About ActivID Appliance

The HID® ActivID® Appliance is a versatile, flexible and highly scalable authentication solution for securing access to government and corporate systems and online consumer services.

It secures a wide range of enterprise and commercial applications and is the ideal solution to meet compliance requirements and industry-standard guidance for strong, layered authentication and auditing (including the Payment Card Industry Data Security Standard (PCI-DSS) and the Federal Financial Institutions Examination Council (FFIEC)).

ActivID Appliance simplifies ongoing credential management through a single point of administration. It ensures segregation of data between different applications, making various information types extremely secure. It also provides centralized, tamper-evident auditing capabilities.

The overall solution supports multiple authentication methods which can be configured using highly flexible and customizable policies and be assigned to different user populations. With ActivID Appliance, it is possible to adjust the authentication policy used (for example, static or one-time passwords) − based on specific profiles and risk factors.

Supported Environment and System Requirements

Item Environment

Operating System
  • Red Hat® Enterprise Linux 7.7 64-bit
  • Oracle® Linux 7.7 64-bit

Application Server

  • IBM® WebSphere® Network Deployment 8.5.5.x 64-bit (where x is version 14 or later)
  • Red Hat JBoss® Enterprise Application Platform (EAP) 7.2.x

JDK
  • For IBM WebSphere:
    • IBM WebSphere SDK Java Technology Edition 8 (with latest update)
  • For JBoss EAP:
    • Open JDK 8 64-bit (with latest update)
    • Oracle JDK 8 64-bit (with latest update)

Cryptography

  • Entrust®:
    • nShield™ Connect + (500, 1500 and 6000)
    • nShield XC
    • nShield PCI
    • payShield™ (PCI and netHSM)
  • Thales® SafeNet® ProtectServer™ External
  • Amazon® Web Services (AWS) CloudHSM
  • Software cryptography

ActivID RADIUS Front End

Item Environment
FreeRADIUS server Version 3.0.13-x
OpenSSL Version 1.0.1e-34 (or later) (1.0.2k-16 is recommended for security reasons)
Important:  

  • If you plan to use an ActivID RADIUS Front End (RFE), then you must install it after you install ActivID Appliance. Some of the settings in the RFE installation process must match the corresponding settings in your ActivID Appliance.

Databases

  • Oracle:
    • Oracle 12c Release 1
    • Oracle 12c Release 2
    • Oracle 18c
    • Oracle 19c

ActivID Appliance (FT5000S) Hardware Technical Specifications

  • Processor – Intel® Xeon CPU, 8 Cores, 20 MB Cache, 1.70 GHz
  • RAM – 16 GB DDR4
  • Hard drive – 600 GB SAS 12 GB/s Internal Enterprise
  • Box contents - the following items are shipped with the ActivID Appliance:
    • Rack mount kit
    • Two power cables

ActivID Appliance Virtual Machine System Requirements

You can create the ActivID Appliance virtual machine using the following tools:

VMware® ESXi® server or VMware Workstation Microsoft® Hyper-V® or Azure
  • Hyper-V v10.0.x on either Microsoft Windows 10 Enterprise, Windows Server 2012 or Windows Server 2016.
  • Hyper-V host Windows version 9.0
Note: Microsoft Azure deployment requires creating a VM with Microsoft Hyper-V and then migrating to Azure.

For all cases, the minimum system requirements for the VM are:

  • CPU – 4 CPUs (a minimum of 2 CPUs can be used)
  • 16 GB RAM allocated to the VM
  • Two virtual hard disks:
    • Hard disk 1 drive 0:0 should be 100 GB (OS)
    • Hard disk 2 drive 0:1 should be 100 GB (Oracle® database)
  • One bridged virtual network adapter.
Note: The VM is delivered with the recommended settings. However, you can modify them to match your available resources.

Cryptography

  • Entrust®:
    • nShield™ Connect 6000+
    • nShield netHSM
    • nShield XC
  • Software cryptography

LDAP Directories

  • Microsoft® Active Directory® 2008 R2, 2012 R2 x64, and 2016
  • Novell® eDirectory 8.8 SP1
  • Oracle Directory Server (Enterprise Edition 11g Release 1)

Web Browsers

  • Microsoft Internet Explorer® 11 and later
  • Microsoft Edge 40 and later
  • Google® Chrome® 60.x and later
  • Mozilla® Firefox® 55.x and later
  • Apple® Safari® 8 and 9 on MacOS®
Note:  
  • JavaScript™ and cookies must be enabled.
  • By default, the authentication server is configured to only accept TLS v1.2 connections. It is recommended that you use this setting for security reasons. This configuration can be changed if you need to support web browsers that do not support TLS v1.2.

HID Approve Application

Supported operating systems:

  • Apple iOS®
  • Google Android®
  • Microsoft Windows 10
Note:  
  • HID Approve for Windows 10 does not support biometric authentication.
  • Fingerprint authentication is only supported on Android 6 and later.

Supported Migration

ActivID ActivID Appliance 8.4 supports the following migration paths (listed by ActivID ActivID Appliance version and cryptographic configuration).

    ActivID Appliance 8.4
ActivID Appliance 7.2.2   Hardware with software cryptography Hardware with external HSM VM with software cryptography VM with external HSM
Hardware with software cryptography X   X  
Hardware with external HSM   X   X
VM with software cryptography X   X  
VM with external HSM   X   X

For further information, refer to the ActivID Appliance Migration Guide available from the ActivID Customer Portal.