Documentation forAccess Rights Manager

ARM 2020.2 System requirements for SolarWinds Access Rights Manager

Release date: September 10, 2020

The following table lists hardware and software system requirements for your SolarWinds Access Rights Manager installation.

 

ARM Server requirements

Hardware requirements for the ARM Server vary depending on several factors:

  • the number of users in Active Directory (AD)
  • the number of file servers and directories monitored by ARM
  • the ARM Server's data storage settings

Please note that ARM is not an Orion platform product. We recommend that you run ARM and the Orion Platform on separate servers.

Hardware/Software Requirements
Operating System
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
CPU (number of processor cores)
Active Directory Users Number of cores
up to 1,000 2
up to 4,000 4
4,000+ 4

Intel Itanium platforms are not supported.

Hard drive space
Active Directory Users Disk space
up to 1,000 30 GB
up to 4,000 40 GB
4,000+ 40 GB
Memory
Active Directory Users RAM
up to 4,000 8 GB
4,000+ 16 GB
.NET Framework

.NET 4.8 (or higher)

RabbitMQ The ARM setup includes RabbitMQ version 3.7.1. If you want to use another instance of RabbitMQ, you must ensure full compatibility with the versions of RabbitMQ and Erlang/OTP included with ARM.
Erlang/OTP The ARM setup contains Erlang/OTP version 21.1. If you want to use a different version of Erlang/OTP, you must ensure full compatibility with the RabbitMQ and Erlang/OTP versions included with ARM.
Access rights

The service account requires local administrator rights on the ARM server.

Other

The ARM server must be a member of an Active Directory domain.

Clusters are not supported.

Server Core is not supported.

 

ARM Collector requirements

Hardware/Software Requirements
Operating System
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

ARM collector service can only be installed on server core versions on which the graphical interactive ARM setup can be executed.

CPU (number of processor cores)

2

Intel Itanium platforms are not supported.

Hard drive space 5 GB
Memory 4 GB
.NET Framework

.NET 4.8 (or higher)

The automatic collector update is only working if the collector already has the .NET 4.8 framework installed. The automatic collector update does NOT push .NET 4.8 framework installation on collectors. SolarWinds recommends that you update all collector servers with .NET framework 4.8 before upgrading ARM to version 2019.4 or later.

Other

ARM collectors can be installed on a member server (node) of a cluster.

ARM collectors cannot be used as a cluster resource in Windows Server Failover Clustering manager.

 

ARM GUI application requirements

These requirements are for both the main ARM application and the ARM Configuration application.

Hardware/Software Requirements
Operating System
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 10
CPU (number of processor cores) 2
Hard drive space 500 MB
Memory 2 GB
.NET Framework

.NET 4.8 (or higher)

Graphics

optional: Graphic card supporting DirectX 10

Screen resolution

Minimum: 1280x1024

Recommended: 1920x1080 (1080p)

 

SQL Server requirements

Hardware/Software Requirements
Microsoft SQL Server (32-bit and 64-bit)
  • SQL Server 2012
  • SQL Server 2014
  • SQL Server 2016
  • SQL Server 2017
  • SQL Server 2019
CPU (number of processor cores)

2

Intel Itanium platforms are not supported.

Hard drive space (Database storage)
Active Directory Users Storage space
up to 1,000 10 GB
up to 4,000 30 GB
4,000+ 50 GB
Memory 4 GB
.NET Framework

.NET 4.8 (or higher)

Login permissions
  • If you don't already have a database for use with ARM, ARM setup requires the role "dbcreator" on the SQL server.
  • If you've already created a database for use with ARM, ARM requires the role "dbowner" for the database.
Collation Recommended collation setting for the ARM database is:
Latin1_General_CI_AS
Other

SQL Server Express Edition can be used but has the following limitations:

  • 10 GB maximum database size: Only a limited number of scans can be stored
  • ca. 1 GB maximum RAM use: Loss of performance in large environments
  • 4 maximum CPU cores: Loss of performance in large environments

 

File server requirements (scan and manage permissions)

Hardware/Software Requirements
Windows file server

Operating System

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Windows Server Failover Clustering (WSFC) is supported.

DFS (Domain integrated and standalone Computer) is supported.

Intel Itanium platforms are not supported.

NetApp file server

ARM supports CIFS-based shares.

EMC file server ARM supports CIFS-based shares.

 

FS Logga requirements (monitor file server)

Hardware/Software Requirements
Windows file server

Operating System

  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019

Windows Server Core Versions are only supported which support the execution of an interactive graphical setup.

Failover-Clusters are supported. NTFS junction points or reparse points are not supported in the cluster environment.

FS Logga requires a filter driver installation on the Windows server as well as a dedicated collector.

Windows file servers that have been virtualized through XenServer are supported from version 6.5 onwards. A XenServer Tools/Windows Management agent must be installed.

DFS is not supported.

Intel Itanium platforms are not supported.

NetApp file server

Supported versions

  • NetApp Data ONTAP Release 7.x, Minimum 7.3.1.
  • NetApp Clustered Data ONTAP Version 8.x and 9.0 are supported. SSL is supported.

The NetApp integrated monitoring policy (FPolicy) is used to operate FS Logga. A dedicated collector is required.

EMC file server

Supported versions

  • NAS 5.5 or higher in Celerra and VNX product series, CEE version 8.6.2 or higher required

The FS Logga utilizes components and services provided by EMC. This requires a dedicated collector. The collector must run on the same server as the Common Event Enabler (CEE).

 

Web components and web interface requirements

Hardware/Software Requirements
Operating System
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
.NET Framework

.NET 4.8 (or higher)

Internet Information Services (IIS) Version 7.5 or higher
Supported browsers
  • Google Chrome 54 or higher
  • Mozilla Firefox 49 or higher
  • Microsoft Edge 79.0.309 or higher (Chromium based)

As of version 2019.4, Internet Explorer is no longer supported.

Cookies and Javascript must be enabled.

 

Port requirements

The network requirements have changed with version 2020.2.2 From this version on, Random High Ports are no longer used. The network requirements for earlier versions (2019.4 or earlier) can be found here.

Port# Protocol Service/
Process
Direction Description

389

TCP

LDAP

The connection is always initiated by the ARM server. Scan and manage Active Directory. The port must be reachable on every domain controller.
636 TCP LDAPS The connection is always initiated by the ARM server. Scan and manage Active Directory. The port must be reachable on every domain controller.

139

TCP

NetBIOS

The connection is always initiated by the ARM server.

445 TCP Microsoft DS (CIFS) The connection is always initiated by the ARM server. Scan and manage file server shares.
135 TCP RPC The connection is always initiated by the ARM server. Scan local accounts, retrieve events from domain controllers.
1433 TCP MS SQL Server The connection is always initiated by the ARM server.

ARM uses this port for all communication between the ARM server and the SQL server.

Collectors communicate only with the ARM server and do not communicate with the SQL server.

88

TCP

Kerberos

The connection is always initiated by the ARM server.

Authentication.

55555*

TCP

ARM components default port

The connection is initiated by the ARM server or by a collector.

ARM components default port.

ARM uses this port for all communication between the ARM server and client (GUI applications), Web Client, WebAPI, Collectors.

5671* TCP RabbitMQ The connection is initiated by the ARM server or by a collector. ARM utilizes RabbitMQ message queuing for alerting (FS Logga and AD Logga).
15671* TCP RabbitMQ The connection is initiated by the ARM server or by a collector. RabbitMQ management port. Used by ARM server health check. Only between ARM server and RabbitMQ, Collectors are not affected.
5985 TCP WinRM The connection is always initiated by the ARM server. Retrieve the site collections available on SharePoint (on-premise only).
5986 TCP WinRM (SSL) The connection is always initiated by the ARM server. Retrieve the site collections available on SharePoint (on-premise only).

*The specifications apply to the standard configuration. You can configure different ports.

For further information, please also refer to the chapter ARM architecture and scalability.

 

Exchange requirements

Hardware/Software Requirements
Exchange version
  • Exchange Online
  • Exchange Server (on-premise) 2010
  • Exchange Server (on-premise) 2013
  • Exchange Server (on-premise) 2016
  • Exchange Server (on-premise) 2019

Exchange 2016 Cumulative Update 2 is needed to modify out of office notices.

 

Exchange Logga requirements

Hardware/Software Requirements
Exchange version
  • Exchange Online
  • Exchange Server (on-premise) 2013
  • Exchange Server (on-premise) 2016
  • Exchange Server (on-premise) 2019

For the on-premise variants, the servers holding the mailbox databases must primarily use the en-US language. Installing language packs may require a reboot. For more information, visit Microsoft.

 

SharePoint requirements

Hardware/Software Requirements
SharePoint version
  • SharePoint Online
  • SharePoint Server (on-premise) 2010
  • SharePoint Server (on-premise) 2013

Cumulative Update December 2014 required on SharePoint 2013.

  • SharePoint Server (on-premise) 2016
  • SharePoint Server (on-premise) 2019

 

AD Logga requirements

Hardware/Software Requirements
Operating system

The AD Logga supports domain controllers (DCs) that run on the following server versions:

  • Microsoft Windows Server 2008 (32-bit and 64-bit)
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2019

The Logga does not require a dedicated collector. Even the ARM server itself can be used as a collector.

ARM does not require any software installation on domain controllers.

ARM does not perform any schema extension on Active Directory.

 

PowerShell requirements

ARM requires PowerShell version 5.1 for the Configuration Wizard and the AD Logga group policy changes feature. All other ARM components that use PowerShell require version 3.0 (or later).

 

ARM service account permissions

SolarWinds recommends using service accounts (dedicated user accounts) for ARM. This ensures that:

  • The access rights of the service accounts are used only by ARM.
  • It is easy to identify whether an action was performed by an ARM service account or by a domain admin.
  • If the domain admin's password changes, the ARM configuration is unaffected.
  • Restrictions through activity limits are avoided (for example, Exchange Online allows only three parallel requests).
Feature Required access rights
ARM server

A service account requires local administrator rights on the ARM server.

If the service account is a member of the domain Admin group, then this requirement is automatically fulfilled. If a server computer becomes a member of the domain (domain join) then the group Domain Admins will become a member of the local administrator group.

SQL Server
  • If you don't already have a database for use with ARM, ARM requires the role "dbcreator" on the SQL server.
  • If you've already created a database for use with ARM, ARM requires the role "dbowner" for the database.
Active Directory (AD)-Scan

Each user account already has read permissions to run an Active Directory scan.

If you are using delegation in your organization, you must add the service account to the group that can read the required OUs.

AD Modify

If you work with delegation in your company, you must assign service accounts to a group that is allowed to change the relevant OUs.

Without delegation: Service accounts become a member of the Domain admin group.

File server (FS)-Scan

The service account needs permissions to read NTFS permissions and traverse folders to access all desired folders.

Service accounts can become a member of the domain admin group. If the domain admin account does not have access to all folders (for example, user folders) then add service accounts to the backup operators on the file server.

AD Logga The service account must be a member of the group "event log reader". Members of the domain admin group also have the required access rights to be able to read event protocols.
FS Logga No service account is required for the FS-Logga functionality. The "NT Authority system" must have access to the monitored directories. You can find more information regarding required settings in the FS Logga section.
Exchange To read exchange access rights please add the service account to the group "View-Only Organization Management". To be able to change access rights on the Exchange server please add the service account to the group "Organization Management" (read only rights are included). The service account requires administrator rights on the collector server. Further access settings (impersonation, own mailbox) may be required and are described in the section Exchange Scans.
SharePoint The required permissions are described in the Administrator Guide in the chapter Add SharePoint scan.
Exchange Logga The service account must be a member of the Organization Management and Records Management roles on the selected Exchange Server.