Database requirements
What's covered
Supported Microsoft SQL Server Versions
Recommended SQL Server Hardware
Supported SQL Server Configurations
Create the Thycotic Management Server Database Manually
Supported Microsoft SQL Server versions
- Microsoft SQL Server 2008 - SP3 and above
- Microsoft SQL Server 2008 R2 - SP2 and above
- Microsoft SQL Server 2012 - SP1 CU4 and above
- Cumulative update package 4 for SQL Server 2012 SP1 addresses an issue that can prevent the Thycotic Management Server (TMS) install from completing successfully.
- FIX: Error 1222 when you use Service Broker in SQL Server 2012 contains more information about the specific issue.
- Cumulative update package 4 for SQL Server 2012 SP1 addresses an issue that can prevent the Thycotic Management Server (TMS) install from completing successfully.
- Microsoft SQL Server 2014 RTM
Note
Microsoft SQL Server Express edition can be used in test environments, however its use in production is not supported.
Recommended SQL Server hardware
The following tables list the TMS database server requirements per solution.
Important
The following figures represent the minimum amounts of disk space required. Policy settings dictate how much space is required and once in production the requirement could be doubled or tripled. For example, if password randomization occurs daily, then the requirement would increase because of the need to store more historical passwords in the database.
Local Security Solution
| Managed Endpoints | RAM | CPU | Disk space required |
|---|---|---|---|
| < 20,000 | 16 GB | 4 cores at 2.30 Ghz | 30 GB |
| 20,000 - 40,000 | 32 GB | 4 cores at 2.60 Ghz | 50 GB |
| 40,000 - 80,000 | 48 GB | 6 cores at 2.30 Ghz | 90 GB |
| 80,000 - 120,000+ | 64 GB | 8 cores at 2.30 Ghz | 130 GB or greater |
Application Control Solution
| Managed Endpoints | RAM | CPU | Disk space required |
|---|---|---|---|
| < 20,000 | 16 GB | 4 cores at 2.30 Ghz | 40 GB |
| 20,000 - 40,000 | 32 GB | 4 cores at 2.60 Ghz | 40 - 80 GB |
| 40,000 - 80,000 | 48 GB | 6 cores at 2.30 Ghz | 80 - 170 GB |
| 80,000 - 120,000+ | 64 GB | 8 cores at 2.30 Ghz | 170 - 250 GB or greater |
Security Analysis Solution
| Managed Endpoints | RAM | CPU | Disk space required |
|---|---|---|---|
| < 20,000 | 16 GB | 4 cores at 2.30 Ghz | 50 GB |
| 20,000 - 40,000 | 32 GB | 6 cores at 2.60 Ghz | 90 GB |
| 40,000 - 80,000 | 48 GB | 8 cores at 2.30 Ghz | 170 GB |
| 80,000 - 120,000+ | 64 GB | 12 cores at 2.30 Ghz | > 250 GB |
Supported SQL Server configurations
- Either default or named instance is supported
- SQL instance can be running locally or on a remote server/cluster
- Standard Edition or greater is supported, but use Enterprise Edition for High Availability scenarios
- Mixed mode authentication is recommended because TMS uses a SQL login for database authentication
- If mixed mode is not available, then grant the TMS machine account access to the SQL database
Note
Local and remote (off-box) instances of SQL Server are supported, but off-box is recommended in production environments.
Create the Thycotic Management Server database manually
In some circumstances you might need to manually create the TMS database before you install the TMS. A good example of this requirement is when your SQL Server infrastructure is managed by a separate team, and you do not have the required access to create a new database. In this case you will need to supply a SQL script to whoever has the required system administrator access so that they can create the Thycotic Management Server database and associated login.
To address this requirement we have provided the CreateAmsDatabase.sql script. The list of steps the script performs are as follows:
- Create ArelliaAms database in the default location
- Using a physical file that is 256 MB in size and set to grow in 256 MB increments
- Using a log file that is 64 MB in size and set to grow in 64 MB increments
- Using a physical file that is 256 MB in size and set to grow in 256 MB increments
- If a machine account is necessary for environments where SQL only supports Windows Authentication this will be created
- Otherwise a SQL login will be created (name configurable)
- This login will use a random password if no password is configured
- This login will use a random password if no password is configured
- The relevant account will then be added to the db_owner role for the database
You can configure the database account name, database account type and password by changing the relevant values at the start of the script, as shown in the following code excerpt:
-- SQL login to be used DECLARE @dbUsername SYSNAME = 'tms' -- SQL login password to use, keep this blank to generate a random password DECLARE @dbPassword NVARCHAR(256) = '' /* ================================================================================= ** ** If you wish to use Windows authentication instead of SQL authentication then set ** ** @dbMachineAccount to the name of the machine account where TMS is hosted ** ** ** ** Example: ** ** DECLARE @dbMachineAccount SYSNAME = 'DOMAIN\ComputerName$' ** ** ================================================================================= ** ** Note that the machine account should only be used when the SQL server is remote. ** ** If you want to use Windows authentication for a local SQL instance you need to ** ** specify the Ams and AmsWorker Application Pool identities ** ** ** ** Example: ** ** DECLARE @dbMachineAccount NVARCHAR(MAX) = 'IIS APPPOOL\Ams;IIS APPPOOL\AmsWorker' ** ** ================================================================================= */ DECLARE @dbMachineAccount NVARCHAR(256) = ''