Latest Posts

CyberArk PAS (PSM) Installation - Part 4

High Level Installation Steps:

Basically, follow the hardware requirements out of CyberArk Docs system requirements guide for hardware specs and prerequisite software needed, then do installation as show below.
EPV = Digital Vault + PVWA + CPM
PAS = EPV + PSM


PSM Architect



Enterprise Password Vault Solution (PSM) Installation


For the PSMs
-        Install Windows 2012 R2 or Windows 2016
-        Install at least .NET Framework 4.6.2 (if that or a greater version not already included)
-        Install all the latest Windows OS patches
-        Add the domain account we are using to install PSM to the local administrators group of the new PSM VM build
-        The rest is performed during the install which includes:
o   Setting up the Remote Desktop Session Host role (not from individual checkboxed RD options) and selecting session-based (which will then ask for connection brokers and RD gateway servers in later steps).


Component
Description
PVWA
Password Vault Web Access (PVWA) is a fully featured web interface that provides a single console for requesting, accessing and managing privileged accounts throughout the enterprise by both end users and administrators.
CPM
Central Policy Manager is a integral part of the PAS controlling and managing the Master policy. This password management component can change passwords automatically on remote machines and store the new passwords in the EPV, with no human intervention, according to the organizational policy. It also enables organizations to verify passwords on remote machines, and reconcile them when necessary.
PSM
Privileged Session Manager enables organizations to isolate, monitor, record, and control privileged sessions on critical systems including Unix and Windows-based systems, databases and virtual machines. The solution acts as a jump server and single access control point. It prevents malware from jumping to a target system and records keystrokes and commands for continuous monitoring. The resulting detailed session recordings and audit logs are used to simplify compliance audits and accelerate forensics investigations.
PTA
Privileged Threat Analytics is an expert system for privileged account security intelligence, providing targeted, immediately actionable threat alerts by identifying previously undetectable malicious privileged user and account activity. The solution applies patent pending analytic technology to a rich set of privileged user and account behavior collected from multiple sources across the network. CyberArk Privileged Threat Analytics then produces highly accurate and immediately actionable intelligence, allowing incident response teams to respond directly to the attack.

PSM  Installation:






PSM  Installation:


Run the PSM installation wizard.
To install PSM:
  1. Log on as a domain user who is a member of the local administrators group.
  2. Create a new folder on the PSM server machine. From the installation CD, copy the contents of the Privileged Session Manager folder to your new folder .
    Display the contents of the Privileged Session Manager folder.
  3. Start the installation procedure:
    Double-click Setup.exe or,
    On systems that are UAC-enabled, right-click Setup.exethen select Run as Administrator.
    The PSM installation wizard appears and displays a list of prerequisites that are installed before the PSM installation continues.
4. Click Install to begin the installation process; the installation process begins and the Setup window appears.
5. Click next until on the Destination Location window, click Next to accept the default location provided by the installation, or click Change and select another location.
6. On the Recordings Folder window, click Next to accept the default recordings folder provided by the installation, or click Change and select another location.

7. On the Password Vault Web Access Environment window, click Next to accept the default name of the PVWA Configuration Safe provided by the installation, or specify the name of another Safe name that is used as the PVWA Configuration Safe.

8. Click Next; the installation automatically installs the Oracle Instant Client, then displays the Vault's Connection Details window. Specify the IP or DNS address and the port number of the Digital Vault, then click Next.

9. On the Vault's Username and Password Details window, specify the username and password of the Vault user carrying out this installation, then click Next .

10. On the API Gateway Connection Details window, enter the protocol and hostname of the PVWA where the PSM connects to the API Gateway, then click Next to display the Setup Complete window. This information is used to generate an endpoint for API calls (<protocol>://<Host>/passwordvault/api).

11 Click Finish to complete the Privileged Session Manager installation.

12. Restart the PSM server. You can also restart the PSM server at a later stage.

13. On the PVWA machine, run iisreset,



Activate the PSM server

To activate PSM:
  1. If you did not use the default recordings folder provided by the installation , you will need to update the path to the recordings folder.
    Go to PVWA > ADMINISTRATION > Options > Privileged Session Management > General settings > Recorder settings. Update the value of the recordings folder path on the PSM machine.
  2. You need to manually start the CyberArk Privileged Session Manager Service:
    1. Go to Start> Settings > Control Panel.
    2. Select Administrative Tools > Services.
    3. Right-click CyberArk Privileged Session Manager.
    4. Select Start.




















References






No comments