Micro Focus recommends the fully tested and certified platforms described in this page. However, customers running on other platforms or with untested configurations will be supported until the point Micro Focus determines that the root cause is the uncertified platform or configuration. Issues that can be reproduced on the certified platforms will be prioritized and fixed according to standard defect-handling policies. For more information about support polices, see Support Policies.
This document provides the minimum requirements to install Privileged Account Manager. Ensure that you review these requirements before installation, particularly those related to the operating system.
IMPORTANT:In the following table, Certified includes the versions that are tested and supported. Whereas, Supported includes the versions that are not tested but are expected to work.
|
Framework Manager |
Supported:
|
Certified:
|
|
Agent |
Supported:
|
Certified:
|
|
Agentless Module |
Supported:
Prerequisites:
|
Certified:
Prerequisites:
|
|
Task Manager module |
Supported:
|
Certified:
|
|
Application SSO module |
Supported:
|
Certified:
|
|
Video Offloading module |
Supported:
|
Certified:
|
NOTE:Ensure that you use latest versions of service packs for the certified operating system and that the operating system is running the vendor's latest maintenance patches.
Microsoft Edge (with latest version and latest updates)
Microsoft Internet Explorer 11 (with latest version and latest updates)
Mozilla Firefox (with latest version and latest updates)
Google Chrome (with latest version and latest updates)
|
Component |
CPU |
Memory |
Hard Disk |
|---|---|---|---|
|
Framework Manager and Dashboard |
2.5 GHz or equivalent. Dual CPU recommended. |
8 GB |
5 GB + additional storage for audit data and logs |
|
Agentless Module |
2.5 GHz or equivalent. Dual CPU recommended. |
8 GB |
100 GB |
|
Agent |
2.5 GHz or equivalent |
4 GB |
10 GB |
|
Application SSO Agent |
Dual CPU 2.5 GHz or equivalent. |
8 GB |
50 GB |
|
Video Off-load agent |
Quad CPU 2.5 GHz or equivalent. |
8 GB |
100 GB |
NOTE:For virtual environments, Privileged Account Manager supports all the virtual platforms that are supported by that corresponding operating system. When you set up a virtual environment, the virtual machines must have two or more CPUs. To achieve performance results that are same as the physical machine testing results on ESX or in any other virtual environment, the virtual environment should provide the same memory, CPUs, disk space, and I/O as the physical machine recommendations.
NOTE:Privileged Account Manager supports all Cloud based virtual machines. Example: Amazon Web services (AWS) and Microsoft Azure.
|
Access Method |
Operating System |
Database Servers |
Database Clients (Native) |
Database Client (3rd Party) |
|---|---|---|---|---|
|
Credential Checkout |
Any certified Linux manager platforms |
Oracle Database 18 Oracle Database 19 |
SQL Developer SQL Plus |
DbVisualizer Toad |
|
Microsoft SQL Server 2019 |
SSMS (SQL Server Management Studio) SQLCMD (Command lineutility for Microsoft SQL) |
|||
|
MySQL 5.7 MySQL 5.6 MariaDB 10.2 |
SQL Workbench MySQL Shell (Command line utility for MySQL) |
|||
|
Sybase 16.0 |
SSMS (SQL Server Management Studio) SQLCMD (Command lineutility for Microsoft SQL) |
|||
|
PostgreSQL 10.12 PostgreSQL 11.7 PostgreSQL 12.2 PostgreSQL 12.8 PostgreSQL 14.0 |
pgAdmin |
|||
|
IBM Db2 v11.1 IBM Db2 v11.5 |
IBM Data Studio |
|||
|
Database Proxy (DB Proxy) |
Any certified Linux manager platforms |
Oracle Database 18 Oracle Database 19 |
SQL Developer SQL Plus |
DbVisualizer Toad |
|
Microsoft SQL Server 2019 |
SSMS (SQL Server Management Studio) SQLCMD (Command line utility for Microsoft SQL) |
|||
|
MySQL 5.7 MySQL 5.6 MariaDB 10.2 |
SQL Workbench MySQL Shell (Command line utility for MySQL) |
|||
|
Sybase 16.0 |
SSMS (SQL Server Management Studio) SQLCMD (Command lineutility for Microsoft SQL) |
|||
|
PostgreSQL 10.12 PostgreSQL 11.7 PostgreSQL 12.2 PostgreSQL 12.8 PostgreSQL 14.0 |
pgAdmin |
|||
|
IBM Db2 v11.1 IBM Db2 v11.5 |
IBM Data Studio |
NOTE:Ensure that the database is running the vendor's latest maintenance patches.
|
Methods |
Application |
|---|---|
|
Credential Checkout |
|
|
Application SSO |
Most Windows native applications, Windows .NET, Java, Web applications |
NOTE:For Credential Checkout, although not officially certified, you can customize Privileged Account Manager to support applications such as Salesforce and so on.
Microsoft Active Directory
NetIQ eDirectory
OpenLDAP 2.4.x
The guidelines are based on the following test data:
Framework Manager is running on Linux.
A separate Audit Manager and Video Offload Server are configured per audit zone.
Approximately 40 RDP sessions with 400 SSH sessions are running in parallel during these tests.
The Framework Manager, SSH Relay, and RDP Relay modules are installed on a single server.
All the tests are executed on the following recommended hardware and the test results are documented in the sections that follow:
|
Component |
CPU |
Memory |
Hard Disk |
|---|---|---|---|
|
Framework Manager |
2 CPUs @ 2.20GHz or above |
8 GB |
5 GB |
|
Agent |
2 CPUs @ 2.20GHz or above |
4 GB |
10 GB |
|
Video Offload |
4 CPUs @ 2.20GHz or above |
8 GB |
100 GB |
|
Agentless Manager |
4 CPUs @ 2.20GHz or above |
8 GB |
100 GB |
|
Audit Manager |
2 CPUs @ 2.20GHz or above |
8 GB |
100 GB |
The storage requirement varies based on the data of the monitored sessions stored in Privileged Account Manager’s Audit Manager and the duration for which this data is stored.
The Privileged Account Manager session recordings tend to grow linearly by time. The following table gives you an estimation of the data size:
|
Average Session Time (in minutes) |
Number of Sessions per day |
Audit Data Storage Duration (number of days) |
Video Size |
Storage (Number of sessions * Storage Duration * Video Size) |
|---|---|---|---|---|
|
2 |
5 |
365 |
1 MB |
1825 MB |
|
6 |
5 |
365 |
3 MB |
5475 MB |
|
10 |
5 |
365 |
5 MB |
9125 MB |
The size of the video depends on the User Interface activity within an RDP session, the session’s graphics resolution, and the session duration.
Depending on the User Interface activity within an RDP session, Privileged Account Manager optimizes the size of recorded video.
In a session with zero to no User Interface activity and a typical Privileged Account Manager configuration of 5 FPS, the video file size is very small (for example 200KB per minute).
In a session with very high user activity, the video size can be as large as 1 MB per minute.
The following formula is used to calculate the daily video storage requirement:
[Average Video size] X [Number video audited sessions per day] X [Average length of each session]
In addition to videos, the Privileged Account Manager’s Audit manager also stores the keystroke information and related screen-shots of the user activity in a database. However, the disk space required to store them is low compared to the storage needed to store videos.
|
Video Recording |
CPU Usage |
Memory Usage |
|---|---|---|
|
Disabled |
5% |
20 MB |
|
Enabled |
10 - 60% * |
200 MB * |
* When video recording is enabled for the agent, there is a spike in CPU and memory utilization every two minutes (the default video setting). This spike can last for a few seconds. To avoid this spike, we recommend to deploy a separate Privileged Account Manager Video Offloading Server.
The resource utilization for parallel SSH sessions are as follows:
|
Resource |
100 SSH Sessions |
200 SSH Sessions |
400 SSH Sessions |
|---|---|---|---|
|
CPU |
5% |
10% |
18% |
|
Memory |
25% |
32% |
40% |
NOTE:
Key stroke activity was nominal; that is, 5-6 basic Linux commands per session.
These tests do not capture X11 sessions.
The resource utilization for parallel SSH Web sessions are as follows:
|
Resource |
5 Web SSH Sessions |
25 Web SSH Sessions |
50 Web SSH Sessions |
|---|---|---|---|
|
CPU |
25% |
25% |
50% |
|
Memory |
15% |
30% |
50% |
The resource utilization for parallel RDP sessions are as follows:
|
Resource |
5 Web RDP Sessions |
25 Web RDP Sessions |
50 Web RDP Sessions |
|---|---|---|---|
|
CPU |
36% |
63% |
85% |
|
Memory |
5% |
10% |
20% |
NOTE:
The CPU and memory utilization for the RDP relay process were nominal.
The keystroke activity was high; that is, open a notepad, write in it, and close the notepad every three seconds.
The resource utilization for parallel RDP sessions are as follows:
|
Resource |
5 RDP Sessions |
25 RDP Sessions |
50 RDP Sessions |
|---|---|---|---|
|
CPU |
25%-75% |
25%-75% |
50%-100% |
|
Memory |
20% |
30% |
60% |
NOTE:
Resources are needed only on manager. No resources are required on target servers.
System requires 1 CPU core and 2 GB of memory for every 25 concurrent Web RDP sessions. Considering that there would be occasional spike in CPU and memory utilization when video conversion happens in background, it is recommended that the system altogether has 2 CPU cores and 4 GB RAM for every 25 parallel RDP Web sessions to accommodate this spike.
There is a spike in CPU and memory utilization whenever recorded video is converted. This spike can last for a few minutes per video conversion.
Resource utilization in a distributed setup with 50 RDP sessions are as follows:
|
Setup |
CPU |
Memory |
|---|---|---|
|
RDP Relay Manager |
2% |
4% |
|
Audit Manager |
85% |
35% |
|
Video Offload Server |
5% |
10% |
The Audit database size is 5 GB for the following tests:
|
Dashboard Load Time (in seconds) |
Number of Records |
Number of Keystrokes |
Duration of Records |
|---|---|---|---|
|
8 (including the initial page load) |
30000 |
1200000 |
1 day |
|
1* |
30000 |
1200000 |
1 week |
* In case of 1 week, the dashboard page is already loaded.
© Copyright 2022 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
For additional information, such as certification-related notices and trademarks, see http://www.microfocus.com/about/legal/.