System requirements

CyberArk PAM products

Digital Vault, PVWA, PSM
Version: v10.3 or higher
Recommended: Latest version of PAM

PSM HTML5 gateway

The PSM HTML5 gateway can be installed on a separate machine before or during Remote Access connector setup. For more details, see Install the HTML5 Gateway for PSM (side-by-side).

  • For installations before Remote Access setup - Red Hat Enterprise Linux 7.9 8.4, 8.5, 8.6, 8.7, 8.8, or 8.9

  • For installations during connector setup - Ubuntu 18.04, 20.04, 22.04 or Red Hat Enterprise Linux 7.9, 8.4, 8.5, 8.6 or 8.7, 8.8, or 8.9

  • For installations on Red Hat 7.x, you need to use a docker engine

  • For installations on Red Hat 8.x, you need to use a podman engine

For more details, see Install the HTML5 Gateway for PSM (side-by-side).

Remote Access connector

  • Ubuntu 18.04, 20.04, 22.04 Server/Desktop or Red Hat Enterprise Linux 7.9, 8.4 8.5, 8.6, 8.7, 8.8 or 8.9

Open the connector VM for outbound web access connectivity over HTTPS/443 and SSH/443 (required URLs are listed in Web connectivity requirements below)


A Red Hat Enterprise Linux license is required if using a Red Hat Enterprise Linux machine.

Mobile devices

  • Users require iOS or Android devices with an active phone number that has not been jailbroken (iOS) or rooted (android). (Some unique phone number formats, such as M2M numbers, are not supported).


    The process of jailbreaking (ios) or rooting (android) a mobile device often disables some of the built-in security features of the operating system, and those security features are part of what keeps the operating system safe and your data secure from exposure or corruption. Anything that reduces the internal controls in the Android or iOS operating system represents a higher risk and will be prevented from using CyberArk Mobile app.

  • iOS minimum version: 13.x

  • Android minimum version: 10.x, with biometric security feature and Google Services Framework


    On Android devices that support both facial and fingerprint capability, it is required to have at least the fingerprinting option enabled.

Remote Access portal supported browsers

  • For users and vendors - Internet Explorer 11, Chrome (versions released in the last six months), Microsoft Edge (versions released in the last six months) and Firefox (versions released in the last six months).

  • For administrators - Chrome (versions released in the last six months).

Remote Access connector

Web connectivity requirements

Connector installation and upgrade

Outbound web connectivity over HTTP/80 , HTTPS/443, and SSH/443 or SSH/22

It is recommended to open outbound connectivity in case any Linux dependencies are needed. After installation/upgrade, only the Remote Access URLs are needed.


We have added a list of specific URLs that are required for Snap and Docker/Podman prerequisites. However, these are not in CyberArk's control and may change.

Standard connector functionality

Access to the following Remote Access SaaS URLs/IP addresses*

* CyberArk recommends using fully qualified domain names to set firewall rules.

Hardware specifications

The following requirements are based on deployments that use a dedicated machine for the Remote Access connector. If the PSM HTML5 Gateway container runs on the same host, refer to Install the HTML5 Gateway for PSM (side-by-side) for the HTML5 Gateway for PSM.

Small + mid-range implementations
(up to 400 concurrent sessions)

Mid-range + large implementations
(up to 800 concurrent sessions)

Very large implementations
(up to 1600 concurrent sessions)

  • 2 core processors (Intel compatible)
  • 4 GB RAM
  • 15 GB disk space
  • 4 core processors (Intel compatible)
  • 8 GB RAM
  • 15 GB disk space
  • 8 core processors (Intel compatible)
  • 16 GB RAM
  • 15 GB disk space

The CPU of the connector machine requires SSE 4.2 support. This can be checked by running the following command:

Check /proc/cpuinfo


The numbers above are estimated according to testing that simulate connections to RDP targets. The overall performance and concurrency can be effected by the volume of activity in the sessions themselves, the type of target session (Linux SSH, RDP, Web site, or others), and other factors.


To use Copy files functionality, the host machine must have enough free disk space to hold the files that are transferred to the target for the duration of the session.