File Access Manager Overview
When installing File Access Manager, the following is some information that could help in understanding the product and the process of installing.
File Access Manager Architecture
File Access Manager architecture usually requires a central installation with some remote gateways. Most File Access Manager connectors do not require any footprint on the monitored/analyzed system and therefore are installed on File Access Manager servers.
In some cases, due to 3rd party vendors (mostly NAS vendors), it is imperative to have a local server at the same physical site where the monitored system is located.
For more information on File Access Manager architecture see “Capabilities and Architecture” in the File Access Manager Administrator Guide.
File Access Manager Connector Services
Each type of connector has its own prerequisites and its own configuration. See the relevant Connector Installation guide for more information about the connector.
Sizing Considerations
File Access Manager is a scalable solution that enables the distribution of its services and also works in an all-in-one mode. The Administrator Guide has a complete description of the File Access Manager architecture configuration.
One of the critical sizing considerations is the amount of disk space required to store activities over time. The table below describes the guidelines.
Note
For more details on sizing, refer to the File Access Manager Hardware Sizing Guide article on Compass.
| Service | CPU | Memory | Disk |
|---|---|---|---|
| Elasticsearch | Minimum of 4 cores, Recommended 8 | Minimum of 8Gb, Recommended 16Gb | 0.5kb per event |
Additional factors that affect the required hardware are:
- Disaster recovery environment
- High Availability solution
It is highly recommended to consult with your SailPoint File Access Manager representative to obtain the correct configuration to support your requirements.
Installation Prerequisites
The following provides server support information:
| System | Supported Versions |
|---|---|
| File Access Manager Servers | Windows 2016 / 2019 / 2022 |
| Workstation | Windows 7 and above |
| Browser | Edge, Safari, Chrome, Firefox |
| Database | MS SQL Server 2014 / 2016 / 2017 / 2019 / 2022 |
Database Configuration
Dedicated Instance
We recommend installing File Access Manager on a dedicated instance. This configuration enables independence of configuration and assures resource allocation for the instance.
However, we realize that a dedicated instance is a costly solution and therefore might be chosen at a later stage.
Some of the File Access Manager requirements can be defined at the instance level and can work in such a way that avoids the definition of specific requirements for shared databases.
Note
This decision should be part of the sizing process led by your SailPoint File Access Manager representative.
Required Features
File Access Manager uses MS SQL Standard Edition that utilizes the database engine only. No other feature is required. File Access Manager thus enables the use of MS SQL native features for high availability and encryption without any interruption.
Required Settings
The following settings must be chosen for the installation instance:
-
FILESTREAM using "Full Access Enabled"
Find the SQL Server Configuration Manager. Navigate to the properties of the service and select FileStream. Check all three boxes. -
CLR enabled (Running .NET code in the database in Safe mode)
-
SQL Mixed Authentication
Hyper-Threading
It is recommended that hyper-threading on physical servers be disabled.
Storage
For a database server running as a virtual machine (of any kind), verify that the drives connected for the database storage are physical disks (dedicated for the virtual machine).
- The drives must be separated for Data and Logs.
- Format the drives with a 64K allocation unit.
Backup & Recovery
It is recommended that you use a Simple database recovery plan. Choosing any other recovery plan requires scheduled log backups to prevent the log file from overflowing. Data performance may be affected during log backups since File Access Manager is very write I/O intensive.
Temp Database
Note
Depending on your database configuration, you might require additional storage allocated for a temp database. Please discuss this with your DBA.
Ensure that the database is:
- Defined on a separate drive
- Physical and formatted to a 64K allocation unit
- Allocated a temp database file for each core on the system
- Limited in size so that the temp database files and logs do not overgrow the size of the disk
Recommended Performance
| Metric | Requirement |
|---|---|
| Disk I/O Throughput (IOPS) | 12K IOPS |
| Disk I/O Throughput Rate | 10500 Mb/s |
| Throughput in Transactions/sec | 6000 TPS |
| Disk I/O latencies for Read | < 8 ms |
| Disk I/O latencies for Write | < 1 ms |