Edge Encryption system requirements

Xanadu Platform security

Release

xanadu

ft:locale

en-US

ft:publication_title

Xanadu Platform security

ft:clusterId

psec

bundleId

psec

workflow

Platform

Edge Encryption system requirements

Release version: Xanadu

Updated August 1, 2024

3 minutes to read

Summarize

Summarized using AI

Summary of Edge Encryption system requirements

The Edge Encryption proxy application supports deployment on Microsoft Windows and Linux servers or virtual machines. This guide outlines the system, software, and network requirements necessary to ensure optimal performance and security for running the Edge Encryption proxy and its associated databases.

Show full answer Show less

Java and Platform Requirements

The proxy server host must run Java 11.0.6 or later (Java 8 is no longer supported as of the Utah release).
AES 256-bit encryption must be explicitly enabled in Java to allow unlimited strength keys.
OpenJDK version 11 is supported by the ServiceNow AI Platform.

Proxy Server Hardware and Software Requirements

Minimum 4 GB RAM per proxy server (6 GB recommended); the host machine needs at least 1 GB additional RAM for OS services.
32-bit Java Runtime Environments and operating systems are no longer supported; 64-bit Windows Server (2012, 2012-R2, 2016, 2019) or Linux systems are required.
CPU should be 3 GHz or faster, with a 4-core CPU preferred for best performance.
Multiple proxy servers behind a load balancer are recommended depending on user load, application nodes, and failover needs.
Linux 64-bit systems require installation of the 32-bit GNU C library (glibc), e.g., via 'yum install glibc.i686' on CentOS.
Proxy server versions should be kept in sync with the ServiceNow instance major release to ensure compatibility and access to new features.

Network and Security Requirements

Firewall configurations must allow connectivity between proxy servers and client devices.
For environments with DMZs, deploying the proxy server within the DMZ may be necessary to meet security protocols.
The proxy server must have network access to the ServiceNow instance over TCP port 443.
Installation should be performed using a local or domain administrator account.

Order-Preserving and Tokenization Database Requirements

Order-preserving encryption and tokenization features require a dedicated Oracle MySQL database server.
Supported MySQL versions are 5.7 and 8.0; earlier versions 5.5 and 5.6 are deprecated.
Minimum hardware: 16 GB RAM, 2+ GHz CPU (4-core preferred), 64-bit OS, and SAN or RAID 10 local storage.
Database size depends on the number and size of records; a high availability cluster configuration is recommended.
Consult MySQL documentation or support for detailed configuration guidance.

You can run the Edge Encryption proxy application on servers or virtual machines that run on Microsoft Windows or Linux operating systems. For optimum performance, ensure that your configuration meets these requirements.

Java requirements

The host machine installing or running the Edge Encryption proxy server must maintain a supported version of Java. Current supported versions are Java 11.0.6 or later in the 11.x version series

Note:

Java 8 is no longer be supported as of the Utah release. Upgrade your environment with the Edge Encryption proxy to Java 11 before you attempt to install the Utah version of the Edge Encryption proxy.

Note:

Java does not automatically allow unlimited strength keys. You must specifically enable the use of AES 256-bit encryption.

Support for OpenJDK

The ServiceNow AI Platform supports OpenJDK version 11.

Proxy server minimum configuration

A proxy server requires this minimum configuration:

4 GB of RAM per proxy server (6 GB is recommended for most deployments).

Note:
The proxy server host requires at least 1 GB of RAM more than the proxy server. The proxy server host needs the extra 1 GB for operating system services. For example, if you configure a proxy server to use 4 GB of RAM, you must install at least 5 GB of RAM on the proxy server host.
Because the proxy server requires at least 4 GB of memory, 32-bit JREs and 32-bit operating systems are no longer supported starting with the London release.
3 or more GHz CPU (4-core CPU preferred for optimum performance).
Multiple proxy servers behind a load balancer. The number of proxy servers you need depends on the number of application nodes, the number of simultaneous users, and the number of servers needed for failover. See Sizing your Edge Encryption environment for more information.
Ability to run concurrently with other services, depending on the server utilization and resource availability.

Proxy server supported systems

The following systems are supported:


Supported System	Description
Windows Server 2012, 2012-R2, 2016, and 2019 editions	Virtual machines or physical hardware 64-bit systems
Linux	Virtual machines or physical hardware 64-bit systems On 64-bit Linux systems, you must install the 32-bit GNU C library (glibc). The installation command for CentOS is `yum install glibc.i686`.

Proxy server version requirements

Keep your Edge Encryption proxy version in sync with your ServiceNow instance version (same major release, for example Tokyo). To eliminate downtime during the upgrade process, the Edge Encryption proxy is backwards compatible. However it is important to upgrade as soon as possible to avoid ensure users can access new features and important bug fixes.

Proxy server connection requirements

The proxy server that runs the Edge Encryption application must be able to communicate with machines in your network. Make sure that the proxy server has these network privileges:


Network Privilege	Description
Firewall access	Configure any firewalls between the proxy server and the client devices to allow a connection. If your network uses a DeMilitarized Zone (DMZ) to add an extra layer of security to your Local Area Network (LAN), and if your network security protocols limit port access from within the network to the DMZ, you might have to deploy a proxy server to a machine within the DMZ.
Network access	Configure each client to enable the proxy server to connect with it. If network security prevents you from configuring new machines that can connect to the clients, install the proxy server on an existing machine with connection privileges.
Instance access	Ensure that the proxy server has network access to the instance. Make sure that you configure the proxy server network to allow traffic over TCP port 443.
Network account	Install the proxy server with either a local or domain administrator.

Order-preserving and tokenization database system requirements

Order-preserving encryption and encryption patterns require that you configure an Oracle MySQL database for the Edge Encryption proxy server. Order-preserving encryption allows any comparison operation to be directly applied on encrypted data, without first decrypting the data. Encryption patterns let you replace string patterns with tokens (called tokenization) before they are sent to and stored in the database. Because of the size of the MySQL database, use a dedicated proxy server to run the order-preserving and tokenization database.

The minimum database system requirements include:


MySQL Database	Requirement
Version	MySQL database versions 5.7 and 8.0 Note: MySQL versions 5.5 and 5.6 are no longer tested and have reached the end of support.
OS	64-bit systems
CPU	2 or more GHz CPU (4-core CPU preferred for optimum performance)
RAM	16 GB
Disk	Storage Area Network (SAN) or local storage (RAID 10 recommended)
Size	Determined by the number of potential records multiplied by the record size. See Calculate the order-preserving and tokenization database size.
Configuration	High availability cluster. If you are unsure of how to configure your MySQL server, contact MySQL for configuration information.