All Enterprise Server services are based on similar technology. Therefore, deployment requirements are also similar. Where additional requirements exist, they’ll be highlighted in the deployment documentation for that particular service.
Type | Requirement |
---|---|
OS | Recent versions of Ubuntu, Debian, RedHat, Fedora, or CentOS. |
SSL Certs | Either a set of valid SSL certs, or an SSL-terminating reverse proxy. |
Runtime | OpenJDK 17+ |
Hardware | Minimum 4GB RAM and one full CPU core per instance. |
Cluster deployment | When deploying more than one instance as a cluster, an off-the-shelf load balancer is needed to distribute the load evenly among running instances. |
License | Active software licensing subscription for any production use. |
Networking
Each of the services expects to have its own accessibility requirements when it comes to firewalling and allowing/disabling access.
In all cases, the service must be ultimately accessible over HTTPS. No part of your network should be transferring incoming requests over plain HTTP. This means either using api.https.enabled=true
directly, or false
combined with an HTTPS-terminating reverse proxy on the same machine.
Service | Required | Network Access |
---|---|---|
Email Key Manager, EKM client API |
Always | The API must ONLY be accessible on local LAN (or over authenticated/encrypted VPN if on the public internet). |
Email Key Manager, EKM API for WKD |
For WKD Pull-Sync | The API must be accessible by the WKD. |
Web Key Directory, WKD client API |
When deploying WKD | The API must be accessible from the public internet at https://openpgpkey.example.com/
|
Web Key Directory, WKD API for EKM |
For WKD Push-Sync | The API must be accessible by the EKM. |
External Service, FES client API |
When deploying FES | The API must be accessible by the client, typically over the public internet, at https://fes.example.com/ address |
Enterprise Admin Panel, EAP web app |
Always | It’s recommended to only run the EAP on an internal LAN, however, it’s safe to expose on the public internet. |