This guide outlines the system requirements to install and use Privilege Manager in your organization.
Microsoft SQL Server Requirements
- Microsoft SQL 2005 or newer
- Any SQL Server edition is suitable
- SQL Server Standard or Enterprise is recommended if you have over 500 client devices
- Can be dedicated SQL server
- Sysadmin permissions to instance or empty database with db_owner permissions
- Minimum of 500MB free disk space for database files
- At least 2 cores CPU, or 4 cores CPU if using SQL Server Standard or Enterprise edition
- At least 4 GB RAM
User account running IIS application pool (default is Network Service that uses server object to access external resources) on Privilege Manager server and Recast Agent Gateway is member of Windows Authorization Access Group in every domain where Privilege Manager needs to read group memberships.
The following network connections must be allowed from the server where Privilege Manager server components are installed:
- LDAP (port 389/TCP+UDP) outbound to domain controllers
- LDAPS (port 636/TCP+UDP) outbound to domain controllers (only required if LDAPS is required by domain controllers)
- Kerberos (port 88/TCP+UDP) outbound to domain controllers (only required if the user account is specified in PM AD connection settings)
Privilege Manager requires two websites: one for management portal and one for the Agent Gateway web service.
Depending on the IIS configuration, separate IP addresses, ports or separate host header names are required for these websites. The default is to use HTTP on port 80 for both websites and have a unique host header name on each website.
The following are examples of host header names that can be registered for websites:
- cgw.dns.domain for Recast Agent Gateway
- privilegemanager.dns.domain for Privilege Manager Portal
If host headers are used to separate websites, create DNS alias (CNAME) records that point to the actual server FQDN name where the websites will be installed. DNS host (A) records can be also used.
Privilege Manager Portal and Agent Gateway Server Requirements
- Microsoft-supported operating system
- Web edition or better
- Must be joined to Active Directory domain
- Microsoft .Net Framework 4.7.2 or newer
- To support TLS 1.2 with Azure AD connections, check the required registry configuration
- IIS service with ASP.Net with default components and the following:
- ASP.Net 4.x
- URL Authorization
- Windows Authentication
- Minimum of 100MB free disk space for website
Client Component Requirements
- .Net Framework version 4.x