High Level Installation Steps:
EPV = Digital Vault + PVWA + CPM
PAS = EPV + PSM
Enterprise Password Vault Solution (PVWA) Installation
o Make sure you are using run as administrator to run setup.exe file. Domain admin account will not work
|
Component
|
Description
|
|---|---|
|
PVWA
|
Password Vault Web Access (PVWA) is a fully featured web interface that provides a single console for requesting, accessing and managing privileged accounts throughout the enterprise by both end users and administrators.
|
|
CPM
|
Central Policy Manager is a integral part of the PAS controlling and managing the Master policy. This password management component can change passwords automatically on remote machines and store the new passwords in the EPV, with no human intervention, according to the organizational policy. It also enables organizations to verify passwords on remote machines, and reconcile them when necessary.
|
|
PSM
|
Privileged Session Manager enables organizations to isolate, monitor, record, and control privileged sessions on critical systems including Unix and Windows-based systems, databases and virtual machines. The solution acts as a jump server and single access control point. It prevents malware from jumping to a target system and records keystrokes and commands for continuous monitoring. The resulting detailed session recordings and audit logs are used to simplify compliance audits and accelerate forensics investigations.
|
|
PTA
|
Privileged Threat Analytics is an expert system for privileged account security intelligence, providing targeted, immediately actionable threat alerts by identifying previously undetectable malicious privileged user and account activity. The solution applies patent pending analytic technology to a rich set of privileged user and account behavior collected from multiple sources across the network. CyberArk Privileged Threat Analytics then produces highly accurate and immediately actionable intelligence, allowing incident response teams to respond directly to the attack.
|
YouTube Video:
CPM Installation:
Three major steps:
1. Pre-installation.
2. Installation.
3. Post-installation.
Before Installation
- Make sure that PVWA is installed
- Enable a secure channel between CPM and PVWA
- Enable TLS 1.2
- Use the built-in Administrator user to install the CPM.
-
On the CPM machine, create a new folder and copy the Central Policy Manager folder from the installation package to it.
-
Start the installation procedure in one of the following ways:
-
Double-click Setup.exe
-
On systems that are UAC-enabled, right-click Setup.exe, then select Run as Administrator.
The installation process begins and the Setup window appears. -
3. Click Next to proceed to the next step of the installation. The CPM installation wizard appears and displays a list of required features that it will install on your computer before it can install the CPM.
6. Select No Policy Manager was previously installed, then click Next to proceed to the Vault Connection Details window where you specify the connection details of the Password Vault.
7. Specify the IP address or DNS of the Password Vault, and its port number, then click Next to proceed to the Vault’s Username window where you specify the logon details of the Vault user.
8. Specify the name and password of the Vault user who will create the CPM environment in the Vault. Click Next; the installation process will now build the CPM environment in the Vault and on the CPM machine.
9. After the CPM environment has been created, the Setup Complete window appears.