The following requirements must be met, to install and run the Utimaco DKE Anchor Manager and DKE Anchor Service.
-
Java version must be 11.0.12 or higher.
-
Utimaco SecurityServer or CP5 HSM is set up and configured.
See the SecurityServer or CP5 documentation to set up the HSM.
-
MBK must be created and stored on each HSM.
See the SecurityServer or CP5 documentation to set up the MBK. -
SecurityServer or CP5 Default Admin should be replaced with a new admin user.
-
Operating system as specified in Tested Versions.
-
SecurityServer as specified in Tested Versions.
-
PKCS#11 library is set up and configured for your environment.
See the SecurityServer or CP5 documentation to set up and configure the PKCS#11 library. -
The DKE Anchor Service needs to run on a host
-
which has a FQDN (the app service URL)
-
which has a verified/registered domain
-
with https port 443 allowed through the firewall and reachable from all AIP clients
-
-
The DKE Anchor Service application should be in the root path and no sub path should be specified.
-
DKE requires a Microsoft 365 E5 license, and it works only for “Microsoft Office Apps for enterprise version 2009 or later (Desktop versions of Word, PowerPoint, and Excel) on Windows”.
-
The custom domains should be in verified state. For more details see https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/addcustom-domain
-
Microsoft 365 requires an internet connection. The list of FQDN or wildcard domains and IP addresses should be allowed from the customer network to Microsoft 365 as mentioned by Microsoft, see ID 56 under https://docs.microsoft.com/enus/microsofst-365/enterprise/urls-and-ip-address-ranges?view=o365worldwide#microsoft-365-common-and-office-online.