Predict | Protect | Prevent Predict | Protect | Prevent ARCON | PAM POC Server Pre-requisite www.arconnet.com | Copyright © 2017 1 Predict | Protect | Prevent Predict | Protect | Prevent Table of Contents 1. PoC ARCHITECTURE-----------------------------------------------------------------------------------------3 A. Hardware Requirements------------------------------------------------------------------------------- 4 B. Software Requirement-------------------------------------------------------------------------------------5 C. Port Opening Requirement--------------------------------------------------------------------------------6 2. Pre Requisites for End Users of ARCON PAM-----------------------------------------------------------8 ARCON PAM Plugin---------------------------------------------------------------------------------------------------------- 8 Browser Settings----------------------------------------------------------------------------------------------------------------- 8 Antivirus Exception-------------------------------------------------------------------------------------------------------------- 8 www.arconnet.com | Copyright © 2017 2 Predict | Protect | Prevent 1. PoC ARCHITECTURE 3 Predict | Protect | Prevent A. Hardware Requirements Application Server / Database Server & Gateway Component Specification Minimum Recommended CPU Speed 2.4 GHz or Higher Processor Intel Xeon Processor (Minimum 8 Cores) Memory / RAM 16 GB or higher Hard Disk Space C:\ - <size> 50 GB D:\- <size> 60 - 100 GB (Application and Database Components) Class of Storage Required ISCSI or SATA 4 Predict | Protect | Prevent B. Software Requirement Application Server / Database Server/Gateway Server Specification Minimum Recommended Operating System Windows Server 2016 OR above Database Server Microsoft SQL Server 2016 express Edition (with MS SQL Management Studio) or Higher Gateway Component LINUX RHEL Web Server IIS 6.0 or Higher Microsoft .net Framework Microsoft .net Framework 2.0, 3.5 & 4.5, 4.7.2 Browser IE 10.0 or Higher Runtime Environment (Included in Setup) 2. Crystal Reports Basic 2008 Runtime 3. Microsoft Chart Controls for Microsoft .NET Framework 3.5, 4.5 Note: All the above listed components can be installed in virtualized environment. Windows Server 2019 comes with the capability of installing SSH server OR we could use BITVISE SSH component. Below is the Link to download Bitvse SSH component: https://atspackages.s3.ap-south-1.amazonaws.com/BvSshServer-Inst.exe Below is the link to download SQL Server and SSMS utility https://arcondbqueries.s3.ap-south-1.amazonaws.com/SQLServer2017-SSEI-Expr.exe https://arcondbqueries.s3.ap-south-1.amazonaws.com/SSMS-Setup-ENU.exe 5 Predict | Protect | Prevent C. Port Opening Requirement Sr. No Destination Device Port No Description ARCON PAM Application 443 * HTTPS Port 2 ARCON PAM Users (Person who will manage PAM Application) ARCON PAM Database Server 1450* Server Manager (ARCON configuration) 3 ARCON PAM Users (Person who will manage PAM Application) ARCON PAM Database Server 8080 HTTP Port (View Video Logs) 4 ARCON PAM Users ARCON PAM ATS Server 444* HTTPS Port ARCON PAM Secured Gateway Server 22 * SSH Port Respective Target Devices/Port Respective Target Devices/Port (Eg: For Windows 3389, Linux - 22, Web Browsers 443/8080 etc.) Source Device ARCON PAM Users (All 1 Users who will access PAM portal) ARCON PAM Users (All 5 Users who will access PAM portal) 6 ARCON PAM Secured Gateway Server Respective Target Devices/Port 7 ARCON PAM Terminal Server Respective Target Devices/Port Respective Target Devices/Port Respective Target Devices/Port (Eg: For Windows 3389, Linux - 22, Web Browsers 443/8080 etc.) 8 ARCON Secured Server (Gateway) Windows Domain Controller Servers 137(TCP and UDP),138(UDP),139(TCP),135(TCP),88(TCP and UDP),53(TCP and UDP),45045(Custom) To Domain Servers so as to do Password Management of Generic Domain 6 Predict | Protect | Prevent account for Windows environment across all projects 9 ARCON PAM APPLICATION Server ARCON PAM DATABASE 1450* TCP Port (For ARCON Application to Connect to ARCON Database.) 10 ARCON PAM Secured Server All Windows Servers 6006 OR 45045 Port for Password Change (Used by ARCON PAM Windows Password Change Service) 11 ARCON PAM Application Server LDAP Server 389 LDAP Port 12 ARCON PAM Gateway Server LDAP Server 389 LDAP Port (Use Gaeway for Password Change) 13 ARCON PAM Database Server SMTP Server 25 LDAP Port 14 ARCON PAM ADMIN Target Devices/ Server 12,000 to 13,000 Real Time Session Monitoring 15 ARCON User/Admin RDPS Server 9000 (Can be customize) For User to communicate to API 16 ARCON User/Admin RDPS Server 9001 (Can be customize) For Remote Assist communication 17 ARCON User/Admin RDPS Server 9002 (Can be customize) For Remote Assist file transfer 7 Predict | Protect | Prevent 2. Pre Requisites for End Users of ARCON PAM Following are the prerequisites of ARCON to be run on local machine Specification Minimum Recommended CPU Speed 2.0 GHz or higher Processor Intel Pentium Processor or Higher Operating System and Version Windows Operating System with IE10 or IE11 Memory / RAM 2 GB RAM (Minimum Recommended) Microsoft .net Framework Microsoft .net Framework 2.0, 3.5, 4.5 wherever applicable ARCON PAM Plugin ARCON PAM Plugin is required to be installed and configured to Login. For I.E 10 and above, under InternetExplorerSettings > compatibility view settings > Add ARCON URL. FIPS should bedisabled on Each End User machine and ARCON PAM Servers. Note: The Client system would require Administrative rights to complete ARCON PAM Plugin installation. Browser Settings Browser setting needs to be modified post ARCON PAM Plugin installation. Steps are as follows. Internet Options > Security Tab > Select Local Intranet > Click Sites > and Add the ARCON URL > Click Add Make sure the following settings are also present. Internet Options> Security TAB> Click Custom Level. Search: ActiveX Controls and Plug-ins > And Select Enable for Everything under ActiveX Controls and Plug- ins. Click OK > Click Yes. Antivirus Exception Antivirus Exception to be provided for ARCON folder in the following path <Drive>:\Users\UserName\AppData\Local\Temp\ARCON PAM <Drive>:\Users\UserName\AppData\Local\Temp\ARCOS 8 Predict | Protect | Prevent Installation Packages Note: SPOC email ID has to be shared to ARCON presales resource in order to get the latest updated package. Databases https://arcondbqueries.s3.ap-south-1.amazonaws.com/ARCOSDB_Blank.bak https://arcondbqueries.s3.ap-south-1.amazonaws.com/ARCOSRDPDB_blank.bak Database Queries https://arcondbqueries.s3.ap-south1.amazonaws.com/ARCOS%2BDBUpdates%2BFrom%2B4.8.1.0%2BTo%2B4.8.5.7%2B(3)+(1).zip https://arcondbqueries.s3.ap-south-1.amazonaws.com/Auth_Query.zip Privileged Access Management No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or by any means such as electronic, mechanical, photocopying, recording, or otherwise without permission. 9