Service Requirements

This document contains the initial requirements that you must meet to install and use Vendor Privileged Access Management (VPAM).

Ensure that you comply with all the requirements in this section. If your operating system, hardware and software, or network configurations fail to meet these requirements, the VPAM server will not function as intended.

Supported Operating Systems

The following table lists the supported operating systems:

Operating System Versions
Windows 10, 11
Red Hat (including Alma, CentOS, and Rocky) 8, 9
Ubuntu 20.04, 22.04, 24.04
SUSE Enterprise Server 10, 11, 12, 15, 15.5
Unix Any version, as long as Java 8 or later is installed.

System Requirements

Be sure that the Windows or Linux server meets the following minimum system requirements:

  • Java 8

  • 1 GHz of CPU

  • 1 GB of disk space
    200-250 MB for application installation, backups, and logs
    500 MB of free space for future upgrades

  • 512 MB of RAM

Internet Connectivity and Required Ports

An active Internet connection is required to complete the installation and to support remote vendor sessions in the customer's computer. The Gatekeeper communicates with the VPAM server using outbound communication only. As a result:

  • Security exceptions to inbound firewall rules to allow access are not required.

  • Outbound traffic is required on the following ports:

Port Usage
SSH (port 22)

  • SSH is the primary protocol for all Gatekeeper communication to the VPAM server.

  • SSH is limited to the hosts and ports that the Gatekeeper lets the vendor access.
HTTP (port 80)

  • If the primary protocol (SSH) is unavailable, the Gatekeeper falls back to HTTP.

  • HTTP (port 80) is the secondary protocol for all Gatekeeper communication to the VPAM server.
HTTPS (port 443)

  • As part of the installation process, port 443 is required to register the Gatekeeper. HTTPS is only required to register the Gatekeeper. After which, the primary port for all communication between the Gatekeeper and the VPAM server is port 22.

  • If the both the primary (SSH) and secondary (HTTP) protocols fail, the Gatekeeper falls back to HTTPS.

  • HTTPS (port 443) is the tertiary protocol for all Gatekeeper communication to the VPAM server.
NOTE:

Falling back to either HTTP or HTTPS might degrade performance in environments where there are a significant number of concurrent vendor connections or if the vendor connections to one or more services require a large amount of bandwidth. Degraded performance is inherently related to the overhead (latency) that is introduced by adding an HTTP wrapper for encryption.

When possible, use SSH (port 22) to connect to the VPAM server.

Proxies and Web Application Firewalls

If your environment deploys proxies or web application firewalls, consider the following:

  • Deploying a proxy or a network appliance between the VPAM server and the Gatekeeper might cause connection issues, which can result in the Gatekeeper having to fall back to its secondary (HTTP) and tertiary (HTTPS) communication protocols. As noted in Internet Connectivity and Required Ports section of this page, this might result in degraded performance.

  • Deploying a Web Application Firewall (WAF) causes connection issues, as their purpose is to inspect and filter incoming and outgoing HTTP(S) traffic. A WAF causes the Gatekeeper to fall back to HTTP or HTTPS tunneling. Consult your IT and Security department on white-listing the Gatekeeper and your VPAM server.