The Safeguard for Privileged Passwords 3000 and 2000 Appliances are built specifically for use only with the Safeguard for Privileged Passwords privileged management software, which is pre-installed and ready for immediate use on the hardened appliances.
Safeguard for Privileged Passwords virtual appliances and cloud applications are also available.
To set up a new deployment: 3000 Appliance, 2000 Appliance, Virtual Machine, or Cloud
If this is a new physical appliance, virtual machine, or cloud deployment, see the Safeguard for Privileged Passwords Appliance Setup Guide. The guide is also included in the package with a physical appliance.
To update an existing physical appliance or virtual appliance with this patch
It is the responsibility of the Appliance Administrator to upgrade Safeguard for Privileged Passwords by installing an update file (patch). Consider the following:
- Minimum patch version: 184.108.40.20676. If you are running an earlier version of the Safeguard for Privileged Passwords Appliance, you must upgrade to this version before applying the 6.9 patch.
- Clustered environment: See the Patching cluster members section in the Safeguard for Privileged Passwords Administration Guide for instructions on how to deploy a patch so all appliances in the cluster are on the same version.
- During initial installation and when applying a patch, make sure the desktop client file is the one supplied with the appliance version. If the versions are not compatible, errors may occur. For more information, see To install the desktop client.
Prepare to install a patch
- Backup your appliance before you install a patch. Once you install a patch, you cannot uninstall it. See the Safeguard for Privileged Passwords Administration Guide, Backup and restore topic.
Download the latest physical appliance patch or virtual appliance patch from the One Identity Support Portal:
To install the hardware patch
- As an Appliance Administrator, log in to the Safeguard for Privileged Passwords desktop client.
- From the Home page, select Administrative Tools.
Select Settings | Appliance | Updates.
The current appliance and client versions are displayed.
Click Upload a File and browse to select the update file you downloaded from the One Identity support web site.
NOTE: When you select a file, Safeguard for Privileged Passwords uploads it to the server, but does not install it.
- Once the file has successfully uploaded, click Install Now.
To install the virtual machine patch
- Make adequate resources available. The virtual appliances default deploy does not provide adequate resources. The minimum resources required are: 4 CPUs, 10GB RAM, and a 500GB disk. Without adequate disk space, the patch will fail and you will need to expand disk space then re-upload the patch.
- Go to the web management console and click Setup and follow the wizard.
Be sure to update the desktop client when you apply a new patch. The version of the appliance and desktop client must be compatible.
To define and enforce security policy for your enterprise, install the Windows desktop client application, which gives you access to the Administrative Tools. You install the Windows desktop client by means of an .msi package that can be downloaded from the appliance web client portal. You do not need administrator privileges to install the desktop client.
NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:
- Any reference to putty in the PATH environment variable
- c:/Program Files/Putty
- c:/Program Files(x86)/Putty
If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:
If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.
Installing the Safeguard for Privileged Passwords desktop client application
CAUTION: The Safeguard for Privileged Passwords client version must match the installed Safeguard for Privileged Passwords version.
To download the Safeguard for Privileged Passwords desktop client Windows installer .msi file, open a browser and navigate to:
Save the Safeguard.msi file in a location of your choice.
- Run the MSI package.
- Select Next in the Welcome dialog.
- Accept the End-User License Agreement and select Next.
- Select Install to begin the installation.
- Select Finish to exit the desktop client setup wizard.
- Check your desktop resolution. The desktop client works the best at a resolution of 1024 x 768 or greater.
CAUTION: If the Desktop Player is not installed and a user tries to play back a session from the Activity Center, a message like the following will display: No Desktop Player. The Safeguard Desktop Player is not installed. Would you like to install it now? The user will need to click Yes to go to the download page to install the player following step 2 below.
- Once the Safeguard for Privileged Passwords installation is complete, go to the Windows Start menu, Safeguard folder, and click Download Safeguard Player to be taken to the One Identity Safeguard for Privileged Sessions - Download Software web page.
Follow the Install Safeguard Desktop Player section of the player user guide found here:
- Go to One Identity Safeguard for Privileged Sessions - Technical Documentation.
- Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.
For Safeguard Desktop player version 1.8.6 and later, ensure your signed web certificate has a Subject Alternative Name (SAN) that includes each IP address of each of your cluster members. If the settings are not correct, the Safeguard Desktop Player will generate a certificate warning like the following when replaying sessions: Unable to verify SSL certificate. To resolve this issue, import the appropriate certificates including the root CA.
New Desktop Player versions
When you have installed a version of the Safeguard Desktop Player application, you will need to uninstall the previous version to upgrade to a newer player version.