Access Rights Manager 2023.2.4 System Requirements
Release date: May 9, 2024
SolarWinds strongly recommends that you install Access Rights Manager on a server that is neither public, nor internet-facing. To learn about best practices for configuring your Access Rights Manager installation securely, see Best practices to secure SolarWinds Products.
These system requirements define the minimum requirements for Access Rights Manager (ARM) 2023.2.4. For additional information about requirements, see the ARM release notes.
ARM Server requirements
Hardware requirements for the ARM Server vary depending on several factors:
- Number of users in Active Directory (AD)
- Number of resources monitored by ARM (Logga)
- ARM Server's data storage settings
SolarWinds strongly recommends using a fixed (not dynamic) RAM configuration when setting up a virtual machine. Dynamic RAM allocation can result in significant performance degradation in combination with an SQL server running locally on the ARM server.
ARM and SolarWinds Platform products must be installed on separate servers. ARM is not a SolarWinds Platform product.
| Hardware/Software | Requirements | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Operating System |
See PowerShell requirements for additional information.
|
||||||||
| CPU (number of processor cores) |
Intel Itanium platforms are not supported. |
||||||||
| Hard drive space |
|
||||||||
| Memory |
|
||||||||
| .NET Framework |
.NET 4.8 (or higher) |
||||||||
| RabbitMQ | The ARM setup includes RabbitMQ version 3.8.16. If you want to use another instance of RabbitMQ, you must ensure full compatibility with the versions of RabbitMQ and Erlang/OTP included with ARM. | ||||||||
| Erlang/OTP | The ARM setup contains Erlang/OTP version 23.3. If you want to use a different version of Erlang/OTP, you must ensure full compatibility with the RabbitMQ and Erlang/OTP versions included with ARM. | ||||||||
| Access rights |
The service account requires local administrator rights on the ARM server. |
||||||||
| Other |
The ARM server must be a member of an Active Directory domain. Clusters are not supported. Server Core is not supported. |
ARM Collector requirements
| Hardware/Software | Requirements |
|---|---|
| Operating System |
See PowerShell requirements for additional information.
The ARM collector service can only be installed on server core versions where the graphical interactive ARM setup can be executed. |
| CPU (number of processor cores) |
8 Intel Itanium platforms are not supported. |
| Hard drive space | 10 GB |
| Memory | 16 GB |
| .NET Framework |
.NET 4.8 (or higher) The automatic collector update is operational if the collector is running .NET 4.8 Framework installed. The automatic collector update does NOT push the .NET 4.8 Framework installation on collectors. SolarWinds recommends that you update all collector servers with .NET Framework 4.8 before upgrading ARM. |
| Other |
ARM collectors can be installed on a member server (node) of a cluster. ARM collectors cannot be used as a cluster resource in Windows Server Failover Cluster Manager. |
ARM GUI application requirements
The following requirements apply to the main ARM application and the ARM Configuration application.
| Hardware/Software | Requirements |
|---|---|
| Operating System |
|
| CPU (number of processor cores) | 2 |
| Hard drive space | 500 MB |
| Memory | 4 GB |
| .NET Framework |
.NET 4.8 (or higher) |
| Graphics |
Optional: Graphic card supporting DirectX 10 |
| Screen resolution |
Recommended: 1920 x 1080 (1080p) or higher |
SQL Server requirements
| Hardware/Software | Requirements | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft SQL Server (32-bit and 64-bit) |
|
||||||||
| CPU (number of processor cores) |
8 Intel Itanium platforms are not supported. |
||||||||
| Hard drive space (Database storage) |
|
||||||||
| Memory | 8 GB | ||||||||
| .NET Framework |
.NET 4.8 (or higher) |
||||||||
| Login permissions |
If you do not have a database for use with ARM, ARM setup requires the If you have a database for use with ARM, ARM requires the |
||||||||
| Collation | The recommended collation setting for the ARM database is: |
||||||||
| Other |
SolarWinds does not recommend using SQL Server Express Edition for production environments because it includes the following limitations:
|
File server requirements (scan and manage permissions)
| Hardware/Software | Requirements |
|---|---|
| Windows file server |
Operating System
Windows Server Failover Clustering (WSFC) is supported. DFS (Domain integrated and standalone Computer) is supported. Intel Itanium platforms are not supported. |
| NetApp file server |
ARM supports CIFS-based shares. |
| EMC file server | ARM supports CIFS-based shares. |
FS Logga requirements (monitor file server)
| Hardware/Software | Requirements |
|---|---|
| Windows file server |
Operating System
Windows Server Core versions are only supported if they support the execution of an interactive graphical setup. Failover-Clusters are supported. NTFS junction points or reparse points are not supported in the cluster environment. FS Logga requires a filter driver installation on the Windows server, as well as a dedicated collector. Windows file servers that were virtualized through XenServer are supported in version 6.5 and later. A XenServer Tools/Windows Management agent must be installed. DFS is not supported. Intel Itanium platforms are not supported. |
| NetApp file server |
Supported versions
The NetApp integrated monitoring policy (FPolicy) is used to operate FS Logga. A dedicated collector is required. |
| EMC file server |
Supported versions
The FS Logga uses components and services provided by EMC, which requires a dedicated collector. The collector must run on the same server as the Common Event Enabler (CEE). |
Web components and web interface requirements
| Hardware/Software | Requirements |
|---|---|
| Operating System |
|
| .NET Framework |
.NET 4.8 (or higher) |
| Internet Information Services (IIS) | Version 10 or higher |
| Supported browsers |
SolarWinds recommends using the latest browser versions.
Microsoft Internet Explorer is no longer supported. Cookies and Javascript must be enabled. |
Port requirements
| Port# | Protocol | Service/ Process |
Direction | Description |
|---|---|---|---|---|
| - | ICMP | - | The connection is initiated by the ARM server or by a collector. | Connectivity check. |
|
88 |
TCP |
Kerberos |
The connection is always initiated by the ARM server. |
Authentication. |
| 135 | TCP | RPC | The connection is always initiated by the ARM server. | Scans local accounts and retrieves events from the domain controllers. |
|
139 |
TCP |
NetBIOS |
The connection is always initiated by the ARM server. |
|
|
389 |
TCP |
LDAP |
The connection is always initiated by the ARM server. | Scans and manages Active Directory. The port must be reachable on every domain controller. |
| 445 | TCP | Microsoft DS (CIFS) | The connection is always initiated by the ARM server. | Scans and manages file server shares. |
| 541* | UDP | Syslog | The connection is always initiated by the ARM server. | Sends events to a syslog server. |
| 636 | TCP | LDAPS | The connection is always initiated by the ARM server. |
Scans and manages Active Directory. The port must be reachable on every domain controller. If your system uses LDAPS, it may be required that port 389 is reachable on the DCs. |
| 1433 | TCP | MS SQL Server | The connection is always initiated by the ARM server. |
ARM uses this port for all communications between the ARM server and the SQL server. Collectors communicate only with the ARM server and do not communicate with the SQL server. |
| 2002* | TCP | FS Logga | The connection is initiated by the configured collector. | ARM uses the connection for retrieving events from a NetApp file server. |
| 5671* | TCP | RabbitMQ | The connection is initiated by the ARM server or by a collector. | ARM uses RabbitMQ message queuing for alerting (FS Logga and AD Logga). |
| 15671* | TCP | RabbitMQ | The connection is initiated by the ARM server or by a collector. | RabbitMQ management port. Used by ARM server health check. Only between ARM server and RabbitMQ, the collectors are not affected. |
| 5985 | TCP | WinRM | The connection is initiated by the ARM server (collector update) or by a collector (Exchange, SharePoint). | Via PowerShell: collector update, access Exchange, retrieve available SharePoint site collections (only for SharePoint on-premise). |
| 5986 | TCP | WinRM (SSL) | The connection is initiated by the ARM server (collector update) or by a collector (Exchange, SharePoint). | Via PowerShell: collector update, access Exchange, retrieve available SharePoint site collections (only for SharePoint on-premise). |
|
55555* |
TCP |
ARM components default port |
The connection is initiated by the ARM server or by a collector. |
ARM components default port. ARM uses this port for all communications between the ARM server and client (GUI applications), Web Client, WebAPI, Collectors. |
| 55580 | TCP | ARM Configuration Wizard | The connection is always initiated by the Configuration Wizard. | Using the Configuration Wizard, you can perform the basic configuration and integrate resources into ARM. |
*The specifications apply to the standard configuration. You can configure different ports.
To access online resources, the following URLs must be reachable:
Exchange Online
-
https://outlook.office365.com/powershell-liveid/
Further Azure/Microsoft 365 resources
-
https://graph.microsoft.com
-
https://login.microsoftonline.com
-
https://manage.office.com/api/v1.0/
See ARM architecture and scalability for more information.
Exchange requirements
| Hardware/Software | Requirements |
|---|---|
| Exchange version |
Exchange 2016 Cumulative Update 2 is required to modify out of office notices. |
Exchange Logga requirements
| Hardware/Software | Requirements |
|---|---|
| Exchange version |
For the on-premise variants, the servers hosting the mailbox databases must primarily use the en-US language. Installing language packs may require a reboot. For more information, see this Microsoft website. |
SharePoint requirements
| Hardware/Software | Requirements |
|---|---|
| SharePoint version |
|
AD Logga requirements
| Hardware/Software | Requirements |
|---|---|
| Operating system |
The AD Logga supports domain controllers (DCs) that run on the following server versions:
The Logga does not require a dedicated collector. The ARM server can be used as a collector. ARM does not require any software installation on domain controllers. ARM does not perform any schema extension on Active Directory. |
PowerShell requirements
ARM requires PowerShell version 5.1.
PowerShell 7 lacks features that are required by ARM . PowerShell 5.1 is mandatory for ARM and can be installed and run in parallel with PowerShell 7.
ARM service account permissions
SolarWinds recommends using service accounts (dedicated user accounts) for ARM. This ensures that:
- The access rights of the service accounts are used only by ARM.
- It is easy to identify whether an action was performed by an ARM service account or a domain administrator.
- If the domain administrator password changes, the ARM configuration is unaffected.
- Restrictions through activity limits are avoided—for example, Exchange Online allows only three parallel requests.
| Feature | Required access rights |
|---|---|
| ARM server |
A service account requires local administrator rights on the ARM server. If the service account is a member of the Domain Admin group, this requirement is automatically fulfilled. If a server computer becomes a member of the domain (domain join). the group Domain Administrators become a member of the local administrator group. |
| SQL Server |
If you do not have a database for ARM, ARM requires the If you created a database for ARM, ARM requires the |
| Active Directory (AD)-Scan |
Each user account has read permissions to run an Active Directory scan. If you are using delegation in your organization, add the service account to the group that can read the required organizational units (OUs). |
| AD Modify |
If you work with delegation in your company, assign service accounts to a group that is allowed to change the relevant OUs. Without delegation: Add the service account to the Domain Administrator group. |
| File server (FS)-Scan |
The service account requires permissions to read NTFS permissions and traverse folders to access all desired folders. Service accounts can become a member of the domain admin group. If the domain administrator account does not have access to all folders (for example, user folders), add service accounts to the backup operators on the file server. |
| AD Logga | The service account must be a member of the Event Log Reader group. Members of the Domain Administrator group also has the required access rights to read event protocols. |
| FS Logga |
A service account is not required for the FS-Logga functionality. The NT Authority system must have access to the monitored directories. See Configure the File Server (FS Logga) in the ARM Administrator Guide for more information regarding the required settings. |
| Exchange |
The service account requires administrator privileges on the collector server. To read the exchange access rights, add the service account to the View-Only Organization Management group. To change the access rights on the Exchange server, add the service account to the Organization Management group (read rights are included). Additional access settings (such as impersonation and own mailbox) may be required. See Exchange resources in the ARM Administrator Guide for more information. |
| SharePoint | See SharePoint resources in the ARM Administrator Guide for the required permissions. |
| Exchange Logga | The service account must be a member of the Organization Management and Records Management roles on the selected Exchange Server. |