System requirements

CyberArk PAM products

Digital Vault, PVWA, PSM
Version: v10.3 or higher
Recommended: Latest version of PAM

PSM HTML5 gateway

The PSM HTML5 gateway can be installed on a separate machine before or during Remote Access connector setup. For more details, see Install the HTML5 Gateway for PSM (side-by-side).

For installations before Remote Access setup - Red Hat Enterprise Linux 7.9 8.4, 8.5, 8.6, 8.7, 8.8, or 8.9
For installations during connector setup - Ubuntu 18.04, 20.04, 22.04 or Red Hat Enterprise Linux 7.9, 8.4, 8.5, 8.6 or 8.7, 8.8, or 8.9
For installations on Red Hat 7.x, you need to use a docker engine
For installations on Red Hat 8.x, you need to use a podman engine

For more details, see Install the HTML5 Gateway for PSM (side-by-side).

Remote Access connector

Ubuntu 18.04, 20.04, 22.04 Server/Desktop or Red Hat Enterprise Linux 7.9, 8.4 8.5, 8.6, 8.7, 8.8 or 8.9

Open the connector VM for outbound web access connectivity over HTTPS/443 and SSH/443 (required URLs are listed in Web connectivity requirements below)

A Red Hat Enterprise Linux license is required if using a Red Hat Enterprise Linux machine.

Mobile devices

Users require iOS or Android devices with an active phone number that has not been jailbroken (iOS) or rooted (android). (Some unique phone number formats, such as M2M numbers, are not supported).

The process of jailbreaking (ios) or rooting (android) a mobile device often disables some of the built-in security features of the operating system, and those security features are part of what keeps the operating system safe and your data secure from exposure or corruption. Anything that reduces the internal controls in the Android or iOS operating system represents a higher risk and will be prevented from using CyberArk Mobile app.

iOS minimum version: 13.x

Android minimum version: 10.x, with biometric security feature and Google Services Framework

On Android devices that support both facial and fingerprint capability, it is required to have at least the fingerprinting option enabled.

Remote Access portal supported browsers

For users and vendors - Internet Explorer 11, Chrome (versions released in the last six months), Microsoft Edge (versions released in the last six months) and Firefox (versions released in the last six months).
For administrators - Chrome (versions released in the last six months).

Remote Access connector

Web connectivity requirements

Connector installation and upgrade

Outbound web connectivity over HTTP/80 , HTTPS/443, and SSH/443 or SSH/22

It is recommended to open outbound connectivity in case any Linux dependencies are needed. After installation/upgrade, only the Remote Access URLs are needed.

We have added a list of specific URLs that are required for Snap and Docker/Podman prerequisites. However, these are not in CyberArk's control and may change.

Standard connector functionality

Access to the following Remote Access SaaS URLs/IP addresses*

Data center in the US

URL	IP address	Protocol
https://connectors.alero.io	13.248.220.246 and 99.83.167.249	Outbound HTTPS/443
https://auth.alero.io	13.248.220.246 and 99.83.167.249	Outbound HTTPS/443
https://tunnel.alero.io	75.2.110.198 and 99.83.132.235	Outbound SSH/443 or SSH/22

Data center in Europe

URL	IP address	Protocol
https://connectors.alero.eu	75.2.41.255 and 99.83.232.214	Outbound HTTPS/443
https://auth.alero.eu	75.2.41.255 and 99.83.232.214	Outbound HTTPS/443
https://tunnel.alero.eu	75.2.1.219 and 99.83.255.204	Outbound SSH/443 or SSH/22

Data center in Canada

URL	IP address	Protocol
https://connectors.ca.alero.io	75.2.114.195 and 99.83.142.219	Outbound HTTPS/443
https://auth.ca.alero.io	75.2.114.195 and 99.83.142.219	Outbound HTTPS/443
https://tunnel.ca.alero.io	75.2.6.219 and 99.83.164.248	Outbound SSH/443 or SSH/22

Data center in Australia

URL	IP address	Protocol
https://connectors.au.alero.io	75.2.94.245 and 99.83.148.250	Outbound HTTPS/443
https://auth.au.alero.io	75.2.94.245 and 99.83.148.250	Outbound HTTPS/443
https://tunnel.au.alero.io	75.2.40.215 and 99.83.212.207	Outbound SSH/443 or SSH/22

Data center in London

URL	IP address	Protocol
https://connectors.uk.alero.io	15.197.191.227 and 3.33.233.216	Outbound HTTPS/443
https://auth.uk.alero.io	3.33.233.216 and 15.197.191.227	Outbound HTTPS/443
https://tunnel.uk.alero.io	35.71.182.242 and 52.223.54.213	Outbound SSH/443 or SSH/22

Data center in India

URL	IP address	Protocol
https://connectors.in.alero.io	99.83.206.224 and 75.2.16.22	Outbound HTTPS/443
https://auth.in.alero.io	75.2.16.225 and 99.83.206.224	Outbound HTTPS/443
https://tunnel.in.alero.io	99.83.158.251 and 75.2.99.228	Outbound SSH/443 or SSH/22

Data center in Singapore

URL	IP address	Protocol
https://connectors.sg.alero.io	52.223.27.253 and 35.71.177.224	Outbound HTTPS/443
https://auth.sg.alero.io	52.223.27.253 and 35.71.177.224	Outbound HTTPS/443
https://tunnel.sg.alero.io	76.223.75.255 and 13.248.220.192	Outbound SSH/443 or SSH/22

* CyberArk recommends using fully qualified domain names to set firewall rules.

Hardware specifications

The following requirements are based on deployments that use a dedicated machine for the Remote Access connector. If the PSM HTML5 Gateway container runs on the same host, refer to Install the HTML5 Gateway for PSM (side-by-side) for the HTML5 Gateway for PSM.

Small + mid-range implementations (up to 400 concurrent sessions)	Mid-range + large implementations (up to 800 concurrent sessions)	Very large implementations (up to 1600 concurrent sessions)
2 core processors (Intel compatible) 4 GB RAM 15 GB disk space	4 core processors (Intel compatible) 8 GB RAM 15 GB disk space	8 core processors (Intel compatible) 16 GB RAM 15 GB disk space
The CPU of the connector machine requires SSE 4.2 support. This can be checked by running the following command: `Check /proc/cpuinfo`

The numbers above are estimated according to testing that simulate connections to RDP targets. The overall performance and concurrency can be effected by the volume of activity in the sessions themselves, the type of target session (Linux SSH, RDP, Web site, or others), and other factors.

To use Copy files functionality, the host machine must have enough free disk space to hold the files that are transferred to the target for the duration of the session.