cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

File Access Manager (formerly known as SecurityIQ) hardware sizing guide

File Access Manager (formerly known as SecurityIQ) hardware sizing guide

 

Introduction

Every organization deploying File Access Manager (formerly known as SecurityIQ) has unique requirements and business needs, thus computing demands vary from deployment to deployment. To assist with planning, SailPoint has created sizing and performance recommendations based on real-world deployments. Because of File Access Manager's architecture, scaling the system vertically (all components) or horizontally (some components) is supported. Additional servers, processors, and/or memory can be added at any time with little or no change required to the File Access Manager configuration.

 

File Access Manager services are classified into “server” and “agent” categories.

 

The server service classifications include (also know as "central servers"):

  • Event handling
  • User interface
  • Compliance
  • General services

The agent categories vary per application but generally include:

  • Permission collection (known as "Entitlement Collector" pre-5.0)
  • Activity monitoring
  • Data classification

 

In addition to the above, there is the database (persistence) layer running SQL Server.

 

Central servers

The central servers contain about a dozen services that provide a shared infrastructure for File Access Manager, such as configuration management and job scheduling. Most of these services are single instance, no matter how many applications are targeted by File Access Manager.

 

For example, the Agent Configuration Manager is a singleton, central service. No matter how large or small a File Access Manager deployment is, it will only have one Agent Configuration Manager service.

 

As of 5.1 and later, the following File Access Manager services may be considered as singletons (one per File Access Manager installation):

  • Agent Configuration Manager
  • Business Asset Control
  • Collector Synchronizer
  • Crowd Analyzer
  • Reporting Service
  • Scheduled Task Handler
  • Workflow
  • User Interface

 

As of 5.1, the following File Access Manager services may be highly-available with advanced configuration work:

  • Business Website
  • Elasticsearch

 

Agent servers

Agent servers collect permissions, monitor events and build data classification indexes for targeted applications. One agent server is needed in each data center that has an application that will be targeted by these functions.


For example, if File Access Manager will collect permissions from a file server in the main data center, an agent server is required in the main data center. To continue the example, if File Access Manager will also collect permissions from a file server in remote data center, an agent server will be deployed in that datacenter as well, for a total of two agent servers.

 

Cloud endpoint agents

Cloud endpoint agents represent collection and monitoring for cloud endpoints, and they differ from on-premise agents; one cloud agent server could monitor all the cloud endpoints (SharePoint Online, Exchange Online, OneDrive, Box) or each endpoint could have its own agent server, depending on load. They can be shared for all cloud endpoints in the install or can be dedicated (which requires more agent servers for monitoring/collection). These agent servers can reside in any data center that can communicate with the File Access Manager database, with the preference to have them as close to the File Access Manager database as possible.

 

SharePoint on-premise agents

Also, be aware that SharePoint (on-premise) agents for permissions collection & activity monitoring are installed directly on a SharePoint farm server. The current recommendation is to use a separate farm server to host such components.

As an example, the SharePoint 2013 requirement guide is here (may or may not apply to your version). This would show 4 CPUs, 12 GB RAM, and 80 GB storage for a server added to a three-tier setup. When File Access Manager's agent is factored in, we should increase the RAM to a total of 16 GB (again as a generic example).

 

Database server

The SQL Server database is a critical piece of the overall File Access Manager server infrastructure. To ensure optimal performance of the File Access Manager system, SailPoint recommends a dedicated SQL Server instance.

 

Basic sizing examples

The servers mentioned herein are considered for production use. Down-level environments for development or testing can mirror or (more likely) decrease requirements substantially. For example, production may have five servers for core services plus a database server, but a development environment might have one core server and one database server.

 

The Professional Services team recommends at least a single down-level environment to support upgrade and feature testing out-of-band from production systems.

 

Note the examples provided herein are for modest systems hosting perhaps about 5,000 identities or less, and less than 15 application endpoints.

If you are not planning for Data Classification, then you can simply omit those servers & services from your builds.

 

For more advanced installations, a SailPoint Professional Services team member (or partner) can provide more explicit guidance.

 

Non-production

Simple two-system installation for a development environment. The most common issue with setting up a non-production environment is making sure there are corresponding non-production systems for the connectors to use.

 

 

Server Services CPU RAM (GB)
Storage (GB)
Notes

UI & misc. services

Elasticsearch

Event Handler

Permission Collector

Activity Monitor

Data Classificatio4

4 8 40 e.g. run all File Access Managerservices on a single host
SQL Server 4 8 100+  

 

Single data center

This example would be for a single data center hosting all File Access Manager servers.

 

 

Server Services CPU RAM (GB)
Storage (GB)
Notes
UI & misc. services 8 8 20  
Elasticsearch 8 12 250+ Elasticsearch uses 0.5 KB to store each event. Thus, storing 1 million events is about 0.5 GB. Each event is stored in SQL Server as well as Elasticsearch. May also be referred to as indexing server.
Event Handler 8 8 20  
Permission Collector / Activity Monitor 8 12 40  
Data Classification 8 12 250+ Lucene lite index option is recommended for most installations. A general estimate of 70% of total file-share data is used for classification indexing since only document/text files are indexed.
SQL Server 8 16 500+  

 

Multiple data centers

The above single data center example can be expanded upon by adding agent servers in the remote data center.

 

This table assumes you have the "single data center" example from above and you would just add Data Classification and AM/PC agents to the remote data center.

 

Server Services CPU RAM (GB) Storage (GB) Notes
Permission Collector/Activity Monitor 8 12 40  
Data Classification 8 12 250+ Lucene lite index option is recommended for most installations. A general estimate of 70% of total file-share data is used for classification indexing since only document/text files are indexed.

 

Though a rare occurrence, an additional Event Handler server might be needed if the connector(s) in a remote data center generate a large number of events and you want to discard most of them. An Event Handler in the remote data center can drop events so that they are never sent over the WAN back to the main site.

Labels (1)
Comments

This is so helpful and including the real world scenario was brilliant.

Hi,

We got almost 35 TB data on file servers. In this document, it says sql server need 500+ GB storage. Is there any percentage for that. How can ı determine my database DATA and LOG  storage.

I am using SIQ 5.1.

Regards,

Enes

Version history
Revision #:
6 of 6
Last update:
‎Jul 19, 2023 04:36 PM
Updated by: