Vault Server Installation Guide

Server Application Specifications

The following details reflect the minimum hardware specification requirements for using Vault.

Component Specification
Processor 2 CPU x 3.0 GHz
RAM 2GB

Note: The memory requirement represented is for Bomgar Vault operations only. Assign more memory for your operating system and other applications as needed.

Disk Cost Application - 1GB; Database - approximately 1 to 10GB dependent on number of credentials
Network Fast Ethernet (100Mb) or greater

Software Specifications

Certain minimum application server and database software is required to use Bomgar Vault. System software requirements for Vault are as follows:

Software Requirement
Operating Systems
  • Windows Server 2012
  • Windows Server 2012 R2 (Recommended)
  • Windows Server 2016

IMPORTANT

Windows operating system and database versions must be in English US.

SQL Server
  • Microsoft SQL Server 2012
  • Microsoft SQL Server 2014 (Recommended)
  • Microsoft SQL Express 2014
  • Microsoft SQL Server 2016
Microsoft Internet Information Services (IIS)
  • Internet Information Services (IIS) 8.0
  • Internet Information Services (IIS) 8.5 (Recommended)
  • Internet Information Services (IIS) 10
Microsoft .NET Framework
  • .NET Framework 4.7
Browsers
  • Chrome for Windows 8.1
  • Internet Explorer for Windows 8.1
  • Edge for Windows 10

Note: If using SQL Express, please review the sizing guidelines below and other important considerations in the prerequisites section of this document.

Note: Bomgar Vault is not compatible with IPv6.

Supported Platforms for Vault Users

Note: This table allows you to compare which platforms support which Bomgar Vault capabilities. Please discuss your specific platform support needs with your Bomgar sales representative.

Bomgar Vault enables centralized access controls through two specific capabilities: password check and rotate password.

  • Password Check: The system periodically validates the credentials. You may configure notifications to send if any problem occurs.
  • Rotate Password: The system changes the password either periodically or when a specified event occurs.
Multi-Platform Support Password Check Rotate Password
Windows Server
2012

Yes

Yes

2012r2

Yes

Yes

2016*

Yes

Yes

Windows Desktop
7

Yes

Yes

10*

Yes

Yes

SSH
Ubuntu 15.10

Yes

Yes

RedHat 7

Yes

Yes

Microsoft SQL
2014

Yes

Yes

Oracle
11g

Yes

Yes

MySQL
5.5.x

Yes

Yes

5.6.x

Yes

Yes

5.7.x

Yes

Yes

LDAP
Active Directory

Yes

Yes

Windows 10 and Windows Server 2016 Limitations

* Microsoft implemented additional UAC filter controls in Windows 10 and Windows Server 2016 to reduce the attack surface for Pass The Hash attacks. Therefore, by default, Bomgar Vault limits rcredential rotation on these platforms and allows only the following scenarios and combinations:

The Windows endpoint IS a domain-joined computer.

Account Credential Manager Validation Rotation
Local user

Built-in administrator

X

X

Local user Domain administrator X X
Local admin user (not built-in admin) Built-in administrator X X
Local admin user (not built-in admin) Built-in administrator X X
Built-in admin <none> X X
Built-in admin Domain admin X X

 

The Windows endpoint IS NOT a domain-joined computer (workgroup).

Account Credential Manager Validation Rotation
Local user

Built-in administrator

X

X

Local admin user (not built-in admin) Built-in administrator X X
Built-in admin <none> X X

Windows 10 and Windows Server 2016 Scenarios and Recommended Best Practices

Scenario: Rotating a Windows local account on a domain machine with a manager credential.

For best results, use a domain administrator1You can also use a domain user who is a member of the machine's administrator group. as the manager credential. A secondary option is to use the machine's built-in administrator account2This is a secondary recommendation because the built-in administrator account can be disabled. Depending on the organization's group policies, the built-in administrator could be subjected to remote UAC filtering..

Scenario: Rotating a Windows local account on a workgroup machine with a manager credential.

For best results, use the built-in administrator as the manager credential.

Scenario: Rotating a Windows local account on a domain machine or a workgroup machine without a manager credential ( i.e., account rotating itself):

In general, self-rotation for users other than the built-in administrator are not expected to work in any case. Self-rotation works on older Windows versions, like Windows 7, Windows Server 2012, and Windows 2012 r2, but does not work on newer Windows versions.


Topics Covered in the Vault Server Installation Guide