The following Kaspersky NGFW user identity service deployment options are available:
Deployment on a single device: user identity service components and the necessary software are installed on a single device as a single instance.
Deployment in a high-availability cluster: user identity service components and the necessary software are installed in a two-node cluster with one primary node and one backup node. If the primary node is unavailable, the user identity service automatically switches to using the backup node. Nodes can be implemented as virtual machines or hosts.
Minimum requirements for the devices
Depending on the deployment option, the Astra Linux 1.8.3 operating system must be installed on the device or on nodes (if deploying in a cluster).
The following applications and their dependencies must be installed on the device or nodes to support the user identity service:
For both deployment options:
Docker
OpenSSL and keytool
PostgreSQL
Java Development Kit
For deployment on a single device: Docker Compose
For deployment in a high-availability cluster, on both nodes:
Pacemaker
pcs
Minimum hardware requirements for devices:
4 CPUs
RAM: 16 GB
Free hard disk space: 50 GB
User identity service deployment procedure
The user identity service deployment scenario involves the following steps:
For deployment in a high-availability cluster, prepare and configure the user databases and configure access to the databases from the primary and backup nodes, prepare the user identity service components on both nodes, and configure the cluster using Pacemaker.