One Identity Safeguard for Privileged Sessions 3000, Installation Manual

Share

17 pages before
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37

Page: 32 / 37

One Identity Safeguard for Privileged Sessions 3000 Installation Manual Download Page 32

Machine.

l

Do not assign a public IP address to SPS, use SPS as a component of your
internal infrastructure. If you absolutely must configure Welcome Wizard
from a publicly accessible IP address, note that SPS will be publicly
accessible. If you assign a public IP to the web management interface,
consider the following:

l

Select a complex passphrase.

l

Limit access to the management interface based on the source IP
address, and make sure that brute-force protection for the administrator
web login is enabled (they are enabled by default). For details, see

"Configuring user and administrator login addresses" in the
Administration Guide

.

l

Configure an email alert or SNMP trap for administrator logon events.
For details, see

"Configuring e-mail alerts" in the Administration Guide

and

"Configuring SNMP alerts" in the Administration Guide

l

Forward the logs of SPS to a log server (for example, to a

server, or an syslog-ng Store Box appliance

) so that if the local logs are

compromised, you still have an authentic copy of the original logs.

l

For security reasons, disable SSH access to SPS when it is not needed.
Accessing the SPS host directly using SSH is not recommended or
supported, except for troubleshooting purposes. If you enable SSH
access, restrict the clients that can access SPS based on their source IP
address, and make sure that brute-force protection is enabled (they are
enabled by default). For details, see

"Enabling SSH access to the One

Identity Safeguard for Privileged Sessions (SPS) host" in the
Administration Guide

.

l

To prevent unauthorized access to the audit trail files recorded on SPS,
configure proper access control rules for the user groups and encrypt
every audit trail. If you use encryption, store your keys in the personal
or in the temporary key store. For details, see

"Encrypting audit trails" in

the Administration Guide

,

l

Upgrading SPS in Azure is the same as upgrading a physical appliance: you have to
upload the firmware on the SPS web interface. For detailed instructions, see

SPS 6.0 Installation Guide

Deploying One Identity Safeguard for Privileged Sessions from the Azure

Marketplace

32

«
...
30
31
32
33
34
...
»

Summary of Contents for Safeguard for Privileged Sessions 3000

Page 1: ...One Identity Safeguard for Privileged Sessions 6 0 Installation Guide...

Page 2: ...TY TO USE THIS DOCUMENT EVEN IF ONE IDENTITY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES One Identity makes no representations or warranties with respect to the accuracy or completeness of the...

Page 3: ...ons SPS Appliance 3500 16 One Identity Safeguard for Privileged Sessions Software Installation Guide18 Installing the SPS software 18 One Identity Safeguard for Privileged Sessions VMware Installation...

Page 4: ...Azure Marketplace 33 High Availability and redundancy in Microsoft Azure 35 Redundancy 35 High Availability 35 Virtual appliance maintenance 36 Modifying the disk size of a SPS virtual appliance 36 A...

Page 5: ...e hardware specifications of the SPS appliance One Identity Safeguard for Privileged Sessions Software Installation Guide describes how to install SPS on certified hardware One Identity Safeguard for...

Page 6: ...the re installation of the product Note that the contents of this document were previously included in the Administration Guide This standalone guide was created to l Improve how information is organi...

Page 7: ...nstalled with the latest One Identity Safeguard for Privileged Sessions firmware l One Identity Safeguard for Privileged Sessions accessory kit including the following l One Identity Safeguard for Pri...

Page 8: ...install a single SPS unit see Installing the SPS hardware l For details on how to install a two SPS units in high availability mode see Installing two SPS units in HA mode Installing the SPS hardware...

Page 9: ...ccess to all data stored on the SPS appliance Data on the appliance can be unencrypted or encrypted and can include sensitive information for example passwords decryption keys private keys and so on F...

Page 10: ...te console add the DNS name or the IP address of the IPMI interface to the exception list whitelist of the Java console For details on how to do this see the Java FAQ entry titled How can I configure...

Page 11: ...4 4 Power on the second unit 5 Change the BIOS and IPMI passwords on the second unit The default password is ADMIN or changeme depending on your hardware 6 Connect to the SPS web interface of the fir...

Page 12: ...of disk slots 2 internal only Redundant PSU 0 Mainboard X8SIL F Chipset Intel 3420 NIC l 2x Intel 82574L Gigabit Ethernet Controller l 1x Supermicro AOC SG i2 Dual GbE PCI Ex4 IPMI Nuvoton WPCM450 SM...

Page 13: ...of disk slots 4 Redundant PSU 1 Mainboard X9SPU F Chipset Intel C216 Express PCH NIC l 2x Intel 82574L Gigabit Ethernet Controller l 1x Supermicro AOC SG i2 Dual GbE PCI Ex4 IPMI Nuvoton WPCM450RA0BX...

Page 14: ...Unit 2 Number of disk slots 12 Redundant PSU 1 Mainboard X9DRW 7TPF Chipset Intel C602J NIC l 1x Intel 82599 Dual Port 10G SFP l 1x Intel i350 Dual Port Gigabit Ethernet l 1x Supermicro AOC SG i2 Dual...

Page 15: ...feguard for Privileged Sessions SPS Appliance 3000 Unit 1 U Drive Bays 8 x 2 5 Redundant PSU Yes NIC 4 x 1GBase T Ethernet ports IPMI version 2 0 CPU Intel Xeon E3 1275 3 60 Ghz 4 Core Memory 2x 16GB...

Page 16: ...E Ethernet ports 6 VGA port 7 4 x 1GBase T Ethernet ports 8 Dedicated IPMI LAN port One Identity Safeguard for Privileged Sessions SPS Appliance 3500 Unit 1 U Drive Bays 10 x 2 5 Redundant PSU Yes NIC...

Page 17: ...n NOTE The One Identity Safeguard for Privileged Sessions SPS Appliance 3500 is equipped with a dual port 10Gbit interface This interface has SFP connectors not RJ 45 labeled A and B and can be found...

Page 18: ...isites When installing SPS on a physical hardware make sure that you use a One Identity supported appliance and that every hard disk required for the particular appliance is inserted Installing SPS wi...

Page 19: ...Depending on the size of the disks the installation process takes from a few minutes to an hour to complete CAUTION Hazard of data loss All data on the disks will be deleted 8 The installer displays t...

Page 20: ...0 24 subnet for example 192 168 1 10 see The initial connection to One Identity Safeguard for Privileged Sessions SPS in the Administration Guide NOTE For details on the supported web browsers and ope...

Page 21: ...bit l Allocate memory for the virtual machine SPS requires a minimum of 4 GiB 8 GiB is recommended of memory The recommended size for the memory depends on the exact environment but consider the follo...

Page 22: ...de by default Therefore make sure you enable but do not attach the fourth eth3 network card to a network 2 After creating the virtual machine edit the settings of the machine Set the following options...

Page 23: ...iance on page 36 l If High Availability HA operation mode is required in a virtual environment use the HA function provided by the virtual environment l Hardware related alerts and status indicators o...

Page 24: ...may display inaccurate information for example display degraded RAID status l When running SPS under Microsoft Hyper V ensure that the network interfaces are actually connected to the network When run...

Page 25: ...t in RAID support of SPS for some reason use two hard disks and SPS will automatically use them in software RAID CAUTION Hazard of data loss When you install or reinstall SPS in a virtual environment...

Page 26: ...ou have to use more than one NICs we recommend using only Legacy NICs 2 Login to your support portal and download the latest One Identity Safeguard for Privileged Sessions installation ISO file Note t...

Page 27: ...S under significant load contact One Identity for recommendations l Guest operating system Linux Ubuntu 64 bit l Allocate memory for the virtual machine SPS requires a minimum of 4 GiB 8 GiB is recomm...

Page 28: ...figure unused network cards at least the fourth eth3 to use internal NAT l To index connections without significant delay add two CPU cores to the virtual machine Note that these settings are suitable...

Page 29: ...k space assigned to the virtual host it is not possible to use on demand disk allocation scenarios l If High Availability HA operation mode is required in a virtual environment use the HA function pro...

Page 30: ...ons license When deployed from the Microsoft Azure Marketplace the One Identity Safeguard for Privileged Sessions uses the Bring your own license model Note that to deploy two active SPS nodes as an a...

Page 31: ...ces in SPS For details see VM with multiple NICs l The Seal the box functionality is not available l The High Availability support of SPS was designed to work between two physical SPS appliances This...

Page 32: ...s are compromised you still have an authentic copy of the original logs l For security reasons disable SSH access to SPS when it is not needed Accessing the SPS host directly using SSH is not recommen...

Page 33: ...onfigure in the SPS Welcome Wizard c Choose a size for the VM If you want to use this machine in production and need help about sizing or architecture design contact your One Identity sales representa...

Page 34: ...S VM can access even public ones 3 Configure SPS Login to SPS and configure it a Configure backups for SPS For backup and archiving purposes One Identity recommends the built in file shares of Azure F...

Page 35: ...is stored in 3 copies For details see Locally redundant storage in the Azure Storage replication document and Service Healing Auto recovery of Virtual Machines High Availability If a hardware failure...

Page 36: ...ier version To modify the disk size of a SPS virtual appliance 1 Hazard of data loss Modifying the disk size is a risky operation Create a full system backup configuration and data backup to avoid dat...

Page 37: ...ble to One Identity customers with a valid maintenance contract and customers who have trial versions You can access the Support Portal at https support oneidentity com The Support Portal provides sel...

Reviews:

No comments

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands