System Requirements for Secret Server
Minimum Requirements for Basic Deployments
Web Server | Database Server |
---|---|
2 CPU Cores | 2 CPU Cores |
4 GB RAM | 4 GB RAM |
25 GB Disk Space | 50 GB Disk Space |
Windows Server 2016 | Windows Server 2016 |
IIS 7 or newer (64-bit applications only) | SQL Server 2014-2022 [Compatibility level 120 or greater] |
.NET 4.8 or newer | Collation SQL_Latin1_General_CP1_CI_AS |
Recommended Requirements for Basic Deployments
Web Server | Database Server |
---|---|
4 CPU Cores | 4 CPU Cores |
16 GB RAM | 16 GB RAM |
25 GB Disk Space | 100+ GB Disk Space |
Windows Server 2016-2022 | Windows Server 2016-2022 |
IIS 7 or newer (64-bit applications only) | SQL Server 2014-2022 |
.NET 4.8 or newer | Collation SQL_Latin1_General_CP1_CI_AS |
Minimum Requirements for Advanced Deployments
Recommended for organizations deploying discovery, session recording, or increased numbers of distributed engines:
Web Server | Database Server |
---|---|
8 CPU Cores | 8 CPU Cores |
16 GB RAM | 16 GB RAM |
25 GB Disk Space | 100+ GB Disk Space |
Windows Server 2016-2022 | Windows Server 2016-2022 |
IIS 8 or newer (64-bit applications only) | SQL Server 2014-2022 |
.NET 4.8 or newer | Collation SQL_Latin1_General_CP1_CI_AS |
Distributed Engines | RabbitMQ Messaging Server |
---|---|
4 CPU Cores | 4 CPU Cores |
4 GB RAM | 4 GB RAM |
25 GB Disk Space | 40 GB Disk Space |
Further adjustments to system requirements for both RabbitMQ and distributed engines are at the discretion of Delinea Professional Services engineers.
The latest Distributed Engine supported version is always the latest current version. Older versions can also be run if they are up to date or if the version used is just behind the latest. If there are breaking changes, an update will be forced.
For RabbitMQ, there is not an officially supported set of versions. Installation is only supported using the latest RabbitMQ Helper, which will install the latest versions. Any version of RabbitMQ available since the introduction of durable queues will work. If you wish to install an older version you can at your own discretion. Please note they might be prone to certain errors in functionality.
System Requirements for Virtual Machines and Processors
A vCPU is a virtualized CPU core assigned to a virtual machine (VM) from the physical CPUs available on the host server. The following are some key points. Please see this article for details.
Key points:
-
vCPUs allow multiple VMs to share the physical CPU cores on a host through time-slicing and context switching.
-
The ratio of vCPUs to physical cores determines CPU oversubscription. An oversubscribed CPU is shared among too many vCPUs, leading to potential performance issues.
-
There is no fixed ratio for calculating optimal vCPU to physical core mapping. It depends on the specific workloads and resource demands of each VM.
-
Monitoring CPU utilization for the VMs and host is crucial to identify performance bottlenecks and adjust vCPU allocations accordingly.
-
Using too many vCPUs unnecessarily can increase licensing costs for some software that charges per vCPU.
-
It is important to understand application resource needs, monitoring performance metrics, and adjusting vCPU allocations to strike the right balance between oversubscription and performance for cost optimization.
Recommended Requirements for Specific Features
Session Recording Requirements: Basic Session Recording Requirements and Advanced Session Recording Requirements.
Notes
-
For the highest scalability and reliability, Delinea recommends using RabbitMQ. MemoryMQ is an easier but less capable alternative and can be used for trials and proof of concepts but should not be used for production environments. Two exceptions are very small deployments and customers that do not use open-source software for compliance reasons.
-
The use of Server Core for Secret Server installations is not recommended; All QA and testing is based non-core versions of Windows Server.
-
To comply with Microsoft licensing requirements, there is an additional constraint on which Microsoft Windows Server version you can use as the RDS server for session connector.
If you use Microsoft User Client Access Licenses (CALs), you cannot use Windows Server 2019. You must use Windows Server 2012 or 2016. If you use Microsoft Device CALs, you can use any supported version of Windows Server.
-
Secret Server requires that Microsoft SQL Server and its database be set to the collation SQL_Latin1_General_CP1_CI_AS. See Microsoft SQL collation requirements and check your server collation settings before upgrading.
-
System Requirements apply to both physical and virtual machines.
-
For best performance, we recommend using dedicated (clean) servers for hosting Delinea products.
-
If .NET or IIS features are not already installed on the web server, the Delinea Installer will add and configure them automatically.
-
If SQL is not already installed on a database server, the Delinea installer can setup SQL Express on the web server; however, SQL Express is intended for trials and sandbox environments onlyDelineadoes not support itbecause of performance issues due to the memory and product limitations. I
-
A link to Microsoft documentation on the use and limitations of SQL Express can be found at: https://docs.microsoft.com/en-us/sql/sql-server/editions-and-components-of-sql-server-2017.
-
Installing Secret Server with Azure SQL: Currently, we do not recommend using Secret Server with Azure SQL when the Web host and the Azure SQL instance are in different datacenters. According to Microsoft, applications, such as Secret Server, that use frequent, high-volume, ad hoc queries use substantial response time on network communication between the application and Azure SQL database tiers. Thus, network latency with many data access operations across datacenters can become an issue.
-
Unsupported Web Servers: Small Business Server (SBS), The Essentials Edition, Any client OS, domain controllers, SharePoint servers.
-
Secret Server Cloud requires an on-premise machine to use a distributed engine.
-
SQL launchers do not support SSMS 18.0 or higher.
-
Discovery scanning for Windows Server 2016 scheduled tasks requires that either the Secret Server node or the distributed engine that is executing the scan must run on Windows Server 2016 or later. This is due to changes in Windows Server 2016 API used for scheduled task dependency scans.
-
AWS RDS: Currently, we do not recommend using Secret Server with AWS Relational Database Service when the Web host and the SQL instance are in different datacenters. Applications, such as Secret Server, that use frequent, high-volume, ad hoc queries depend on fast network communication response time between the application and SQL database. Thus, network latency with many data access operations across datacenters can become an issue.
-
Secret Server requires the application pool to have the "load user profile" setting enabled. Secret Server will report a critical alert to notify admins if this setting is not enabled.
-
Supported Web browsers: See Secret Server Major Browser Support .