Documentation forAccess Rights Manager

Access Rights Manager 9.1 System Requirements

SolarWinds strongly recommends that you install Access Rights Manager on a server that is neither public, nor internet-facing. To learn about best practices for configuring your Access Rights Manager installation securely, see Best practices to secure SolarWinds Products.

The following table lists hardware and software system requirements for your SolarWinds Access Rights Manager installation.

Server requirements

Collector requirements

Graphical user interface (GUI) requirements

SQL server requirements

File server requirements

Web components and web interface requirements

Network requirements and firewall settings

Service account permissions

Access Rights Manager Server requirements

Hardware requirements for the Access Rights Manager Server vary depending on several factors:

  • the number of users in Active Directory (AD)
  • the number of file servers and directories monitored by Access Rights Manager
  • the Access Rights Manager Server's data storage settings

Installing ARM onto a server that has an Orion Platform installation will cause a conflict with the RabbitMQ service. To avoid this, ARM and Orion Platform products must be installed on separated servers. Note that ARM is not an Orion Platform product.

Hardware/Software Requirements
Operating System
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
CPU (number of processor cores)
Active Directory Users Number of cores
up to 1,000 2
up to 4,000 4
4,000+ 4

Intel Itanium platforms are not supported.

Hard drive space
Active Directory Users Disk space
up to 1,000 30 GB
up to 4,000 40 GB
4,000+ 40 GB
Memory
Active Directory Users RAM
up to 1,000 4 GB
up to 4,000 8 GB
4,000+ 16 GB
.NET Framework

.NET 4.5.2 (or higher)

Access rights

The service account requires local administrator rights on the Access Rights Manager server.

Other

The Access Rights Manager server must be a member of an Active Directory domain.

Clusters are not supported.

Server Core is not supported.

Access Rights Manager Collector requirements

Hardware/Software Requirements
Operating System
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
CPU (number of processor cores)

2

Intel Itanium platforms are not supported.

Hard drive space 5 GB
Memory 4 GB
.NET Framework

.NET 3.5 SP1 and

.NET 4.5.2 (or higher)

Other

Access Rights Manager collectors can be installed on a member server (node) of a cluster.

Access Rights Manager collectors cannot be used as a cluster for Windows Server Failover Clustering manager.

Access Rights Manager GUI application requirements

These requirements are for both the main Access Rights Manager application and the Access Rights Manager Configuration application.

Hardware/Software Requirements
Operating System
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
  • Windows Vista
  • Windows 7
  • Windows 8
  • Windows 10
CPU (number of processor cores) 2
Hard drive space 500 MB
Memory 2 GB
.NET Framework

.NET 3.5 SP1 and

.NET 4.5.2 (or higher)

Graphics

Graphic card supporting DirectX 10

Screen resolution

Minimum: 1280x1024

Recommended: 1920x1080 (1080p)

SQL Server requirements

Hardware/Software Requirements
Microsoft SQL Server (32-bit and 64-bit)
  • SQL Server 2008 SP1
  • SQL Server 2012
  • SQL Server 2014
  • SQL Server 2016
  • SQL Server 2017
CPU (number of processor cores)

2

Intel Itanium platforms are not supported.

Hard drive space (Database storage)
Active Directory Users Storage space
up to 1,000 10 GB
up to 4,000 30 GB
4,000+ 50 GB
Memory 4 GB
.NET Framework

.NET 3.5 SP1 and

.NET 4.5.2 (or higher)

Access rights
  • If you don't already have a database for use with Access Rights Manager, Access Rights Manager setup requires the role "dbcreator" on the SQL server.
  • If you've already created a database for use with Access Rights Manager, Access Rights Manager requires the role "dbowner" for the database.
Other

SQL Server Express Edition can be used but has the following limitations:

  • 10 GB maximum database size: Only a limited number of scans can be stored
  • ca. 1 GB maximum RAM use: Loss of performance in large environments
  • 4 maximum CPU cores: Loss of performance in large environments

File server requirements

Hardware/Software Requirements
Operating System
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
Supported types of file servers
  • Domain-integrated or stand-alone DFS file servers.
  • CIFS-based shares on NetApp file servers.
  • CIFS-based shares on EMC file servers.

Windows Server Failover Clustering (WSFC) is supported.

Web components and web interface requirements

Hardware/Software Requirements
Operating System
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016
  • Windows Server 2019
.NET Framework

.NET 3.5 SP1 and

.NET 4.5.2 (or higher)

Internet Information Services (IIS) Version 7.5 or higher
Supported browsers
  • Google Chrome 54 or higher
  • Mozilla Firefox 49 or higher
  • Microsoft Edge 38.14383 or higher
  • Microsoft Internet Explorer 11.0.22 or higher

Cookies and Javascript must be enabled.

Other

 

Network requirements and firewall settings

Port Service/Process Purpose and Description

389

LDAP

Active Directory scanning

139

445

135+dynamic*

NetBIOS

Microsoft DS (CIFS)

Local users/groups (WMI/DCOM/RPC)

File server scanning
1433 MS SQL Server

Access Rights Manager uses this port for all communication between the Access Rights Manager server and the SQL server.

Collectors communicate only with the Access Rights Manager server and do not communicate with the SQL server

88

Kerberos

Authentication

55555+dynamic*

Access Rights Manager components standard port

Access Rights Manager components standard port

Access Rights Manager uses this port for all communication between the Access Rights Manager server and client (GUI applications).

*SolarWinds recommends defining application-based rules for services that use dynamic ports because of the possibility of random high-numbered ports being used.

Access Rights Manager service account permissions

SolarWinds recommends using service accounts (dedicated user accounts) for Access Rights Manager. This ensures that:

  • The access rights of the service accounts are used only by Access Rights Manager.
  • It is easy to identify whether an action was performed by an Access Rights Manager service account or by a domain admin.
  • If the domain admin's password changes, the Access Rights Manager configuration is unaffected.
  • Restrictions are avoided through activity limits (for example, Exchange Online allows only three parallel requests).
Feature Required access rights
Access Rights Manager server

A service account requires local administrator rights on the Access Rights Manager server.

If a service account is a member of the domain Admin group, then this requirement is automatically fulfilled. If a server computer becomes a member of the domain (domain join) then the group Domain Admins will become a member of the local administrator group.

SQL Server
  • If you don't already have a database for use with Access Rights Manager, Access Rights Manager setup requires the role "dbcreator" on the SQL server.
  • If you've already created a database for use with Access Rights Manager, Access Rights Manager requires the role "dbowner" for the database.
Active Directory (AD)-Scan

Every user account requires at least read-only rights in order to be able to generate an Active Directory scan.

If you utilize delegation in your organization, then you must add the service account to the group that can read the required OUs.

AD Modify

If you work with delegation in your company, you must assign service accounts to a group that is allowed to change the relevant OUs.

Without delegation: Service accounts become a member of the Domain admin group.

File server (FS)-Scan

User accounts require access rights in order to be able to read NTFS permissions as well as traverse folders.

Service accounts can become a member of the domain admin group.

If the domain admin account does not have access to all folders (for example, user folders) then add service accounts to the backup operators on the file server.