Hardware and Software Requirements

 

Hardware Requirements

Hardware requirements vary significantly across various different environments. To make things easier, we’ve created the following estimates based on the number of Identities you’ll have within Permission Assist. (Identities roughly equate to employees, service accounts and vendor accounts.

NOTE: Refer to the hardware requirements for your version of Windows Server. If those requirements exceed these, those must take precedence.

Number of Identities

Estimated Recommendations

0 - 500

  • Processor - 4 core required

  • Hard disk storage – 10G minimum; 13G recommended**

  • RAM – 8G minimum
    NOTE: Without at least 8G, PDF reports needed for audits may not build properly.

500 - 1500

  • Processor - 4 core minimum; 8 core recommended

  • Hard disk storage – 10G minimum; 40G recommended**

  • RAM - 8G minimum; 16G recommended

1500 - 3000

  • Processor - 8 core minimum

  • Hard disk storage - 20G minimum; 50G recommended**

  • RAM - 16G minimum

** Minimum and recommended values for hard disk storage are calculated ranges based on estimates. Your specific requirements may vary based on the number of Identities you’ll be managing, the number of reviews you plan to do each year, and the number of applications you plan to review. To determine a more precise recommendation specific to your financial institution, use the Hard Disk Storage Matrix below.

 

Hard Disk Storage Matrix (Slightly More Precise)

To find a recommendation more specific to your financial institution, identify the number of applications you expect to review within Permission Assist on the left and line that up with the number of Identities you expect to have on the right. The lower end of each range is based on one review per year, and the upper end is based on 12 reviews per year.

 

Number of Identities

500

1500

1000

 

Number
of applications

 

25

10-15GB

16-29GB

28-57GB

50

12-16GB

22-34GB

42-70GB

100

16-20GB

33-46GB

67-90GB

 

For example, if you plan to review about 50 applications and you have 600 Identities, the estimated range falls somewhere between 16-22GB of hard disk storage. If you expect to only do one review annually, you might decide to stay closer to 16GB. If your organization is growing or if more frequent reviews are expected, something on the higher end of the range is ideal.

 

Common Ports Used

  • 80 and 443 for IIS

  • 1433 for SQL Server

  • 25, 465, 587 for SMTP Relay

  • 389 or 636 for Active Directory

Outbound: *.sycorr.com

Inbound: N/A

 

Software

  • MS SQL Server 2012 (or newer)

  • IIS version 8.5 (or newer)

  • ASP.NET version 4.5 (or newer)

  • Decide on the internal URL that will be used to access Permission Assist, and set up a DNS for that URL.

  • SSL Certificate – verify this is set up and that it matches the DNS and URL that will be used to access the system. The certificate can be issued by a third party, an internal certificate authority, or self-signed if your internal computers trust it. Permission Assist will not work without an SSL certificate.

  • Active Directory - ensure the Employee Properties > Organization tab includes the Job Title and Manager information (required if you plan to include supervisors in reviews)

  • Supported Internet Browsers:
    Permission Assist is accessed through an internet browser using your regular Windows login credentials (authenticated via Active Directory). The following browsers are supported:

    • Microsoft Edge (newest version)

    • Google Chrome (newest version)

    • Brave (newest version)

 

Authentication/Credentials

Prior to installation, please set up accounts for each of the following:

  • SQL Server Database (required): Permission Assist needs an account that can be used to write information to the Permission Assist database. This account is required for Permission Assist to work properly. During the installation, we’ll assign “db_owner” access to this account. The account can be set up as a service account (using integrated authentication) or it can use SQL authentication – it’s your choice based on your own internal best practices.

  • MS Active Directory (required) – Permission Assist needs a service account that can be used to import Identities from Active Directory. This account needs permission to read all user information. Most accounts will automatically be given this permission when the account is set up.

    NOTE: If you are planning to use the incremental provision engine, this service account will need additional permissions to do the following:

    • Create, delete, and manage user accounts

    • Reset user passwords and force password change at next login

    • Modify the membership of a group

  • SMTP Relay (optional) – If a user name and password are required to connect to the SMTP relay, set up the account you’d like Permission Assist to use. Permission Assist uses this service account to access SMTP for sending email alerts and notifications.

 

Frequently Asked Questions

Q

Is it possible to install the application, the service, and the database on the same server?

A

Yes; the ideal deployment process is to install each component on a separate server; however, we also understand that's not always possible. If needed, all three Permission Assist components can be installed on a single server. Often, our clients will install the web application and service components on one server and the database on another. We recommend adhering to your internal best practices when deciding how to deploy Permission Assist.

NOTE: If you decide to install all components on a single server, we recommend increasing your processing speed, hard disk storage, and memory.

 

Q

Do I need an SSL Certificate?

A

Yes; Permission Assist will not work without an SSL certificate. When setting up a certificate, please verify that the certificate matches the DNS and URL that will be used to access the system. The certificate can be issued by a third party or an internal certificate authority, and wild card certificates are acceptable. Although not ideal, a self-signed certificate can also be used if your internal computers trust it.