ARM 9.2
System requirements
for SolarWinds Access Rights Manager
The following table lists hardware and software system requirements for your SolarWinds Access Rights Manager installation.
ARM Server requirements
Hardware requirements for the ARM Server vary depending on several factors:
- the number of users in Active Directory (AD)
- the number of file servers and directories monitored by ARM
- the ARM Server's data storage settings
Please note that ARM is not an Orion platform product. We strongly recommend that you run ARM and the Orion Platform on separate servers.
| Hardware/Software | Requirements | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Operating System |
|
||||||||
| CPU (number of processor cores) |
Intel Itanium platforms are not supported. |
||||||||
| Hard drive space |
|
||||||||
| Memory |
|
||||||||
| .NET Framework |
.NET 4.5.2 (or higher) |
||||||||
| Access rights |
The service account requires local administrator rights on the ARM server. |
||||||||
| Other |
The ARM server must be a member of an Active Directory domain. Clusters are not supported. Server Core is not supported. |
ARM Collector requirements
| Hardware/Software | Requirements |
|---|---|
| Operating System |
ARM collector service can only be installed on server core versions on which the graphical interactive ARM setup can be executed. |
| CPU (number of processor cores) |
2 Intel Itanium platforms are not supported. |
| Hard drive space | 5 GB |
| Memory | 4 GB |
| .NET Framework |
.NET 4.5.2 (or higher) |
| Other |
ARM collectors can be installed on a member server (node) of a cluster. ARM collectors cannot be used as a cluster resource in Windows Server Failover Clustering manager. |
ARM GUI application requirements
These requirements are for both the main ARM application and the ARM Configuration application.
| Hardware/Software | Requirements |
|---|---|
| Operating System |
|
| CPU (number of processor cores) | 2 |
| Hard drive space | 500 MB |
| Memory | 2 GB |
| .NET Framework |
.NET 4.5.2 (or higher) |
| Graphics |
optional: Graphic card supporting DirectX 10 |
| Screen resolution |
Minimum: 1280x1024 Recommended: 1920x1080 (1080p) |
SQL Server requirements
| Hardware/Software | Requirements | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Microsoft SQL Server (32-bit and 64-bit) |
|
||||||||
| CPU (number of processor cores) |
2 Intel Itanium platforms are not supported. |
||||||||
| Hard drive space (Database storage) |
|
||||||||
| Memory | 4 GB | ||||||||
| .NET Framework |
.NET 4.5.2 (or higher) |
||||||||
| Login permissions |
|
||||||||
| Other |
SQL Server Express Edition can be used but has the following limitations:
|
File server requirements (scan and manage permissions)
| Hardware/Software | Requirements |
|---|---|
| Windows file server |
Operating System
Windows Server Failover Clustering (WSFC) is supported. DFS (Domain integrated and standalone Computer) is supported. Intel Itanium platforms are not supported. |
| NetApp file server |
ARM supports CIFS-based shares. |
| EMC file server | ARM supports CIFS-based shares. |
FS Logga requirements (monitor file server)
| Hardware/Software | Requirements |
|---|---|
| Windows file server |
Operating System
Windows Server Core Versions are only supported which support the execution of an interactive graphical setup. Failover-Clusters are supported. NTFS junction points or reparse points are not supported in the cluster environment. FS Logga requires a filter driver installation on the Windows server as well as a dedicated collector. Windows file servers that have been virtualized through XenServer are supported from version 6.5 onwards. A XenServer Tools/Windows Management agent must be installed. DFS is not supported. Intel Itanium platforms are not supported. |
| NetApp file server |
Supported versions
The NetApp integrated monitoring policy (FPolicy) is used to operate FS Logga. A dedicated collector is required. |
| EMC file server |
Supported versions
The FS Logga utilizes components and services provided by EMC. This requires a dedicated collector. We recommend installing the collector on the same server as the Common Event Enabler (CEE). The CEE is supported up to version 6.6. |
Web components and web interface requirements
| Hardware/Software | Requirements |
|---|---|
| Operating System |
|
| .NET Framework |
.NET 4.5.2 (or higher) |
| Internet Information Services (IIS) | Version 7.5 or higher |
| Supported browsers |
Cookies and Javascript must be enabled. |
Network requirements and firewall settings
| Port | Service/Process | Purpose and Description |
|---|---|---|
|
389 |
LDAP |
Active Directory scanning |
|
139 445 135+ |
NetBIOS Microsoft DS (CIFS) Local users/groups (WMI/DCOM/RPC) |
File server scanning |
| 1433 | MS SQL Server |
ARM uses this port for all communication between the ARM server and the SQL server. Collectors communicate only with the ARM server and do not communicate with the SQL server |
|
88 |
Kerberos |
Authentication |
|
55555+ |
ARM components default port |
ARM components default port ARM uses this port for all communication between the ARM server and client (GUI applications). |
| 5671 | RabbitMQ | ARM utilizes RabbitMQ message queuing for alerting (FS Logga and AD Logga). |
*SolarWinds recommends defining application-based rules for services that use dynamic ports because of the possibility of random high-numbered ports being used.
Exchange requirements
| Hardware/Software | Requirements |
|---|---|
| Exchange version |
Exchange 2016 Cumulative Update 2 is needed to modify out of office notices. |
Exchange Logga requirements
| Hardware/Software | Requirements |
|---|---|
| Exchange version |
For the on-premise variants, the servers holding the mailbox databases must primarily use the en-US language. Installing language packs may require a reboot. For more information, visit Microsoft. |
SharePoint requirements
| Hardware/Software | Requirements |
|---|---|
| SharePoint version |
Cumulative Update December 2014 required on SharePoint 2013.
|
AD Logga requirements
| Hardware/Software | Requirements |
|---|---|
| Operating system |
The AD Logga supports domain controllers (DCs) that run on the following server versions:
The Logga does not require a dedicated collector. Even the ARM server itself can be used as a collector. ARM does not require any software installation on domain controllers. ARM does not perform any schema extension on Active Directory. |
ARM service account permissions
SolarWinds recommends using service accounts (dedicated user accounts) for ARM. This ensures that:
- The access rights of the service accounts are used only by ARM.
- It is easy to identify whether an action was performed by an ARM service account or by a domain admin.
- If the domain admin's password changes, the ARM configuration is unaffected.
- Restrictions through activity limits are avoided (for example, Exchange Online allows only three parallel requests).
| Feature | Required access rights |
|---|---|
| ARM server |
A service account requires local administrator rights on the ARM server. If the service account is a member of the domain Admin group, then this requirement is automatically fulfilled. If a server computer becomes a member of the domain (domain join) then the group Domain Admins will become a member of the local administrator group. |
| SQL Server |
|
| Active Directory (AD)-Scan |
Each user account already has read permissions to run an Active Directory scan. If you are using delegation in your organization, you must add the service account to the group that can read the required OUs. |
| AD Modify |
If you work with delegation in your company, you must assign service accounts to a group that is allowed to change the relevant OUs. Without delegation: Service accounts become a member of the Domain admin group. |
| File server (FS)-Scan |
The service account needs permissions to read NTFS permissions and traverse folders to access all desired folders. Service accounts can become a member of the domain admin group. If the domain admin account does not have access to all folders (for example, user folders) then add service accounts to the backup operators on the file server. |
| AD Logga | The service account must be a member of the group "event log reader". Members of the domain admin group also have the required access rights to be able to read event protocols. |
| FS Logga | No service account is required for the FS-Logga functionality. The "NT Authority system" must have access to the monitored directories. You can find more information regarding required settings in the FS Logga section. |
| Exchange | To read exchange access rights please add the service account to the group "View-Only Organization Management". To be able to change access rights on the Exchange server please add the service account to the group "Organization Management" (read only rights are included). The service account requires administrator rights on the collector server. Further access settings (impersonation, own mailbox) may be required and are described in the section Exchange Scans. |
| SharePoint | The required permissions are described in the Administrator Guide in the chapter Add SharePoint scan. |
| Exchange Logga | The service account must be a member of the Organization Management and Records Management roles on the selected Exchange Server. |