Installation requirements
Before you install PingAccess, review the following system, hardware, and port requirements.
System requirements
Make sure that your system meets the following requirements for PingAccess deployment and configuration.
Ping Identity qualifies the following configurations and certifies that they are compatible with the product. Variations of these platforms, such as differences in operating system version or service pack, are supported until the platform or other required software creates potential conflicts.
PingAccess supports IPv4 addressing. There is currently no support for IPv6 addressing. |
System component | Requirements | ||
---|---|---|---|
Operating systems |
|
||
Docker support |
View the PingAccess Docker image on https://hub.docker.com/r/pingidentity/pingaccess[DockerHub]. Visit Ping Identity’s DevOps https://devops.pingidentity.com/[documentation] for more information.
|
||
Virtual systems |
Although Ping Identity doesn’t qualify or recommend any specific virtual machine (VM) products, PingAccess runs well on several, including VMWare, Xen, and Windows Hyper-V.
|
||
Java environments |
|
||
PingFederate |
The following versions of PingFederate are fully certified with this version of PingAccess:
Other versions of PingFederate are expected to be compatible with this version of PingAccess per Ping’s end of life policy. Some features rely on a specific version of PingFederate to work. This will always be noted in the feature’s description. |
||
End-user browsers |
|
||
Admin console browsers |
|
||
Audit event storage (external database) |
|
||
Hardware security module |
For information about configuring a hardware security module (HSM), see Hardware security module providers. PingAccess certifies the following HSMs:
|
||
Supported HTTP versions |
|
||
OpenID Connect (OIDC) providers |
These are the most common providers and their associated provider types. Ping strives to support any third-party OIDC-compliant provider.
|
Hardware requirements
Although it’s possible to run PingAccess on less powerful hardware, the following guidelines accommodate disk space for default logging and auditing profiles and CPU resources for a moderate level of concurrent request processing. |
Although the requirements for different environments vary, run PingAccess on hardware that meets or exceeds these specifications:
-
Multi-CPU/Cores (8 or more)
-
4 GB of RAM
-
2.1 GB of available hard drive space
Port requirements
PingAccess uses ports and protocols to communicate with external components. This information provides guidance for firewall administrators to ensure that the correct ports are available across network segments.
Direction refers to the direction of requests relative to PingAccess:
|
Service | Port details | Source | Description | ||
---|---|---|---|---|---|
PingAccess administrative console |
|
PingAccess administrator browser, PingAccess administrative application programming interface (API) REST calls, PingAccess replica admin and clustered engine nodes |
Used for incoming requests to the PingAccess administrative console. Configurable using the This port is also used by clustered engine nodes and the replica admin node to pull configuration data using the admin REST API. |
||
PingAccess cluster communications port |
|
PingAccess administrator browser, PingAccess administrative API REST calls, PingAccess replica admin and clustered engine nodes |
Used for incoming requests where the clustered engines request their configuration data. Configurable using the This port is also used by clustered engine nodes and the replica admin node to pull configuration data using the admin REST API. |
||
PingAccess engine |
|
Client browser, mobile devices, PingFederate engine |
Used for incoming requests to the PingAccess runtime engine. Configurable using the |
||
PingAccess agent |
|
PingAccess agent |
Used for incoming Agent requests to the PingAccess runtime engine. Configurable using the |
||
PingFederate traffic |
|
PingAccess engine |
Used to validate OAuth access token and ID tokens, make Security Token Service (STS) calls for identity mediation, and return authorized information about a user. Configurable using the |