Redundancy Requirements

Hardware and Scaling Requirements

The following shows deployment and scaling requirements in several different-sized environments. In smaller network environments, PolicyServer SQL databases can be installed on the same server. For PolicyServer deployments in environments greater than 1500 devices, Trend Micro recommends having at least two dedicated servers:

  1. A dedicated server for the PolicyServer services, also known as the "front-end server"

  2. A dedicated server for the database, or add the database to an existing SQL cluster

The following table displays the requirements for the PolicyServer SQL database for the basic requirements at the specified scale:

Devices

PolicyServer Front-end Requirements

PolicyServer SQL Database Requirements

1,000

  • One front-end and SQL database multi-role server with an Intel Xeon quad-core 2.2 GHz processor or above

  • 8 GB RAM

  • 120 GB hard drive

Installed on PolicyServer front-end server

4,000

  • One front-end and SQL database multi-role server with an Intel Xeon quad-core 2.2 GHz processor or above

  • 8 GB RAM

  • 150 GB hard drive

Installed on PolicyServer front-end server

8,000

  • Two front-end servers each with an Intel Xeon quad-core 2.2 GHz processor or above

  • 4 GB RAM

  • 40 GB hard drive

  • One SQL database server with an Intel Xeon quad-core 2.2 GHz processor or above

  • 8 GB RAM

  • 150 GB hard drive

20,000

  • Four front-end servers each with an Intel Xeon quad-core 2.2 GHz processor or above

  • 4 GB RAM

  • 40 GB hard drive

  • Two SQL database servers (one for the policy database and one for the log database) each with an Intel Xeon quad-core 2.2 GHz processor or above

  • 8 GB RAM

  • 180 GB RAID 5 hard drive

40,000

  • Eight front-end servers each with an Intel Xeon quad-core 2.2 GHz processor or above

  • 4 GB RAM

  • 40 GB hard drive

  • Two SQL database servers (one for the policy database and one for the log database) each with an Intel Xeon quad-core 2.2 GHz processor or above

  • 16 GB RAM

  • 350 GB shared SAN RAID 5 hard drive

Note:
  • Virtual hardware is supported under VMware Virtual Infrastructure.

  • Microsoft or VMware on virtual hardware does not support Microsoft Cluster Service.

  • Baseline testing was performed on an endpoint with an Intel Xeon CPU E5-2650 v4 2.20 GHz, 2200 Mhz.

Redundancy Requirements

With larger environments, Trend Micro recommends adding additional servers to avoid having single points of failure. The following table displays the requirements for the PolicyServer SQL database for an environment with increased redundancy.

Tip:

Trend Micro recommends setting up redundancy for environments with more than 8,000 devices.

Devices

PolicyServer Front-end Requirements

PolicyServer SQL Database with Zero Single Points of Failure

8,000

  • Four front-end servers each with one Intel Xeon quad-core 2.2 GHz processor or above

  • 4 GB RAM

  • 40 GB hard drive

  • One SQL server cluster of two nodes, with Intel Xeon quad-core 2.2 GHz processors or above

  • 8 GB RAM

  • 60 GB RAID 5 hard drive

  • 150 GB shared SAN RAID 5 hard drive

20,000

  • Six front-end servers each with Intel Xeon quad-core 2.2 Ghz processors or above

  • 4 GB RAM

  • 40 GB hard drive

  • Two SQL server clusters of two nodes , with Intel Xeon quad-core 2.2 Ghz processors or above

  • 8 GB RAM

  • 60 GB RAID 5 hard drive

  • 180 GB shared SAN RAID 5 hard drive

40,000

  • Twelve front-end servers each with Intel Xeon quad-core 2.2 GHz processors or above

  • 4 GB RAM

  • 40 GB hard drive

  • Two SQL server clusters of two nodes , with Intel Xeon quad-core 2.2 Ghz processors or above

  • 16 GB RAM

  • 60 GB RAID 5 hard drive

  • 350 GB shared SAN RAID 5 hard drive

Note:
  • Virtual hardware is supported under VMware Virtual Infrastructure.

  • Microsoft or VMware on virtual hardware does not support Microsoft Cluster Service.

  • Baseline testing was performed on an endpoint with an Intel Xeon CPU E5-2650 v4 2.20 GHz, 2200 Mhz.

Software Requirements

Specification

Requirements

Operating system

  • Windows Server 2008 / 2008 R2 (64-bit)

  • Windows Server 2012 / 2012 R2 (64-bit)

  • Windows Server 2016 (64-bit)

Database server

  • Microsoft SQL Server 2008 / 2008 R2 / 2012 / 2012 R2 / 2014 / 2016

  • Microsoft SQL Server Express 2008 / 2012 / 2014 / 2016

  • Mixed Mode Authentication (SA password) installed

  • Reporting services installed

Note:

For Windows Server 2008 R2, you must install SQL Server 2008 SP1.

Application server

PolicyServer 6.0 requires Microsoft Internet Information Services (IIS) with the following roles installed and enabled:

  • Application Development

    • ASP.NET

    • ASP

    • ISAPI Extensions

    • ISAPI Filters

  • Management Tools

    • IIS Management Console

    • IIS Management Scripts and Tools

    • Management Service

    • IIS 6 Management Compatibility

    • IIS 6 Metabase Compatibility

For Windows Server 2008 and 2008 R2 you must install the "Application server" role and the "Web server" role. Additionally, you must add SMTP and Microsoft IIS Support features.

Legacy Endpoint Encryption environments (version 3.1.3 and earlier) require Client Web Service. If you install Client Web Service on a remote endpoint, install Microsoft IIS on that endpoint.

Other software

  • Both Microsoft .NET Framework 2.0 SP2 (or 3.5) and 4.0

  • Windows Installer 4.5 (SQL Express)

Installation Files

File

Purpose

PolicyServerInstaller.exe

Installs PolicyServer databases and services. Optionally, the PolicyServer MMC can install at the same time.

PolicyServer MMCSnapinSetup.msi

Installs the PolicyServer MMC only.

TMEEProxyInstaller.exe

Installs the Client Web Service and the Traffic Forwarding Service. These services function as web proxies and communication protocols for environments that have PolicyServer and Endpoint Encryption agents in different LANs. Client Web Service functions for 3.1.3 or earlier agents and Traffic Forwarding Service functions for 5.0 or later agents.

Note:

PolicyServer includes a 30-day trial license. To upgrade to the full product version, register your product with your Activation Code in Control Manager or PolicyServer MMC.

Required Accounts

Account

Function

Description

SQL SA

PolicyServer Installer

Account is used only to create the PolicyServer databases

SQL MADB

PolicyServer Windows Service

Account created during installation to authenticate to PolicyServer databases

Local Administrator

PolicyServer Windows Service and IIS

Account used to run the PolicyServer Windows Service and web service application pools