This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Vladimir
Champion
Champion
‎2023-09-01 11:50 AM

Identity collector realistic requirements question

Since Identity Collector is, realistically, the only viable option for Identity Awareness, I am looking into deploying it for one of my clients.

Reading the requirements section / Best Practices, I am seeing following:

A minimum of 12 CPU cores

A minimum of 16 GB of RAM

A minimum of 60 GB of free disk space

...and the CPU core count seems to be absolutely outrageous and the memory allocation is way too generous, for the client that has less than 100 employees.

Can someone share their experience with Identity Collector in SMB environments and what would be a more realistic hardware (or virtual hardware) allocation to the servers hosting it?

 

Thank you,

Vladimir

0 Kudos
3 Replies
Wolfgang
Authority
Authority
‎2023-09-01 12:01 PM

We are running without problems for a customer 200 clients, running as service on one of the domaincontrollers. 4CPU, 12GB RAM, 80GB disk. Virtual system. Most of the rules are user based, no problem at all, no performance problem seen.

0 Kudos
Vladimir
Champion
Champion
‎2023-09-01 12:05 PM
In response to Wolfgang

Thank you! This sounds more inline what I would've expected. Pretty sure that IDC will be deployed on domain member servers, due to client's security requirements. In which case it'll likely use even less RAM. My last run-in with IDC still required LDAP Account Unit to be configured (using AD account with Log Reader permissions). DO you know if it is still the case?

0 Kudos
Wolfgang
Authority
Authority
‎2023-09-01 01:01 PM
In response to Vladimir

Our small customer has no requirements and keep it simple as possible and they don‘t want to pay for more  licenses 😉

The needed user rights for the IDC are described in the documentation, it has to be member of the event reader group. LDAP account unit is still needed, you need this to browse the ActiveDirectory to add groups or users to access roles. That‘s nothing what the IDC does, IDC matches only logged in users and their actual IP address and send this information to the gateway.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top