Privilege Cloud Connector internal network and machine requirements

This topic describes the internal network and machine requirements for the Privilege Cloud Connector.

These specifications are based on the entry-level industry standards, for small to mid-range servers. For other implementation sizes, requirements should be customized according to your needs.

CyberArk may choose not to provide maintenance and support services for Privilege Cloud with relation to any of the platforms and systems listed below that have reached their formal End-of-Life date, as published by their respective vendors from time to time. For more details, contact your CyberArk support representative.

Internal network requirements

The Connector, installed inside the customer’s network, requires access to targets within the customer’s network to enable password rotation and session isolation capabilities. To do so, the Connector requires access to the following targets:

Component	Manage/Access Target Devices, like servers and routers
Connector	TCP/3389 or TCP/22 Connector ports and protocols
PSM for SSH	TCP/22

Component

Manage/Access Target Devices, like servers and routers

Connector

TCP/3389 or TCP/22

Connector ports and protocols

PSM for SSH

TCP/22

If you are installing or upgrading to Privilege CloudConnector version 12.1.1, you must install Microsoft .NET Framework 4.8 on the Connector machine.

Software requirements

Privilege Cloud Connector can be installed on AWS, Microsoft Azure, and Google Cloud Platforms.

Network Level Access (NLA) authentication must be disabled on the server.

The following table includes the server software specifications.

Component	Specification
Operating system	Microsoft Windows Management agent: Microsoft Windows 2016, 2019, and 2022 CPM: Microsoft Windows 2016, 2019, and 2022 PSM: Microsoft Windows 2016, 2019, and 2022 Note: * When installing PSM on MS Windows 2019 and 2022, you will need PSMConnect and PSMAdminConnector domain users. The machine on which the Secure Tunnel is installed must have an English language operating system. Japanese operating systems are supported.

Component

Specification

Operating system

Microsoft Windows

Management agent: Microsoft Windows 2016, 2019, and 2022

CPM: Microsoft Windows 2016, 2019, and 2022
PSM: Microsoft Windows 2016, 2019*, and 2022*

Note:

* When installing PSM on MS Windows 2019 and 2022, you will need PSMConnect and PSMAdminConnector domain users.
The machine on which the Secure Tunnel is installed must have an English language operating system.
Japanese operating systems are supported.

Component	Type	version
Server operating system	Microsoft Windows Considerations: When installing PSM on MS Windows 2019, after installation, you will need to apply Move PSM application users to the domain level. The Connector machine on which the Secure Tunnel is installed must have an English language operating system. For details on Secure Tunnel, see Deploy Secure Tunnel.	2016 2019 (Standard) 2022
.Framework	.NET	4.8
Windows services	Windows Remote Management with WinRMListener and PSRemoting functionality. Required temporarily for the deployment process.

Component

Type

version

Server operating system

Microsoft Windows

Considerations:

When installing PSM on MS Windows 2019, after installation, you will need to apply Move PSM application users to the domain level.
The Connector machine on which the Secure Tunnel is installed must have an English language operating system. For details on Secure Tunnel, see Deploy Secure Tunnel.

2016
2019 (Standard)

2022

.Framework

.NET

4.8

Windows services

Windows Remote Management with WinRMListener and PSRemoting functionality.

Required temporarily for the deployment process.

Due to RDS licensing enforcement in Windows 2019 and 2022, a per-user license is no longer supported for local users. We recommend using a per-device RDS license.

To work with a per-user license on Windows 2019 and 2022 machines, PSM application users must be moved to the domain level. See Move PSM application users to the domain level for details.

Hardware requirements

The following section includes the specifications for the physical and virtual servers.

Small implementation (1-10 concurrent RDP/SSH sessions)	Mid-range implementation (11-50 concurrent RDP/SSH sessions)	Large implementation (51-100 concurrent RDP/SSH sessions)
8 core processor (Intel compatible) 8GB RAM Network adapter (1Gb) 80GB storage	16 core processors (Intel compatible) 16GB RAM Network adapter (1Gb) 80GB storage	32 core processors (Intel compatible 2.1 GHz - 2.6 GHz) 32GB RAM Network adapter (1Gb) 250GB storage

Installing the Connector server on a virtual machine requires allocating virtual hardware resources that are equivalent to the physical hardware specifications. For details, refer to Virtual machine installation settings .

Virtual machine installation settings

If you are deploying the Privilege Cloud Connector on a virtual machine, we recommend you do the following to ensure optimal performance:

In VMware based environments, install VMware Tools on every Connector VM.
Determine the amount of processing power used by installing VMware Tools and examining the PerfMon counter called [VM Processor ->Effective VM Speed in MHz].
Make sure that enough memory is allocated for the Connector VM at any given time.
use the latest version of the VM.
For VMware-based environments, version 5.5 and above, make sure hyper-threading is enabled in the BIOS for processors that support it.
Set a fixed amount of processing power reservation (MHz reservation) on the VM. You can examine the amount of expected processing power that will be used daily by Connector in your environment and reserve processing power accordingly.

AWS requirements

Small (1-5 concurrent RDP/SSH sessions)	Mid-Range (6-30 concurrent RDP/SSH sessions)	Large (31-60 concurrent RDP/SSH sessions)
C4.2xlarge 80GB storage	C4.4xlarge 80GB storage	C4.8xlarge 80GB storage

Small
(1-5 concurrent RDP/SSH sessions)

Mid-Range
(6-30 concurrent RDP/SSH sessions)

Large
(31-60 concurrent RDP/SSH sessions)

C4.2xlarge
80GB storage

C4.4xlarge
80GB storage

C4.8xlarge

80GB storage

Azure requirements

Small (1-5 concurrent RDP/SSH sessions)	Mid-Range (6-30 concurrent RDP/SSH sessions)	Large (31-60 concurrent RDP/SSH sessions)
Standard_F8s_v2 80GB storage	Standard_F16s_v2 80GB storage	Standard_F32s_v2 80GB storage

Concurrent session support

The maximum concurrency is lower (up to 40%) when installing the PSM server on a virtual machine.

Up to 100 concurrent sessions per Connector server are supported.
The concurrent sessions ranges are based on the RDP and SSH connections performance measurements.
Running resource-intensive applications like Toad, vSphere Client and so on, on the Connector server will result in lower concurrency.
The concurrent session’s ranges assume Connector is running on a dedicated server.
The concurrent session’s ranges are based on performance measurements while video recording user’s activities in HD resolution (one screen). Video recording resolution is affected by the desktop resolution of the client machine from which the connection was made. This means that performing connections from client machines with more than one HD screen, or with a higher resolution screen, will result in lower concurrency.

Chrome concurrent sessions

When adding concurrent sessions per user, make sure to increase the default timeout per session accordingly.
When increasing the number of Chrome sessions, regardless of PSM usage, make sure to follow best practices regarding machine CPU and server capabilities.

Small implementation	Mid-range implementation	Large implementation
Maximum number of Chrome sessions per user - 15 concurrent connections	Maximum number of Chrome sessions per user - 50 concurrent connections	Maximum number of Chrome sessions per user - 100 concurrent connections
Maximum total number of Chrome sessions per PSM server - 15 concurrent connections	Maximum total number of Chrome sessions per PSM server - 50 concurrent connections	Maximum total number of Chrome sessions per PSM server - 100 concurrent connections

Microsoft Edge concurrent sessions

When adding concurrent sessions per user, make sure to increase the default timeout per session accordingly.
When increasing the number of Microsoft Edge sessions, regardless of PSM usage, make sure to follow best practices regarding machine CPU and server capabilities.

Small implementation	Mid-range implementation	Large implementation
Maximum number of Microsoft Edge sessions per user - 13 concurrent connections	Maximum number of Microsoft Edge sessions per user - 45 concurrent connections	Maximum number of Microsoft Edge sessions per user - 100 concurrent connections
Maximum total number of Microsoft Edge sessions per PSM server - 15 concurrent connections	Maximum total number of Microsoft Edge sessions per PSM server - 45 concurrent connections	Maximum total number of Microsoft Edge sessions per PSM server - 100 concurrent connections

Privilege Cloud architecture