Skip to content

File Access Manager Overview

When installing File Access Manager, the following is some information that could help in understanding the product and the process of installing.

File Access Manager Architecture

File Access Manager architecture usually requires a central installation with some remote gateways. Most File Access Manager connectors do not require any footprint on the monitored/analyzed system and therefore are installed on File Access Manager servers.

In some cases, due to 3rd party vendors (mostly NAS vendors), it is imperative to have a local server at the same physical site where the monitored system is located.

For more information on File Access Manager architecture see “Capabilities and Architecture” in the File Access Manager Administrator Guide.

File Access Manager Connector Services

Each type of connector has its own prerequisites and its own configuration. See the relevant Connector Installation guide for more information about the connector.

Sizing Considerations

File Access Manager is a scalable solution that enables the distribution of its services and also works in an all-in-one mode. The Administrator Guide has a complete description of the File Access Manager architecture configuration.

One of the critical sizing considerations is the amount of disk space required to store activities over time. The table below describes the guidelines.

Note

For more details on sizing, refer to the File Access Manager Hardware Sizing Guide article on Compass.

Service CPU Memory Disk
Elasticsearch Minimum of 4 cores, Recommended 8 Minimum of 8Gb, Recommended 16Gb 0.5kb per event

Additional factors that affect the required hardware are:

  • Disaster recovery environment
  • High Availability solution

It is highly recommended to consult with your SailPoint File Access Manager representative to obtain the correct configuration to support your requirements.

Installation Prerequisites

The following provides server support information:

System Supported Versions
File Access Manager Servers Windows 2016 / 2019 / 2022
Workstation Windows 7 and above
Browser Edge, Safari, Chrome, Firefox
Database MS SQL Server 2014 / 2016 / 2017 / 2019 / 2022

Database Configuration

Dedicated Instance

We recommend installing File Access Manager on a dedicated instance. This configuration enables independence of configuration and assures resource allocation for the instance.

However, we realize that a dedicated instance is a costly solution and therefore might be chosen at a later stage.

Some of the File Access Manager requirements can be defined at the instance level and can work in such a way that avoids the definition of specific requirements for shared databases.

Note

This decision should be part of the sizing process led by your SailPoint File Access Manager representative.

Required Features

File Access Manager uses MS SQL Standard Edition that utilizes the database engine only. No other feature is required. File Access Manager thus enables the use of MS SQL native features for high availability and encryption without any interruption.

Required Settings

The following settings must be chosen for the installation instance:

  • FILESTREAM using "Full Access Enabled"
    Find the SQL Server Configuration Manager. Navigate to the properties of the service and select FileStream. Check all three boxes.

  • CLR enabled (Running .NET code in the database in Safe mode)

  • SQL Mixed Authentication

Hyper-Threading

It is recommended that hyper-threading on physical servers be disabled.

Storage

For a database server running as a virtual machine (of any kind), verify that the drives connected for the database storage are physical disks (dedicated for the virtual machine).

  • The drives must be separated for Data and Logs.
  • Format the drives with a 64K allocation unit.

Backup & Recovery

It is recommended that you use a Simple database recovery plan. Choosing any other recovery plan requires scheduled log backups to prevent the log file from overflowing. Data performance may be affected during log backups since File Access Manager is very write I/O intensive.

Temp Database

Note

Depending on your database configuration, you might require additional storage allocated for a temp database. Please discuss this with your DBA.

Ensure that the database is:

  • Defined on a separate drive
  • Physical and formatted to a 64K allocation unit
  • Allocated a temp database file for each core on the system
  • Limited in size so that the temp database files and logs do not overgrow the size of the disk
Metric Requirement
Disk I/O Throughput (IOPS) 12K IOPS
Disk I/O Throughput Rate 10500 Mb/s
Throughput in Transactions/sec 6000 TPS
Disk I/O latencies for Read < 8 ms
Disk I/O latencies for Write < 1 ms