Database requirements

What's covered

Supported Microsoft SQL Server Versions

Recommended SQL Server Hardware

Supported SQL Server Configurations

Create the Thycotic Management Server Database Manually

Supported Microsoft SQL Server versions

Microsoft SQL Server 2008 - SP3 and above
Microsoft SQL Server 2008 R2 - SP2 and above
Microsoft SQL Server 2012 - SP1 CU4 and above
- Cumulative update package 4 for SQL Server 2012 SP1 addresses an issue that can prevent the Thycotic Management Server (TMS) install from completing successfully.
- FIX: Error 1222 when you use Service Broker in SQL Server 2012 contains more information about the specific issue.
Microsoft SQL Server 2014 RTM

Note

Microsoft SQL Server Express edition can be used in test environments, however its use in production is not supported.

Recommended SQL Server hardware

back to top

The following tables list the TMS database server requirements per solution.

Important

The following figures represent the minimum amounts of disk space required. Policy settings dictate how much space is required and once in production the requirement could be doubled or tripled. For example, if password randomization occurs daily, then the requirement would increase because of the need to store more historical passwords in the database.

Local Security Solution

Managed Endpoints	RAM	CPU	Disk space required
< 20,000	16 GB	4 cores at 2.30 Ghz	30 GB
20,000 - 40,000	32 GB	4 cores at 2.60 Ghz	50 GB
40,000 - 80,000	48 GB	6 cores at 2.30 Ghz	90 GB
80,000 - 120,000+	64 GB	8 cores at 2.30 Ghz	130 GB or greater

Application Control Solution

Managed Endpoints	RAM	CPU	Disk space required
< 20,000	16 GB	4 cores at 2.30 Ghz	40 GB
20,000 - 40,000	32 GB	4 cores at 2.60 Ghz	40 - 80 GB
40,000 - 80,000	48 GB	6 cores at 2.30 Ghz	80 - 170 GB
80,000 - 120,000+	64 GB	8 cores at 2.30 Ghz	170 - 250 GB or greater

Security Analysis Solution

Managed Endpoints	RAM	CPU	Disk space required
< 20,000	16 GB	4 cores at 2.30 Ghz	50 GB
20,000 - 40,000	32 GB	6 cores at 2.60 Ghz	90 GB
40,000 - 80,000	48 GB	8 cores at 2.30 Ghz	170 GB
80,000 - 120,000+	64 GB	12 cores at 2.30 Ghz	> 250 GB

Supported SQL Server configurations

back to top

Either default or named instance is supported
SQL instance can be running locally or on a remote server/cluster
Standard Edition or greater is supported, but use Enterprise Edition for High Availability scenarios
Mixed mode authentication is recommended because TMS uses a SQL login for database authentication
If mixed mode is not available, then grant the TMS machine account access to the SQL database

Note

Local and remote (off-box) instances of SQL Server are supported, but off-box is recommended in production environments.

Create the Thycotic Management Server database manually

back to top

In some circumstances you might need to manually create the TMS database before you install the TMS. A good example of this requirement is when your SQL Server infrastructure is managed by a separate team, and you do not have the required access to create a new database. In this case you will need to supply a SQL script to whoever has the required system administrator access so that they can create the Thycotic Management Server database and associated login.

To address this requirement we have provided the CreateAmsDatabase.sql script. The list of steps the script performs are as follows:

Create ArelliaAms database in the default location
- Using a physical file that is 256 MB in size and set to grow in 256 MB increments
- Using a log file that is 64 MB in size and set to grow in 64 MB increments
If a machine account is necessary for environments where SQL only supports Windows Authentication this will be created
Otherwise a SQL login will be created (name configurable)
- This login will use a random password if no password is configured
The relevant account will then be added to the db_owner role for the database

You can configure the database account name, database account type and password by changing the relevant values at the start of the script, as shown in the following code excerpt:

Excerpt of CreateAmsDatabase.sql script

-- SQL login to be used
DECLARE @dbUsername SYSNAME = 'tms'
 
-- SQL login password to use, keep this blank to generate a random password
DECLARE @dbPassword NVARCHAR(256) = ''
 
/* ================================================================================= **
** If you wish to use Windows authentication instead of SQL authentication then set  **
** @dbMachineAccount to the name of the machine account where TMS is hosted          **
**                                                                                   **
** Example:                                                                          **
** DECLARE @dbMachineAccount SYSNAME = 'DOMAIN\ComputerName$'                        **
** ================================================================================= **
** Note that the machine account should only be used when the SQL server is remote.  **
** If you want to use Windows authentication for a local SQL instance you need to    **
** specify the Ams and AmsWorker Application Pool identities                         **
**                                                                                   **
** Example:                                                                          **
** DECLARE @dbMachineAccount NVARCHAR(MAX) = 'IIS APPPOOL\Ams;IIS APPPOOL\AmsWorker' **
** ================================================================================= */
DECLARE @dbMachineAccount NVARCHAR(256) = ''