MTG KMS Server Package Dependencies

To verify the integrity of the packages, a corresponding SHA-256 checksum as well as a PGP-Signature will be delivered for each package.

Component Package name Note

Component	Package name	Note
mtg-kms-server	`mtg-kms-server-<X.X.X-REV>.<DIST>.<arch>.rpm` or `mtg-kms-server-<X.X.X-REV>~<DIST-VER>_<arch>.deb`	MTG KMS Server

mtg-kms-server

mtg-kms-server-<X.X.X-REV>.<DIST>.<arch>.rpm
or
mtg-kms-server-<X.X.X-REV>~<DIST-VER>_<arch>.deb

MTG KMS Server

For detailed instructions on Installation Preparation, Installation and Apache Configuration please refer to the Related Links section at the end of this page.

Hardware Security Module HSM

For supported HSMs and extended instructions please refer to this page.

Database

MTG-KMS uses a database for storing its configuration and user data.

The underlying database system has to be provided and managed by the customer, i.e. is not part of the MTG-KMS software. The database system should be configured to accept the jdbc connections from MTG-KMS to its database schema.

MTG provides the RDBMS specific application’s database schema installation scripts inside the mtg-kms-server package. Depending on customer agreement, MTG provides schema installation scripts for the following database management systems:

Oracle SQL
PostgreSQL
MariaDB

MariaDB

Set the default character set of the database to UTF8 (see below).

Changing the default character set of MariaDB.

ALTER DATABASE <db_name> COLLATE = 'utf8_unicode_ci' CHARACTER SET = 'utf8';

The encoding of the database must always be utf8 with collation utf8_unicode_ci. Currently, only the utf8mb3 format of MariaDB is supported. Some languages are not supported by this format.

If a galera cluster is used, the option log_bin_trust_function_creators="ON" must be set in the configuration file of the mysql installation, because of the use of database triggers in connection with flyway.

DMZ

If the KMS-Tenant application is available through the internet, it is possible to use a separated Apache web server inside a DMZ. This Apache web server will act as a reverse proxy and forward the request towards the KMS-Tenant application in the back end. For a more specific description please contact the MTG Support Team.

MTG Secrets Protection Manager

The MTG-KMS uses the MTG Secrets Protection Manager workflow for encrypting application-specific data:

Therefore, it is a mandatory prerequisite to run the MTG Secrets Protection Manager CLI tool init command before configuring the following applications:

KMS-Server

The content of the secrets-protection.properties file, that was automatically generated by running the init command, should be copied inside each MTG application’s application.properties file.