CyberArk PAS (CPM) Installation - Part 3

The Central Policy Manager (CPM) is a revolutionary password management component that enforces the enterprise policy. It enables organizations to automatically change and verify accounts, and reconcile them if necessary, on remote machines and store the new accounts in the Vault, with no human intervention, according to the organizational policy.

The CPM generates new random passwords and replaces existing passwords on remote machines. The new passwords are then stored in privileged accounts in the Vault where they benefit from all accessibility, audit and security features of the Privileged Access Security solution.

The CPM can also notify the Central Credential Provider of an upcoming password change so that the password can be synchronized on the Vault, the CPM and the Central Credential Provider simultaneously.

High Level Installation Steps:

Basically, follow the hardware requirements out of CyberArk Docs system requirements guide for hardware specs and prerequisite software needed, then do installation as show below.
EPV = Digital Vault + PVWA + CPM
PAS = EPV + PSMRelated Posts:

• CyberArk PAS (Vault PrivateArk Server and Client) Installation - Part 1
• CyberArk PAS (PVWA) Installation - Part 2
• CyberArk PAS (CPM) Installation - Part 3
• CyberArk PAS (PSM) Installation - Part 4
• CyberArk PAS (PTA) Installation - Part 5
• CyberArk PAS (PTA) Configuration - Part 5.1
• CyberArk PSM HTML5 Gateway Installation and Configuration - Part 6

Enterprise Password Vault Solution (PVWA) Installation

For CPM:

-        Install Windows 2012 R2 or Windows 2016

-        Install at least .NET Framework 4.6.2 (if that or a greater version not already included)

-        Install all the latest Windows OS patches

-        The rest is performed during the install which includes:

o   Setting up the IIS role via the provided PVWA prerequisites script.
o  Make sure you are using run as administrator to run setup.exe file. Domain admin account will not work

Component	Description
PVWA	Password Vault Web Access (PVWA) is a fully featured web interface that provides a single console for requesting, accessing and managing privileged accounts throughout the enterprise by both end users and administrators.
CPM	Central Policy Manager is a integral part of the PAS controlling and managing the Master policy. This password management component can change passwords automatically on remote machines and store the new passwords in the EPV, with no human intervention, according to the organizational policy. It also enables organizations to verify passwords on remote machines, and reconcile them when necessary.
PSM	Privileged Session Manager enables organizations to isolate, monitor, record, and control privileged sessions on critical systems including Unix and Windows-based systems, databases and virtual machines. The solution acts as a jump server and single access control point. It prevents malware from jumping to a target system and records keystrokes and commands for continuous monitoring. The resulting detailed session recordings and audit logs are used to simplify compliance audits and accelerate forensics investigations.
PTA	Privileged Threat Analytics is an expert system for privileged account security intelligence, providing targeted, immediately actionable threat alerts by identifying previously undetectable malicious privileged user and account activity. The solution applies patent pending analytic technology to a rich set of privileged user and account behavior collected from multiple sources across the network. CyberArk Privileged Threat Analytics then produces highly accurate and immediately actionable intelligence, allowing incident response teams to respond directly to the attack.

YouTube Video:

CPM  Installation:

Three major steps:

1. Pre-installation. 

2. Installation. 

3. Post-installation. 

Before Installation

• Make sure that PVWA is installed
• Enable a secure channel between CPM and PVWA
• Enable TLS 1.2
• Use the built-in Administrator user to install the CPM.

Standard installation

1. On the CPM machine, create a new folder and copy the Central Policy Manager folder from the installation package to it.
2. Start the installation procedure in one of the following ways:
   • Double-click Setup.exe
   • On systems that are UAC-enabled, right-click Setup.exe, then select Run as Administrator.
   The installation process begins and the Setup window appears.

3. Click Next to proceed to the next step of the installation. 

4. The CPM installation wizard appears and displays a list of required features that it will install on your computer before it can install the CPM.

5. Click Next until to accept the default location provided by the installation, as displayed in the Destination Folder area,

Alternatively, click Browse and select another location.

Click Next to proceed to the Setup Type window, which enables you to specify whether or not the CPM was already installed on the Vault.

6. Select No Policy Manager was previously installed, then click Next to proceed to the Vault Connection Details window where you specify the connection details of the Password Vault.

7. Specify the IP address or DNS of the Password Vault, and its port number, then click Next to proceed to the Vault’s Username window where you specify the logon details of the Vault user.

8. Specify the name and password of the Vault user who will create the CPM environment in the Vault. Click Next; the installation process will now build the CPM environment in the Vault and on the CPM machine.

9. After the CPM environment has been created, the Setup Complete window appears.

References:

• CyberArk Vault Server Normal Installation
• Install the PVWA
• Install PSM 
• Install CPM