--- title: Deployment checklist description: Use the following checklist to ensure key considerations are covered for your 2022.11.12 deployment: component: autonomous-identity version: 2022.11.12 page_id: autonomous-identity:deployment-planning:chap-checklist canonical_url: https://docs.pingidentity.com/autonomous-identity/2022.11.12/deployment-planning/chap-checklist.html --- # Deployment checklist Use the following checklist to ensure key considerations are covered for your 2022.11.12 deployment: **Deployment Checklist** | | | | | ------------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | Check | Requirement | Details | | Access | | | | \[ ] | Remote Access | The Ping Autonomous Identity Team is a global team. To support the needs of client teams, remote access to all servers is required for deployment and support of product. | | \[ ] | Service Account | The service account must have the ability to run passwordless sudo commands. The deployer will not without this ability. | | \[ ] | File Transfer Process | The Ping Autonomous Identity Team require access to a file transfer process, which lets specified packages be transferred from the vendor to the client infrastructure. | | Service Account | | | | \[ ] | Service Account Group | The service account group must be the same as the service account name. For example, if the service account name is `srv-autoid`, that user must be in the group `srv-autoid`. | | \[ ] | Ping Autonomous Identity Team Access | Ping Autonomous Identity team members must be able to switch to this user after logging in to the servers. | | \[ ] | SSH Ability | The service account must be able to passwordless SSH between all Ping Autonomous Identity servers; preferred method is RSA SSH key authentication. | | \[ ] | Default Shell | The default shell of the service account must be Bash. | | \[ ] | Directory Ownership | Ownership of the following directories must be given to the Service Account.- /data or applicable name of the shared mount (Docker and Spark servers) - /opt/autoid (all servers) - /tmp (R, W, E required + NOEXEC flag must not be present) | | \[ ] | Docker Commands | The service account must have permissions to run Docker commands. Note that Docker should NOT need to be installed as a prerequisite; this will be installed by deployment team. | | Networking/Internet | | | | \[ ] | Access to the Internet | If available, the front-end servers downloads the required Docker images from the official Ping Autonomous Identity image repository. | | \[ ] | SSL Certificates | If SSL is being implemented, SSL certificates are required for the UI, Cassandra or MongoDB nodes, and Spark nodes. These certificates can be generated using one of the following four options:- Self-signed certificates for all 3 components - Valid certificate for the UI and self-signed certificates for Cassandra, MongoDB, and Spark nodes (self-signed certs only used in server-server traffic) - Valid and separate certificates for the UI, Cassandra, MongoDB, and Spark - \*.domainname.com certificate (wildcard) | | \[ ] | Ports Open (Internal) | All internal ports specified in the Networking section of the Environment Specifications need to be opened for the specified servers. | | \[ ] | Ports Open (external browser) | The following ports must be accessible from a web browser within the client network:- 443 (Front-end)For a list of Ping Autonomous Identity ports, refer to [Autonomous Identity Ports](../release-notes/chap-before-you-install.html#sec-ports). | | Required Packages | | | | \[ ] | Dependencies | The following packages must be installed on specified servers as prerequisites:- Analytics Servers: * OpenJDK version "11.0.16" * Python 3.10.9 with symlinks to Python 3 (sudo ln -s /usr/bin/python3.10 /usr/bin/python3) | | Other | | | | \[ ] | Infrastructure Support POC | A point-of-contact (POC) with sufficient access to the infrastructure is required. The POC can support in case of infrastructure blockers arise (e.g., proxy, account access, or port issues). | | \[ ] | SELinux | SELinux must be disabled on the Docker boxes. The package "container-selinux" must be present (this can be done as part of the root scripts described in the "Root Access" category). |