Created by James Hurrell, last modified on Aug 15, 2023

Summaryinformation to help you plan your AIP for Imaging installation.

CAST Imaging

Traditional installer for Microsoft Windows

SoftwareRequiredNotes
Host Operating System(tick)

Microsoft Windows

  • Windows 10
  • Windows 11
  • Windows Server 2022 (64bit) - supported in CAST Imaging ≥ 1.6.0
  • Windows Server 2019 (64bit) - supported in CAST Imaging ≥ 1.6.0
  • Windows Server 2016 (64bit)

Installations of Windows Server using only Server Core (i.e. without a GUI) are not supported.

JDK(tick)

A JDK (1.8.x 64bits) is required. Supported versions are as follows:

  • OpenJDK

  • Oracle Java

Powershell(tick)

The ability to execute Powershell scripts is required during the installation process.

Docker (Microsoft Windows or Linux)

SoftwareRequiredNotes
Host Operating System(tick)

Microsoft Windows

Linux

  • Recommended Linux distributions:
    • all Linux distributions based on (or derived from) Red Hat

Third-party software required
for install on Docker (Linux and Windows)


(tick)

Docker on Linux

When using the Docker Installer extension

  • Docker Engine ≥ 18.0
  • docker-compose latest stable release
  • curl

Docker on Microsoft Windows

  • Docker Desktop for Windows - latest version recommended, or one that provides:
    • Docker Engine ≥ 19.03.5
    • docker-compose latest stable release
    • Hyper-V and WSL2 mode are both supported
    • Containers for Linux must be enabled

Note that when using Hyper-V mode for Docker Desktop only, the following must also be configured:

When using WSL2 mode, these changes are not required. Docker Desktop will automatically manage RAM memory and file sharing.

JDKOptional

A JDK (1.8.x 64bits) is required if using SAML authentication to generate the public/private key pairs for SAML/SSL . Supported versions are as follows:

  • OpenJDK

  • Oracle Java

Kubernetes cluster

SoftwareRequiredNotes
Kubernetes(tick)

Supported in CAST Imaging ≥ 2.1.0.

See https://github.com/CAST-Extend/com.castsoftware.imaging.kubernetessetup for more information.

Helm(tick)

License key

CAST Imaging requires a license key before any Application data can be imported. Please contact CAST Support to obtain your license key.

Required ports

Windows Service nameDocker container nameDescriptionDefault Listening PortNotes
CAST Imaging System - imaging-ETLetlCAST Imaging application management service.9001-
CAST Imaging System - Frontend servicenginxCAST Imaging front-end web service.

80 (≤ 2.0.0-beta5)

8083 (≥ 2.0.0-beta6)

For ≥ 2.0.0-beta6, if port 8083 is not free, the next available port will be used.
From 2.1.0-funcrel this image is no longer pushed. Merged into "server".
CAST Imaging System - imaging-serviceserverCAST Imaging back-end web service.9000-
CAST Imaging System - login serviceloginCAST Imaging login and authentication service.8084From 2.1.0-funcrel this image is no longer pushed. Merged into "server".
CAST Imaging System - sourcecode servicesourcecodeCAST Imaging sourcecode service.9980From 2.1.0-funcrel this image is no longer pushed. Merged into "server".
CAST Imaging System - Neo4j Graph Databaseneo4jNeo4j Graph Database instance.6362, 7473, 7474, 7687-

End users accessing CAST Imaging - browsers

BrowserSupportedNotes
Microsoft Edge(tick)Minimum supported release: Windows 10 Creators Update (1703)

Mozilla Firefox

(tick)Minimum supported release: 63.0
Google Chrome(tick)Minimum supported release: ≥ 70.0

Analysis Service schema

Analysis Service schemas from the following releases of AIP Core are supported for data generation and import:

CAST AIP 8.3.x(tick)
CAST AIP 8.2.x(tick)


  • Currently, it is possible to extract data only from an Analysis Service which contains a single Application.
  • The actions generate snapshot or prepare snapshot (where the Application does not contain any Architecture Models, or transaction/data call graphs) must have already been run before data generation and import takes place. Note that where the prepare snapshot or generate snapshot actions have already been run and a subsequent "run analysis only" is executed on the entire Application or one single Analysis Unit within the Application, you must either run the prepare snapshot or generate snapshot options again BEFORE data generation and import takes place.

Typical architecture

2.x

Click to enlarge

Deployment modes

Before beginning the installation process, you should be aware of the various deployment methods available:

ReleaseDeployment modeDeployment scenarioDetails
2.xEnterpriseDocker for Linux or Docker Desktop for Microsoft Windows

Enterprise mode using Docker is highly recommended wherever possible:

  • This mode uses microservices architecture: all Console front-end services (authentication, UI, registration, Dashboards etc.) are provided either:
    • as Docker containers
    • or can be installed via Java JAR installers where Docker cannot be used
  • When using Docker/Docker Desktop:
    • the deployment of CAST Dashboards is entirely automatic and no manual configuration is required
    • upgrades to new releases of Console is simple - pull/rebuild new images for the containers
  • The Node service is provided as a separate Java JAR installer for installation on Microsoft Windows and can be installed on multiple hosts where AIP Core exists
EnterpriseSingle installer (exe) for Microsoft Windows only
EnterpriseJava JAR installers (multiple)
StandaloneJava JAR installer (single) for Microsoft Windows only

Standalone mode is targeted at deployments on Microsoft Windows on one single machine. The installer includes all required services in one single Java JAR installer:

  • Console front-end service
  • One single Node back-end service
Note that this mode has some limitations which are explained in 2.x - Standalone mode - Installation of AIP Console front-end in standalone mode.
1.x-Java JAR installer (single)

In 1.x, one single Java JAR installer is provided containing:

  • Console front-end service
  • Node back-end service

Console (front end) package requirements

2.x - Docker install

SoftwareRequiredNotes
Host Operating System(tick)

Microsoft Windows

See https://docs.docker.com/desktop/windows/install/.

Linux

  • all Linux distributions based on (or derived from) Red Hat.

Third-party software required
for install on Docker (Linux and Windows)



(tick)

Docker on Linux

  • Docker Engine ≥ 18.0
  • docker-compose latest stable release recommended
  • curl

Docker on Microsoft Windows

  • Docker Desktop for Windows - latest version recommended, or one that provides:
    • Docker Engine ≥ 19.03.5
    • docker-compose latest stable release recommended
    • Containers for Linux must be enabled:

Note that when using Hyper-V mode for Docker Desktop only, the following must also be configured:

When using WSL2 mode, these changes are not required. Docker Desktop will automatically manage RAM memory and file sharing.

Access to at least one CAST Storage Service /PostgreSQL(tick)

An installation of the CAST Storage Service/PostgreSQL, which must be accessible over the network. This is used to host the schemas required for storing analysis results - these schemas do not need to be pre-installed as Console will manage their installation.

  • You can use one single CAST Storage Service/PostgreSQL for all Nodes and Measurement schema
  • You can use multiple CAST Storage Services/PostgreSQL - one dedicated server per Node and one dedicated server for the Measurement schema for example

Note that a PostgreSQL instance is provided as a Docker container running on port 2285 - it will be preconfigured in Console. This instance is used to store the following:

  • One dedicated database called "keycloak" used for the Keycloak authentication service.
  • Two dedicated schemas called "aip-config" (for the front-end) and "aip-node" (for all Nodes) used to store persistence data)

This CAST Storage Service/PostgreSQL instance can ALSO be used to host schemas (Management, Analysis, Dashboard, Measurement) that are required for analysis/snapshot storage.

Ports(tick)

The following ports must be opened inbound on the host server. These correspond to each Docker container required by Console (front-end). This is so that remote Node instance can access the required services:

  • 2281 (Service Registry)
  • 2285 (Node database (PostgreSQL))
  • 8081 (Gateway)
  • 8086 (Keycloak OAuth 2 Server)
  • 8087 (embedded Dashboards - available from 2.0.0-beta2)
  • 8088 (Service Registry)

These ports can be customized if required.

User permissions(tick)

To run the Docker install, Administrator privileges are required:

  • Microsoft Windows - local Administrator privileges
  • Linux - user in the sudoers list
Access to hub.docker.com(tick)All Docker containers are pulled direct from https://hub.docker.com/, therefore the host server must have access to this.
Global CAST License(tick)Console requires a global CAST license key. This key will be applied to all Node packages that you install.
CAST Extend (tick)

In order to install any CAST AIP Extensions automatically, Console needs to connect to CAST's managed service known as "Extend" over the public internet. You will therefore need to register a CAST Extend account (https://extend.castsoftware.com/#/register) and generate an API key (this key is used by Console in the start-up wizard). In addition, access to the following URL on port 443 via TCP is required:

Note that if (due to security concerns) your organization cannot interact over the public internet with CAST's managed services, you can alternatively use CAST Extend Offline/Proxy.

2.x - Multiple JAR install

The JAR installers are an alternative to a Docker deployment. See 2.x - Enterprise mode - Installation of AIP Console front-end via Java JAR installers.


SoftwareRequiredNotes
Host Operating System(tick)

Supported versions of Windows:

  • Windows Server 2022
  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2 Standard
  • Windows Server 2012 Standard
  • Windows Server 2008 R2 SP1 Standard
  • Windows 11
  • Windows 10
  • Windows 8.1

Installations of Windows Server using only Server Core (i.e. without a GUI) are not supported.

  • Recommended versions of Linux:
    • all Linux distributions based on (or derived from) Red Hat

Java (JRE/JDK)

(tick)

A 64bit Java JRE or JDK is required to install and run Console.

Most Java variants certified by the OpenJDK Community Technology Compatibility Kit are compatible with Console (you can verify if a company has access to the TCK on the OpenJDK website). However, CAST highly recommends using the following LTS releases which are known to function with v. ≥ 2.0:

ProviderJava 8 64bitJava 11 (LTS) 64bitJava 17 (LTS) 64bit
Oracle JDK (http://jdk.java.net/)(tick)(tick)(tick) (see note below)
AdoptOpenJDK/Eclipse Temurin(tick)(tick)(tick) (see note below)
Amazon Corretto(tick)(tick)N/A
Eclipse OpenJ9(tick)(tick)N/A
Azul Zulu(tick)(tick)(tick) (see note below)
JAVA_HOME environment variable(tick) A JAVA_HOME system wide environment variable must exist on all host machines, pointing to the installation location of your Java JRE or JDK.
Access to at least one CAST Storage Service /PostgreSQL(tick)

An installation of at least one CAST Storage Service/PostgreSQL, which must be accessible over the network. This is used to host various items required by Console/Nodes:

  • One dedicated database called "keycloak". This database must be created and available on the CAST Storage Service/PostgreSQL instance BEFORE installation is started. This is required by the SSO Java installer.
  • Two dedicated schemas called "aip-config" and "aip-node". These schemas will be created during the service startup and can be stored in any database, however, storage in the "postgres" database is recommended. These are required by the Service Registry Java installer.
  • For each Application managed in Console, various schemas (Management, Analysis, Dashboard) are required for analysis/snapshot storage requirements. These schemas are created when the Application is added into Console. In addition, one schema (Measurement) is required to consolidate snapshot results from all Applications.

You can use one single CAST Storage Service/PostgreSQL to host all required items, or dedicated CAST Storage Service/PostgreSQL instances to host each item. Note that the CAST Storage Service/PostgreSQL instance defined in the Service Registry Java installer will also be made available for use as storage for application analysis/snapshot requirements.

Ports(tick)

The various services run on the following ports by default:

  • 2281 (Service Registry)
  • 8081 (Gateway)
  • 8086 (Keycloak OAuth 2 Server)
  • 8087 (embedded Dashboards - available from 2.0.0-beta2)
  • 8088 (Service Registry)

These ports can be customized if required.

User permissions(tick)

To run the setup start and run the Console package on the server, the follow user permissions are required:

  • Microsoft Windows - local Administrator privileges
  • Linux - user in the sudoers list
Global CAST License(tick)Console requires a global CAST license key. This key will be applied to all Node packages that you install.
CAST Extend (tick)

In order to install any CAST AIP Extensions automatically, Console needs to connect to CAST's managed service known as "Extend" over the public internet. You will therefore need to register a CAST Extend account (https://extend.castsoftware.com/#/register) and generate an API key (this key is used by Console in the start-up wizard). In addition, access to the following URL on port 443 via TCP is required:

Note that if (due to security concerns) your organization cannot interact over the public internet with CAST's managed services, you can alternatively use CAST Extend Offline/Proxy.

1.x - JAR install

SoftwareRequiredNotes
Host Operating System(tick)

The Console package can be installed on both Windows and Linux operating systems:

  • Supported versions of Windows:
    • Windows Server 2022 (supported in Console ≥ 1.10.0)
    • Windows Server 2019 (supported in Console ≥ 1.10.0)
    • Windows Server 2016
    • Windows Server 2012 R2 Standard
    • Windows Server 2012 Standard
    • Windows Server 2008 R2 SP1 Standard
    • Windows 11
    • Windows 10
    • Windows 8.1

Installations of Windows Server using only Server Core (i.e. without a GUI) are not supported.

  • Recommended versions of Linux:
    • all Linux distributions based on (or derived from) Red Hat

Java (JRE/JDK)

(tick)

A 64bit Java JRE or JDK is required to install and run Console.

Most Java variants certified by the OpenJDK Community Technology Compatibility Kit are compatible with Console (you can verify if a company has access to the TCK on the OpenJDK website). However, CAST highly recommends using the following LTS releases which are known to function with v. ≥ 1.14.0:

ProviderJava 8 64bitJava 11 (LTS) 64bitJava 17 (LTS) 64bit
Oracle JDK (http://jdk.java.net/)(tick)(tick)(tick) (see note below)
AdoptOpenJDK(tick)(tick)(tick) (see note below)
Amazon Corretto(tick)(tick)N/A
Eclipse OpenJ9(tick)(tick)N/A
Azul Zulu(tick)(tick)(tick) (see note below)
  • If you have multiple JDK versions installed on a Linux server, you can set the default using the following command:
sudo update-alternatives --config java
  • Java 17 (LTS) is more restrictive regarding java library use and limits some elements to specific modules that are not enabled by default. As a result of this, although supported for use with Console, the start up batch/script files delivered with the installer for the Console front-end and back-end Node must be modified before they can be used to launch Console or an Node. See Configuring start up services and scripts for use with Java 17 and above.
JAVA_HOME environment variable(tick) A JAVA_HOME system wide environment variable must exist on all host machines, pointing to the installation location of your Java JRE or JDK.
User permissions(tick)

To run the setup start and run the Console package on the server, the follow user permissions are required:

  • Microsoft Windows - local Administrator privileges
  • Linux - user in the sudoers list
Access to Node(s)(tick)

The Console package requires access to the analysis nodes on which the Node package/AIP Core has been installed:

  • Console package version number and the Node package version number must be identical.
  • If you are installing the Node package on multiple analysis nodes, then you need to ensure that the Console package can access the Nodes via the defined URLs - i.e. you may need to adjust firewall rules on the Nodes to allow access on the defined port.
Access on port 8081(tick)The Console package runs by default on port 8081 (although you can customize this if required - CAST recommends enabling secure HTTPS connection) therefore you will need to adjust firewall rules on the host server to allow access to the appropriate port so that users can access Console in their browser.
Global CAST License(tick)The Console package requires a global CAST license key. This key will be applied to all Node packages that you install.
CAST Extend (tick)

In order to install any CAST AIP Extensions automatically, Console needs to connect to CAST's managed service known as "Extend" over the public internet. You will also need login credentials for Extend - i.e. you will need to register an account.

Access to the following URL on port 443 via TCP is required:

Note that if (due to security concerns) your organization cannot interact over the public internet with CAST's managed services, you can alternatively use CAST Extend Offline/Proxy.

Node (back end) package requirements

See also Managing multiple applications in Hardware requirements for more information.

SoftwareRequiredNotes
Host Operating System(tick)

The Node package must be installed on a Windows host operating system since it requires the presence of AIP Core. Supported versions of Windows:

  • Windows Server 2022 (supported in Console ≥ 1.10.0)
  • Windows Server 2019 (supported in Console ≥ 1.10.0)
  • Windows Server 2016
  • Windows Server 2012 R2 Standard
  • Windows Server 2012 Standard
  • Windows Server 2008 R2 SP1 Standard
  • Windows 11
  • Windows 10
  • Windows 8.1
AIP Core(tick)

A standard installation (i.e. run from the AIP Core setup) of AIP Core ≥ 8.3.6 is required on the target node.

  • from v. ≥ 1.16, Console can manage multiple  Nodes using different releases of AIP Core. In previous releases, the same release of AIP Core must be used across all Nodes managed in the same Console installation.
  • CAST recommends the most recent release of AIP Core to take full advantage of all available features.
  • The installation path for AIP Core is referred to as <CAST_AIP_install> in the rest of this document. By default, the path is C:\Program Files\CAST\<version>\ on each Node.
CAST Storage Service /PostgreSQL(tick)

An installation of the CAST Storage Service/PostgreSQL, which must be available either on the target node or on another dedicated server accessible over the network. This is used to host the schemas required for storing analysis results - these schemas do not need to be pre-installed as Console will manage their installation.

  • You can use one single CAST Storage Service/PostgreSQL for all Nodes and Measurement schema
  • You can use multiple CAST Storage Services/PostgreSQL - one dedicated server per Node and one dedicated server for the Measurement schema for example
Java (JRE/JDK)(tick)

A Java JRE or JDK is required to install and run Node. See Java (JRE/JDK) above for more information about requirements.

Data storage folders(tick)

The following folders are required by the Node and must be accessible. CAST recommends the use of a common network share for all Nodes. Note however that in v. 1.x, these folder will be located, by default on each Node.

FolderDescription
deliveryA location for storing successive and compressed versions of an application's source code provided during a source code delivery.
deployA location used to store the most recent version of the application's source code for analysis in uncompressed format.
common-data (v 2.x only)A common location used to store backup, sherlock, upload and other folders used by the Node.
backup (v. 1.x only)Used for storing backups of the Application made from Console.
sherlock (v. 1.x only)Used for storing Sherlock exports of the Application made from Console.
upload (v. 1.x only)A folder on the target node is required for user uploads - i.e. components that may need to be added to an analysis (for example).
Network access(tick)

v. 2.x

The Node package runs on the following ports (this port is used for communication from the Node to Console):

  • ≥ 2.6 - by default on port 8089 (static) as defined in the installer, although you can customize this if required. 
  • 2.0 - 2.5 -  by default on a random dynamic port which is chosen when the service is started.

The Node instance requires outbound access from the following default ports to the server hosting Console:

  • 2281
  • 2285 (Docker install only - this is the PostgreSQL instance provided as a Docker container and which is required for Keycloak and other schema requirements)
  • 8081
  • 8086
  • 8087
  • 8088

In addition, outbound access to any CAST Storage Service/PostgreSQL instances configured for Analysis/Snapshot/Measurement storage requirements is required.

v. 1.x

The Node package runs by default on port 8082 (although you can customize this if required - CAST recommends enabling secure HTTPS connection) and this port is used for communication from Console to the Node(s), therefore you will need to adjust firewall rules on the Node instance to allow inbound access from Console.

In addition, outbound access to any CAST Storage Service/PostgreSQL instances configured for Analysis/Snapshot/Measurement storage requirements is required.

CAST Extend(tick)

In order to install any CAST AIP Extensions automatically, each Node needs to connect to CAST's managed service known as "Extend" over the public internet. You will also need login credentials for Extend - i.e. you will need to register an account:

Access to the following URL on port 443 via TCP is required:

Note that if (due to security concerns) your organization cannot interact over the public internet with CAST's managed services, you can alternatively use CAST Extend local server.
User permissions(tick)To run the setup and start/run the Node package on the server, local Administrator privileges are required.

Requirements for end users accessing Console and embedded Dashboards

Browsers

The following browsers are supported when run on Linux, macOS or Microsoft Windows. We regularly test with a subset of the available versions, and aim to fix issues found with any of them.

Browser

Supported

Notes

Microsoft Edge(tick)Minimum supported release: 44 and above

Mozilla Firefox

(tick)Minimum supported release: 95 and above
Google Chrome(tick)Minimum supported release: most recent only
Safari(tick)Minimum supported release: 12 and above

See Standalone dashboard - installation requirements if you intend NOT to use the Dashboards embedded in CAST Console.

CAST Extend Offline/Proxy (optional) requirements

See:

CAST Storage Service / PostgreSQL storage

See:

Supported features of Directory Systems

Directory Services

(tick)
  • Microsoft Active Directory is full supported.
  • Other Directory Services are supported in AIP Console/CAST Imaging but will generally require additional configuration.

Microsoft Active Directory Lightweight Directory Services

Partially

Microsoft AD LDS does not have all the information in the server itself, but may provide a pointer to another server where that information is stored. Depending on what is stored, authentication and authorization may fail if pointing to a AD LDS server and not enough information is present. If this occurs, the configuration should be modified to point to a full Microsoft Active Directory server.

Global Catalog Servers (GCS)(tick)

Sometimes required if an Active Directory or other Directory Services server contains multiple domains or domains and sub-domains. as the Global Catalog Server contains LDAP information for all domains. In this case the LDAP URL should point to the GCS server URL (normally same as LDAP URL with port 3268 for LDAP and 3269 for LDAPS)

Proxies

Partially
  • If the proxy has no authentication configured, then they are supported.
  • No support for any Single Sign On (SSO) proxies.

Referrals

PartiallyIf a referral is used, the machine name needs to be able to be resolved the Doman Name Service (DNS) process. This may require that DNS or a local hosts file is modified to ensure that it occurs.

SSO (Single Sign On)

(tick)

Supported for AIP Console/CAST Imaging via SAML

Nested Groups(tick)-