ActivID CMS System Environment

The hardware and software requirements for an ActivID CMS environment are described in the following sections:

Hardware requirements are defined based on the following assumptions related to a typical deployment:

  • The user population consists of 150,000 users,

  • Up to 1,000 device issuances are performed each day, and

  • There is a single ActivID CMS server without redundancy for high availability.

ActivID CMS has been tested and deployed with performance levels that are an order of magnitude greater than these typical hardware deployment numbers listed in this section. Contact HID Global Professional Services to seek assistance with advanced deployment procedures and system configurations that support higher daily rates of device issuances than mentioned in this section.

The following table lists the ActivID CMS server minimum hardware and software requirements for this release of ActivID CMS.

Server Requirements

Requirement

Description

ActivID CMS Server (Hardware)

  • x64-based Server

  • Pentium® 4 Processor Chipset (2 GHz or faster)

  • 2 Gigabyte (GB) of RAM

  • 80 GB Hard Disk

ActivID CMS Server (Software)

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

Web Server

  • Microsoft IIS 10 on Windows Server 2016

  • Microsoft IIS 10 on Windows Server 2019

  • Microsoft IIS 10 on Windows Server 2022

ActivID CMS supports the following hardware security modules Thales® / SafeNet®, Thales Trusted Cyber Technologies, and Entrust Datacard®:

Hardware Security Modules Requirements

Requirement

Description

Entrust Datacard (formerly Thales)

  • Entrust Datacard nShield™ Connect XC and Connect+ (network HSM).

  • Entrust Datacard nShield Solo and Solo+ (PCIe interface)

  • Entrust Datacard nShield Connect and Solo HSMs are supported in models 500, 1500, 6000 and 6000+, based on scalability requirements.

  • All Entrust Datacard nShield HSMs (except Connect XC) are supported with firmware v2.51.10 / 2.59.6 / 2.61.2 / 3.4.1 / 3.4.2 / 10.50.2.

  • Entrust Datacard nShield™ Connect XC HSMs are supported with the following:

    • Firmware 3.4.1 / 12.50.11 and Strict FIPS mode enabled.

    • Firmware 12.60.2 and Strict FIPS mode disabled.

    Important: When purchasing new Connect XC HSMs, you should specifically order them with firmware 12.50.11 instead of the default 12.72.1.

  • Entrust Security World software shall match Entrust HSM firmware version.

Thales (formerly Gemalto® SafeNet)

  • Thales Luna PCIe HSM (formerly Luna PCI-E)

  • Thales HSMs are supported in models 1700 and 7000, based on scalability requirements.

  • All Thales HSMs are supported with firmware v6.2.5, 6.10.7, 6.10.9, 6.20.2, 6.24.2, 6.24.7, 7.3.3 and 7.8.7.

    Note: Firmware versions 6.24.2, 6.24.7 and 7.3.3 are supported in FIPS Federal Information Processing Standard mode. Firmware version 7.8.7 is supported in non-FIPS mode only.

  • Thales Windows client software version shall match the Thales HSM software version. Thales Luna HSM Universal Client can also be used.

  • Thales HSMs shall be ordered with the Cloning Key Export (CKE) option if you will be using the key escrow and key recovery function of ActivID CMS.

Thales Trusted Cyber Technologies
(Thales TCT) (formerly SafeNet AT)

  • Thales TCT Luna SA for Government

  • Thales TCT HSMs are supported in models 1700 and 7000, based on scalability requirements.

  • All Thales TCT HSMs are supported with firmware v6.11.3.

  • Luna Network T-5000 HSMs are supported with firmware v7.10.1.

  • Thales TCT client software versions shall match the Thales TCT HSM firmware versions.

  • Thales TCT HSMs shall be ordered with the Cloning Key Export (CKE) option if you will be using the key escrow and key recovery function of ActivID CMS.

The following table lists the minimum database hardware and software requirements for this release of ActivID CMS.

Database Software Requirements

Requirement

Description

Database Server

  • Oracle 12c

  • Oracle 18c

  • Oracle 19c

  • Microsoft SQL Server 2012 SP1 (Express, Standard and Enterprise editions)

  • Microsoft SQL Server 2014 SP1 (Express, Standard and Enterprise editions)

  • Microsoft SQL Server 2016 (Express, Standard and Enterprise editions)

  • Microsoft SQL Server 2017 (Express, Standard and Enterprise editions)

  • Microsoft SQL Server 2019 (Express, Standard and Enterprise editions)

Hard Disk Space

  • 100 GB (SCSI) of available disk space

ActivID CMS Server Connection

  • 1 GB Fiber Channel (if not on the same system)

Database Clients

For Oracle database:

  • Oracle 12c 64-bit Client, Oracle 18c 64-bit Client or Oracle 19c 64-bit Client

The database sizes listed below are based on the following assumptions about database records:

ActivID CMS has been tested and deployed with database sizes that are an order of magnitude greater than those based on the assumptions listed here. Contact HID Global Professional Services to seek assistance with advanced deployment procedures and system configurations that support higher daily rates of device issuances than mentioned here (which requires a deployment equipped with a load balancer).

The minimum database sizes for the corresponding database types required in this release of ActivID CMS are:

  • Configuration and Request: 10 MB

  • Logistics: 50 MB

  • Audit: 150 MB

ActivID CMS supports the use of load balancers.

Note: The load balancer must support sticky sessions.

ActivID CMS supports the Microsoft Active Directory and other Lightweight Directory Access Protocol (LDAP) v3 compliant directories:

  • Atos DirX® Directory (formerly Siemens DirX)

  • IBM® Tivoli® Directory Server

  • Microsoft Active Directory 2012, 2012 R2, 2016, 2019

  • Microsoft Active Directory Lightweight Directory Services

  • NetIQ eDirectory (formerly Novell eDirectory)

  • OpenLDAP

  • Oracle Directory Server

  • Red Hat Directory Server

If you have hardware-related questions about the LDAP server hardware, then refer to the vendor documentation that accompanied your LDAP server.

ActivID CMS supports the Certificate Authorities (CAs):

  • Entrust® Authority Security Manager™, version 8.3 or 10

  • HID IdenTrust® (ActivID CMS credential provider available from IdenTrust)

  • IDnomic OpenTrust® Enterprise PKI version 4.15 or earlier

  • Microsoft Windows Certificate Authority 2012, 2012 R2, 2016, 2019

  • Symantec® (formerly VeriSign®) Managed PKI, versions 8.x

  • Verizon® (formerly Cybertrust®) UniCERT™ with UPI version 5.5.1

Note: If you have hardware-related questions about the Certificate Authority (CA) server hardware, then refer to the vendor documentation that accompanied your CA server.

The following table lists the Operator Portal hardware requirements for this release of ActivID CMS.

Requirement

Description

Card Readers

ActivID CMS supports any PC/SC reader such as OMNIKEY® smart card readers.

Card Printers

FARGO®

  • Range of DTC® printers such as DTC1250e

  • Range of HDP® printers such as HDP5000

If printing is required, then you must use only one printer family type. In any given deployment, ActivID CMS can support only one printer family type.

Biometric sensors

  • Precise™ Biometrics MC200 Fingerprint and Smart Card Reader (legacy, no longer available from vendor)

  • Precise Biometrics MC250 Fingerprint and Smart Card Reader (legacy, no longer available from vendor)

  • SecuGen® Hamster™ IV v2

The following table lists the Operator Portal software requirements for this release of ActivID CMS.

Requirement

Description

Operating Systems

  • Windows 10

  • Windows 11

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

Browsers

  • Google Chrome™ version 88 or above

  • Microsoft Edge version 88 or above

Client Middleware

  • ActivID ActivClient version 7.1 or above

    Important: Starting with ActivID CMS 5.8, the ActivID ActivClient middleware is no longer required.

    Notes:

    • Using ActivID CMS 5.1 (or higher) to issue Crescendo C2300 cards or Crescendo Keys, or YubiKey devices requires ActivClient version 7.2.1 or higher.

    • Using ActivID CMS 5.4 (or higher) to issue ECC Card Authentication keys with the Microsoft CA requires ActivClient 7.3 or higher.

  • Support for third-party PKCS#11 middleware in compliance with ActivID CMS requirements

Printer Software

  • Asure ID™ version 7.8.4 or above (Developers edition) supported for FARGO printers

Biometric Service Provider

  • Precise BioMatch Pro 2.2.0 or 2.3.0 and Precise ANSI 378 Runtime 1.1.1 for Windows, for Precise Biometrics MC200 / MC250 devices

  • Secugen matcher, for Secugen Hamster IV v2 device

The ActivID CMS User Portal hardware requirements for this release of ActivID CMS are as follows:

ActivID CMS supports any PC/SC smart card reader such as OMNIKEY® readers.

The following table lists the ActivID CMS User Portal software requirements for this release of ActivID CMS.

ActivID CMS User Portal Software Requirements

Requirement

Description

Operating Systems    

  • Windows 10

  • Windows 11

  • Windows Server 2016

  • Windows Server 2019

  • Windows Server 2022

Browsers

  • Google Chrome™ version 88 or above

  • Microsoft Edge version 88 or above

Client Middleware

  • ActivID ActivClient version 7.1 or above

    Important: Starting with ActivID CMS 5.8, the ActivID ActivClient middleware is no longer required.

  • Support for third-party PKCS#11 middleware in compliance with ActivID CMS requirements