# Preparing for Installation
## Preparing for Installation
Keeper Connection Manager will serve your secure "jumpbox" and you'll use your web browser to access it. First, choose a URL that you'd like to use for accessing KCM.
You'll need the following:
1\. A designated machine (usually a Linux VM) **with a static IP address**\
2\. Choose a fully-qualified domain name (FQDN)\
3\. Your DNS record set to point your FQDN to the IP of your designated machine\
4\. An SSL certificate
No cert? Don't worry, you can:
1. Start by choosing "use a self-signed certificate" (for testing)
2. Choose "Let's Encrypt" to generate a 90 day auto-renewing cert (requires 80 and 443 open)
3. Bring your own cert during setup or add it in later using the reconfigure command
\
You can either bring your own SSL certificate, or you can generate one during the installation by choosing the option for [Let's Encrypt](https://letsencrypt.org/). If planning to use Let's Encrypt, make sure that ports 80 and 443 are open to the internet during the installation.
To prepare for installation:
1. Create/Identify and establish root access to the server that will run the Keeper Connection Manager gateway
2. Decide if you want your KCM gateway to be public-facing (assign public IP), or internal-only (assign private IP)
3. Add internal/external DNS A Record (or AAAA record) to point your domain to your KCM server's IP address
4. Make sure that ports 80 and 443 are open to the public if you plan to use Let's Encrypt.
**Check your firewall to make sure that traffic can flow between your server and Docker.** Some domains that it will need to reach include docker.com, docker.io and others.
## Platform-specific Setup
#### Virtual Machines with Depletable Entropy Bits
{% hint style="info" %}
Linux kernels before 5.18 had a depletable entropy measured in bits, with a default limit of 256 bits. This is insufficient for KCM and requires modules like `haveged` to increase the entropy limit.
If your Linux machine's kernel version is 5.18 or greater the steps below can be ignored. Attempting the `cat` command below will also always return `256`.
{% endhint %}
To check your that your Linux system's entropy level is at least 1000, use the command:
```
$ cat /proc/sys/kernel/random/entropy_avail
```
To increase the speed of entropy generation, you can install the `haveged` service to ensure that the environment can efficiently create secure random numbers.
{% tabs %}
{% tab title="RHEL" %}
On RHEL, the `haveged` package is not available from the Red Hat repositories and must instead be installed from the EPEL repository. EPEL provides instructions for configuring their repository here: . After EPEL is installed, run the following commands:
```
sudo yum install haveged
sudo systemctl start haveged
sudo systemctl enable haveged
```
{% endtab %}
{% tab title="Debian / Ubuntu" %}
```
sudo apt-get install haveged
```
{% endtab %}
{% tab title="CentOS / Rocky Linux" %}
```
sudo yum install epel-release
sudo yum install haveged
sudo systemctl start haveged
sudo systemctl enable haveged
```
{% endtab %}
{% endtabs %}
#### RHEL / Rocky Linux 8 (and derivatives)
If Podman is installed, you must run the following two commands before installation:
```
sudo yum remove containerd
sudo yum remove runc
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.keeper.io/keeper-connection-manager/installation/preparing-for-installation.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.