CyberArk PAS v11.1 Lab Install & Configure – 51Sec Lab
1. Infrastructure and Environment Introduction
This is based on my v11.1 testing lab at home. All installation and configuration steps have been recorded into my YouTube NetSec channel. In this series, I will try to cover all installation methods (Automatic, Manual, PAS installer) as much as I can to show you how to build a CyberArk LAB at home.
Lab Infrastructure Overview
Diagram – https://blog.51sec.org/2020/04/cyberark-pas-51sec-lab-install.html
Lab hierarchical architecture diagram
Basic Lab VM List
Vault 1 – 2G RAM, 1vCPU – 192.168.2.21
PSM 1 – 4G RAM, 2vCPU – 192.168.2.25
PVWA/CPM 1 – 4GRAM, 2vCPU – 192.168.2.23
51sectest.com DC with installed CA, Email Server, Syslog- 192.168.2.11
Advanced Lab VM List
Vault 1 – 2G RAM, 1vCPU -Win2012 – 192.168.2.21
Vault 2 – 2G RAM, 1vCPU -Win2012 – 192.168.2.22
PSM 1 – 4G RAM, 2vCPU -Win2012 – 192.168.2.25
PSM 1 – 4G RAM, 2vCPU -Win2012 – 192.168.2.26
PSM SSH/HTML5 GW- 4G RAM, 2vCPU – CentOS 7 – 192.168.2.27
PTA – – 4G RAM, 2vCPU -Win2012 – 192.168.2.28
PVWA/CPM 1 – 4GRAM, 2vCPU – 192.168.2.23
PVWA/CPM 1 – 4GRAM, 2vCPU – 192.168.2.24
51sectest.com DC with installed CA, Email Server, Syslog- 192.168.2.11
DC Preparing
Set up your own domain and domain controller. In my lab, I am using 51sectest.com as my lab domain. All accounts have been set up to use one password for easy to remember. In the lab, anywhere we need a password, it will set up same as this one. One password for whole lab, it will make your lab life much easier.
On DC, I installed CA server on it. It will be used for later to enable certs authentication, RDP over SSL, LDAP over SSL etc.
To demonstrate integration with LDAP, Email, NTP, Syslog, I have installed email server, ntp server and syslog server on this DC. I will show you how I did that.
For NTP server, by default, the first domain controller that is installed on a Windows Server domain is automatically configured to be a reliable time source.
Email server, I installed MailEnable as my LDAP integrated email server.
Syslog server, I am using free Solarwinds Kiwi Syslog server.
Domain Groups:
1. CyberArk Auditors
2. CyberArk Safe managers
3. CyberArk Users
4. CyberArk Vault Admins
Lab
1. Infrastructure and Environment Introduction
2. Vault installation
2.1 System configuration
2.2 Pre-requisite for vault installation
2.3 Vault installation
2.4 Post vault installation
References
Hi John,
Thanks for the important information and various blogs on CyberArk. It is very helpful. I want to replicate the same environment from one to another. For example, I have created an environment in Staging, created safes, on boarded accounts, policies, workflow etc. now want to replicate in Production. How can I do it? Your suggestions would be much appreciated
I am not seeing a perfect solution for staging and production. Best way is documenting what you have done on staging environment then re-produce it in your production environment.
Clone your vm and bring it into same domain always not good idea. Bring it into a different domain should work but you will need to deal with certs issue. I have not tried that in production. Still prefer re-produce the steps you did in stage environment.
let me know if you have some good ideas.
where to download the cyberark software
You will need a CyberArk account to download them. Talk to your CyberArk representative for trial license and software.