Before you begin installing Automation Config, you need to ensure your installation project is up-to-date with these required dependencies.
| Dependency | Requirement |
|---|---|
| License | If you are deploying Automation Config through VMware Aria Suite Lifecycle and you want to integrate Automation Config with VMware Aria Automation, you need one of the following licenses:
If you are deploying Automation Config through VMware Aria Suite Lifecycle and you want to integrate Automation Config with VMware Aria Automation, you need:
If you are using the standard installation method to deploy Automation Config, any of the above licenses will work. Automation for Secure Hosts requires a license with the Secure Hosts feature enhancement. Customers with VMware Aria Automation Suite Advanced, Suite Enterprise, or Cloud license are eligible for this feature enhancement. To add Automation for Secure Hosts to your VMware Aria Automation license, contact your sales representative.
Note:
Automation Config supports multiple license keys, which means you can add any number of license key numbers to your
Automation Config installation. As long as a license key has not yet expired,
Automation Config activates any features allowed by that license key.
|
| Operating System |
Salt itself is designed to be operating system agnostic and can manage the nodes of most standard operating systems. For a list of supported Salt operating systems, see Salt Platform Support. For more detailed information about additional operating systems or considerations, see Automation Config system requirements. |
| PostgreSQL version | Automation Config requires a PostgreSQL 9.6 database, but PostgreSQL 12.4 is recommended. The recommended version of PostgreSQL is included with the Automation Config installer.
Note: Since PostgreSQL is a third-party software, you are responsible for ongoing maintenance, backups, and other administrative tasks. For information about PostgreSQL database maintenance and administration, see the
PostgreSQL documentation.
|
| Redis version | Automation Config requires a Redis 5.x database, but Redis 6.2.7 is recommended. The recommended version of Redis is included with the Automation Config installer.
Note: Since Redis is a third-party software, you are responsible for ongoing maintenance and other administrative tasks. For information about Redis database maintenance and administration, see the
Redis documentation.
|
| Java version | Automation Config requires a Java 11 runtime environment (JRE), specifically Java 11 is run on the RaaS node. The JRE is not included in the Automation Config installer. You must install it on your operating system prior to installation.
Note: Since Java is a third-party software, you are responsible for ongoing maintenance, backups, and other administrative tasks. For information about Java 11, see the
Java 11 documentation.
|
| Internet Access | Some networks do not have consistent access to the Internet for various reasons. These systems are also referred to as air-gapped systems. Air-gapped systems pose particular challenges both for installing Automation Config and for ensuring it is up to date. For more information on preparing for installing in an air-gapped environment see, Installation planning for air-gapped systems below. |
| Salt version | Automation Config is powered by Salt, an open-source automation and configuration management engine sponsored by VMware. Salt includes modules that can quickly and consistently automate common infrastructure administration tasks such as:
Automation Config is compatible with most versions of Salt, although it is strongly recommended to run the latest stable versions of Salt on your Salt master. If you plan to use Automation for Secure Hosts with Windows servers, these Windows minions must run Salt 3004.2 or later. For information on installing Salt, see The Salt install guide. For more information on using Salt, see the Salt user guide. |
| Python version | Automation Config packages its own Python 3.9.15. It doesn’t use the Python installed on your operating systems and it does not require it to be up to date. However, it is generally recommended that you run the latest version of Python on your system. |
| Firewall permissions | For standard installations, ensure firewall access is allowed on the following ports from the following nodes:
|
Installation planning for air-gapped systems
Air-gapped systems are systems that do not have consistent access to the internet. As a result, installing in an air-gapped environment includes additional preparation and planning steps.
Plan how to transfer the installation files
In order to complete a standard installation, you need a mechanism through which to download, verify, and extract the necessary installation files. If downloading files is impossible in your network, you need to brainstorm and prepare an alternate method to transfer the necessary installation files to the nodes on which you are installing Automation Config and its dependencies.
You will need to transfer the files to the node(s) involved in the installation process. Place the files in the root folder. For a standard installation, transfer the files to the Salt master from which you are running the installation orchestration.
Plan how to manage upgrades
Automation Config and its dependencies (Salt, PostgreSQL, etc.) release regular updates with enhanced features and security updates. In order to take advantage of these updates, you need to plan to check for updates and install upgrades whenever they are available.
Plan how to update Automation for Secure Hosts libraries
If your organization has a Automation for Secure Hosts license, be aware that both Automation for Secure Hosts libraries release regular content updates with the latest compliance and vulnerability content. These content libraries are updated outside of the regular Automation Config release schedule.
Ideally, customers can automatically download and ingest security libraries over the Internet or through an http proxy as soon as they are updated. However, it is also possible to manually download and ingest these libraries. In order to take advantage of these updates, you need a plan to check for security content updates regularly, and develop a process to manually ingest this content when it is available.
