Server requirements
The Bravura Security Fabric server and any replicated servers must be installed on a Windows Server operating system. Windows Server 2022 is recommended at the current release level of Bravura Security Fabric . Windows Server 2016 and Windows Server 2019 are also supported.
Installing on Windows Server enables Bravura Security Fabric to leverage client software that is available only on the "Wintel” platform. In turn, this makes it possible for Bravura Security Fabric to manage passwords and accounts on target systems without installing a server-side agent.
Bravura Security Fabric stores all of its data in an external database. Microsoft SQL Server 2022 (recommended), Microsoft SQL Server 2019 , Microsoft SQL Server 2017 , Microsoft SQL Server 2016 SP2 , or Microsoft SQL Server 2014 SP3 must be installed and configured before the Bravura Security Fabric server software can be installed. See Installing and configuring Microsoft SQL Server for more information. Oracle database was supported on versions up to 9.0.x and is not supported on 10.0 or later releases.
If you are installing the Bravura Security Fabric on the same server as the database, ensure you consider the server requirements for the database software when calculating the requirements for the Bravura Security Fabric server.
Each Bravura Security Fabric application server must also be configured with a web server. The Bravura Security Fabric installer is aware of and can automatically configure IIS web servers for use with Bravura Security Fabric .
The Bravura Security Fabric server is a security server, and should be locked down accordingly. See Locking down a Bravura Security Fabric server for details. In short, most of the native Windows services can and should be removed, leaving a very small attack surface, with exactly one inbound TCP/IP port (443):
No ASP, JSP or PHP are used, so such code interpreters should be disabled.
Web-facing .NET is not used and should be disabled (some connectors require it, due to .NET API bindings).
No ODBC or DCOM are required inbound, so these services should be filtered or disabled at the web server. As with .NET, ODBC is sometimes needed to connect to target systems.
Inbound file sharing should be disabled.
Remote registry services should be disabled.
Inbound TCP/IP connections should be firewalled, allowing only port 443, remote desktop services (to configure the software) and a handful of ports between Bravura Security Fabric servers, mainly for data replication.
Bravura Security Fabric is compatible with 64-bit Windows Servers:
The core software is compiled as 64-bit binaries.
Programs that execute in the context of the core operating system, such as password synchronization triggers, event hooks, etc. are available in both 64- and 32-bit versions for compatibility.
Ensure that Powershell execution is not blocked by server security policy or endpoint protection software.