Predict | Protect | Prevent

SERVER
SPECIFICATIONS
FOR PAM
DEPLOYMENT
Contents

Overview ------------------------------------------------------------------------------------------------------------------------------------------- 3
Infrastructure Architecture ------------------------------------------------------------------------------------------------------------------ 3
Architecture - Software Based Installation -------------------------------------------------------------------------------------------- 5
ARCON|PAM Application Server (EPAM Component) ---------------------------------------------------------------------------- 5
ARCON|PAM Database Server (PVSL Component) -------------------------------------------------------------------------------- 5
ARCON|PAM Gateway Server (SGW Component) --------------------------------------------------------------------------------- 6
Proposed PAM Deployment Architecture --------------------------------------------------------------------------------------------- 8
Supported High Availability & DR Strategy -------------------------------------------------------------------------------------------- 9
ARCON PAM Port Opening Requirements ------------------------------------------------------------------------------------------ 10
ARCON PAM Additional Requirements----------------------------------------------------------------------------------------------- 10
Recommended specification to Virtual Deployments --------------------------------------------------------------------------- 11
Overview

ARCON PAM is designed to support large enterprise implementations with hundreds of systems and users.
The application is designed to scale in a linear controlled fashion as new systems are integrated into the
system. Scalability can be achieved by vertically scaling of the resource cluster with the option to make use
of hardware and software load balancers, if required.

Infrastructure Architecture

The fundamental approach of the ARCON PAM Architecture is to segregate logical software components
into multiple layers i.e. application layer, database layer and secured server layer. This offers a segregation
of server components and flexibility to grow the architecture in the future.

◼ Application Server (EPAM) – functions as the initial communication point for all users

◼ Database Server (PVSL) –maintains a consistent, secured storage of logs and configuration & policy
information.

◼ Secured Gateway Server (SGW) – This specialized component helps to restrict direct access to
target devices from user machines. SGW uses a unique gateway-based technology to channelize
all the traffic using a secured server which runs specialized components to manage all traffic
directly from a user machine to the target devices. A secured port is used to channelize this traffic.

**Usage of this component is optional and doesn’t hamper any core product features.

**Depending on size of deployment, SGW component can be deployed on Application Server or in

dedicated environment. Refer architecture considerations below.
Fig1. High Level PAM Architecture with all components.
Architecture - Software Based Installation

The proposed architecture configuration offers the flexibility to segregate the application servers while
utilizing a central database. Organizations can linearly scale up this environment by horizontally adding more
resources to the existing setup.

The advanced architecture configuration is sized to support up-to 250 users, 1250 devices. High volume
end user traffic from browsers is routed on a dedicated secured gateway server to manage high concurrency
of users.

Recommended Configuration

ARCON|PAM Application Server (EPAM Component)

Specification Minimum Recommended Production HA DR

CPU Speed 2.5 GHz or Higher 1 1 1

Processor Intel Xeon Processor ( 10 Cores)

Memory / RAM 48 GB or higher

Hard Disk Space 400 GB Data Drive

Class of Storage
ISCSI or SATA
Required

ARCON|PAM Database Server (PVSL Component)

Specification Minimum Recommended Production HA DR

CPU Speed 2.5 GHz or Higher 1 1 1

Processor Intel Xeon Processor ( 8 Cores)

Memory / RAM 64 GB or higher

Hard Disk Space 400 GB Data Drive

Class of Storage
ISCSI or SATA
Required
ARCON|PAM Gateway Server (SGW Component)
Specification Minimum Recommended Production HA DR

CPU Speed 2.5 GHz or Higher 1 1 1

Processor Intel Xeon Processor ( 8 Cores)

Memory / RAM 32 GB or higher

Hard Disk Space 250 GB Data Drive

Class of Storage
ISCSI or SATA
Required

Recommended OS for Application and Database Server & Gateway server

▪ OS for Application Server and Database Server: Windows Server 2016 standard edition or Higher

▪ DB: MS SQL Server 2016 standard and above

▪ OS for SGW : Any flavor of Linux (CentOS, Redhat, Suse, Solaris etc.)

Database requirements

▪ SQL Server Authentication Mode: Mixed mode authentication

▪ User Creation: arcossqladmin

▪ Privileges for arcossqladmin: dbo

Databases Configuration

Database Name Minimum Database Size Growth

ARCOSDB 1 GB Unlimited

ARCOSRDPDB 50 GB Unlimited
Privileges on database for user arcossqladmin

Database Name Privileges

ARCOSDB db_datareader, db_datawriter, db_ddladmin and db_owner

ARCOSRDPDB db_datareader, db_datawriter, db_ddladmin and db_owner

Other Requirements for Application and Database Server

▪ Web Server: IIS 10.0 or Higher

▪ Microsoft .Net Framework: Microsoft .Net Framework 4.7.2

Storage Requirements for Video Logs

Depending upon the duration of online storage, additional storage must be provided for online logs.

Note: Storage for Video Logs should be provided on ARCON PAM Database Server.

No. of Concurrent
3 Months Online Logs 6 Months Online Logs 12 Months Online Logs
User Sessions

500 2 TB 4 TB 8 TB
Proposed PAM Deployment Architecture
 Supported High Availability & DR Strategy

ARCON PAM SUITE High Availability DR

⚫ Load Balancing

⚫ Windows Clustering
Application Layer ⚫ Windows NLB ⚫ VM Motion

⚫ VM Motion

⚫ Microsoft SQL High Availability Always ON

⚫ Microsoft SQL
⚫ SQL Clustering Replication(Log
Database Layer shipping)
⚫ VM Motion
⚫ VM Motion

Secure Gateway Layer ⚫ Windows Clustering ⚫ VM Motion

ARCON PAM Port Opening Requirements
Sr.
No Source Device Destination Device Port No. Description
.

ARCON PAM APP

1 ARCON PAM Users 443* HTTPS Port
Server

ARCON PAM APP 8080*

2 ARCON PAM Users HTTP Port
Server

ARCON PAM SGW 22*

3 ARCON PAM Users SSH Port
Server

Example :

ARCON PAM SGW RDP(3389)

5 Target Server/Device Respective Port
Server SSH(22)

Database(1433,1450..)

ARCON PAM Additional Requirements

SMTP Configuration Details

▪ SMTP relay permission required from PAM Server

▪ SMTP Server: Server DNS/IP of SMTP Server

▪ SMTP Port: Port number of SMTP Server (Port must be open from PAM Servers)

▪ Mail from: Sender Email ID

▪ User Name / Password: User name / Password for the mail ID mentioned in mail from (if applicable
as per SMTP configuration)

▪ Certificate: (if applicable)

▪ Proxy Setting: (if applicable)

Recommended specification to Virtual Deployments

▪ Systems virtualization is greatly becoming an efficient way of consolidating and managing enterprise
infrastructure. ARCON PAM fully endorses virtualization of the application server layer as long as
adequate memory and resource allocation configurations are taken into consideration.

▪ Another consideration is that Virtual Machines (VMs) often run in a shared host. Because of this
shared host environment, adequate resource allocation and management is needed to maintain a
stable virtual environment. These resources can be everything from network access, to disk space,
to memory, to CPU cycles. Providing a stable environment with adequate resources will ARCON
PAM to run without conflict.

********** End of Document **********