Privileged Account Manager 3.7 System Requirements and Sizing Guidelines

December 2019

Micro Focus recommends the tested platforms listed below. However, customers running on any platforms not provided in this list or with untested configurations will be supported until the point Micro Focus determines that the root cause is the untested platform or configuration. Issues that can be reproduced on the tested platforms will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies.

1.0 System Requirements

1.1 Software Requirements

Operating Systems

Component

Runs on

Framework Manager

  • Microsoft Windows Server 2019 (64-bit)

  • Microsoft Windows Server 2016 (64-bit)

  • Microsoft Windows Server 2012 R2 (64-bit)

  • Microsoft Windows Server 2008 R2 (64-bit)

  • SUSE Linux Enterprise Server 15 SP1 (64-bit)

  • SUSE Linux Enterprise Server 12 SP4 and SP5 (64-bit)

  • SUSE Linux Enterprise Server 11 SP4 (64-bit)

  • Red Hat Enterprise Linux Server 8 (64-bit)

  • Red Hat Enterprise Linux Server 7.6 (64-bit)

  • Oracle Linux 7 (64-bit)

Agent

Servers:

  • Microsoft Windows Server 2019

  • Microsoft Windows Server 2016

  • Microsoft Windows Server 2012 R2 (64-bit)

  • Microsoft Windows Server 2008 R2 (64-bit)

  • SUSE Linux Enterprise Server 15 SP1 (64-bit)

  • SUSE Linux Enterprise Server 12 SP4 and SP5 (64-bit)

  • SUSE Linux Enterprise Server 11 (32-bit and 64-bit)

  • Red Hat Enterprise Linux Server 8 (64-bit)

  • Red Hat Enterprise Linux Server 7.x (64-bit)

  • AIX 7.1 (64-bit)

  • AIX 6.1 (32-bit and 64-bit)

  • Solaris (SPARC) (32-bit and 64-bit) on version 10 and version 11

  • Solaris (Intel) (64-bit) on version 11

  • Solaris (Intel) (32-bit and 64-bit) on version 10

  • Oracle Linux 8 (64-bit)

  • Oracle Linux 7 (64-bit)

  • HP-UX (Itanium) 11.31 (64-bit)

  • HP-UX (Itanium) 11.23 (64-bit)

Desktop:

  • Microsoft Windows 10 (64-bit)

  • Microsoft Windows 8.1 (64-bit)

  • Microsoft Windows 7 (32-bit and 64-bit)

Task Manager module

PAM Server installed on:

  • SUSE Linux Enterprise Server 15 SP1 (64-bit)

  • SUSE Linux Enterprise Server 12 SP4 and SP5 (64-bit)

  • Red Hat Enterprise Linux Server 7 (64-bit)

  • Red Hat Enterprise Linux Server 8 (64-bit)

  • Microsoft Windows Server 2019 (64-bit)

  • Microsoft Windows Server 2016 (64-bit) with Powershell 4.0 and above

  • Microsoft Windows Server 2012 R2 (64-bit) with Powershell 4.0 and above

  • Microsoft Windows Server 2008 R2 (64-bit) with Powershell 4.0 and above

NOTE:For password management, the target Windows operating systems should have a minimum PowerShell version of 2.0.

Privileged Account Sniffer

Microsoft Windows operating systems with .NET Framework 4.5

NOTE:Ensure that the operating system is running the vendor's latest maintenance patches.

Browsers

  • Microsoft Edge (with latest updates)

  • Microsoft Internet Explorer 11 (with latest updates)

  • Mozilla Firefox (latest version)

  • Google Chrome (latest version)

1.2 Minimum Hardware Requirements

Component

CPU

Memory

Hard Disk

Framework Manager and Dashboard

2.5 GHz or equivalent. Dual CPU recommended.

8 GB

5 GB + additional storage for audit data and logs

Agent

2.5 GHz or equivalent

4 GB

10 GB

Application SSO Agent

Dual CPU 2.5 GHz or equivalent.

8 GB

50 GB

Video Off-load agent

Quad CPU 2.5 GHz or equivalent.

8 GB

100 GB

NOTE:For virtual environments, Privileged Account Manager supports all the virtual platforms that are supported by that corresponding operating system. When you set up a virtual environment, the virtual machines must have two or more CPUs. To achieve performance results that are same as the physical machine testing results on ESX or in any other virtual environment, the virtual environment should provide the same memory, CPUs, disk space, and I/O as the physical machine recommendations.

1.3 Supported Database Servers and Clients

Access Method

Operating System

Database Servers

Database Clients (Native)

Database Client (3rd Party)

Credential Checkout

Any certified Linux manager platforms

Oracle Database 12c

Oracle Database 11g

SQL Developer SQL Plus

DbVisualizer

Toad

Microsoft SQL Server 2016

Microsoft SQL Server 2014

Microsoft SQL Server 2012

Microsoft SQL Server 2008

SSMS (SQL Server Management Studio)

SQLCMD (Command lineutility for Microsoft SQL)

MySQL 5.7

MySQL 5.6

MariaDB 10.2

SQL Workbench

MySQL Shell (Command line utility for MySQL)

Sybase 16.0

SSMS (SQL Server Management Studio)

SQLCMD (Command lineutility for Microsoft SQL)

PostgreSQL 9.6

pgAdmin

IBM Db2 v10.5

IBM Db2 v11.1

IBM Db2 v11.5

IBM Data Studio

Database Proxy (DB Proxy)

Any certified Linux manager platforms

Oracle Database 12c

Oracle Database 11g

SQL Developer

SQL Plus

DbVisualizer

Toad

Microsoft SQL Server 2016

Microsoft SQL Server 2014

Microsoft SQL Server 2012

Microsoft SQL Server 2008

SSMS (SQL Server Management Studio)

SQLCMD (Command line utility for Microsoft SQL)

MySQL 5.7

MySQL 5.6

MariaDB 10.2

SQL Workbench

MySQL Shell (Command line utility for MySQL)

Sybase 16.0

SSMS (SQL Server Management Studio)

SQLCMD (Command lineutility for Microsoft SQL)

PostgreSQL 9.6

pgAdmin

IBM Db2 v10.5

IBM Db2 v11.1

IBM Db2 v11.5

IBM Data Studio

Application SSO

Direct access mode:Remote Desktop Session to any PAM certified Windows operating system.

RemoteApp mode:

  • Microsoft Windows Server 2012 R2

  • Microsoft Windows Server 2016

Any database server

Any database client

Any database client

NOTE:Ensure that the database is running the vendor's latest maintenance patches.

1.4 Supported Applications

Methods

Application

Credential Checkout

  • System Applications Product (SAP) 7.x

  • VMware ESXi 6.x

  • VMware ESXi 5.x

  • Lightweight Directory Access Protocol (LDAP) v3 Compliant

  • OpenStack Keystone v2 and Key stone v3

  • Amazon Web Services (AWS)

  • Microsoft Azure

  • Microsoft Windows local accounts

  • Linux local accounts (over SSH)

  • AIX local accounts (over SSH)

Application SSO

Most Windows native applications, Windows .NET, Java, Web applications

NOTE:For Credential Checkout, although not officially certified, you can customize Privileged Account Manager to support applications such as Salesforce and so on.

1.5 Supported Directory Services

  • Microsoft Active Directory

  • NetIQ eDirectory

  • OpenLDAP 2.4.x

2.0 Sizing Guidelines

The guidelines are based on the following test data:

  • Framework Manager is running on Linux.

  • A separate Audit Manager and Video Offload Server are configured per audit zone.

  • Approximately 40 RDP sessions with 400 SSH sessions are running in parallel during these tests.

  • The Framework Manager, SSH Relay, and RDP Relay modules are installed on a single server.

2.1 Recommended Hardware

All the tests are executed on the following recommended hardware and the test results are documented in the sections that follow:

Component

CPU

Memory

Hard Disk

Framework Manager

2 CPUs @ 2.20GHz or above

8 GB

5 GB

Agent

2 CPUs @ 2.20GHz or above

4 GB

10 GB

Video Offload

4 CPUs @ 2.20GHz or above

8 GB

100 GB

Audit Manager

2 CPUs @ 2.20GHz or above

8 GB

100 GB

The storage requirement varies based on the data of the monitored sessions stored in PAM Audit Manager and the duration for which this data is stored.

2.2 Audit Data Storage Performance

The PAM session recordings tend to grow linearly by time. The following table gives you an estimation of the data size:

Average Session Time (in minutes)

Number of Sessions per day

Audit Data Storage Duration (number of days)

Video Size

Storage (Number of sessions * Storage Duration * Video Size)

2

5

365

1 MB

1825 MB

6

5

365

3 MB

5475 MB

10

5

365

5 MB

9125 MB

User Activity

The size of the video depends on the UI activity within an RDP session, the session’s graphics resolution, and the session duration.

Depending on the UI activity within an RDP session, PAM optimizes the size of recorded video.

  • In a session with zero to no UI activity and a typical PAM configuration of 5 FPS, the video file size is very small (for example 200KB per minute).

  • In a session with very high user activity, the video size can be as large as 1 MB per minute.

  • The following formula is used to calculate the daily video storage requirement:

    [Average Video size] X [Number video audited sessions per day] X [Average length of each session]

In addition to videos, the PAM Audit manager also stores the keystroke information and related screen-shots of the user activity in a database. However, the disk space required to store them is low compared to the storage needed to store videos.

2.3 Windows Agent Resource Utilization

Video Recording

CPU Usage

Memory Usage

Disabled

5%

20 MB

Enabled

10 - 60% *

200 MB *

* When video recording is enabled for the agent, there is a spike in CPU and memory utilization every two minutes (the default video setting). This spike can last for a few seconds. To avoid this spike, we recommend to deploy a separate PAM Video Offloading Server.

2.4 SSH Relay Manager Resource Utilization

The resource utilization for parallel SSH sessions are as follows:

Resource

100 SSH Sessions

200 SSH Sessions

400 SSH Sessions

CPU

5%

10%

18%

Memory

25%

32%

40%

NOTE:

  • Key stroke activity was nominal; that is, 5-6 basic Linux commands per session.

  • These tests do not capture X11 sessions.

2.5 RDP Relay Manager Resource Utilization

The resource utilization for parallel RDP sessions are as follows:

Resource

5 RDP Sessions

25 RDP Sessions

50 RDP Sessions

CPU

36%

63%

85%

Memory

5%

10%

20%

NOTE:

  • The CPU and memory utilization for the RDP relay process were nominal.

  • The keystroke activity was high; that is, open a notepad, write in it, and close the notepad every three seconds.

2.6 Resource Utilization in a Distributed Setup

Resource utilization in a distributed setup with 50 RDP sessions are as follows:

Setup

CPU

Memory

RDP Relay Manager

2%

4%

Audit Manager

85%

35%

Video Offload Server

5%

10%

2.7 Dashboard Performance

The Audit database size is 5 GB for the following tests:

Dashboard Load Time (in seconds)

Number of Records

Number of Keystrokes

Duration of Records

8 (including the initial page load)

30000

1200000

1 day

1*

30000

1200000

1 week

* In case of 1 week, the dashboard page is already loaded.