Mideye Pre-Install: Hardware & Network Checklist
Hardware Requirements
Section titled “Hardware Requirements”| Resource | Linux | Windows |
|---|---|---|
| RAM | 4 GB minimum | 8 GB minimum |
| Disk | 10 GB free | 10 GB free |
| Platform | Physical or virtual | Physical or virtual |
Software Requirements
Section titled “Software Requirements”Operating System
Section titled “Operating System”A user account with administrator rights is required to install the software, restart services, and reboot the operating system.
Windows Server (MSI installer)
Section titled “Windows Server (MSI installer)”| Version | Status |
|---|---|
| Windows Server 2025 (64-bit) | ✅ Supported |
| Windows Server 2022 (64-bit) | ✅ Supported |
| Windows Server 2019 (64-bit) | ✅ Supported |
| Windows Server 2016 (64-bit) | ✅ Supported |
Debian / Ubuntu (DEB package)
Section titled “Debian / Ubuntu (DEB package)”| Version | Status |
|---|---|
| Ubuntu 24.04 LTS | ✅ Supported |
| Ubuntu 22.04 LTS | ✅ Supported |
| Ubuntu 20.04 LTS | ✅ Supported |
| Debian 12 (Bookworm) | ✅ Supported |
| Debian 11 (Bullseye) | ✅ Supported |
RHEL / Rocky / Alma (RPM package)
Section titled “RHEL / Rocky / Alma (RPM package)”| Version | Status |
|---|---|
| RHEL 9 / Rocky 9 / Alma 9 | ✅ Supported |
| RHEL 8 / Rocky 8 / Alma 8 | ✅ Supported |
Containers (coming soon)
Section titled “Containers (coming soon)”| Platform | Status |
|---|---|
| Docker | 🔜 Planned |
| Podman | 🔜 Planned |
Database
Section titled “Database”The database is not included in the installation package and needs to be created before proceeding with the installation.
Database Encryption
Section titled “Database Encryption”When Mideye Server 6 connects to a clean database it will populate it. When RADIUS Shared Secrets are added, the Mideye Server will encrypt them in the database. Make sure to have the keystore and the keystore key backed up in case they need to be retrieved at some point. Read more about this in the Database section of the Reference Manual.
Database Clusters
Section titled “Database Clusters”Several Mideye Servers can be connected to a database cluster and share the database. This brings up two concerns:
- One of the servers must be made Cluster Leader.
- The RADIUS Shared Secrets stored in the database are encrypted. Because of this the keystore and the keystore key needs to be replicated to all Mideye Servers.
Read more about this in the Shared Database Clusters section.
Supported Databases
Section titled “Supported Databases”| Database | Supported Versions | Notes |
|---|---|---|
| Microsoft SQL Server | 2016, 2017, 2019, 2022 | Express edition also supported* |
| MariaDB | 10.5, 10.6 LTS, 10.11 LTS, 11.x | Recommended for Linux |
| MySQL | 8.0, 8.4 LTS | Community and Enterprise editions |
*SQL Server Express edition is also supported and most common in single server setups.
Checklist
Section titled “Checklist”Database
Section titled “Database”Note the following:
- Host name / IP address.
- Database type (Microsoft SQL or MySQL).
- SQL account name and password.
- Database name (default: mideye).
- Instance name (if applicable).
The database can be installed locally or be hosted remotely on another server. If two or more Mideye Server 6 is connected to the same database one of them needs to be set as Cluster Leader.
LDAP Server (if applicable)
Section titled “LDAP Server (if applicable)”Note the following:
- LDAP service account with read-rights for Mideye Server user search.
RADIUS clients
Section titled “RADIUS clients”Integration manuals for the RADIUS client (e.g. VPN-concentrator, Citrix portal etc) can be found under the Integrations section.
Note the following:
- IP Address
- RADIUS port
- RADIUS shared secret
- If PAP or MS-CHAPv2 is used. Note: For MS-CHAPv2, a Microsoft Network Policy Server (NPS) is required.
Firewall
Section titled “Firewall”Inbound (RADIUS clients → Mideye Server)
Section titled “Inbound (RADIUS clients → Mideye Server)”- Ensure the firewall is open for two-way communication between RADIUS client and Mideye Server on the selected RADIUS port (default: udp/1812). If installing on Windows the installation package will automatically add firewall rules for RADIUS and the TCP-port that is being used by the web-interface. Note that these firewall rules by default will only allow traffic on the Ethernet port if its “Network profile” is set to “Private”. These firewall openings must be added manually when installing on Linux-based operating systems.
Outbound (Mideye Server → Mideye services)
Section titled “Outbound (Mideye Server → Mideye services)”Allow outbound traffic from the Mideye Server to the following hostnames:
| Service | Hostname | Port | Protocol |
|---|---|---|---|
| Mideye Switch | switch1.mideye.com | Customer-specific TCP port | TLS 1.3 |
| Mideye Switch (failover) | switch2.mideye.com | Customer-specific TCP port | TLS 1.3 |
| MAS — Magic Link, RADIUS sessions | mas.prod.mideye.com | 443 | HTTPS |
| Mideye Shield — IP threat intelligence | shield.prod.mideye.com | 443 | HTTPS |
| Mideye+ simplified activation (primary) | activate01.mideye.com | 443 | HTTPS |
| Mideye+ simplified activation (secondary) | activate02.mideye.com | 443 | HTTPS |
-
Note the public IP used by the Mideye Server when communicating with the Mideye Switch.
-
Request a firewall opening and customer-specific TCP port from
support@mideye.com. -
If your firewall allows traffic by IP rather than hostname, see the outbound IP address reference for the canonical list of IPs. To verify what your DNS resolves to, see the DNS resolution check.
For background on what each service does, see the Architecture Overview. For troubleshooting connectivity issues, see External Service Issues.
Proxy server (if applicable)
Section titled “Proxy server (if applicable)”Note the following:
- Proxy server IP address
- Port number
- SOCKS version
Installation package
Section titled “Installation package”Request login credentials to the Downloads page from support@mideye.com. Include your mobile number in the request, since login is protected with two-factor authentication.