System Requirements
Licensing
The Kiosk Client application requires a licensed UNIVERGE Integration Platform (UIP):
- A UIP license file can be uploaded to the Integration Platform by clicking the Import License button on the Administration > License page.
- Sufficient UIP workflow and trigger licenses to support kiosk functionality.
- License for one UIP Adapter Hub machine
- License for the Kiosk application (containing the count of the maximum number of Kiosks that a site will need to run simultaneously)
- When each Kiosk client is started, the Kiosks connect to Kiosk Server to confirm that a Kiosk license is installed and available.
- If a Kiosk license is not available, the Kiosk application will not allow guest functions to be performed.
Note: Additional licenses external to the Kiosk may be needed for connected services such as scanner software and face match software.
Safe Data Handling
Some features such as the Scan Data feature can be enabled to deliver guest document image data to the owner or purchaser of the software. It is the responsibility of the owner or purchaser to properly handle and secure the data that is provided to the owner's chosen scanned data location. Once it is out of the Kiosk System and saved to the chosen location, the Kiosk System and the Kiosk manufacturer are not responsible for the data's security.
Machine Requirements
UNIVERGE Integration Platform
For the UNIVERGE Integration Platform (UIP) machine requirements, refer to the NEC UNIVERGE Integration Platform Documentation located here:
https://uip.nec-help.com/latest-onprem/Install/System-Requirements/
Tip
It is recommended that LUKS disk encryption support is activated before proceeding to installing Ubuntu on the UIP machine.
Warning
The minimum supported UIP version is 1.15.
UIP Adapter Hub Machine
UIP Adapter Hub is a separate machine from UIP where Kiosk Admin, Kiosk Server and the Kiosk Database are deployed. The system requirements for Adapter Hub are mentioned in UIP documentation as Adapter Hub only, see https://uip.nec-help.com/latest-onprem/Workflow-Engine/Adapter-Hub/Adapter-Hub/.
Tip
It is recommended that LUKS disk encryption support is activated before proceeding to installing Ubuntu on the Adapter Hub machine.
See table below for Adapter Hub machine requirements with Kiosk Services.
| Item | Minimum Requirements for hosting Adapter Hub + Kiosk Services |
|---|---|
| Memory | >= 4 GB RAM |
| Processor | >=2.8 GHz with >=2 Cores/Virtual ProcessorsAdvanced Vector Extensions (AVX) |
| Storage | >= 60 GB of available space with LUKS disk encryption |
Warning
The minimum supported Adapter Hub version is 1.0.20.
Combined UIP + Adapter Hub Machine
For keeping the number of managed virtual servers / IP addresses / FQDN's at a minimum, it is also possible to deploy UIP and Adapter Hub with Kiosk Services on the same Ubuntu machine.
Tip
It is recommended that LUKS disk encryption support is activated before proceeding to installing Ubuntu on the UIP machine.
| Item | Minimum Requirements for hosting UIP + Adapter Hub + Kiosk Services on the same machine |
|---|---|
| Memory | >= 16 GB RAM |
| Processor | >=2.8 GHz with >=6 Cores/Virtual ProcessorsAdvanced Vector Extensions (AVX) |
| Storage | >= 150 GB of available space with LUKS disk encryption |
Kiosk Client Machine
The Kiosk Client application can run on the following devices:
- Windows 10/11 compatible PC with a touchscreen monitor (or all-in-one)
Note: Although the kiosk client is designed to take advantage of touch screen technology, a Windows 10/11 compatible PC with a keyboard and mouse can also be used.
The Kiosk Client may require other services and applications to be installed on the same machine as the Kiosk Client application depending on the configuration. These other applications may have additional software and hardware requirements.
Note: The touch screen capability between a touch screen and a PC may not function with a USB Type-C to Type-C cable. In some cases, a Type-C to USB A may be needed.
| Item | Minimum Requirements |
|---|---|
| Memory | 4 GB RAM |
| Processor | Intel i5 |
| Storage | 2 GB free space |
| Network | 100 Mbps or faster |
| Display resolution | Landscape mode: 1920 x 1080 (Full HD) Portrait mode: 1080 x 1920 (Full HD) Low resolution theme: 1024 x 768 |
| USB | 2 ports (USB 3.0 hub can be used for extra ports when needed to connect external devices to the Kiosk Client) |
| Operating System | Windows 10 (x64) Pro, Enterprise Windows 10 IoT Enterprise / LTSC Windows 11 Enterprise Windows 11 IoT Enterprise / LTSC Note: See Limitations for Windows 11 Touch keyboard |
| .NET Framework .NET Core |
Scanner services
|
| Camera | 720p webcam with snapshot ability, 2 Megapixels or higher *Note - Wide angle, HD cameras may stretch image and result in a lower match score |
| Adobe Reader | Adobe Reader is necessary to provide support for printing PDF invoices. Both Adobe Reader XI (supplied with the Kiosk distribution) and Acrobat Reader DC (downloadable from https://get.adobe.com/reader/) are supported. |
The maximum number of Kiosk Clients supported by a single UIP system is 10 clients.
System Time Sync
The Smart Check-In Kiosk machine’s time should be set to be within about five minutes with the UIP and Adapter Hub server’s machine time.
Using an NTP server to keep the Kiosk machines' times synced with the server is optional. See the NEC UNIVERGE Integration Platform Online Documentation for Date/Time instructions for the Ubuntu servers.
Network Access and Shares
- Each Kiosk Client machine needs to have connectivity to the UIP Adapter Hub machine and to the common location of the Kiosk Client configuration files if desired.
- The UIP Adapter Hub machine needs to have connectivity to the UIP server
Certificates and Security
Refer to Securing the Communication between Kiosk Applications
Ports
In the following sections, when listing the ports and their usage, we also mention the direction of the port.
When describing the port direction, we always look from the perspective on the machine where the respective port is used to make a connection. From this perspective, we can identify three directions:
- inbound: Applications running on a remote machine connect to a port opened on the target machine to access some services or resources.
- outbound: Applications running on the target machine connect to a port opened on a remote machine to access some services or resources.
- local: Application running on the target machine connect to other applications running on the same machine.
Integration Platform
You do not need to do any specific actions on the UIP machine to open any ports. The Docker NAT (Network Address Translation) will automatically handle exposing the necessary ports.
- To understand how to secure the UIP server with a firewall, refer to https://uip.nec-help.com/latest-onprem/System-Security/Securing-the-System-with-a-Firewall/
- To understand how to enable HTTPS mode on the UIP server, refer to https://uip.nec-help.com/latest-onprem/System-Security/Securing-HTTPS-Connections/
UIP Adapter Hub
You do not need to do any specific actions on the Adapter Hub machine to open any ports. The Docker NAT (Network Address Translation) will automatically handle exposing the necessary ports.
On a typical installation, these ports are:
| Port number | Protocol | Direction | Related app or service | Purpose | Typical usage |
|---|---|---|---|---|---|
| 443 | HTTPS1 | outbound |
|
|
|
| 270172 | MongoDB Wire Protocol | outbound | MongoDB | Query MongoDB | This port is used only if the Kiosk Services were deployed with an external MongoDB. |
| 8080 | HTTPS3 | inbound | Kiosk Server | Kiosk REST API | Kiosk Client's primary communication to the Kiosk Server. Some adapters on UIP will connect to Kiosk Server 8080 (Ex. CRT, N-Genius). |
| 10005 | HTTPS3 | inbound | Kiosk Admin | Web app for configuring Kiosk | Kiosk system admin configures Kiosk using this web app. |
| 60081 | TCP+TLS3 | inbound | Kiosk Server | Licensing, notifications | Kiosk clients getting license information and receiving notifications from Kiosk Server |
1 UIP must be secured.
2 By default, Mongo DB is installed internally and not exposed via Docker. Only when specifying a MongoDB connection string in the template is this port used.
3 Kiosk Services are secured by default. HTTPS and TCP+TLS are used as protocols.
Kiosk Client Machine
These are the ports used by the Kiosk Clients and other supporting services. When the Kiosk Client machines are configured with firewalls, these ports need to be allowed in the firewalls.
Note: It is recommended that all connections be configured as secured.
| Port number(s) | Protocol | Direction | Related app or service | Purpose | Typical usage |
|---|---|---|---|---|---|
| 135...139, 445 | SMB (TCP + UDP) | inbound, outbound | Windows file/folder sharing | Kiosk Client reading themes, flow configuration and other resources from a remote Windows share | From Kiosk perspective, these ports are needed when the Kiosk Client was configured, at installation time, to read reading themes, flow configuration and other resources from a remote Windows share. See also Smart Check-In Client Installation However, the Windows file/folder sharing cannot work unless these ports are enabled. We recommend to always have them enabled unless the customer's security policy explicitly forbids them. |
| 443 | HTTPS | outbound | Typical web servers (IIS, Apache, etc.) | Kiosk Client reading themes, flow configuration and other resources from a HTTPS endpoint. | This port is needed only when the Kiosk Client was configured, at installation time, to read reading themes, flow configuration and other resources from a HTTPS endpoint. See also Smart Check-In Client Installation |
| 8080 | HTTPS1 | outbound | Kiosk Server | Kiosk REST API | Kiosk Client's primary communication to the Kiosk Server. 2NEC Serial2TCP Service - Key card dispenser controller services 2NEC TCP Proxy Service - Controller service for integrations to 3rd party apps running on Kiosk Client machine. |
| 60080 | TCP | local | NEC Scanner Services (AssureID or Veridocs) | ID document scanning | Kiosk clients connect to scanner services for scanning ID documents (Local connection on the same machine) |
| 60081 | TCP+TLS1 | outbound | Kiosk Server | Licensing, notifications | Kiosk clients getting license information and receiving notifications from Kiosk Server |
1 Kiosk Services are secured by default. HTTPS and TCP+TLS are used as protocols.
2 NEC Serial2TCP Service and NEC Proxy Service are services can be configured to communicate to Kiosk Server on a specific TCP port such as 10001 or 3000 however this communication method is not recommended.
Warning
If the Kiosk Client was installed to read the flow configuration from a mapped network share or an HTTPS endpoint, access to that location needs to be effectively made available (besides enabling the related ports as explained in the above table).