# On-Prem Preparation Guide The OX Platform Readiness Validator checks whether your on-premises server environment is ready for an OX Security deployment. The tool verifies infrastructure compatibility, validates network settings, and confirms access to required external services. It also generates the configuration file used during installation and creates log files to help with troubleshooting. On-prem (self-hosted) deployments run in environments that you manage, either in your own data centers or in your cloud accounts. Before installation, you receive a system requirements list. Use the validator to confirm that your environment meets these requirements. The validator helps you: * Confirm the environment early with your team and OX engineers * Reduce time spent in live troubleshooting * Prevent deployment delays * Ensure the system is ready before installation or updates > IMPORTANT: To ensure everything is ready before the installation or update, you must run this tool before the on-prem setup process. **The script does not install or update the platform; it only verifies readiness**. ## System requirements This section lists the hardware and software requirements required for validation and deployment. **Software requirements**

Requirement	Value
Validator Version	2.0.0
Required Privileges	Root (sudo) access
Supported OS	Ubuntu 22.04 LTS, Ubuntu 24.04 LTS

**Minimum hardware requirements**

Component	Requirement	Purpose
CPU Cores	32+	High-performance Kubernetes workload processing
Memory	64+ GB RAM	Container orchestration and application memory
Storage	512+ GB disk space	Container images, logs, and persistent data
Network	Static IP address	Stable cluster communication

**Software tools**

Tool / Item	Purpose
`curl`	Downloading components and testing connectivity
`netstat`	Checking port availability
`nslookup`	Validating DNS resolution
`ip`	Verifying network interfaces
`lsb_release`	Detecting OS version

## Validation script This section describes how the script manages access, data handling, and output to maintain a secure validation process. **Script functionality** * The script requires root (sudo) access to perform system-level validations. * It performs read-only checks and does not modify the system state. * All output files, including logs and configuration files, are saved locally on the server. * No sensitive data is transmitted externally at any stage. When you enter the command listed below, it downloads the script, creates an executable, and then runs the executable automatically using root privileges. At various points you’ll need to enter the configuration parameters listed in the table. **To run the validator command on the on-prem server:** 1. Make sure the server has: * Internet access to reach the S3 location * `curl` installed * Permission to run commands with `sudo` 2. Enter the following command in the terminal of the on-prem server to download and start the validator script. curl -o script.sh && chmod +x script.sh && sudo ./script.sh 3. During execution, the script prompts you to enter configuration parameters.

Parameter	Prompt	Format / Options	Purpose	Validation / Default
Host IP Address	"Host IP Address"	`xxx.xxx.xxx.xxx` (e.g., `192.168.1.100`)	Static IP address for accessing the OX Platform	Must be a valid IPv4 and exist on the system
Host Name	"Host Name"	Alphanumeric + hyphens (e.g., `ox-platform-server`)	System hostname for the OX Platform server	Must follow standard hostname conventions
Server FQDN	"Server FQDN (e.g., k8s-master.company.com)"	`hostname.domain.com` (e.g., `ox.company.com`)	Full domain name for accessing the platform	Must be a valid FQDN with at least one dot
Use Proxy	"Use proxy server? (y/n)"	`y/yes` or `n/no`	Determine if a proxy is needed for internet access	Default: `n` (no proxy)
Proxy URL	"Proxy URL (http://proxy.example.com:8080)"	`http://hostname:port` or `https://hostname:port`	Proxy server for outbound connections (if selected)	Valid URL format if proxy is used

## Validation phases The validation process includes several phases, each validating different items. ### **1. System information display** | Checks | | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |

Shows current system specifications, including:

Operating System version

CPU core count

Total memory (GB)

Root disk space (GB)

Assessment timestamp

| ### **2. Prerequisite validation**

Checks	Possible Issues
Root/sudo privileges Ubuntu OS detection Required system commands availability	Running without sudo/root access Missing system tools Unsupported operating system

Checks

Possible Issues

Root/sudo privileges
Ubuntu OS detection
Required system commands availability

Running without sudo/root access

Missing system tools

Unsupported operating system

### **3. System requirements validation** | Checks | | -------------------------------------- | | CPU cores ≥ 32 | |

Memory ≥ 64 GB

| |

Disk space ≥ 512 GB

| |

OS version (22.04 or 24.04)

| ### **4. Network configuration validation** | Checks | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |

Host IP exists on system interfaces

Hostname validation

DNS resolution for FQDN

Reverse DNS lookup

Network CIDR conflict detection

Kubernetes network planning

Network CIDRs Used:

Pod CIDR: 10.244.0.0/16 – Internal pod communication

Service CIDR: 10.96.0.0/12 – Kubernetes service networking

| ### **5. Proxy configuration validation** | Checks when a proxy is enabled | | -------------------------------------------------------------------------------------------------------------------------------------------------------- | |

Proxy URL format validation

HTTP connectivity through proxy

HTTPS connectivity through proxy

Ubuntu repository access via proxy

| ### **6. Package repository validation** | Checks | | ----------------------------------------------------------------------------------------------------------------------------------------------- | |

Ubuntu repository connectivity

APT package manager functionality

Security repository access

Package query capabilities

| ### **7. External URL accessibility validation** | Checks | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | The validator verifies that the server can access all external services necessary for container images, package managers, Helm charts, and third-party integrations. | #### **Container registries** | Domain | Purpose | | ------------------- | ---------------------- | | `us-docker.pkg.dev` | OX Security containers | | `hub.docker.com` | Common containers | #### **Package registries** | Domain | Purpose | | -------------------- | ------------------- | | `registry.npmjs.org` | JavaScript packages | | `pypi.org` | Python packages | | `repo1.maven.org` | Java packages | | `rubygems.org` | Ruby packages | | `api.nuget.org` | C# packages | | `cdn.cocoapods.org` | iOS packages | | `conan.io` | C++ packages | #### **Helm Chart repositories** | Domain | Purpose | | -------------------- | -------------- | | `github.io` | Helm charts | | `charts.bitnami.com` | Bitnami charts | | `rook.io` | Storage charts | #### **External services** | Domain | Purpose | | ------------------ | ------------------------- | | `auth0.com` | Authentication services | | `cloud.google.com` | Google Cloud Platform | | `deps.dev` | Dependency analysis | | `datadoghq.com` | Logging and observability | ### **8. Platform readiness validation** | Checks | | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | |

Swap disabled (required for Kubernetes)

Port availability (80, 443, 8080, 9090)

Directory write permissions

OX Platform directory structure

| #### Output files | File | Purpose | | ------------------------------ | ----------------------------------------------- | | `setup/config.toml` | Validated config for installation | | `ox_readiness_.log` | Full validation log for support/troubleshooting | #### Network planning | CIDR | Used For | | --------------- | -------------------------- | | `10.244.0.0/16` | Pod network | | `10.96.0.0/12` | Kubernetes service network | #### **Required open ports** | Port | Purpose | | ---- | -------------------- | | 80 | HTTP access | | 443 | HTTPS access | | 8080 | Management interface | | 9090 | Monitoring service | ## Result indicators

Symbol	Meaning
✅	All checks passed
⚠️	Warnings (non-blocking issues)
❌	Errors that must be fixed

## Common warnings, errors and recommended actions The table lists some common warnings, errors and recommended actions.

Warning / Error	Meaning	Action required
⚠️Hostname mismatch	Input doesn’t match system hostname	Will be corrected during install
⚠️ Reverse DNS missing	No PTR record for IP	Add reverse DNS (optional)
⚠️ Port in use	Port needed by OX is occupied	Stop the conflicting service
⚠️ Swap enabled	Swap memory is active	Disable swap before install
⚠️ Partial internet access	Some repos unreachable	Check firewall/proxy settings
❌ CPU cores insufficient	Less than 32 cores	Upgrade server hardware
❌ Memory insufficient	Less than 64 GB RAM	Add RAM
❌ Disk space too small	Less than 512 GB	Resize or expand disk
❌ FQDN not resolving	DNS issue	Create or correct DNS record
❌ Repository access failed	Proxy/firewall blocking	Adjust proxy/firewall settings
❌ Required port unavailable	In use by another service	Free the port

## Troubleshooting If you experience issues during validation: 1. Review the log file for detailed information on any failed checks or errors. 2. Verify that your system meets all listed requirements. 3. If the issue persists, contact OX Security support and include the log file for assistance. The table lists some possible issues.

Issue	Purpose	Command(s)
Script Won’t Download	Check internet connectivity. Download the validator script.	ping google.com wget http://ox-infra-validator.s3-website-eu-west-1.amazonaws.com/ -O script.sh
Permission Denied	Run the script with root privileges. Add execute permission to the script.	`sudo ./script.sh` `chmod +x script.sh`
DNS Failures	Check the DNS configuration Test DNS resolution.	`cat /etc/resolv.conf` `nslookup your-fqdn.com`
Proxy Testing	Verify proxy connectivity.	`curl -x http://proxy:port http://google.com`
APT Repository Issues	Refresh package lists. Review repository configuration Test repository reachability	`sudo apt update` `cat /etc/apt/sources.list` `curl -I http://archive.ubuntu.com/ubuntu/`

## After validation Once the validator completes: 1. Open the generated `setup/config.toml` file to review the validated system and network configuration. 2. Save the log file (`ox_readiness_.log`) for future reference or troubleshooting if needed. 3. Once the validation is complete, contact your OX Security support to assist with the installation and deployment.