Setting up an Agent on a VM
Access Risk Management connects to SAP systems using an agent that lives on a VM in the same network as the SAP environment.
The agent runs as a Windows service, started during the system boot process, and keeps running, even without a user login. The agent is designed to be the only agent necessary in a tenant’s infrastructure.
The agent can be configured for high availability by installing multiple agents in multiple data centers and connecting them to the SAP system(s). You can then perform disaster recovery by reinstalling the agent from a backup.
Backing Up Agent Configuration
Users with access to the VM can create an encrypted backup of the agent configuration so you can restore it when needed. For example, you may need to upgrade or reinstall the agent. This backup covers all of your systems at once and includes all settings, all passwords, and any job hooks that you have set up.
To create an encrypted backup of the agent:
- Open your VM.
- On the left navigation, select Backup.
- Create a password and enter it in the Password field.
- Select Create backup.
To restore the agent from a previously created backup file:
- Select the checkbox to indicate that you understand that your current configuration will be replaced by the backup file.
- Select Choose File and then select the correct backup file.
- Enter the password.
- Select Restore backup.
System Requirements
Configure your VM on the same network as your SAP environment with the requirements below.
Server Requirements
| Agent Host Server | |
|---|---|
| CPU | Dual Core Intel |
| Operating system (OS) | 64-bit Windows Server 2016 R2 or later |
| RAM | 6 GB (8 - 16 GB is preferred) |
| Hard disk drive (HDD) | 10 GB disk space (30+ GB is preferred. Exceptionally large or complex ERP systems may need more disk space.) |
| Connectivity | Broadband internet connection |
Software Requirements
Download the following software:
- Microsoft .NET Framework 4.8 or higher
- Microsoft Visual C++ 2010
- Redistributable Pack (x86)
- Visual Studio 2010 (VC++ 10.0)
Note
VC++ 2010 is not mandated, just recommended. If you remove it after installing the agent, there is no impact on Access Risk Management functionality.
Port Requirements
Access Risk Management uses a third-party provider, Cloudflare. The list of possible IP addresses can be found at this Cloudflare location.
Open the following ports:
- Agent VM – 443
- SAP server – 3300-3400 (RFC range)
Best Practice
The VM server used should be restarted on a monthly basis. It's also recommended to use a dedicated computer for 24/7, multi-user access and faster response times.
Allow Traffic to Required URLs
Add the following URLs to your allow list depending on where the Access Risk management tenants reside. If the tenant is in an EU data center, add the URLs for EU to your Allow list. If the tenant is in a US data center, add the US URLs. You can contact the Access Risk Management support team for tenant residency information.
| US Tenants | EU Tenants |
|---|---|
| app.erpmaestro.com | app-eu.erpmaestro.com |
| logsvc.erpmaestro.com | logsvc-eu.erpmaestro.com |
| dataserver.erpmaestro.com | dataserver-eu.erpmaestro.com |
| agents.erpmaestro.com | agents-eu.erpmaestro.com |
| utilizationtracking.erpmaestro.com | utilizationtracking-eu.erpmaestro.com |
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.