Skip to content
/
Prerequisites

Prerequisites

Licenses

During Onboarding

  • Registry Username

    • The Registry Username is provided during onboarding and is used to authenticate to HiddenLayer registries when downloading product images and Helm charts.
    • This username is shared across AISec Platform, Supply Chain, and Runtime.

  • License IDs

    • License IDs are provided during onboarding and are used as the registry password when downloading HiddenLayer products.

      ProductLicense ID
      AISec PlatformAISec Platform License ID
      Supply ChainModel Scanner License ID
      Runtime (AIDR)AIDR License ID

  • HiddenLayer License

    • The HiddenLayer License (Supply Chain and AIDR-G) is used for product operation and licensing after deployment.
    • This value is used by Supply Chain and AIDR during runtime and should not be used for registry authentication.

After the Airgap AISec Platform is Deployed

  • API client ID and client secret.

    • Can be created after the Platform Console is deployed.
    • Used with Supply Chain CLI and Runtime.

Hostname

  • A hostname for the HiddenLayer AISec Platform.

    • Example: http://server1.test.hiddenlayer.com.

Compute

Airgap

  • Linux-based operating system

  • x86_64 (ARM64 is not supported)

  • The controllers and workers require the following minimum specifications:

    • Controller node:

      • CPU: 4 cores/threads
      • RAM: 16GB
      • Disk space: 75GB (10,000 IOPS speed)

    • Worker node:

      • CPU: 8 cores/threads
      • RAM: 32GB
      • Disk space: 75GB (10,000 IOPS speed)

  • The number of controllers and workers depends on your organization's high availability (HA) requirements.

  • The minimum for deployment is one controller node and one worker node.

    • Note: This is not high availability. HiddenLayer validated the deployment with one controller node and two worker nodes.

  • Using virtual machines is recommended, but using physical systems is an option.

Notes

  • Do not run Kubernetes on the Linux system where the Airgapped AISec Platform is installed.

    • Kubernetes is installed as part of the Airgapped AISec Platform installation.

  • The Airgapped AISec Platform is not supported as a container deployment.

    • Example: ECS

  • The minimum specifications listed are based off validation performed by HiddenLayer. Node sizing and hardware specifications are dependent on workload needs.

AIDR

  • Linux-based operating system

  • x86_64 (ARM64 is not supported)

  • AIDR requires the following minimum specifications:

    • CPU: 32 cores/threads (per K8s cluster)
    • RAM: 128GB (per K8s cluster)
    • Number of K8s clusters: 2
Notes
  • For the above resource example, a GPU is not required.
  • Using Azure AKS as an example, one K8s cluster should be the equivalent to an AKS Standard_D32_v3.

Scaling Recommendations

AIDR is horizontally scalable. The latency and throughput for each replica depends on many factors in the deployed environment, including underlying node type, network conditions, and resource contention.

To make the best use of your underlying hardware, we recommend the following:

  1. Replica count

    • Allocate 8 Kubernetes CPU units for each replica.
    • Allocate as many replicas as 8 CPU replicas can fit on to the node.

    For example, if the underlying node type is Azure's Standard_D32_v3, we recommend setting the following Kubernetes parameters:

    replicas:
  min: 4
  max: 4
resources:
  requests:
    cpu: 8
    memory: 4096Mi

  2. Thread count per replica

    • Set the environment variable OMP_NUM_THREADS: 8.
    Note

    This value will only improve performance if the guidance in the previous step (Replica Count) is applied.

Supply Chain

  • Linux-based operating system

  • x86_64 (ARM64 is not supported)

  • Supply Chain requires the following minimum specifications:

    • CPU: 8 cores/threads
    • RAM: 168GB
Notes
  • For the above resource example, a GPU is not required.
  • Performance will vary based on resources. Typically, the more resources the better the performance.

Tools

The following tools are required for the controller and worker nodes.

  • systemd
  • curl

The following is required for the Supply Chain CLI.

  • Docker or Docker Desktop

The following is required for AIDR.

  • Docker or Docker Desktop
  • A Kubernetes cluster
  • Helm

Services

The below services are required for the Platform to be deployed and to function as expected.

ServiceService TypeRequirementsNotes
PostgreSQLDatabase
  • PostgreSQL version is 16.8 or higher
  • Requires user account with superuser access
  • Requires two PostgreSQL extensions
Required for storing Supply Chain results permanently.
Apache KafkaEvent Streaming
  • Kafka version is 3.6 or higher
  • Requires basic authentication credentials for user name and password
Required for storing scanning results and communications to the Console.
S3-compatible blob storage serviceS3 compatible storageN/A
  • HiddenLayer tested and validated with Minio
    • Minio version 2025-07-23T15-54-02Z or later would be required
  • Examples of S3-compatible storage services include
    • OpenShift Data Foundation
    • Cloudian
OpenSearchData Search and Analytics
  • OpenSearch version is 2.6.0 or higher
  • Requires basic authentication credentials for user name and password
Required for internal authentication purposes.

Network

For complete functionality, the following ports need to be open and allow ingress on the Linux systems where the Airgapped AISec Platform is installed.

  • 3000
  • 80
  • 443

Other Requirements

  • Ensure Network Time Protocol (NTP) is enabled and the system clock is synchronized.

Overview

Installation