Database requirements

What's covered

Supported Microsoft SQL Server Versions

Recommended SQL Server Hardware

Supported SQL Server Configurations

Create the Thycotic Management Server Database Manually

Supported Microsoft SQL Server versions

Note

Microsoft SQL Server Express edition can be used in test environments, however its use in production is not supported.

Recommended SQL Server hardware

back to top

The following tables list the TMS database server requirements per solution.

Important

The following figures represent the minimum amounts of disk space required. Policy settings dictate how much space is required and once in production the requirement could be doubled or tripled. For example, if password randomization occurs daily, then the requirement would increase because of the need to store more historical passwords in the database.

Local Security Solution

Managed EndpointsRAMCPUDisk space required
< 20,00016 GB4 cores at 2.30 Ghz30 GB
20,000 - 40,00032 GB4 cores at 2.60 Ghz 50 GB
40,000 - 80,00048 GB6 cores at 2.30 Ghz90 GB
80,000 - 120,000+64 GB8 cores at 2.30 Ghz130 GB or greater

Application Control Solution

Managed EndpointsRAMCPUDisk space required
< 20,00016 GB4 cores at 2.30 Ghz40 GB
20,000 - 40,00032 GB4 cores at 2.60 Ghz40 - 80 GB
40,000 - 80,00048 GB6 cores at 2.30 Ghz80 - 170 GB
80,000 - 120,000+64 GB8 cores at 2.30 Ghz170 - 250 GB or greater

Security Analysis Solution

Managed EndpointsRAMCPUDisk space required
< 20,00016 GB4 cores at 2.30 Ghz50 GB
20,000 - 40,00032 GB6 cores at 2.60 Ghz90 GB
40,000 - 80,00048 GB8 cores at 2.30 Ghz170 GB
80,000 - 120,000+64 GB12 cores at 2.30 Ghz> 250 GB

Supported SQL Server configurations

back to top

  • Either default or named instance is supported
     
  • SQL instance can be running locally or on a remote server/cluster
     
  • Standard Edition or greater is supported, but use Enterprise Edition for High Availability scenarios
     
  • Mixed mode authentication is recommended because TMS uses a SQL login for database authentication
     
  • If mixed mode is not available, then grant the TMS machine account access to the SQL database

Note

Local and remote (off-box) instances of SQL Server are supported, but off-box is recommended in production environments.

Create the Thycotic Management Server database manually

back to top

In some circumstances you might need to manually create the TMS database before you install the TMS. A good example of this requirement is when your SQL Server infrastructure is managed by a separate team, and you do not have the required access to create a new database. In this case you will need to supply a SQL script to whoever has the required system administrator access so that they can create the Thycotic Management Server database and associated login.

To address this requirement we have provided the CreateAmsDatabase.sql script. The list of steps the script performs are as follows:

  • Create ArelliaAms database in the default location

    • Using a physical file that is 256 MB in size and set to grow in 256 MB increments
       
    • Using a log file that is 64 MB in size and set to grow in 64 MB increments
       
  • If a machine account is necessary for environments where SQL only supports Windows Authentication this will be created
     
  • Otherwise a SQL login will be created (name configurable) 

    • This login will use a random password if no password is configured
       
  • The relevant account will then be added to the db_owner role for the database

You can configure the database account name, database account type and password by changing the relevant values at the start of the script, as shown in the following code excerpt:

Excerpt of CreateAmsDatabase.sql script
-- SQL login to be used
DECLARE @dbUsername SYSNAME = 'tms'
 
-- SQL login password to use, keep this blank to generate a random password
DECLARE @dbPassword NVARCHAR(256) = ''
 
/* ================================================================================= **
** If you wish to use Windows authentication instead of SQL authentication then set  **
** @dbMachineAccount to the name of the machine account where TMS is hosted          **
**                                                                                   **
** Example:                                                                          **
** DECLARE @dbMachineAccount SYSNAME = 'DOMAIN\ComputerName$'                        **
** ================================================================================= **
** Note that the machine account should only be used when the SQL server is remote.  **
** If you want to use Windows authentication for a local SQL instance you need to    **
** specify the Ams and AmsWorker Application Pool identities                         **
**                                                                                   **
** Example:                                                                          **
** DECLARE @dbMachineAccount NVARCHAR(MAX) = 'IIS APPPOOL\Ams;IIS APPPOOL\AmsWorker' **
** ================================================================================= */
DECLARE @dbMachineAccount NVARCHAR(256) = '' 

 

Â