Installation requirements
Hardware requirements
You must meet the following minimum hardware requirements for a highly available infrastructure in a production grade environment.
The following video gives you high-level sizing guidance for your installation:
For all installation scenarios described inInstallation topologies, the following tables list the minimum hardware requirements for the installation components.
In these tables the hard disk requirements are in addition to the hard disk space required by the operating system. Depending on your applications and network traffic, your installation might require more or fewer resources than listed below.
| Installation Component | RAM | CPU | Minimum hard disk |
|---|---|---|---|
| Cassandra (standalone) | 16GB | 8-core | 250GB local storage with SSD supporting 2000 IOPS |
| Cassandra/Zookeeper on same machine | 16GB | 8-core | 250GB local storage with SSD supporting 2000 IOPS |
| Message Processor/Router on same machine | 16GB | 8-core | 100GB |
| Message Processor (standalone) | 16GB | 8-core | 100GB |
| Router (standalone) | 8GB | 8-core | 100GB |
| Analytics - Postgres/Qpid on same server | 16GB* | 8‑core* | 500GB - 1TB** network storage***, preferably with SSD backend, supporting 1000 IOPS or higher* |
| Analytics - Postgres master or standby standalone | 16GB* | 8-core* | 500GB - 1TB** network storage***, preferably with SSD backend, supporting 1000 IOPS or higher* |
| Analytics - Qpid (standalone) | 8GB | 4-core | 30GB - 50GB local storage with SSD The default Qpid queue size is 1 GB, which can be increased to 2 GB. If you need more capacity, add additional Qpid nodes. |
| OpenLDAP/UI/Management Server | 8GB | 4-core | 60GB |
| UI/Management Server | 4GB | 2-core | 60GB |
| OpenLDAP (standalone) | 4GB | 2-core | 60GB |
* Adjust Postgres system requirements based on throughput:
** The Postgres hard disk value is based on the out of the box analytics captured by Edge. If you add custom values to the analytics data, then these values should be increased accordingly. Use the following formula to estimate the required storage:
For example:
*** Network Storage is recommended for Postgresql database because:
| |||
In addition, the following lists the hardware requirements if you want to install the Monetization Services (not supported on All-in-One installation):
| Component with Monetization | RAM | CPU | Hard disk |
|---|---|---|---|
| Management Server (with Monetization Services) | 8GB | 4‑core | 60GB |
| Analytics - Postgres/Qpid on same server | 16GB | 8-core | 500GB - 1TB network storage, preferably with SSD backend, supporting 1000 IOPS or higher, or use the rule from the table above. |
| Analytics - Postgres master or standby standalone | 16GB | 8-core | 500GB - 1TB network storage, preferably with SSD backend, supporting 1000 IOPS or higher, or use the rule from the table above. |
| Analytics - Qpid (standalone) | 8GB | 4-core | 40GB - 500GB local storage with SSD or fast HDD For installations greater than 250 TPS, HDD with local storage supporting 1000 IOPS is recommended. |
- If the root file system is not large enough for the installation, Apigee recommends that you place the data onto a larger disk.
- If an older version of Apigee Edge for Private Cloud was installed on the machine, ensure that you delete the
/tmp/javadirectory before a new installation. - The system-wide temporary folder
/tmpneeds execute permissions in order to start Cassandra. - If user 'apigee' was created prior to the installation, ensure that
/home/apigeeexists as home directory and is owned byapigee:apigee.
Cassandra network bandwidth requirements
Cassandra uses theGossip protocol to exchange information with other nodes about network topology. The use of Gossip, combined with the distributed nature of Cassandra—which involves communicating with multiple nodes for read and write operations—results in significant data transfer across the network.
Cassandra requires a minimum network bandwidth of1 Gbps per node. For production installations, a higher bandwidth is recommended.
The maximum or 99th percentile latency for Cassandra should be below 100 milliseconds.
Operating system and third-party software requirements
These installation instructions and the supplied installation files have been tested on the operating systems and third-party software listed inSupported software and supported versions.
Prerequisite: Enable EPEL repo
Before proceeding with the installation, ensure that the EPEL (Extra Packages for Enterprise Linux) repository is enabled. Use the following commands based on your operating system version:
- For Red Hat/CentOS/Oracle 8.X:
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm
sudo rpm -ivh epel-release-latest-8.noarch.rpm
- For Red Hat/CentOS/Oracle 9.X:
wget https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
sudo rpm -ivh epel-release-latest-9.noarch.rpm
Java
You need a supported version of Java 1.8 installed on each machine prior to the installation. Supported JDKs are listed inSupported software and supported versions.
Ensure that theJAVA_HOME environment variable points to the root of the JDK for the user performing the installation.
JAVA_HOME for you as part of theapigee-setup installation process. SeeInstall the Edge apigee-setup utility for more.SELinux
Depending on your settings for SELinux, Edge can encounter issues with installing and starting Edge components. If necessary, you can disable SELinux or set it to permissive mode during installation, and then re-enable it after installation. SeeInstall the Edge apigee-setup utility for more.
Creating the 'apigee' user
The installation procedure creates a Unix system user named 'apigee'. Edge directories and files are owned by 'apigee', as are Edge processes. That means Edge components run as the 'apigee' user. If necessary, you can run components as a different user.
Installation directory
By default, the installer writes all files to the/opt/apigee directory. You cannot change this directory location. While you cannot change this directory, you can create a symlink to map/opt/apigee to another location, as described inCreating a symlink from /opt/apigee.
In the instructions in this guide, the installation directory is noted as/opt/apigee.
Creating a symlink from /opt/apigee
Before you create the symlink, you must first create a user and group named "apigee". This is the same group and user created by the Edge installer.
To create the symlink, perform these steps before downloading the bootstrap_4.53.01.sh file. You must perform all of these steps as root:
- Create the "apigee" user and group:
groupadd -r apigee > useradd -r -g apigee -d /opt/apigee -s /sbin/nologin -c "Apigee platform user" apigee
- Create a symlink from
/opt/apigeeto your desired install root:ln -Ts/srv/myInstallDir /opt/apigee
Where/srv/myInstallDir is the desired location of the Edge files.
- Change ownership of the install root and symlink to the "apigee" user:
chown -h apigee:apigee/srv/myInstallDir /opt/apigee
Network setting
Apigee recommendeds that you check the network setting prior to the installation. The installer expects that all machines have fixed IP addresses. Use the following commands to validate the setting:
hostnamereturns the name of the machinehostname -ireturns the IP address for the hostname that can be addressed from other machines.
Depending on your operating system type and version, you may need to edit/etc/hosts and/etc/sysconfig/network if the hostname is not set correctly. See the documentation for your specific operating system for more information.
If a server has multiple interface cards, the "hostname -i" command returns a space-separated list of IP addresses. By default, the Edge installer uses the first IP address returned, which might not be correct in all situations. As an alternative, you can set the following property in the installation configuration file:
ENABLE_DYNAMIC_HOSTIP=y
With that property set to "y", the installer prompts you to select the IP address to use as part of the install. The default value is "n". SeeEdge Configuration File Reference for more.
Warning: If you setENABLE_DYNAMIC_HOSTIP=y, ensure that your property file does not setHOSTIP.TCP Wrappers
TCP Wrappers can block communication of some ports and can affect OpenLDAP, Postgres, and Cassandra installation. On those nodes, check/etc/hosts.allow and/etc/hosts.deny to ensure that there are no port restrictions on the required OpenLDAP, Postgres, and Cassandra ports.
iptables
Validate that there are no iptables policies preventing connectivity between nodes on the required Edge ports. If necessary, you can stop iptables during installation using the command:
sudo/etc/init.d/iptables stop
Directory access
The following table lists directories on Edge nodes that have special requirements from Edge processes:
| Service | Directory | Description |
|---|---|---|
| Router | /etc/rc.d/init.d/functions | The Edge Router uses the Nginx router and requires read access to If your security process requires you to set permissions on You can set permissions to 744 to allow read access to |
| Zookeeper | /dev/random | The Zookeeper client library requires read access to the random number generator/dev/random. If/dev/random is blocked on read, then the Zookeeper service might fail to start up. |
Cassandra
All Cassandra nodes must be connected to a ring. Cassandra stores data replicas on multiple nodes to ensure reliability and fault tolerance. The replication strategy for each Edge keyspace determines the Cassandra nodes where replicas are placed. For more, seeAbout Cassandra replication factor and consistency level.
Cassandra automatically adjusts its Java heap size based on the available memory. For more, seeTuning Java resources in the event of a performance degradation or high memory consumption.
After installing the Edge for Private Cloud, you can check that Cassandra is configured correctly by examining the/opt/apigee/apigee-cassandra/conf/cassandra.yaml file. For example, ensure that the Edge for Private Cloud installation script set the following properties:
cluster_nameinitial_tokenpartitionerseedslisten_addressrpc_addresssnitch
PostgreSQL database
Warning: Make sure that yum isnot set to clean requirements on remove. Otherwise, PostreSQL upgrades will fail.After you install Edge, you can adjust the following PostgreSQL database settings based on the amount of RAM available on your system:
conf_postgresql_shared_buffers = 35% of RAM # min 128kBconf_postgresql_effective_cache_size = 45% of RAMconf_postgresql_work_mem = 512MB # min 64kB
To set these values:
- Edit the postgresql.properties file:
vi /opt/apigee/customer/application/postgresql.properties
If the file does not exist, create it.
- Set the properties listed above.
- Save your edits.
- Restart the PostgreSQL database:
/opt/apigee/apigee-service/bin/apigee-service apigee-postgresql restart
Locale configuration for Rocky 9.X
If you are using Rocky 9.X, ensure your system is configured withLANG=en_US.utf8 in the system-wide locale settings. To configure this, run the following commands:
dnf -y -q install langpacks-enlocalectl set-locale LANG=en_US.utf8reboot
zh_CN.utf8) may work, they are untested, and customers should be aware of potential issues.System limits
Ensure that you have set the following system limits on Cassandra and Message Processor nodes:
- On Cassandra nodes, set soft and hard memlock, nofile, and address space (as) limits for installation user (default is "apigee") in
/etc/security/limits.d/90-apigee-edge-limits.confas shown below:apigee soft memlock unlimitedapigee hard memlock unlimitedapigee soft nofile 32768apigee hard nofile 65536apigee soft as unlimitedapigee hard as unlimitedapigee soft nproc 32768apigee hard nproc 65536
- On Message Processor nodes, set the maximum number of open file descriptors to 64K in
/etc/security/limits.d/90-apigee-edge-limits.confas shown below:apigee soft nofile 32768apigee hard nofile 65536
If necessary, you can raise that limit. For example, if you have a large number of temporary files open at any one time.
If you ever see the following error in a Router or Message Processor
system.log, your file descriptor limits may be set too low:"java.io.IOException: Too many open files"
You can check your user limits by running:
# su - apigee$ ulimit -n100000
If you are still reaching the open files limits after setting the file descriptor limits to
100000, open a ticket withApigee Edge Support for further troubleshooting.
Network Security Services (NSS)
Network Security Services (NSS) is a set of libraries that supports development of security-enabled client and server applications. You should ensure that you have installed NSS v3.19, or later.
To check your current version:
yum info nss
To update NSS:
yum update nss
Seethis article from RedHat for more information.
Disable DNS lookup on IPv6 when using NSCD (Name Service Cache Daemon)
If you have installed and enabled NSCD (Name Service Cache Daemon), the Message Processors make two DNS lookups: one for IPv4 and one for IPv6. You should disable DNS lookup on IPv6 when using NSCD.
To disable the DNS lookup on IPv6:
- On every Message Processor node, edit
/etc/nscd.conf - Set the following property:
enable-cache hosts no
Disable IPv6 on RHEL 8 and later
If you are installing Edge on RHEL 8 or later versions on Google Cloud Platform, you must disable IPv6 on all Qpid nodes.
For instructions on disabling IPv6, please refer to the documentation provided by your OS vendor. For example, you can find relevant information in theRed Hat Enterprise Linux Documentation.
Prerequisites for Amazon Linux 2023.7/2023.8
Before performing a fresh install on Amazon Linux 2023.7/2023.8, or upgrading from 4.52.02 to 4.53.01 (on Amazon Linux 2023.7/2023.8), edit the/etc/yum.repos.d/amazonlinux.repo file. The section containing[amazonlinux] must include the following to ensure that the packages are downloaded fromapigee-thirdparty and not from Amazon:exclude=postgresql17,luajit*.
Tools
The installer uses the following UNIX tools in the standard version as provided by EL5 or EL6.
awk | expr | libxslt | rpm | unzip |
basename | grep | lua-socket | rpm2cpio | useradd |
bash | hostname | ls | sed | wc |
bc | id | net-tools | sudo | wget |
curl | libaio | perl (from procps) | tar | xerces-c |
| cyrus-sasl | libdb4 | pgrep (from procps) | tr | yum |
date | libdb-cxx | ps | uuid | chkconfig |
| dirname | libibverbs | pwd | uname | |
| echo | librdmacm | python |
- The executable for the
useraddtool is located in/usr/sbinand forchkconfigin/sbin. - With sudo access you can gain access over the environment of the calling user, for example, usually you would call
sudocommandorsudo PATH=$PATH:/usr/sbin:/sbincommand. - Ensure that you have
patchinstalled prior to a service pack (patch) installation.
Time synchronization
Apigee recommends that your servers' times be synchronized. If not already configured, thentpdate utility or an equivalent tool can serve this purpose by verifying whether the servers are time synchronized. For example, you can useyum install ntp or an equivalent command to install the utility. This is particularly useful for replicating LDAP setups. Please note that you should set the server time zone to UTC.
Firewalls and virtual hosts
The termvirtual commonly gets overloaded in the IT arena, and so it is with an Apigee Edge for Private Cloud deployment and virtual hosts. To clarify, there are two primary uses of the termvirtual:
- Virtual machines (VM): Not required, but some deployment use VM technology to create isolated servers for their Apigee components. VM hosts, like physical hosts, can have network interfaces and firewalls.
- Virtual hosts: Web endpoints, analogous to an Apache virtual host.
A router in a VM can expose multiple virtual hosts (as long as they differ from one another in their host alias or in their interface port).
Just as a naming example, a single physical serverA might be running two VMs, named "VM1" and "VM2". Let's assume "VM1" exposes a virtual Ethernet interface, which gets named "eth0" inside the VM, and which is assigned IP address111.111.111.111 by the virtualization machinery or a network DHCP server; and then assume VM2 exposes a virtual Ethernet interface also named "eth0" and it gets assigned an IP address111.111.111.222.
We might have an Apigee router running in each of the two VMs. The routers expose virtual host endpoints as in this hypothetical example:
The Apigee router in VM1 exposes three virtual hosts on its eth0 interface (which has some specific IP address),api.mycompany.com:80,api.mycompany.com:443, andtest.mycompany.com:80.
The router in VM2 exposesapi.mycompany.com:80 (same name and port as exposed by VM1).
The physical host's operating system might have a network firewall; if so, that firewall must be configured to pass TCP traffic bound for the ports being exposed on the virtualized interfaces (111.111.111.111:{80, 443} and111.111.111.222:80). In addition, each VM's operating system may provide its own firewall on its eth0 interface and these too must allow ports 80 and 443 traffic to connect.
The basepath is the third component involved in routing API calls to different API proxies that you may have deployed. API proxy bundles can share an endpoint if they have different basepaths. For example, one basepath can be defined ashttp://api.mycompany.com:80/ and another defined ashttp://api.mycompany.com:80/salesdemo.
In this case, you need a load balancer or traffic director of some kind splitting the http://api.mycompany.com:80/ traffic between the two IP addresses (111.111.111.111 on VM1 and111.111.111.222 on VM2). This function is specific to your particular installation, and is configured by your local networking group.
The basepath is set when you deploy an API. From the above example, you can deploy two APIs,mycompany andtestmycompany, for the organizationmycompany-org with the virtual host that has the host alias ofapi.mycompany.com and the port set to80. If you do not declare a basepath in the deployment, then the router does not know which API to send incoming requests to.
However, if you deploy the APItestmycompany with the base URL of/salesdemo, then users access that API usinghttp://api.mycompany.com:80/salesdemo. If you deploy your API mycompany with the base URL of/ then your users access the API by the URLhttp://api.mycompany.com:80/.
Licensing
Each installation of Edge requires a unique license file that you obtain from Apigee. You will need to provide the path to the license file when installing the management server, for example /tmp/license.txt.
The installer copies the license file to/opt/apigee/customer/conf/license.txt.
If license file is valid, the management server validates the expiry and allowed Message Processor (MP) count. If any of the license settings is expired, you can find the logs in the following location:/opt/apigee/var/log/edge-management-server/logs. In this case you can contactApigee Edge Support for migration details.
If you do not yet have a license, contactApigee Sales.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-02 UTC.