On-Prem Preparation Guide

The OX Platform Readiness Validator checks whether your on-premises server environment is ready for an OX Security deployment.

The tool verifies infrastructure compatibility, validates network settings, and confirms access to required external services. It also generates the configuration file used during installation and creates log files to help with troubleshooting.

On-prem (self-hosted) deployments run in environments that you manage, either in your own data centers or in your cloud accounts. Before installation, you receive a system requirements list. Use the validator to confirm that your environment meets these requirements.

The validator helps you:

Confirm the environment early with your team and OX engineers
Reduce time spent in live troubleshooting
Prevent deployment delays
Ensure the system is ready before installation or updates

IMPORTANT: To ensure everything is ready before the installation or update, you must run this tool before the on-prem setup process. The script does not install or update the platform; it only verifies readiness.

System requirements

This section lists the hardware and software requirements required for validation and deployment.

Software requirements

Requirement

Value

Validator Version

2.0.0

Required Privileges

Root (sudo) access

Supported OS

Ubuntu 22.04 LTS, Ubuntu 24.04 LTS

Minimum hardware requirements

Component

Requirement

Purpose

CPU Cores

32+

High-performance Kubernetes workload processing

Memory

64+ GB RAM

Container orchestration and application memory

Storage

512+ GB disk space

Container images, logs, and persistent data

Network

Static IP address

Stable cluster communication

Software tools

Tool / Item

Purpose

curl

Downloading components and testing connectivity

netstat

Checking port availability

nslookup

Validating DNS resolution

ip

Verifying network interfaces

lsb_release

Detecting OS version

Validation script

This section describes how the script manages access, data handling, and output to maintain a secure validation process.

Script functionality

The script requires root (sudo) access to perform system-level validations.
It performs read-only checks and does not modify the system state.
All output files, including logs and configuration files, are saved locally on the server.
No sensitive data is transmitted externally at any stage.

When you enter the command listed below, it downloads the script, creates an executable, and then runs the executable automatically using root privileges.

At various points you’ll need to enter the configuration parameters listed in the table.

To run the validator command on the on-prem server:

Make sure the server has:

Internet access to reach the S3 location
curl installed
Permission to run commands with sudo

Enter the following command in the terminal of the on-prem server to download and start the validator script.
curl -o script.sh http://ox-infra-validator.s3-website-eu-west-1.amazonaws.com/ && chmod +x script.sh && sudo ./script.sh
During execution, the script prompts you to enter configuration parameters.

Parameter

Prompt

Format / Options

Purpose

Validation / Default

Host IP Address

"Host IP Address"

xxx.xxx.xxx.xxx (e.g., 192.168.1.100)

Static IP address for accessing the OX Platform

Must be a valid IPv4 and exist on the system

Host Name

"Host Name"

Alphanumeric + hyphens (e.g., ox-platform-server)

System hostname for the OX Platform server

Must follow standard hostname conventions

Server FQDN

"Server FQDN (e.g., k8s-master.company.com)"

hostname.domain.com (e.g., ox.company.com)

Full domain name for accessing the platform

Must be a valid FQDN with at least one dot

Use Proxy

"Use proxy server? (y/n)"

y/yes or n/no

Determine if a proxy is needed for internet access

Default: n (no proxy)

Proxy URL

"Proxy URL (http://proxy.example.com:8080)"

http://hostname:port or https://hostname:port

Proxy server for outbound connections (if selected)

Valid URL format if proxy is used

Validation phases

The validation process includes several phases, each validating different items.

1. System information display

Checks

Shows current system specifications, including:

Operating System version

CPU core count

Total memory (GB)

Root disk space (GB)

Assessment timestamp

2. Prerequisite validation

Checks

Possible Issues

Root/sudo privileges Ubuntu OS detection Required system commands availability

Running without sudo/root access

Missing system tools

Unsupported operating system

3. System requirements validation

Checks

CPU cores ≥ 32

Memory ≥ 64 GB

Disk space ≥ 512 GB

OS version (22.04 or 24.04)

4. Network configuration validation

Checks

Host IP exists on system interfaces

Hostname validation

DNS resolution for FQDN

Reverse DNS lookup

Network CIDR conflict detection

Kubernetes network planning

Network CIDRs Used:

Pod CIDR: 10.244.0.0/16 – Internal pod communication

Service CIDR: 10.96.0.0/12 – Kubernetes service networking

5. Proxy configuration validation

Checks when a proxy is enabled

Proxy URL format validation

HTTP connectivity through proxy

HTTPS connectivity through proxy

Ubuntu repository access via proxy

6. Package repository validation

Checks

Ubuntu repository connectivity

APT package manager functionality

Security repository access

Package query capabilities

7. External URL accessibility validation

Checks

The validator verifies that the server can access all external services necessary for container images, package managers, Helm charts, and third-party integrations.

Container registries

Domain

Purpose

us-docker.pkg.dev

OX Security containers

hub.docker.com

Common containers

Package registries

Domain

Purpose

registry.npmjs.org

JavaScript packages

pypi.org

Python packages

repo1.maven.org

Java packages

rubygems.org

Ruby packages

api.nuget.org

C# packages

cdn.cocoapods.org

iOS packages

conan.io

C++ packages

Helm Chart repositories

Domain

Purpose

github.io

Helm charts

charts.bitnami.com

Bitnami charts

rook.io

Storage charts

External services

Domain

Purpose

auth0.com

Authentication services

cloud.google.com

Google Cloud Platform

deps.dev

Dependency analysis

datadoghq.com

Logging and observability

8. Platform readiness validation

Checks

Swap disabled (required for Kubernetes)

Port availability (80, 443, 8080, 9090)

Directory write permissions

OX Platform directory structure

Output files

File

Purpose

setup/config.toml

Validated config for installation

ox_readiness_<timestamp>.log

Full validation log for support/troubleshooting

Network planning

CIDR

Used For

10.244.0.0/16

Pod network

10.96.0.0/12

Kubernetes service network

Required open ports

Port

Purpose

HTTP access

443

HTTPS access

8080

Management interface

9090

Monitoring service

Result indicators

Symbol

Meaning

✅

All checks passed

⚠️

Warnings (non-blocking issues)

❌

Errors that must be fixed

Common warnings, errors and recommended actions

The table lists some common warnings, errors and recommended actions.

Warning / Error

Meaning

Action required

⚠️Hostname mismatch

Input doesn’t match system hostname

Will be corrected during install

⚠️ Reverse DNS missing

No PTR record for IP

Add reverse DNS (optional)

⚠️ Port in use

Port needed by OX is occupied

Stop the conflicting service

⚠️ Swap enabled

Swap memory is active

Disable swap before install

⚠️ Partial internet access

Some repos unreachable

Check firewall/proxy settings

❌ CPU cores insufficient

Less than 32 cores

Upgrade server hardware

❌ Memory insufficient

Less than 64 GB RAM

Add RAM

❌ Disk space too small

Less than 512 GB

Resize or expand disk

❌ FQDN not resolving

DNS issue

Create or correct DNS record

❌ Repository access failed

Proxy/firewall blocking

Adjust proxy/firewall settings

❌ Required port unavailable

In use by another service

Free the port

Troubleshooting

If you experience issues during validation:

Review the log file for detailed information on any failed checks or errors.
Verify that your system meets all listed requirements.
If the issue persists, contact OX Security support and include the log file for assistance.

The table lists some possible issues.

Issue

Purpose

Command(s)

Script Won’t Download

Check internet connectivity. Download the validator script.

ping google.com wget http://ox-infra-validator.s3-website-eu-west-1.amazonaws.com/ -O script.sh

Permission Denied

Run the script with root privileges. Add execute permission to the script.

sudo ./script.sh chmod +x script.sh

DNS Failures

Check the DNS configuration Test DNS resolution.

cat /etc/resolv.conf nslookup your-fqdn.com

Proxy Testing

Verify proxy connectivity.

curl -x http://proxy:port http://google.com

APT Repository Issues

Refresh package lists. Review repository configuration Test repository reachability

sudo apt update cat /etc/apt/sources.list curl -I http://archive.ubuntu.com/ubuntu/

After validation

Once the validator completes:

Open the generated setup/config.toml file to review the validated system and network configuration.
Save the log file (ox_readiness_<timestamp>.log) for future reference or troubleshooting if needed.
Once the validation is complete, contact your OX Security support to assist with the installation and deployment.

Last updated 22 days ago