2.2 Product Requirements

Use the information in the following table to verify that your environment meets all requirements before you deploy the appliance.

Table 2-2 Product Requirements

Components

Requirements

Supported Virtual Environments

The appliance requires one of the following virtual environments:

  • Hyper-V on Microsoft Windows Server 2012 R2

  • VMware vSphere and vSphere Hypervisor 6.0

  • VMware vSphere and vSphere Hypervisor 5.5

Virtual System Guest Requirements

Minimum hardware requirements for each appliance node in the cluster:

  • 60 GB disk space

  • 2 cores

  • 8 GB RAM

The appliance can be a heavy consumer of CPU, disk I/O, and network bandwidth. Performance can be adversely affected by other virtual machines with similar operational requirements deployed on the same host server.

As a best practice, ensure that you group or separate virtual machines on hosts and data stores to avoid resource conflicts for CPU, disk I/O, and network bandwidth. You can do this manually as you deploy virtual machines, or use affinity and anti-affinity rules if they are available in your virtual environment.

Cluster

Supported cluster configuration:

  • The cluster can have up to five nodes.

  • For optimal performance, each node should reside in the same IP subnet.

NOTE:The L4 switch must be configured with the publicly resolvable DNS of the cluster before you initialize the appliance.

Identity Sources

Supported identity sources for provisioning users:

  • Microsoft Active Directory LDAP on Windows Server 2012 R2 or 2008 R2

  • NetIQ eDirectory LDAP 8.8.8

  • Microsoft SQL Server 2014 or 2008

  • Oracle Database 12c or 11.1

For more information, see Section 4.0, Configuring LDAP and JDBC Identity Sources.

CloudAccess also supports many other types of non-provisioning identity sources, such as social media accounts, Self-Service User Store, and SAML 2.0 Inbound. However, there are no specific version requirements for using these identity sources with CloudAccess. For more information, see the following sections:

Client Workstations

Administration: Supported workstations for administration tasks:

NOTE:Administration tasks are not supported on mobile devices.

  • Microsoft Windows 10.x, 8.1, or 7.1 (no touch screens)

  • Apple OS X (latest version)

Users: Supported workstations for users:

  • Microsoft Windows 10.x, 8.1, or 7.1

  • Apple OS X (latest version)

  • Chromebooks (latest version)

Mobile Devices

Administration: Not supported on mobile devices.

Users:

Supported iOS mobile devices for users:

  • iPhone with iOS 9.x or later

  • iPad or iPad mini with iOS 9.x or later

Supported Android mobile devices for users:

  • Android phones and tablets with KitKat 4.4 or Lollipop 5.x

Browsers

Administration: Supported browsers for administration tasks:

  • Mozilla Firefox (latest version) on a supported workstation

  • Google Chrome (latest version) on a supported workstation

  • Microsoft Internet Explorer 11 on a supported workstation

  • Apple Safari (latest version) on a supported workstation

NOTE:You must disable pop-up blockers to access the administration console. If you experience any issues with a supported browser, ensure that you have the latest version of the browser installed, or try another supported browser. Administering the appliance with Internet Explorer might be slower than with other supported browsers.

Users: Supported browsers for users:

  • Mozilla Firefox (latest version)

  • Google Chrome (latest version)

  • Microsoft Internet Explorer 11

  • Apple Safari (latest version)

Email Clients

For email proxy, CloudAccess supports IMAP, POP3, and SMTP across a variety of desktop and mobile email clients. For example, Windows Live Mail 2011 and the latest version of the Apple Mail Client on iPad or iPhone with iOS 9.x or later.

NOTE:The email ports in the CloudAccess cluster cannot be changed. It might be necessary to adjust the mail protocol or port configuration on the email clients to connect to the email proxy.

DNS

CloudAccess requires that all appliance nodes, administration workstations, end-user workstations, mobile devices, and identity sources be able to resolve the public DNS name of the appliance.

NOTE:The L4 switch must be configured with the publicly resolvable DNS of the cluster before you initialize the appliance.

SaaS Application Requirements

Each SaaS application has different requirements. For more information about the requirements for each SaaS application, see the CloudAccess Connectors Guide.

In addition to the product requirements specified in Table 2-2, CloudAccess requires specific inbound and outbound ports for communication with other applications and components in your environment. Review the following tables to ensure that the appropriate ports are open in your environment.

The CloudAccess appliance uses the following ports for inbound communication.

Table 2-3 Inbound Ports

Port

Purpose

80

http access, redirects to 443/https

443

  • End user communication

  • Administration

  • Cluster synchronization

  • Office 365 cloud (Fat client support)

524

Cluster replication

The CloudAccess appliance uses the following ports for outbound communication.

Table 2-4 Outbound Ports

Port

Connects To

389

LDAP

NOTE:Usually it is either 389 or 636, not both.

636

LDAPS

NOTE:Usually it is either 389 or 636, not both.

524

Cluster synchronization

443

  • Cluster members for proxy requests

  • Windows server where the connector for Office 365 is installed

  • Advanced Authentication

  • Salesforce/Google provisioning

514

Syslog

1290

Sentinel Log Manager server

53

DNS lookups

25

Email alerts

123

NTP