# Prerequisites ## Licenses **During Onboarding** - Registry Username - The Registry Username is provided during onboarding and is used to authenticate to HiddenLayer registries when downloading product images and Helm charts. - This username is shared across AISec Platform, Supply Chain, and Runtime. - License IDs - License IDs are provided during onboarding and are used as the registry password when downloading HiddenLayer products. | Product | License ID | | --- | --- | | AISec Platform | AISec Platform License ID | | Supply Chain | Model Scanner License ID | | Runtime (AIDR) | AIDR License ID | - HiddenLayer License - The HiddenLayer License (Supply Chain and AIDR-G) is used for product operation and licensing after deployment. - This value is used by Supply Chain and AIDR during runtime and should not be used for registry authentication. **After the Airgap AISec Platform is Deployed** - API client ID and client secret. - Can be created after the Platform Console is deployed. - Used with Supply Chain CLI and Runtime. ## Hostname - A hostname for the HiddenLayer AISec Platform. - Example: `http://server1.test.hiddenlayer.com`. ## Compute ### Airgap - Linux-based operating system - x86_64 (ARM64 is not supported) - The controllers and workers require the following minimum specifications: - Controller node: - CPU: 4 cores/threads - RAM: 16GB - Disk space: 75GB (10,000 IOPS speed) - Worker node: - CPU: 8 cores/threads - RAM: 32GB - Disk space: 75GB (10,000 IOPS speed) - The number of controllers and workers depends on your organization's high availability (HA) requirements. - The minimum for deployment is one controller node and one worker node. - **Note**: This is not high availability. HiddenLayer validated the deployment with one controller node and two worker nodes. - Using virtual machines is recommended, but using physical systems is an option. Notes - Do not run Kubernetes on the Linux system where the Airgapped AISec Platform is installed. - Kubernetes is installed as part of the Airgapped AISec Platform installation. - The Airgapped AISec Platform is not supported as a container deployment. - Example: ECS - The minimum specifications listed are based off validation performed by HiddenLayer. Node sizing and hardware specifications are dependent on workload needs. ### AIDR - Linux-based operating system - x86_64 (ARM64 is not supported) - AIDR requires the following minimum specifications: - CPU: 32 cores/threads (per K8s cluster) - RAM: 128GB (per K8s cluster) - Number of K8s clusters: 2 Notes - For the above resource example, a GPU is not required. - Using Azure AKS as an example, one K8s cluster should be the equivalent to an AKS Standard_D32_v3. #### Scaling Recommendations AIDR is horizontally scalable. The latency and throughput for each replica depends on many factors in the deployed environment, including underlying node type, network conditions, and resource contention. To make the best use of your underlying hardware, we recommend the following: 1. Replica count - Allocate 8 Kubernetes CPU units for each replica. - Allocate as many replicas as 8 CPU replicas can fit on to the node. For example, if the underlying node type is Azure's Standard_D32_v3, we recommend setting the following Kubernetes parameters: ``` replicas: min: 4 max: 4 resources: requests: cpu: 8 memory: 4096Mi ``` 2. Thread count per replica - Set the environment variable `OMP_NUM_THREADS: 8`. This value will only improve performance if the guidance in the previous step (Replica Count) is applied. ### Supply Chain - Linux-based operating system - x86_64 (ARM64 is not supported) - Supply Chain requires the following minimum specifications: - CPU: 8 cores/threads - RAM: 168GB Notes - For the above resource example, a GPU is not required. - Performance will vary based on resources. Typically, the more resources the better the performance. ## Tools The following tools are required for the controller and worker nodes. - systemd - curl The following is required for the Supply Chain CLI. - Docker or Docker Desktop The following is required for AIDR. - Docker or Docker Desktop - A Kubernetes cluster - Helm ## Services The below services are required for the Platform to be deployed and to function as expected. | Service | Service Type | Requirements | Notes | | --- | --- | --- | --- | | PostgreSQL | Database | PostgreSQL version is 16.8 or higherRequires user account with superuser accessRequires two PostgreSQL extensionspg_cronpg_partman | Required for storing Supply Chain results permanently. | | Apache Kafka | Event Streaming | Kafka version is 3.6 or higherRequires basic authentication credentials for user name and password | Required for storing scanning results and communications to the Console. | | S3-compatible blob storage service | S3 compatible storage | N/A | HiddenLayer tested and validated with MinioMinio version 2025-07-23T15-54-02Z or later would be requiredExamples of S3-compatible storage services includeOpenShift Data FoundationCloudian | | OpenSearch | Data Search and Analytics | OpenSearch version is 2.6.0 or higherRequires basic authentication credentials for user name and password | Required for internal authentication purposes. | ## Network For complete functionality, the following ports need to be open and allow ingress on the Linux systems where the Airgapped AISec Platform is installed. - 3000 - 80 - 443 ## Other Requirements - Ensure Network Time Protocol (NTP) is enabled and the system clock is synchronized.