Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated for PRIME 3.9



SEO Metadata
titlePRIME requirements and interoperability

This article provides installation requirements and interoperability data for Nexus PRIME.

This article provides installation requirements and interoperability data for Nexus PRIME

Expandall

Requirements

Anchor
PRIMEApplicationServer
PRIMEApplicationServer
PRIME application server

Expand
titleHardware



MinimumRecommended
Hard disk storage

5 GB

Note
The application generates log files, which consumes additional hard disk space.



CPU2 GHz> 2 GHz
RAM8 GB16 GB

The sizing requirements listed above are only recommendations for a default setup. The sizing may differ, for example depending on the following things:

  • Number of concurrent users in the PRIME applications.
  • System architecture: for example high availability setup, combined or distributed setup of the PRIME applications.
  • OS footprint: different operating systems consume different RAM/CPU loads.


Note

It is recommended to host the application server and the database server in the same data center (but on separated servers). Connecting a PRIME application server to a database server via a WAN connection would mean higher latencies and would affect the performance of the system.



Expand
titleOperating systems

The following operating systems are supported:

  • Windows 7, Windows 8/8.1, Windows 10 (Client OS not recommended for production environment) 
  • Windows Server 2008 (recommended: 64-bit version) 
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Linux and others on request


Expand
titleSoftware

The following software is supported:

  • Oracle Java JDK/JRE:
    • Version 8.0 (32-bit and 64-bit) , Tested on JRE 8 Update 172191
  • Application Server:
    • Apache Tomcat 8.5 and 8.0
    • IBM Websphere 8.5.5.11 (we expect Websphere expertise at the customer, Nexus does not offer integration services for deployment Websphere)

Required ports for Tomcat

On the Apache Tomcat at least two ports are required, one for HTTP and one for HTTPS. Tomcat default ports are 8080 (HTTP) and 8443 (HTTPS). To avoid port collisions, the PRIME distribution package is preconfigured with 18080/18443. The port numbers can be configured in the configuration file server.xml. Technically, it is not necessary to use HTTPS, but it is highly recommended.

PRIME database server

Expand
titleHardware



MinimumRecommended
Hard disk storage~ 1 MB
per person record with photo

CPU2 GHz> 2 GHz
RAM4 GB8 GB


Note

It is recommended to host the application server and the database server in the same data center (but on separated servers). Connecting a PRIME application server to a database server via a WAN connection would mean higher latencies and would affect the performance of the system.



Expand
titleDatabases

The following databases are supported:

  • SQL Server 2008 and 2008 R2
  • SQL Server 2012 and 2012 R2
  • SQL Server 2014 and 2014 R2
  • SQL Server 2016
  • SQL Server 2017
  • Oracle Database 11g
  • Oracle Database 12c
  • PostgreSQL 9.2 – 9.6
  • IBM DB2 10.5


Expand
titleOperating systems

All operating systems that can host the above databases are supported.

PRIME client workstation

On the client workstations, the following programs are executed, as either Java Rich client via a local JRE or as HTLM5 in web browsers:

  • Nexus PRIME Designer
  • Nexus PRIME Tenant
  • Nexus PRIME Explorer
  • Nexus PRIME
    Expand
    titleWeb browsers

    All PRIME applications (Designer, Explorer, Tenant and User Self-Service Portal

    (USSP)

    ) are executed in up-to-date HTML5 web browsers such as:

    • Mozilla Firefox
    • Google Chrome
    • Internet Explorer 11
    • Safari
    • Microsoft Edge


    Expand
    titleHardware



    MinimumRecommended
    Hard disk storage

    ~ 100 MB for Nexus Card SDK installation

    Note
    Nexus Card SDK is only necessary on a capture or production client.



    CPU2 GHz> 2 GHz
    RAM4 GB> 4 GB



    Expand
    titleOperating systems

    The following operating systems are supported:

    • Windows 7 (32- and 64-bit versions)
    • Windows 8 / 8.1 (32- and 64-bit versions)
    • Windows 10
    • Linux (for clients without image capture, printing and encoding)

    Info
    titleMobile device platforms

    Platforms of mobile devices, for example iOS, Android, and Windows RT, are only supported by certain functions of the browser-based Nexus PRIME USSP, but cannot be used with Nexus PRIME Designer and Nexus PRIME Explorer.



    Expand
    titleSoftware

    The following software is supported:

    • Oracle Java JDK/JRE:
      • Version 8.0 (32- and 64-bit), Tested on JRE 8 Update 172

    The required application server port on Tomcat must be open to allow clients to access the network, or alternatively different ports. See Software, in PRIME Application Server.


    Expand
    titleJasperReports

    The following version of JasperReports is supported:

    • Templates in JasperReports format (.jrxml) version 6.5.1 are supported


    Expand
    titleCapture or production client: Card SDK

    If a workstation is used as a capture client or production client, the Nexus Card SDK application must be installed and licensed.

    This requires a Windows-based workstation (PC). For complete installation requirements for Card SDK, see the Nexus Card SDK documentation.

    The following version is required:

    • Nexus Card SDK Version >= 5.3.0.87 or Card SDK Version 5.4


    Expand
    titleCapture or production client: PKI cryptochip encoding

    For cryptochip encoding, such as smartcards and USB tokens, PRIME relies on the PKCS#11 interface.

    The following requirements apply:

    • A PKCS#11 compliant smartcard middleware is required. For a list of supported smartcard middleware, see Smartcards and smartcard middleware.
    • The smartcard middleware and client-side Java JRE must have the same OS architecture, either 32-bit or 64-bit, since PRIME Explorer and USSP connects from the client-side Java JRE to the middleware.


    Expand
    titleUser Self-Service Portal : Browser

    The following browsers are supported for the User Self-Service Portal (USSP):

    • Internet Explorer 10-11
    • Mozilla Firefox
    • Google Chrome 
    Expand
    titleUser Self-Service Portal client: Software

    If certain smartcard functions are used, for example card unblocking or certificate renewal, the following software is required:

    • Oracle Java JDK/JRE:
      • Version 8

    The Java Webstart component will be loaded on startup of the USSP.


    Expand
    titleUser Self-Service Portal client: Root certificate

    A trusted root certificate is required on a USSP client, for encrypted client communication.

    Expand
    titleBrowser for PRIME HTML Explorer

    The PRIME HTML Explorer can be used in Browsers with full HTML5 support. It is tested on:

    • Internet Explorer 11
    • Mozilla Firefox 58
    • Google Chrome 64

    Interoperability

    Anchor
    PRIMEDataConnectors
    PRIMEDataConnectors
    Data connectors

    Expand
    titleCorporate directories

    PRIME supports connection to directories compliant with the following standard: 

    • LDAP v3

    Microsoft Active Directory is a typical example of a supported directory.


    Expand
    titleJDBC databases

    PRIME supports connection to databases based on Java database connectivity (JDBC).

    The following databases are supported:

    • Microsoft SQL (MSSQL) Server 2008/2012/2014/2016/2017
    • Oracle 10/11/12
    • PostgreSQL
    • H2
    • IBM DB2 10.5


    Expand
    titleCertificate authorities

    The following certificate authority (CA) products and services are supported:

    • Nexus Certificate Manager 7.17
    • Microsoft Active Directory Certificate Services (ADCS) 2008/2008 R2 / 2012 / 2012 R2 / 2016
    • D-Trust Managed PKI
    • IDNomic version 4.8.1
    • EJBCA Version 6.3 (without Key Backup/ Key Recovery) 
    • DFN Managed PKI
    • QuoVadis PKI

    Other CAs can be integrated on demand.


    For some PACS systems you need an additional license to do this integration. Contact your PACS vendor for more information.

    Full entitlement PACS integration

    Full entitlement PACS integration is included as part of the Physical Entitlement Management module in PRIME:

    • Integration via dedicated standard connectors in PACS APIbackend
    • Online sync of card data and access profiles
    • Virtual access profile groups on top of PACS access profiles
    • Updates of access profiles can be separated from card issuing

    The following PACS systems are supported:

    Expand
    titlePhysical access control systems (PACS)

    There These are three the different levels of PACS integration in PRIME: Basic PACS integration, light entitlement PACS integration, and full entitlement PACS integration.

    Basic PACS integration

    • Integration via standard data connectors, such as CSV files, JDBC, LDAP, and SCIM
    • Export of card data to PACS at card activation and deactivation

    All PACS systems that can use any of the standard data connectors are supported.

    Light entitlement PACS integration

    • Integration via dedicated PACS API
    • Export of card data and access profiles to PACS at card activation and deactivation
    • Manual creation of access profiles in PRIME

    The following PACS systems are supported:

    VendorSystemSupported versions
    ASSAArx4.1
    dormakabaKABA Exos 93004.0
    StanleyStanley Security Manager (SSM)8.0
    VendorSystemSupported versions
    ASSAArx4.1
    SiemensBewator 2010 Omnis6.2
    BravidaIntegra
    5.x, 6.22
    7.0
    Evva SaltoSALTO12.2
    dormakabaKABA Exos 93004.0
    LenelOnGuard6.6
    PacomUnison5.8.6
    RCORCARD M55.x
    StanleyStanley Security Manager (SSM)8.0, 8.1
    StanleyNiscayah Integration Manager (NIM3)3.40
    UnitekUnilock2.0

    For some PACS systems you need an additional license to do this integration. Contact your PACS vendor for more information.

    Contact us!

    Is your PACS system not on the list? Provide the details of your PACS system in this form and we will contact you.


    Expand
    titleMobile device management (MDM)

    The following mobile device management (MDM) product is supported:

    • MobileIron 9.1

    Other MDM systems can be integrated on demand.

    Anchor
    smartcards
    smartcards
    Smartcards and smartcard middleware

    Expand
    titleSmartcards and smartcard middleware

    Supported smartcards depend on the smartcard middleware. Smartcard middleware is not part of the Nexus PRIME product.

    PRIME connects to a smartcard via the PKCS#11 library provided by the middleware. For a list of supported cryptochips and smartcards, please refer to the corresponding technical specification of the middleware.

    CardOS 4.4 and CardOS 5.0 are our reference cards for testing. Other cards listed in the middleware specification also normally works, but must be tested individually for the specific requirement.

    The following smartcard middleware products are supported: 

    Vendor/ Product

    Version

    Reference Card

    Nexus Personal Desktop Client

    V 4.29

    CardOS 4.4 + 5.0

    AET SafeSign

    V 3.0.93

    CardOS 4.4

    Neowave Weneo

    Atos CardAPI

    V 5.4

    CardOS 4.4 + 5.0 + 5.3

    Charismathics CSSI

    V 5.4

    CardOS 4.4 + 5.0 TPM

    Cryptovision cv act sc/interface

    V 7.0.5

    CardOS 4.4

    Gemalto IDGo800 Pkcs#11 Library

    V 1.2.4

    IDPrime MD 830

    Morpho Ypsid

    7.0.1

    Ypsid S3

    Oberthur AWP

    V 5.1.1

    V 7.0.1

    Safenet Authentication Client

    10.2

    IDPrime MD 840


    Virtual smartcards

    Expand
    titleVirtual smartcards

    The following virtual smartcard is supported:

    Vendor/ Product

    Version

    Nexus Personal Desktop App

    V 1.0


    Language support

    Expand
    titleLanguage support

    The following languages are supported: 

    • English
    • French
    • German
    • Norwegian
    • Swedish


    This article is valid for Nexus PRIME 3.89. 

    Related information