--- title: Preparing to deploy the PingIntelligence policy description: Prepare to deploy the PingIntelligence policy by completing the following. component: pingintelligence version: 5.2 page_id: pingintelligence:pingintelligence_integrations:pingintelligence_ibm_datapower_prepare canonical_url: https://docs.pingidentity.com/pingintelligence/5.2/pingintelligence_integrations/pingintelligence_ibm_datapower_prepare.html revdate: April 3, 2024 section_ids: about-this-task: About this task steps: Steps result: Result: troubleshooting: Troubleshooting: --- # Preparing to deploy the PingIntelligence policy Prepare to deploy the PingIntelligence policy by completing the following. ## About this task Before deploying the PingIntelligence policy: ## Steps 1. Verify that the following versions of IBM APIC and DataPower are installed. The PingIntelligence policy is validated only for these versions * IBM APIC v5.0.8.7 * IBM DataPower Gateway 2018.4.10 2. To configure the PingIntelligence policy, verify you have permissions to edit and publish APIs in the API Manager. 3. Install and configure the PingIntelligence software. For more information on PingIntelligence deployment, see [PingIntelligence automated deployment for virtual machines and servers](../installing_pingintelligence_for_apis/pingintelligence_automated_deployment.html) and [PingIntelligence manual deployment](../installing_pingintelligence_for_apis/pingintelligence_manual_deployment.html). 4. Verify that API Security Enforcer (ASE) is in sideband mode by running the following ASE command: ``` /opt/pingidentity/ase/bin/cli.sh status ``` ### Result: ``` API Security Enforcer status : started mode : sideband http/ws : port 80 https/wss : port 443 firewall : enabled abs : enabled, ssl: enabled abs attack : disabled audit : enabled sideband authentication : disabled ase detected attack : disabled attack list memory : configured 128.00 MB, used 25.60 MB, free 102.40 MB ``` ### Troubleshooting: If ASE is not in sideband mode, then stop ASE and change the mode by editing the `/opt/pingidentity/ase/config/ase.conf` file. Set mode as `sideband` and start ASE. For more information on starting ASE, see [Starting and stopping ASE](../pingintelligence_reference_guide/pingintelligence_starting_and_stopping_ase.html). 5. For a secure communication between IBM DataPower Gateway and ASE, enable sideband authentication by entering the following ASE command: ``` # ./bin/cli.sh enable_sideband_authentication -u admin –p ``` 6. Ensure SSL is configured in ASE for client side connection using self-signed certificate. For more information on configuring self-signed certificate, see [Configuring SSL for external APIs](../pingintelligence_reference_guide/pingintelligence_confguring_ssl_external_apis.html). 7. Enable a connection keep-alive between gateway and ASE: 1. **Optional:** If the ASE is running, stop it. 2. Navigate to `/opt/pingidentity/ase/config/`. 3. Set the value of `enable_sideband_keepalive` to `true` in the `ase.conf` file. 4. Start ASE after setting the value. For more information on ASE configuration, see [Sideband ASE configuration using the `ase.conf` file](../pingintelligence_reference_guide/pingintelligence_sideband_ase_configuration.html). 8. To generate the token in ASE, enter the following command in the ASE command line and save the generated authentication token for further use: ``` # ./bin/cli.sh -u admin -p admin create_sideband_token ``` The token is required for IBM DataPower Gateway to authenticate with ASE. It is set as a runtime variable in ASE config set-variable policy. For more information, see [Configuring the PingIntelligence policy components](pingintelligence_ibm_datapower_configure_policy.html).