Prerequisites

Before installing Safous I-SRA in your environment, please ensure the following requirements are met. Following these guidelines will help you maximize Safous I-SRA's functionality and provide a smooth user experience.

Hardware Requirements

To guarantee optimal performance and user experience, we recommend the following minimum hardware specifications for your PoP and App Gateway server:

• Dedicated Server: Use a clean, dedicated Linux server exclusively for App Gateway installation. Please ensure that you have root permissions for the machine.
• Scaling Guidelines: We recommend deploying one App Gateway for every 1,000 concurrent users in your environment. For example, a site serving applications to 3,000 users would ideally utilize three App Gateways.
• High Availability: For enhanced availability and uninterrupted service, you should have a minimum of two App Gateway instances per site. This redundancy ensures that even if one instance experiences an outage, the other can continue to provide access to your applications.
• Scaling for High-Traffic Sites: If you anticipate high traffic volumes for your installed site, we recommend deploying additional App Gateways to accommodate the increased traffic volumes and ensure a consistent and smooth user experience.

Server Specification

Server	Guidelines	Example of 1000 users	Remark
Operating System	Ubuntu Server 24.04
CPU Cores	4 cores minimum, 6 cores recommended	6	Adding additional App Gateways is preferred over calling CPU cores for larger deployments.
RAM	6 GB minimum	8	512 KB per additional user
Disk	60 GB minimum	150 GB	Allocate additional disk space if you intend to store recordings. For high recording volumes, consider utilizing an external mounted volume.
			Additionally, please ensure you have sufficient Disk IOPS for optimal performance; 3000 IOPS is the baseline.

Network Configuration Requirement

To ensure the proper functioning of your Safous I-SRA environment, the following items must be configured:

1. DNS Configuration

Safous I-SRA uses DNS for proper operation. Before installing the Safous I-SRA PoP and App Gateway, an additional DNS record must be added to resolve the Safous I-SRA domain. In this article, we assume that we have the safous.com domain and want to set *.ot.safous.com as our Safous I-SRA environment domain.

The following DNS record set must be added to your internal DNS server configuration:

DNS Zone (ot.safous.com)

Name	Type	Record	Value
tcp	IN	A	PoP Internal IP
*	IN	CNAME	tcp.ot.safous.com

2. Ensuring Connectivity

To ensure uninterrupted connectivity, please take the following steps:

• DNS resolver: Check your PoP and App Gateway machine. Ensure FQDN of PoP can be resolve in all machine.
• Firewall and Other Security Services: Check your firewall, WAF, or any other security services for rules or policies that might block traffic to or from these domains.
• Wildcard Subdomain Access: The domains with an asterisk (*) represent a wildcard, indicating that all subdomains under that domain need to be accessible. Please ensure that you have appropriate connectivity to all subdomains.
• Proxy Configuration: Do not use proxy servers for traffic between the App Gateway and these domains as this may disrupt the TLS connection and potentially lead to a termination of the TLS connection between the App Gateway and the destination.
• Traffic Manipulation: Ensure no system in your network are configured to manipulate or intercept traffic between the App Gateway and Safous ZTA PoP.

3. SSL Certificate Requirement

Before you begin the installation, plan how you want to deploy your Safous I-SRA environment. Safous I-SRA can also provide a self-signed certificate if the customer prefers not to deal with the certificate creation process.

If you generate your own trusted SSL certificate, ensure it includes the following:

Certificate Details

Field	Value
Common Name (CN)	*.your_domain
Subject Alternative Name (DNS)	*.ot.safous.com