System Requirements

Table 105: System Requirements provides the recommendations for minimum system specifications used by Keyfactor Command components. Keyfactor Command installations on Windows may be deployed as virtual machines and may be part of a clustering or load-balanced architecture, if desired. If the Keyfactor Command roles are co-located, the specifications may need to be scaled accordingly. All Microsoft-supported methods for making SQL Server highly available are supported. For most SQL high availability requirements, Keyfactor recommends using always on availability groups (see SQL Server).

Important: SSH

The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. management in Keyfactor Command with the Keyfactor Bash Orchestrator

The Bash Orchestrator, one of Keyfactor's suite of orchestrators, is used to discover and manage SSH keys across an enterprise. (see SSH) is only supported when using Keyfactor Command installations on Windows and Active Directory as an identity provider (see Selecting an Identity Provider for Keyfactor Command). The SSH option in the Management Portal will only appear when Keyfactor Command is installed using Active Directory as an identity provider (and with a license that supports SSH).

Table 105: System Requirements

Component	Windows Install Minimum Requirements	Kubernetes Install Minimum Requirements
Keyfactor Command Server Add (Management Portal, Keyfactor API, CA Connector API, and Services roles)	Windows Server 2019 or 2022 The server must be domain-joined if you plan to use Active Directory as an identity provider (see Selecting an Identity Provider for Keyfactor Command). Internet Information Services (IIS) with: Basic Authentication—if you plan to use Active Directory as an identity provider (see Selecting an Identity Provider for Keyfactor Command) Windows Authentication—if you plan to use Active Directory as an identity provider with Windows authentication (see Selecting an Identity Provider for Keyfactor Command) ASP.NET 4.7 or greater See Install IIS and Built-in ASP.NET using PowerShell. The Active Directory Module for Windows PowerShell See Install IIS and Built-in ASP.NET using PowerShell. The ASP.NET Core Hosting Bundle version 8.0 (x64) See Install the ASP.NET Core Hosting Bundle. Important: The ASP.NET Core Hosting Bundle should not be installed before installing IIS. If the hosting bundle is installed before IIS is installed, the bundle will not function correctly after the IIS install and will require repair. .NET Framework 4.7.2 or greater See Check the Installed .NET Framework Version. 8 GB RAM, 2 CPUs, 40 GB disk Note: These are minimum requirements. Actual requirements can vary significantly depending on your specific implementation. Keyfactor Command license key for the current release	Kubernetes 1.26+ Helm v3.14+ Ingress controller for Kubernetes x64 CPU Architecture CPU and RAM defaults and minimums as defined in the helm chart and custom values file Keyfactor Command license key for the current release Note: Installations under Kubernetes have the following limitations: Direct communication with Microsoft CAs is not supported. A Keyfactor CA Connector Client is required to facilitate communication. SSH management with Keyfactor Command is not supported. Native client certificate authentication for the Keyfactor Universal Orchestrator is not supported. Client certificate authentication via a proxy can be supported. Using Active Directory as an identity provider for Keyfactor Command is not supported. Event handlers in the legacy alerting system are not supported; use workflows instead.
Microsoft SQL Database	Ability to connect to a Microsoft SQL Server 2017, 2019, or 2022 all with TLS encryption enabled and compatibility level 130 or higher. 16 GB RAM, 4 CPUs, 500 GB disk Note: These are minimum requirements. Actual requirements can vary significantly depending on your specific implementation.
Browser to Access the Management Portal	Chrome: 99.0.4844.74+ Firefox: 98.0+ Microsoft Edge: 99.0.1150.30+
EJBCA CA (Optional)	EJBCA Enterprise version 7.8.1 or later is supported. The EJBCA REST API must be enabled to interoperate with Keyfactor Command (see System Configuration -> Protocol Configuration in the EJBCA administration portal).

Version v24.4

On this page: