ApexSQL Audit – Permissions and requirements

Description
This article provides information about required permissions and software requirements for ApexSQL Audit installation.

Summary
ApexSQL Audit requires Windows administrator permissions for installation in order to properly setup application service, web console, and its access to the Central Repository Database (CRD).

ApexSQL Audit GUI does not require any special permissions on the local machine where the central instance is running, as it communicates with the installed service which has received appropriate permissions during the installation.

The same applies to required permissions for the web console reporting system; by default only local users (Windows Authentication) have access to the web console – any additional permissions can be configured via IIS to allow or deny access to local or network users.

Above described permissions are required by the user during the installation or use. The following actual permissions are set and used by the product:

  • For both central and distributed instances:

    • The log on account for the ApexSQL Audit service must be a member of sysadmin server role on the SQL Server instance audited.
    • The Log on as service user rights are required for the account running the service.
    • The service requires read and delete access to the SQL Trace folder where traces files are being generated.
    • The monitored SQL Server instance requires write access to the SQL Trace folder where traces files are being generated.
  • Web Console:

    • The web application requires the db_reader permissions on the Central Repository Database.
    • Folder Read/write permissions where exported reports are saved.

Software requirements

Depending on the ApexSQL Audit component to be installed, the following software is required to be installed prior to installation:

  • The central ApexSQL Audit instance

    • Microsoft SQL Server 2008 or greater
    • Microsoft .NET Framework 4.5
  • A distributed ApexSQL Audit instance

    • Microsoft SQL Server 2005 or greater
    • Microsoft.NET Framework 4.5
  • ApexSQL Audit Web Console requires:

    • Microsoft Internet Information Services (IIS) 6.0 or greater (with default set of components). Ensure that following features are installed (on some version this may be included by default):

      • World Wide Web Services -> Application Development Features -> ASP.NET 4.5
      • World Wide Web Services -> Common HTTP Features -> Static Content
      • World Wide Web Services -> Security -> Windows Authentication
    • Browser: Internet Explorer 7 and above, or Chrome 27 and above

Hardware requirements

Both minimum and recommended hardware requirements for ApexSQL Audit are the same as described in the Hardware and Software Requirements for Installing SQL Server. Additionally, we recommend using multi-core processors as ApexSQL Audit heavily relies on parallel job processes to provide fast processing of audited data.

There are additional communication and HDD space requirements:

  • Both central and distributed ApexSQL Audit instances use port 64561 by default. This is user configurable however.
  • HDD space :
    • Each ApexSQL Audit instance (including central and all distributed ApexSQL Audit instances) requires 5GB of free HDD space for:

      • Temporary trace files (5MB each) generated by SQL Server until they are parsed and removed by ApexSQL Audit instance.
      • Storing packages (5 MB each) generated by distributed instances prior to their transfer to the central instance. These are deleted once successfully transferred to the central instance; transfer is initiated every 3 seconds.
      • Note: required space covers edge situations when SQL Server generates a large number of trace files before they are handled or in case there is a delay in package transfer to the central instance. In case the ApexSQL Audit service is stopped by the administrator, SQL Server immediately stops creating trace files which prevents HDD overload.
    • The central ApexSQL Audit instance requires 1GB per connected distributed instance for storing packages into a central instance local folder. These are deleted once the data in them is successfully stored in the CRD; this operation is immediate and it’s delayed only in rare cases of overload, when packages can accumulate until SQL Server is free to store them into the CRD. This also covers the situation when quick maintenance of SQL Server which hosts CRD is required (e.g. restart).