CyberArk PAS v11.1 Install & Configure - 1. Infrastructure and Environment Introduction - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Sunday, April 12, 2020

CyberArk PAS v11.1 Install & Configure - 1. Infrastructure and Environment Introduction

CyberArk PAS v11.1 Lab Install & Configure - 51Sec Lab

1. Infrastructure and Environment Introduction

This is based on my v11.1 testing lab at home. All installation and configuration steps have been recorded into my YouTube NetSec channel. In this series,  I will try to cover all installation methods (Automatic, Manual, PAS installer) as much as I can to show you how to build a CyberArk LAB at home.

Lab Infrastructure Overview






Lab hierarchical architecture diagram





 

Basic Lab VM List

Vault 1 - 2G RAM, 1vCPU - 192.168.2.21
PSM 1 - 4G RAM, 2vCPU - 192.168.2.25
PVWA/CPM 1 - 4GRAM, 2vCPU - 192.168.2.23

51sectest.com DC with installed CA, Email Server, Syslog- 192.168.2.11

Advanced Lab VM List

Vault 1 - 2G RAM, 1vCPU -Win2012 - 192.168.2.21
Vault 2 - 2G RAM, 1vCPU -Win2012 - 192.168.2.22

PSM 1 - 4G RAM, 2vCPU -Win2012 - 192.168.2.25
PSM 1 - 4G RAM, 2vCPU -Win2012 - 192.168.2.26
PSM SSH/HTML5 GW- 4G RAM, 2vCPU - CentOS 7 - 192.168.2.27

PTA - - 4G RAM, 2vCPU -Win2012 - 192.168.2.28

PVWA/CPM 1 - 4GRAM, 2vCPU - 192.168.2.23
PVWA/CPM 1 - 4GRAM, 2vCPU - 192.168.2.24

51sectest.com DC with installed CA, Email Server, Syslog- 192.168.2.11

DC Preparing

Set up your own domain and domain controller. In my lab, I am using 51sectest.com as my lab domain. All accounts have been set up to use one password for easy to remember. In the lab, anywhere we need a password, it will set up same as this one. One password for whole lab, it will make your lab life much easier.

On DC, I installed CA server on it. It will be used for later to enable certs authentication, RDP over SSL, LDAP over SSL etc.

To demonstrate integration with LDAP, Email, NTP, Syslog, I have installed email server, ntp server and syslog server on this DC. I will show you how I did that.

For NTP server, by default, the first domain controller that is installed on a Windows Server domain is automatically configured to be a reliable time source.

Email server, I installed MailEnable as my LDAP integrated email server.

Syslog server, I am using free Solarwinds Kiwi Syslog server.

Domain Groups:
1. CyberArk Auditors
2. CyberArk Safe managers
3. CyberArk Users
4. CyberArk Vault Admins

Lab

1. Infrastructure and Environment Introduction
2. Vault installation
2.1 System configuration
2.2 Pre-requisite for vault installation
2.3 Vault installation
2.4 Post vault installation




References






No comments:

Post a Comment