Hardware and Software Requirements

Hardware Requirements

Hardware requirements vary significantly across various different environments. To make things easier, we’ve created the following estimates based on the number of Identities you’ll have within Permission Assist. (Identities roughly equate to employees, service accounts and vendor accounts.

NOTE: Refer to the hardware requirements for your version of Windows Server. If those requirements exceed these, those must take precedence.

Number of Identities	Estimated Recommendations
0 - 500	Processor - 4 core required Hard disk storage – 10G minimum; 13G recommended RAM – 8G minimum NOTE:** Without at least 8G, PDF reports needed for audits may not build properly.
500 - 1500	Processor - 4 core minimum; 8 core recommended Hard disk storage – 10G minimum; 40G recommended** RAM - 8G minimum; 16G recommended
1500 - 3000	Processor - 8 core minimum Hard disk storage - 20G minimum; 50G recommended** RAM - 16G minimum
** Minimum and recommended values for hard disk storage are calculated ranges based on estimates. Your specific requirements may vary based on the number of Identities you’ll be managing, the number of reviews you plan to do each year, and the number of applications you plan to review. To determine a more precise recommendation specific to your financial institution, use the Hard Disk Storage Matrix below.

Hard Disk Storage Matrix (Slightly More Precise)

To find a recommendation more specific to your financial institution, identify the number of applications you expect to review within Permission Assist on the left and line that up with the number of Identities you expect to have on the right. The lower end of each range is based on one review per year, and the upper end is based on 12 reviews per year.

		Number of Identities
		500	1500	1000
Number of applications	25	10-15GB	16-29GB	28-57GB
	50	12-16GB	22-34GB	42-70GB
	100	16-20GB	33-46GB	67-90GB

For example, if you plan to review about 50 applications and you have 600 Identities, the estimated range falls somewhere between 16-22GB of hard disk storage. If you expect to only do one review annually, you might decide to stay closer to 16GB. If your organization is growing or if more frequent reviews are expected, something on the higher end of the range is ideal.

Common Ports Used

80 and 443 for IIS
1433 for SQL Server
25, 465, 587 for SMTP Relay
389 or 636 for Active Directory

Outbound: *.sycorr.com

Inbound: N/A

Software

MS SQL Server 2012 (or newer)
IIS version 8.5 (or newer)
ASP.NET version 4.5 (or newer)
Decide on the internal URL that will be used to access Permission Assist, and set up a DNS for that URL.
SSL Certificate – verify this is set up and that it matches the DNS and URL that will be used to access the system. The certificate can be issued by a third party, an internal certificate authority, or self-signed if your internal computers trust it. Permission Assist will not work without an SSL certificate.
Active Directory - ensure the Employee Properties > Organization tab includes the Job Title and Manager information (required if you plan to include supervisors in reviews)
Supported Internet Browsers:
Permission Assist is accessed through an internet browser using your regular Windows login credentials (authenticated via Active Directory). The following browsers are supported:
- Microsoft Edge (newest version)
- Google Chrome (newest version)
- Brave (newest version)

Authentication/Credentials

Prior to installation, please set up accounts for each of the following:

SQL Server Database (required): Permission Assist needs an account that can be used to write information to the Permission Assist database. This account is required for Permission Assist to work properly. During the installation, we’ll assign “db_owner” access to this account. The account can be set up as a service account (using integrated authentication) or it can use SQL authentication – it’s your choice based on your own internal best practices.
MS Active Directory (required) – Permission Assist needs a service account that can be used to import Identities from Active Directory. This account needs permission to read all user information. Most accounts will automatically be given this permission when the account is set up.

NOTE: If you are planning to use the incremental provision engine, this service account will need additional permissions to do the following:
- Create, delete, and manage user accounts
- Reset user passwords and force password change at next login
- Modify the membership of a group
SMTP Relay (optional) – If a user name and password are required to connect to the SMTP relay, set up the account you’d like Permission Assist to use. Permission Assist uses this service account to access SMTP for sending email alerts and notifications.

Frequently Asked Questions

Q	Is it possible to install the application, the service, and the database on the same server?
A	Yes; the ideal deployment process is to install each component on a separate server; however, we also understand that's not always possible. If needed, all three Permission Assist components can be installed on a single server. Often, our clients will install the web application and service components on one server and the database on another. We recommend adhering to your internal best practices when deciding how to deploy Permission Assist. NOTE: If you decide to install all components on a single server, we recommend increasing your processing speed, hard disk storage, and memory.

Is it possible to install the application, the service, and the database on the same server?

Yes; the ideal deployment process is to install each component on a separate server; however, we also understand that's not always possible. If needed, all three Permission Assist components can be installed on a single server. Often, our clients will install the web application and service components on one server and the database on another. We recommend adhering to your internal best practices when deciding how to deploy Permission Assist.

NOTE: If you decide to install all components on a single server, we recommend increasing your processing speed, hard disk storage, and memory.

Q	Do I need an SSL Certificate?
A	Yes; Permission Assist will not work without an SSL certificate. When setting up a certificate, please verify that the certificate matches the DNS and URL that will be used to access the system. The certificate can be issued by a third party or an internal certificate authority, and wild card certificates are acceptable. Although not ideal, a self-signed certificate can also be used if your internal computers trust it.

Do I need an SSL Certificate?

Yes; Permission Assist will not work without an SSL certificate. When setting up a certificate, please verify that the certificate matches the DNS and URL that will be used to access the system. The certificate can be issued by a third party or an internal certificate authority, and wild card certificates are acceptable. Although not ideal, a self-signed certificate can also be used if your internal computers trust it.