This post summarizes some settings to Secure CyberArk and how to tune the performance
Limit Platforms to Specific Safes
Example: Limit a platform to specific Safes
To limit a platform to Safes called ‘LinuxPasswords’ and ‘AIXPasswords’, specify the following: AllowedSafes=(LinuxPasswords)|(AIXPasswords)
Example: Apply a platform on all Safes
To apply a platform on all Safes, specify AllowedSafes=.*. This is the default value.
CyberArk Accounts
Service Accounts
- LDAP Bind Account - VaultInternal Safe
- create a specific platform for it
- PSMConnect - PSM related
- User cannot change password and Password never expires
- Windows local account template
- Auto-reconciliation
- PSMAdminConnect - PSM created
- User cannot change password and Password never expires
- Windows local account template
- auto-reconciliation
- PVWAReportsUser
- PasswordManagerUser
Administrator Accounts
- Enable PSM-PrivateArk Client
PSM-PVWA
Configure Applocker to enable Google Chrome
Restart Component Server
Connecting with PSM-PVWA-CHROME
Vault
The vaults configuration and log files can be found in the folder C:\Program Files (x86)\PrivateArk\Server\Conf
- dbparm.ini
- license.xml
- paragent.ini
- passparm.ini
- tsparm.ini
Logs are in the folder: C:\Program Files (x86)\PrivateArk\Server\Logs
- ltalog.log
- paragent.log
Configuration also stores in the system safe.
CPM
- Â meet recommend system requirements
- physical vs vritual
- more than 100,000 managed passwords, then additional CPMs needed
- CPM settings
- Interval setting - change from 60 - 1440 (1 day)
- Emails about CPM activity
- CPM Log rotation
- PlatformToManage
- Only Platforms needed to be actived.
No comments:
Post a Comment