Chat now with support
Chat mit Support

Safeguard for Privileged Passwords On Demand Hosted - Administration Guide

Introduction System requirements and versions Using API and PowerShell tools Using the virtual appliance and web management console Cloud deployment considerations Setting up Safeguard for Privileged Passwords for the first time Using the web client Getting started with the desktop client Using the desktop client Activity Center Search box Privileged access requests Toolbox Accounts Account Groups Assets
General/Properties tab (asset) Accounts tab (asset) Account Dependencies tab (asset) Owners tab (asset) Access Request Policies tab (asset) Asset Groups tab (asset) Discovered SSH Keys (asset) Discovered Services tab (asset) History tab (asset) Managing assets
Asset Groups Discovery Entitlements Linked Accounts Partitions Profiles Settings
Access Request settings Appliance settings Asset Management settings Tags Backup and Retention settings Certificates settings Cluster settings Enable or Disable Services settings External Integration settings Password Management settings Real-Time Reports Safeguard Access settings SSH Key Management settings Security Policy Settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions About us

Telnet

Use telnet to test TCP/IP connectivity between the Safeguard for Privileged Passwords Appliance and the specified host.

  1. Navigate to Network Diagnostics:
    • web client: Navigate to Appliance | Network Diagnostics.
    • desktop client: Navigate to Administrative Tools | Settings | Appliance | Network Diagnostics.
  2. Click Telnet.
  3. Enter the remote host's IP or Hostname.
  4. Enter the Port number on a target host. The default is 23 and you can enter a value from 0 to 65535.
  5. Optionally, click More Settings to configure the Connection Timeout from 1 to 15 seconds.
  6. Click Connect to run the test. The test results display in the Output window.

Throughput

Test throughput to other appliances in the cluster.

  1. Navigate to Appliance | Network Diagnostics.
  2. Click Throughput.
  3. In Target Appliance, select the target cluster appliance from the list.
  4. In MB to Transfer, select the size of the transfer to test (1 to 1000 MB).
  5. Click Test Throughput to run the test. View the Output.

Trace Route

Use the Trace Route test to obtain route information, such as the paths packets take from one IP address to another.

  1. Navigate to Network Diagnostics:
    • web client: Navigate to Appliance | Network Diagnostics.
    • desktop client: Navigate to Administrative Tools | Settings | Appliance | Network Diagnostics.
  2. Click Trace Route.
  3. Enter the remote host's IP or Hostname.
  4. Optionally, click More Settings to configure the following:
    • Resolve IP addresses to hostname
    • Maximize number of hops to search for target
    • Timeout in milliseconds to wait for each reply
  5. Click Trace to run the test. The test results display in the Output window.

Networking

On Networking, view and configure the primary network interface, and if applicable, a proxy server to relay web traffic, and the sessions network interface.

Starting with 6.9, the Network Interface (X1) can be used to add additional virtual network adapters associated with X1 in the web client (this feature is not available in the desktop client).

It is the responsibility of the Appliance Administrator to ensure the network interfaces are configured correctly.

CAUTION: For AWS or Azure, network settings user interfaces are read-only. Network settings configured by the AWS or Azure Administrator. Changing the internal network address on a clustered appliance will break the cluster and require the appliance to be unjoined/rejoined.

(web client) To modify the networking configuration settings

  1. Navigate to Appliance | Networking.
  2. For Network X0, complete the network settings below. For more information, see Modifying the IP address.
    • MAC Address: (Read-Only) The media access control address (MAC address), a unique identifier assigned to the network interface for communications.
    • IPv4 Address: The IPv4 address of the network interface.
    • IPv4 Subnet Mask: The IPv4 subnet mask of the network interface.
    • IPv4 Gateway: The IPv4 default gateway.
    • DNS Servers: The IP address for the primary DNS servers.
    • DNS Suffixes: The network suffixes for the DNS servers.

      NOTE: You can also use the Global DNS Suffixes field on the Appliance | Networking page.

    • IP6 Address: The IPv6 address of the network interface.
    • IPv6 Prefix Length: The IPv6 subnet prefix length which is range-validated. Valid values are 1 through 127 when an IPv6 address is present.
    • IPv6 Gateway: The IPv6 default gateway.
  3. For Network X1 (web client), complete the network settings below to add additional virtual network adapters on up to 31 VLANs.
    • MAC Address: (Read-Only) The media access control address (MAC address), a unique identifier assigned to the network interface for communications.
    • IPv4 Address: The IPv4 address of the network interface.
    • IPv4 Subnet Mask: The IPv4 subnet mask of the network interface.
    • IPv4 Gateway: The IPv4 default gateway.
    • DNS Servers: The IP address for the primary DNS servers.
    • DNS Suffixes: The network suffixes for the DNS servers.

      NOTE: You can also use the Global DNS Suffixes field on the Appliance | Networking page.

    • IP6 Address: The IPv6 address of the network interface.
    • IPv6 Prefix Length: The IPv6 subnet prefix length which is range-validated. Valid values are 1 through 127 when an IPv6 address is present.
    • IPv6 Gateway: The IPv6 default gateway.
    • VLAN ID: The VLAN ID for the network. This is only applicable to network interfaces added by the administrator. Changes to this field will also update the name of the adapter.
  4. For the Starling Proxy Server (web client), complete the network settings below.
    • Proxy URI: The IP address or DNS name of the proxy server.
    • Port: The port number used by the proxy server to listen for HTTP requests. The value is an integer from 1 to 65535. If different ports are specified in the proxy URI and the Port field, the Port field takes precedence.
    • Username: The user name used to connect to the proxy server. The username and password are only required if your proxy server requires them to be specified.
    • Password: The password required to connect to the proxy server. The username and password are only required if your proxy server requires them to be specified.
  5. Click Show Static Routes and make changes using the information which follows. When you are done, click Save. When you click Save, a message like the following displays: Changing these values may cause all users to lose connection to the appliance. This is a general Saving network settings error and not specific to static routes.
    • Use the following toolbar buttons, as needed.
      • To add a route, click and complete the information.
      • To modify the information for a route, select the route, click Edit, and then change the information.
      • To delete a route, select the route then click Delete Static Route. The route is immediately deleted.
      • To discard unsaved changes and revert to what was last retrieved from the database, select the route and click Revert all unsaved Static Route edits.
    • The following information can be added or changed:
      • IP Version: Select IPv4 or IPv6.
      • Prefix: The IPv4 or IPv6 IP address.
      • Prefix Length: The IP subnet prefix length.
      • Next Hop: The IP address of the next closest or most optimal router in the routing path.
      • Metric: A value that identifies the cost that is associated with using the route.

(desktop client) To modify the networking configuration settings

  1. Navigate to Administrative Tools | Settings | Appliance | Networking.
  2. Click the Edit icon next to the Network Interface or Proxy Server heading to edit or configure the network properties.
  3. Complete the network settings. Click Edit icon next to the Network Interface X0 to modify information.For more information, see Modifying the IP address.
Table 166: desktop client Network Interface X0 properties
Property Description
MAC Address The media access control address (MAC address), a unique identifier assigned to the network interface for communications.
IP Address

The IPv4 address of the network interface.

Netmask The IPv4 network mask.
Default Gateway The IPv4 default gateway.
IPv6 Address The IPv6 address of the network interface.
IPv6 Prefix Length The IPv6 subnet prefix length.
IPv6 Gateway The IPv6 default gateway.
DNS Servers The IP address for the primary DNS servers.
DNS Suffixes

The network suffixes for the DNS servers.

desktop client: Proxy Server X0

The Proxy Server X0 settings must be configured if your company policies do not allow devices to connect directly to the web. Once configured, Safeguard for Privileged Passwords uses the configured proxy server for outbound web requests to external integrated services, such as Starling.

NOTE: Only HTTP web proxy is supported.

Table 167: Proxy Server X0 properties

Property

Description

Proxy URI

The IP address or DNS name of the proxy server.

Port

The port number used by the proxy server to listen for HTTP requests. Value: Integer from 1 to 65535. If different ports are specified in the proxy URI and the Port field, the Port field takes precedence.

Username

The user name used to connect to the proxy server. The username and password are only required if your proxy server requires them to be specified.

Password

The password required to connect to the proxy server. The username and password are only required if your proxy server requires them to be specified.

Modifying the IP address

You can change the IP address of an SPP Appliance as long as the other appliances in the SPP cluster are able to see the new subnet.

It is recommended you use the procedure below in a test environment and then deploy the steps in production. Allow plenty of time for the IP address to change. The operation will take several minutes to complete before the cluster has adjusted to the change.

  1. Ensure you are using Safeguard for Privileged Passwords 2.4 or above.
  2. Before changing the X0 IP address, make a backup.
  3. Generate a support bundle on the appliance you plan to modify the IP address on. Start with the replica first.
  4. The desktop client will give guidance on screen as you wait for the changes to be completed.
  5. After the X0 IP address change, verify clustering is working. It is recommended you change some data on the primary and verify it appears on the replica by logging on to the replica with the desktop client.
  6. Repeat step 3, 4, and 5 for the other replicas.
  7. Once the replicas are changed, proceed with the Primary.

Safeguard for Privileged Sessions (SPS) IP address change

CAUTION: When SPP and SPS are linked and then the IP address of either the SPS cluster master (Central Management role) or the SPP primary appliance are changed, then the SPP/SPS link will need to be redone. See the information that follows.

  1. Use the following information in the SPS documentation to understand SPS cluster roles, settings, and IP address updating.
  2. If the IP address is changed, you must relink the cluster. For more information, see Linking SPS to SPP.
  3. Once the SPS IP addresses are successfully changed, you will need to delete the session connection in the SPP settings and relink the SPS cluster master to the SPP primary. For more information, see SPP and SPS sessions appliance link guidance.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen