Setting up an Agent on a VM
Access Risk Management connects to SAP systems using an agent that lives on a VM in the same network as the SAP environment.
The agent runs as a Windows service, started during the system boot process, and keeps running, even without a user login. The agent is designed to be the only agent necessary in a tenant’s infrastructure.
The agent can be configured for high availability by installing multiple agents in multiple data centers and connecting them to the SAP system(s). You can then perform disaster recovery by reinstalling the agent and adding all of the systems again. Select the system, indicate production or sandbox, then select the option Create From Existing System for each of the most recently saved configurations for each SAP system. Nothing else on the agent needs to be recovered.
Configure your VM on the same network as your SAP environment with the requirements below.
Server Requirements
| Agent Host Server | |
|---|---|
| CPU | Dual Core Intel |
| Operating system (OS) | 64-bit Windows Server 2016 R2 or later |
| RAM | 6 GB (8 - 16 GB is preferred) |
| Hard disk drive (HDD) | 10 GB disk space (30+ GB is preferred. Exceptionally large or complex ERP systems may need more disk space.) |
| Connectivity | Broadband internet connection |
Software Requirements
Download the following software:
- Microsoft .NET Framework 4.8 or higher
- Microsoft Visual C++ 2010
- Redistributable Pack (x86)
- Visual Studio 2010 (VC++ 10.0)
Note
VC++ 2010 is not mandated, just recommended. If you remove it after installing the agent, there is no impact on Access Risk Management functionality.
Port Requirements
Access Risk Management uses a third-party provider, Cloudflare. The list of possible IP addresses can be found at this Cloudflare location.
Open the following ports:
- Agent VM – 443
- SAP server – 3300-3400 (RFC range)
Best Practice
The VM server used should be restarted on a monthly basis. It's also recommended to use a dedicated computer for 24/7, multi-user access and faster response times.
Allow Traffic to Required URLs
Add the following URLs to your allow list depending on where the Access Risk management tenants reside. If the tenant is in an EU data center, add the URLs for EU to your Allow list. If the tenant is in a US data center, add the US URLs. You can contact the Access Risk Management support team for tenant residency information.
| US Tenants | EU Tenants |
|---|---|
| app.erpmaestro.com | app-eu.erpmaestro.com |
| logsvc.erpmaestro.com | logsvc-eu.erpmaestro.com |
| dataserver.erpmaestro.com | dataserver-eu.erpmaestro.com |
| agents.erpmaestro.com | agents-eu.erpmaestro.com |
| utilizationtracking.erpmaestro.com | utilizationtracking-eu.erpmaestro.com |
Documentation Feedback
Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.