Micro Focus recommends the tested platforms listed below. However, customers running on any platforms not provided in this list or with untested configurations will be supported until the point Micro Focus determines that the root cause is the untested platform or configuration. Issues that can be reproduced on the tested platforms will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies.
Component |
Runs on |
---|---|
Framework Manager |
|
Agent |
Servers:
Desktop:
|
Task Manager module |
PAM Server installed on:
NOTE:For password management, the target Windows operating systems should have a minimum PowerShell version of 2.0. |
Privileged Account Sniffer |
Microsoft Windows operating systems with .NET Framework 4.5 |
NOTE:Ensure that the operating system is running the vendor's latest maintenance patches.
Microsoft Edge (with latest updates)
Microsoft Internet Explorer 11 (with latest updates)
Mozilla Firefox (latest version)
Google Chrome (latest version)
Component |
CPU |
Memory |
Hard Disk |
---|---|---|---|
Framework Manager and Dashboard |
2.5 GHz or equivalent. Dual CPU recommended. |
8 GB |
5 GB + additional storage for audit data and logs |
Agent |
2.5 GHz or equivalent |
4 GB |
10 GB |
Application SSO Agent |
Dual CPU 2.5 GHz or equivalent. |
8 GB |
50 GB |
Video Off-load agent |
Quad CPU 2.5 GHz or equivalent. |
8 GB |
100 GB |
NOTE:For virtual environments, Privileged Account Manager supports all the virtual platforms that are supported by that corresponding operating system. When you set up a virtual environment, the virtual machines must have two or more CPUs. To achieve performance results that are same as the physical machine testing results on ESX or in any other virtual environment, the virtual environment should provide the same memory, CPUs, disk space, and I/O as the physical machine recommendations.
Access Method |
Operating System |
Database Servers |
Database Clients (Native) |
Database Client (3rd Party) |
---|---|---|---|---|
Credential Checkout |
Any certified Linux manager platforms |
Oracle Database 12c Oracle Database 11g |
SQL Developer SQL Plus |
DbVisualizer Toad |
Microsoft SQL Server 2016 Microsoft SQL Server 2014 Microsoft SQL Server 2012 Microsoft SQL Server 2008 |
SSMS (SQL Server Management Studio) SQLCMD (Command lineutility for Microsoft SQL) |
|||
MySQL 5.7 MySQL 5.6 MariaDB 10.2 |
SQL Workbench MySQL Shell (Command line utility for MySQL) |
|||
Sybase 16.0 |
SSMS (SQL Server Management Studio) SQLCMD (Command lineutility for Microsoft SQL) |
|||
PostgreSQL 9.6 |
pgAdmin |
|||
IBM Db2 v10.5 IBM Db2 v11.1 IBM Db2 v11.5 |
IBM Data Studio |
|||
Database Proxy (DB Proxy) |
Any certified Linux manager platforms |
Oracle Database 12c Oracle Database 11g |
SQL Developer SQL Plus |
DbVisualizer Toad |
Microsoft SQL Server 2016 Microsoft SQL Server 2014 Microsoft SQL Server 2012 Microsoft SQL Server 2008 |
SSMS (SQL Server Management Studio) SQLCMD (Command line utility for Microsoft SQL) |
|||
MySQL 5.7 MySQL 5.6 MariaDB 10.2 |
SQL Workbench MySQL Shell (Command line utility for MySQL) |
|||
Sybase 16.0 |
SSMS (SQL Server Management Studio) SQLCMD (Command lineutility for Microsoft SQL) |
|||
PostgreSQL 9.6 |
pgAdmin |
|||
IBM Db2 v10.5 IBM Db2 v11.1 IBM Db2 v11.5 |
IBM Data Studio |
|||
Application SSO |
Direct access mode:Remote Desktop Session to any PAM certified Windows operating system. RemoteApp mode:
|
Any database server |
Any database client |
Any database client |
NOTE:Ensure that the database is running the vendor's latest maintenance patches.
Methods |
Application |
---|---|
Credential Checkout |
|
Application SSO |
Most Windows native applications, Windows .NET, Java, Web applications |
NOTE:For Credential Checkout, although not officially certified, you can customize Privileged Account Manager to support applications such as Salesforce and so on.
Microsoft Active Directory
NetIQ eDirectory
OpenLDAP 2.4.x
The guidelines are based on the following test data:
Framework Manager is running on Linux.
A separate Audit Manager and Video Offload Server are configured per audit zone.
Approximately 40 RDP sessions with 400 SSH sessions are running in parallel during these tests.
The Framework Manager, SSH Relay, and RDP Relay modules are installed on a single server.
All the tests are executed on the following recommended hardware and the test results are documented in the sections that follow:
Component |
CPU |
Memory |
Hard Disk |
---|---|---|---|
Framework Manager |
2 CPUs @ 2.20GHz or above |
8 GB |
5 GB |
Agent |
2 CPUs @ 2.20GHz or above |
4 GB |
10 GB |
Video Offload |
4 CPUs @ 2.20GHz or above |
8 GB |
100 GB |
Audit Manager |
2 CPUs @ 2.20GHz or above |
8 GB |
100 GB |
The storage requirement varies based on the data of the monitored sessions stored in PAM Audit Manager and the duration for which this data is stored.
The PAM session recordings tend to grow linearly by time. The following table gives you an estimation of the data size:
Average Session Time (in minutes) |
Number of Sessions per day |
Audit Data Storage Duration (number of days) |
Video Size |
Storage (Number of sessions * Storage Duration * Video Size) |
---|---|---|---|---|
2 |
5 |
365 |
1 MB |
1825 MB |
6 |
5 |
365 |
3 MB |
5475 MB |
10 |
5 |
365 |
5 MB |
9125 MB |
The size of the video depends on the UI activity within an RDP session, the session’s graphics resolution, and the session duration.
Depending on the UI activity within an RDP session, PAM optimizes the size of recorded video.
In a session with zero to no UI activity and a typical PAM configuration of 5 FPS, the video file size is very small (for example 200KB per minute).
In a session with very high user activity, the video size can be as large as 1 MB per minute.
The following formula is used to calculate the daily video storage requirement:
[Average Video size] X [Number video audited sessions per day] X [Average length of each session]
In addition to videos, the PAM Audit manager also stores the keystroke information and related screen-shots of the user activity in a database. However, the disk space required to store them is low compared to the storage needed to store videos.
Video Recording |
CPU Usage |
Memory Usage |
---|---|---|
Disabled |
5% |
20 MB |
Enabled |
10 - 60% * |
200 MB * |
* When video recording is enabled for the agent, there is a spike in CPU and memory utilization every two minutes (the default video setting). This spike can last for a few seconds. To avoid this spike, we recommend to deploy a separate PAM Video Offloading Server.
The resource utilization for parallel SSH sessions are as follows:
Resource |
100 SSH Sessions |
200 SSH Sessions |
400 SSH Sessions |
---|---|---|---|
CPU |
5% |
10% |
18% |
Memory |
25% |
32% |
40% |
NOTE:
Key stroke activity was nominal; that is, 5-6 basic Linux commands per session.
These tests do not capture X11 sessions.
The resource utilization for parallel RDP sessions are as follows:
Resource |
5 RDP Sessions |
25 RDP Sessions |
50 RDP Sessions |
---|---|---|---|
CPU |
36% |
63% |
85% |
Memory |
5% |
10% |
20% |
NOTE:
The CPU and memory utilization for the RDP relay process were nominal.
The keystroke activity was high; that is, open a notepad, write in it, and close the notepad every three seconds.
Resource utilization in a distributed setup with 50 RDP sessions are as follows:
Setup |
CPU |
Memory |
---|---|---|
RDP Relay Manager |
2% |
4% |
Audit Manager |
85% |
35% |
Video Offload Server |
5% |
10% |
The Audit database size is 5 GB for the following tests:
Dashboard Load Time (in seconds) |
Number of Records |
Number of Keystrokes |
Duration of Records |
---|---|---|---|
8 (including the initial page load) |
30000 |
1200000 |
1 day |
1* |
30000 |
1200000 |
1 week |
* In case of 1 week, the dashboard page is already loaded.
© Copyright 2020 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
For additional information, such as certification-related notices and trademarks, see http://www.microfocus.com/about/legal/.