Skip to content

Hardware and software requirements

Hardware requirements

Hardware requirements vary significantly across different environments. To make things easier, we've created the following estimates based on the number of Identities you'll have within Permission Assist. (Identities roughly equate to employees, service accounts and vendor accounts.)

Note

  • Refer to the hardware requirements for Windows Server 2022 (or newer). If those requirements exceed these, those must take precedence
  • Minimum and recommended values for hard disk storage are calculated ranges based on estimates. Your specific requirements may vary based on the number of identities you have, the number of applications you have, how often you're importing, the number of reviews you plan to do each year, and the number of access models you have set up. In general, if your application is running slow, we recommend increasing processing cores and increasing RAM on your application server. If your application imports are taking a long time to write to the database, we recommend increasing processing cores, RAM, and/or hard disk space on the database server
Number of Identities Estimated Recommendations
0 - 500 Processor - 4 core required · Hard disk storage - 10G minimum; 13G recommended** · RAM - 8G minimum. NOTE: Without at least 8G, PDF reports needed for audits may not build properly.
500 - 1500 Processor - 4 core minimum; 8 core recommended · Hard disk storage - 10G minimum; 40G recommended** · RAM - 8G minimum; 16G recommended
1500 - 3000 Processor - 8 core minimum · Hard disk storage - 20G minimum; 50G recommended** · RAM - 16G minimum; 32G recommended

** To determine a more precise recommendation for hard disk storage that is specific to your financial institution, use the Hard Disk Storage Matrix below.

Hard disk storage matrix (slightly more precise)

To find a recommendation more specific to your financial institution, identify the number of applications you expect to review within Permission Assist on the left and line that up with the number of Identities you expect to have on the right. The lower end of each range is based on one review per year, and the upper end is based on 12 reviews per year.

Number of Identities
Number of applications 500 1500 3500
25 10-15GB 16-29GB 28-57GB
50 12-16GB 22-34GB 42-70GB
100 16-20GB 33-46GB 67-90GB

For example, if you plan to review about 50 applications and you have 600 Identities, the estimated range falls somewhere between 16-22GB of hard disk storage. If you expect to only do one review annually, you might decide to stay closer to 16GB. If your organization is growing or if more frequent reviews are expected, something on the higher end of the range is ideal.

Common ports used

  • 80 and 443 for IIS
  • 1433 for SQL Server
  • 587 for SMTP Relay
  • 389 or 636 for Active Directory

Required domains

Outbound: *.sycorr.com and *.continuous.com

Note

The Permission Assist web application server must be able to connect to *.sycorr.com for Permission Assist updates and connector updates to work properly. It must also be able to connect to *.continuous.com for email notifications to be sent from Permission Assist.

Inbound: N/A

Software

  • Windows Server 2022 (or newer) - installed on the application server
  • MS SQL Server 2012 (or newer) - installed on the SQL server
  • IIS version 8.5 (or newer) - installed on the application server
  • ASP.NET framework version 4.8.1 (or newer) - installed on the application server
  • Decide on the internal URL that will be used to access Permission Assist, and set up a DNS for that URL
  • SSL Certificate - verify this is set up and that it matches the DNS and URL that will be used to access the system. The certificate can be issued by a third party, an internal certificate authority, or self-signed if your internal computers trust it. Permission Assist will not work without an SSL certificate
  • Active Directory:
    • Ensure the Employee Properties > Organization tab includes the Job Title and Manager (required if you plan to include supervisors in reviews)
    • Confirm that organization information (such as office, department, division, and company) is completed. This information is also required if you plan to include defined managers in reviews or if you are using Operations
  • Supported Internet Browsers: Permission Assist is accessed through an internet browser using your regular Windows login credentials (authenticated via Active Directory). The following browsers are supported:
    • Microsoft Edge (newest version)
    • Google Chrome (newest version)
    • Brave (newest version)

Authentication / credentials

Before installation, set up accounts for each of the following:

  • SQL Server Database (required): Permission Assist needs an account that can be used to write information to the database. This account is required for Permission Assist to work properly

    Note

    • The account can be set up as either a service account (using integrated authentication) or a SQL account (using SQL authentication)
    • This account will need db_owner access for the PermissionAssist database
    • If you create a service account - the service account will also be used on the service, so it will also need to have both "Log on as batch" and "Log on as service" rights on the application server

  • MS Active Directory (required) - Permission Assist needs a service account that can be used to import Identities from Active Directory. This account needs permission to read all user information. Most accounts will automatically be given this permission when the account is set up

    Note

    If you are planning to use the incremental provision engine, this service account will need additional permissions to do the following:

    • Create, delete, and manage user accounts
    • Reset user passwords and force password change at next login
    • Modify the membership of a group

Frequently asked questions

Is it possible to install the application, the service, and the database on the same server?

Yes; the ideal deployment process is to install each component on a separate server; however, we also understand that's not always possible. If needed, all three Permission Assist components can be installed on a single server. Often, customers will install the web application and service components on one server and the database on another. We recommend adhering to your internal best practices when deciding how to deploy Permission Assist.

Note: If you decide to install all components on a single server, we recommend increasing your processing speed, hard disk storage, and memory.

Can the database be installed on an existing SQL Server?

Yes, the database can be installed on an existing SQL server. In these cases, we often suggest increasing the hardware and software specifications of the server. Use best practices to avoid potential issues such as performance impact, resource contention, maintenance and update conflicts, and so on.

Do I need an SSL certificate?

Yes; Permission Assist will not work without an SSL certificate. When setting up a certificate, verify that the certificate matches the DNS and URL that will be used to access the system. The certificate can be issued by a third party or an internal certificate authority, and wild card certificates are acceptable. Although not ideal, a self-signed certificate can also be used if your internal computers trust it.