Hardware and Physical Setup and Maintenance

ActivID CMS server must be located in a physically secure environment with restricted levels of access that are only allowed based upon an authorized role. For example, personnel using a key, an access badge, or other supported means are restricted to the type or level of access to the ActivID CMS server that their specific role type provides.

General Prerequisites and Guidelines

Like any critical application, the ActivID CMS application must be deployed on robust and fault-tolerant server hardware. ActivID CMS should be configured with a Hardware Security Module (HSM). To support the HSM device attached to the server hardware, there must be an available PCI slot or other hardware resource as specified by the HSM provider (unless a network HSM is used). 

During the installation and configuration of ActivID CMS, it may be necessary to have a direct console connection to the ActivID CMS server. It is recommended that during ActivID CMS deployment, the server hardware should be physically accessible. In addition, the following is also recommended:

  • ActivID CMS servers should be configured with a minimum of two network cards. This allows for there to be network segregation between the primary network accessed by operators and users to connect to the ActivID CMS portals, and the secondary network used by ActivID CMS to communicate with all of its back-end components.

  • It is recommended to configure ActivID CMS with an NTP server to avoid time change attacks on the server hosting ActivID CMS.

  • Special care should be exercised when deploying ActivID CMS in production on a virtual machine environment. From the standpoint of security and reliability, the virtual machine environment must be considered just as secure and as reliable as the physical machines it replaces. Also, the HSM vendor must support the specific virtual machine environment that is used.

  • As per standard physical controls to protect IT equipment in a deployment, the site requirements for the room housing the ActivID CMS server(s) should provide adequate system cooling and safeguards to protect against fires and other environmental hazards.

For specific hardware and software prerequisites related to the installation of ActivID CMS servers, refer to Installation Prerequisites.