System Requirements for On-Premises Deployment of GYTPOL
Introduction
This document serves the purpose of providing essential system prerequisites and requirements that must be met before initiating the installation process for the GYTPOL Validator product.
Audience
This User Guide is primarily intended for IT system and infrastructure teams responsible for implementing, managing, and maintaining servers and Active Directory within their organizations. It provides clear instructions and explanations suitable for technical users, ensuring that these teams can effectively utilize the software for their specific needs.
Checklist
Before proceeding with the installation of GYTPOL Validator software, it is crucial to verify that all the following requirements are met:
Operating System - GYTPOL Server:
Ensure that the operating system on the GYTPOL Server meets the specified requirements.
Determine the appropriate server sizing based on the anticipated number of devices that will interact with GYTPOL Validator.
Confirm the existence and configuration of Users and Groups in both Active Directory and the GYTPOL Server, ensuring proper synchronization.
Server Software - GYTPOL Server:
Make sure that the necessary server software components are installed and configured correctly on the GYTPOL Server.
Ensure that a web browser is available and compatible for use as the admin interface by end-users of GYTPOL Validator.
Verify that servers and workstations covered by GYTPOL Validator meet the required Sensor-side specifications.
DNS - Routing to GYTPOL Server:
Add any necessary DNS configurations to ensure proper routing to the GYTPOL Server, allowing seamless communication.
Determine and open the specific ports on both the server and Sensor sides as required by GYTPOL Validator to facilitate communication and functionality.
Implement measures to prevent any interference or blocking of GYTPOL Validator's proper execution by antivirus software.
Ensuring that all these prerequisites are met will contribute to a successful and efficient installation of GYTPOL Validator software.
Find additional help in Detailed Configuration Instructions when required.
System Architecture
Server Architecture
Server Sizing
Up to 3,000 Devices / PoC
RAM (GB) | System Storage (GB) | CPU (# Cores) |
16 | 80 SSD | 8 |
Up to 10,000 Devices
Server | RAM (GB) | Storage (GB) | CPU (# Reserved Cores) |
GYTPOL | 16 | 80 SSD | 8 |
DB | 24 | 200 SSD | 8 |
Up to 15,000 Devices
Server | RAM (GB) | Storage (GB) | CPU (# Reserved Cores) |
GYTPOL | 24 | 80 SSD | 8 |
DB | 24 | 250 SSD | 8 |
Up to 50,000 Devices
Server | RAM (GB) | Storage (GB) | CPU (# Reserved Cores) |
GYTPOL | 32 | 150 SSD | 16 |
DB | 64 | 450 SSD | 16 |
For customers with specific scenarios, please take note of the following:
Customers managing more than 50,000 devices are advised to contact support@gytpol.com for specialized sizing recommendations.
If you are using the Nutanix hypervisor, please contact support@gytpol.com for further guidance and support tailored to your specific setup.
Operating System and Language
A dedicated physical or virtual server is required, running Windows Server 2016 Standard or a later version.
Windows Server language settings (detailed checks are here):
The Windows Server operating system must be set to use the English (United States) language.
The Windows Server language for non-Unicode programs must be set to use the English (United States) language.
Customers who use a separate database server should install SQL Server 2016 Standard or a later version. For detailed instructions on configuring MS SQL, please consult Appendix 1.
Users and Groups
To create a domain user with the specified permissions and ensure the password adheres to the given criteria, follow these steps:
Create the User:
Open the Active Directory Users and Computers management console.
Navigate to the appropriate organizational unit (OU) or location where you want to create the user.
Right-click on the OU, select "New," and then choose "User."
Follow the prompts to set up the user account. You can use your naming convention, but for purpose of this document, let's call the user "GYTPOLSVC."
Set Password Criteria:
When setting the password for "GYTPOLSVC," make sure it does not contain any of the following characters ', ", ~, ;, commas or spaces
Assign Permissions (optional):
For a more stringent permission setup, you can create a security group within Active Directory, e.g., "GYTPOL_UI_Access”.
Add "GYTPOLSVC" to the "GYTPOL_UI_Access" group.
This group will be used to access GYTPOL UI or system settings during the initial server configuration.
By default, all authenticated users are granted access to the GYTPOL UI, which can be modified using the Roles and Permissions screen after the initial installation process.
By following these steps, you will have created a domain user, set a password that adheres to your criteria, and established a security group for GYTPOL UI access, all in compliance with your requirements.
Permissions
Follow the below table to set the permissions regarding the user and the group (follow hyperlinks for how to’s):
Type | Name | Permission set |
AD User | GytpolSvc | Domain level: Member of Domain Group: “Performance Log Users”
GYTPOL Server local settings: Local admin on GYTPOL server Logon as a service
GPMC permissions |
Server software and general settings
Requirement | How to Verify |
Web Browser supports Chromium | We recommend using the latest version of either MS Chromium Edge or Google Chrome browsers. However, in offline or closed environments, a minimum version of 100 is required. |
.NET 4.7.2 installed (Installed by default on Server 2019) | https://dotnet.microsoft.com/en-us/download/dotnet-framework/thank-you/net472-web-installer |
Notepad++ installed (Optional, yet strongly advised to simplify configuration management) | |
The minimum required version of PowerShell is 5.1. (Installed by default on Server 2016 and later)
Ensure that the PowerShell script execution policy is not set to "Restricted" in any of its categories. | |
IPv6 disabled (Optional) | |
Configure Windows Firewall inbound ports - or - Turn Windows Firewall OFF (service should be up and running) | In case of using the Windows Firewall
|
IE enhanced disabled | How to Disable Internet Explorer Enhanced Security Configuration |
Proxy is not configured | |
After committed changes - restart the remote machine (GYTPOL server) |
Admin Interface
You need a physical or virtual machine running at least Windows 7 SP1.
It is recommended to use the latest version of either MS Chromium Edge or Google Chrome browsers for optimal compatibility.
Sensor Requirements
Ensure that Task Scheduler is enabled for both user and computer.
Enable Event Viewer for both user and computer.
RSOP (Resultant Set of Policy) should be allowed.
PowerShell version requirements:
PowerShell 2.0 or later is required, with support for detection and auto-upgrade.
PowerShell 5.1 and later are preferred, as they support detection, auto-upgrade, remediation, and revert.
It is recommended to set PowerShell scripts to "All Signed&q