Privilege Cloud Connector internal network and machine requirements

This topic describes the internal network and machine requirements for the Privilege Cloud Connector.

These specifications are based on the entry-level industry standards, for small to mid-range servers. For other implementation sizes, requirements should be customized according to your needs.

 

CyberArk may choose not to provide maintenance and support services for Privilege Cloud with relation to any of the platforms and systems listed below that have reached their formal End-of-Life date, as published by their respective vendors from time to time. For more details, contact your CyberArk support representative.

Internal network requirements

The Connector, installed inside the customer’s network, requires access to targets within the customer’s network to enable password rotation and session isolation capabilities. To do so, the Connector requires access to the following targets:

Component

 

Manage/Access Target Devices, like servers and routers

Connector

TCP/3389 or TCP/22

Connector ports and protocols

PSM for SSH

TCP/22

 

 

If you are installing or upgrading to Privilege CloudConnector version 12.1.1, you must install Microsoft .NET Framework 4.8 on the Connector machine.

Software requirements

Privilege Cloud Connector can be installed on AWS, Microsoft Azure, and Google Cloud Platforms.

 

Network Level Access (NLA) authentication must be disabled on the server.

The following table includes the server software specifications.

Component

Specification

Operating system

Microsoft Windows

  • Management agent: Microsoft Windows 2016, 2019, and 2022

  • CPM: Microsoft Windows 2016, 2019, and 2022

  • PSM: Microsoft Windows 2016, 2019*, and 2022*

Note:

Component

Type

version

Server operating system

Microsoft Windows

Considerations:

  • 2016
  • 2019 (Standard)
  • 2022

.Framework

.NET

4.8

Windows services

Windows Remote Management with WinRMListener and PSRemoting functionality.

Required temporarily for the deployment process.

 

 

Due to RDS licensing enforcement in Windows 2019 and 2022, a per-user license is no longer supported for local users. We recommend using a per-device RDS license.

To work with a per-user license on Windows 2019 and 2022 machines, PSM application users must be moved to the domain level. See Move PSM application users to the domain level for details.

Hardware requirements

The Privilege Cloud Connector and its various components are most often installed on the same host machine. In other cases, such as multiple PSM instances or CPM DR solutions, the specific components are installed on separate machines.

This section presents the hardware requirements for these scenarios, considering that Secure Tunnel can be added to each of these scenarios with no additional hardware requirements.

Privilege Cloud Connector includes

See hardware requirements

Both PSM and CPM components

PSM (the most demanding component)

PSM only

PSM

CPM only

CPM

Connector PSM hardware requirements

The following table presents the HW specifications for Privilege CloudConnector with PSM component.

 

Connector CPM hardware requirements

The following table presents the specifications for Privilege Cloud Connector with CPM component - physical and virtual server requirements.

Virtual machine installation settings

If you are deploying the Privilege Cloud Connector on a virtual machine, we recommend you do the following to ensure optimal performance:

  • In VMware based environments, install VMware Tools on every Connector VM.
  • Determine the amount of processing power used by installing VMware Tools and examining the PerfMon counter called [VM Processor ->Effective VM Speed in MHz].
  • Make sure that enough memory is allocated for the Connector VM at any given time.
  • use the latest version of the VM.
  • For VMware-based environments, version 5.5 and above, make sure hyper-threading is enabled in the BIOS for processors that support it.
  • Set a fixed amount of processing power reservation (MHz reservation) on the VM. You can examine the amount of expected processing power that will be used daily by Connector in your environment and reserve processing power accordingly.

AWS requirements

Small
(1-5 concurrent RDP/SSH sessions)

Mid-Range
(6-30 concurrent RDP/SSH sessions)

Large
(31-60 concurrent RDP/SSH sessions)

  • C4.2xlarge

  • 80GB storage

  • C4.4xlarge

  • 80GB storage

  • C4.8xlarge

  • 80GB storage

Azure requirements

Small
(1-5 concurrent RDP/SSH sessions)

Mid-Range
(6-30 concurrent RDP/SSH sessions)

Large
(31-60 concurrent RDP/SSH sessions)

  • Standard_F8s_v2

  • 80GB storage

  • Standard_F16s_v2

  • 80GB storage

  • Standard_F32s_v2

  • 80GB storage

Concurrent session support

 

The maximum concurrency is lower (up to 40%) when installing the PSM server on a virtual machine.

  • Up to 100 concurrent sessions per Connector server are supported.
  • The concurrent sessions ranges are based on the RDP and SSH connections performance measurements.
  • Running resource-intensive applications like Toad, vSphere Client and so on, on the Connector server will result in lower concurrency.
  • The concurrent session’s ranges assume Connector is running on a dedicated server.
  • The concurrent session’s ranges are based on performance measurements while video recording user’s activities in HD resolution (one screen). Video recording resolution is affected by the desktop resolution of the client machine from which the connection was made. This means that performing connections from client machines with more than one HD screen, or with a higher resolution screen, will result in lower concurrency.

Chrome concurrent sessions

 
  • When adding concurrent sessions per user, make sure to increase the default timeout per session accordingly.

  • When increasing the number of Chrome sessions, regardless of PSM usage, make sure to follow best practices regarding machine CPU and server capabilities.

Small implementation

Mid-range implementation

Large implementation

Maximum number of Chrome sessions per user - 15 concurrent connections

Maximum number of Chrome sessions per user - 50 concurrent connections

Maximum number of Chrome sessions per user - 100 concurrent connections

Maximum total number of Chrome sessions per PSM server - 15 concurrent connections

Maximum total number of Chrome sessions per PSM server - 50 concurrent connections

Maximum total number of Chrome sessions per PSM server - 100 concurrent connections

Microsoft Edge concurrent sessions

 
  • When adding concurrent sessions per user, make sure to increase the default timeout per session accordingly.

  • When increasing the number of Microsoft Edge sessions, regardless of PSM usage, make sure to follow best practices regarding machine CPU and server capabilities.

Small implementation

Mid-range implementation

Large implementation

Maximum number of Microsoft Edge sessions per user - 13 concurrent connections

Maximum number of Microsoft Edge sessions per user - 45 concurrent connections

Maximum number of Microsoft Edge sessions per user - 100 concurrent connections

Maximum total number of Microsoft Edge sessions per PSM server - 15 concurrent connections

Maximum total number of Microsoft Edge sessions per PSM server - 45 concurrent connections

Maximum total number of Microsoft Edge sessions per PSM server - 100 concurrent connections