnet --list-runtimesOutput from this command will look something like this if you have the correct 8.0 version of the .NET Runtime installed:
Microsoft.NETCore.App 8.0.7 [/usr/share/dotnet/shared/Microsoft.NETCore.App]jqThe orchestrator can only be installed on a Linux server that has jq installed. You can use the following command to check the jq version of a server:
jq --versionsystemdThe orchestrator requires a Linux server that uses the systemd service manager. You can use the following command to test whether a system is running systemd:
ps -p 1bashThe orchestrator can only be installed on a Linux server that is running bash version 4.3 or higher. You can use the following command to check the bash version of a server:
bash --versioncurlThe orchestrator can only be installed on a Linux server that has curl installed. You can use the following command to check the curl version of a server:
curl --version
Linux Container Requirements
The Universal Orchestrator has the following requirements for Linux containers.
-
2GB RAM, 2GHz CPU, 20GB disk space
For optimal performance when using SSL scanning, the server should have at least 16 logical processors.
-
The orchestrator needs a containerization solution in which to run. Keyfactor has tested with Docker and Kubernetes.
To update your existing Universal Orchestrator to the latest .NET version:
On the Universal Orchestrator machine, browse to locate the Orchestrator.runtimeconfig.json file in your installation directory. By default, this is:
Windows: C:\Program Files\Keyfactor\Keyfactor Orchestrator\Orchestrator.runtimeconfig.json
Linux: /opt/keyfactor/orchestrator/Orchestrator.runtimeconfig.json
Using a text editor, open the Orchestrator.runtimeconfig.json file for editing and add the following property to the runtimeOptions section:
"rollForward": "LatestMajor"Being sure to add a comma at the end of the previous row, resulting in a final file that looks something like:
Copy{
"runtimeOptions": {
"tfm": "netcoreapp3.1",
"framework": {
"name": "Microsoft.NETCore.App",
"version": "3.1.0"
},
"rollForward": "LatestMajor"
}
}- Save the Orchestrator.runtimeconfig.json file.
- Uninstall the Microsoft .NET Runtime version 3.1 (x64) and install the newer version.
- Restart the Universal Orchestrator service (see Start the Universal Orchestrator Service).