Before you begin, ensure that the following prerequisites are met.
Software Prerequisites
- You must be running Address Manager v9.3.0 or greater.
- You must have DNS/DHCP Server servers with at least one server configured with a Primary DNS role.
- For the optimal implementation of GSS:
- The DNS architecture must have sufficient redundancy.
- The DNS service must be independently highly-available in each region.
- For environments where GSS must adjust responses based on the client IP address, clients must be configured to use the DNS/DHCP Server as a first-hop DNS resolver.
- The host machines that will be running the BlueCat Gateway instance must have Docker installed.
Hardware Prerequisites
- You must have at least 2 CPUs and 8GB of RAM allocated to the host machine that will be running BlueCat Gateway.
- You must have at least 50GB of free disk space on the host machine.
Configuration Prerequisites
You must configure the BlueCatGateway UDF and a BlueCat Gateway user on Address Manager. For more information, refer to the Configuring BlueCat Gateway section of the BlueCat Gateway Installation Guide.
Network Connectivity Prerequisites
- The GSS application must have HTTP or HTTPS access to the Address Manager API.
- The GSS application must have DNS access to the DNS/DHCP Servers with the Primary DNS roles.
- The GSS health check server must have connectivity to the application servers that it monitors.
- Ports 80 and 443 should be open on the host machine running Docker.
Time Synchronization Prerequisites
The clock on the host machines that will be running BlueCat Gateway must be synchronized with the clock on the Primary DNS server to facilitate mutual authentication. BlueCat recommends configuring NTP.
User Account Permission Prerequisites
- To download GSS, you must have a Quay account that has been granted access to the GSS Adaptive Application.
- For installing and setting up GSS, you must have an Address Manager Administration account with both GUI and API access.
- For configuring scheduled updates of regional address list ACLs, you must have a service Address Manager Administration account with API access.
- For configuring applications and services in GSS, the Address Manager users
must have access to change records in the
gss.bluecat
DNS zone. This is either thegss.bluecat
DNS zone, or a configuration zone listed in theconfig_zone.gss.bluecat
zone. For more information, refer to Configuring an application in GSS.Note: If Address Manager users will not have the required access to change records in the GSS configuration zone, a service account that has access to make these changes must be configured in the gss.ini file. For more information, refer to Understanding the gss.ini settings.