Skip to main content
Verify your environment meets these requirements.

Supported hardware

  • KMES Series 3, application version 6.3.1.x or later, with initial setup completed (including loading a Platform Master Key and network configuration).

Supported operating systems

  • Windows 2012 R2 (6.3.9600) and later

Required infrastructure

  • A Windows server joined to your Active Directory domain that acts as the Enterprise CA.
  • A Windows server joined to your Active Directory domain that acts as the Network Device Enrollment Service (NDES) service.

Required access

  • An account on the KMES with administrator permissions to create roles, identities, TLS PKI, and update system settings.
  • Local administrator/root access on the Windows machines acting as the Enterprise CA and NDES servers.

Network and firewall

  • Allow outbound TCP port 2001 (default Host API port) from the Enterprise CA server to the KMES Series 3, specified by FQDN (for example, kmes.example.com) or CIDR (for example, 10.0.0.0/24).
TLS inspection or SSL proxies can break mutual TLS handshakes. Exempt the KMES FQDN(s) from inspection. Configure the KMES Series 3 with an FQDN so the exemption applies.