The Appliance Administrator uses the initial setup wizard to give the virtual appliance a unique identity, license the underlying operating system, and configure the network. The initial setup wizard only needs to be run one time after the virtual appliance is first deployed, but you may run it again in the future. It will not modify the appliance identity if run in the future.
Once set up, the Appliance Administrator can change the appliance name, license, and networking information, but not the appliance identity (ApplianceID). The appliance must have a unique identity.
The steps for the Appliance Administrator to initially set up the virtual appliance follow.
Step 1: Make adequate resources available
The virtual appliances default deploy does not provide adequate resources. The minimum resources required are: 4 CPUs, 10GB RAM, and a 500GB disk. Without adequate disk space, the patch will fail and you will need to expand disk space then re-upload the patch.
Step 2: Deploy the VM
Deploy the virtual machine (VM) to your virtual infrastructure. The virtual appliance is in the InitialSetupRequired state.
Hyper-V zip file import and set up
If you are using Hyper-V, you will need the Safeguard Hyper-V zip file distributed by One Identity to setup the virtual appliance. Follow these steps to unzip the file and import:
- Unzip the Safeguard-hyperv-prod... zip file.
- From Hyper-V, click Options.
- Select Action, Import Virtual Machine.
- On the Locate Folder tab, navigate to specify the folder containing the virtual machine to import then click Select Folder.
- On the Locate Folder tab, click Next.
- On the Select Virtual Machine tab, select Safeguard-hyperv-prod....
- Click Next.
- On the Choose Import Type tab, select Copy the virtual machine (create a new unique ID).
- Click Next.
- On the Choose Destination tab, add the locations for the Virtual machine configuration folder, Checkpoint store, and Smart Paging folder.
- Click Next.
- On the Choose Storage Folders tab, identify Where do you want to store the imported virtual hard disks for this virtual machine?.
- Click Next.
- Review the Summary tab, then click Finish.
- In the Settings, Add Hardware, connect to Safeguard's MGMT and X0 network adapter.
- Right-click on the Safeguard-hyperv-prod... and click Connect... to complete the configuration and connect.
Step 3: Initial access
Initiate access using one of these methods:
- Via a virtual display: Connect to the virtual display of the virtual machine. You will not be offered the opportunity to apply a patch with this access method. Upload and download are not available from the virtual display. Continue to step 3. If you are using Hyper-V, make sure that Enhanced Session Mode is disabled for the display. See your Hyper-V documentation for details.
-
Via a browser: Configure the networking of your virtual infrastructure to proxy https://192.168.1.105 on the virtual appliance to an address accessible from your workstation then open a browser to that address. For instructions on how to do this, consult the documentation of your virtual infrastructure (for example, VMWare). You will be offered the opportunity to apply a patch with this access method. Upload and download are available from the browser. Continue to step 3.
IMPORTANT: After importing the OVA and before powering it on, check the VM to make sure it doesn't have a USB controller. If there is a USB controller, remove it.
Step 4: Complete initial setup
Click Begin Initial Setup. Once this step is complete, the appliance resumes in the Online state.
Step 5: Log in and configure Safeguard for Privileged Passwords
- If you are applying a patch, check your resources and expand the disk space, if necessary. The minimum resources are: 4 CPUs, 10GB RAM, and a 500GB disk.
- To log in, enter the following default credentials for the Bootstrap Administrator then click Log in.
- User Name: admin
-
Password: Admin123
- If you are using a browser connected via https://192.168.1.105, the Initial Setup pane identifies the current Safeguard version and offers the opportunity to apply a patch. Click Upload Patch to upload the patch to the current Safeguard version or click Skip. (This is not available when using the Safeguard Virtual Kiosk virtual display.)
- In the web management console on the Initial Setup pane, enter the following.
- Appliance Name: Enter the name of the virtual appliance.
- Host DNS Suffix: Enter the host DNS suffix name.
- Windows Licensing: Select one of the following options:
-
Use KMS Server: If you leave this field blank, Safeguard will use DNS to locate the KMS Server automatically. For the KMS Server to be found, you will need to have defined the domain name in the DNS Suffixes.
If KMS is not registered with DNS, enter the network IP address of your KMS server.
-
Use Product Key: If selected, your appliance will need to be connected to the internet for the necessary verification to add your organization's Microsoft activation key.
-
- NTP: Complete the Network Time Protocol (NTP) configuration.
- Select Enable NTP to enable the protocol.
- Identify the Primary NTP Server IP address and, optionally, the Secondary NTP Server IP address.
- Network (X0): For the X0 (public) interface, enter the IPv4 and/or IPv6 information, and DNS Servers information. Directory or network scans are supported for IPv4 but not IPv6.
- Click Save. The virtual appliance displays progress information as it configures Safeguard, the network adapter(s), and the operating system licensing.
- When you see the message Maintenance is complete, click Continue.
Step 6: Access the web client
You can go to the virtual appliance's IP address for the X0 (public) interface from your browser.
Step 7: Change the Bootstrap Administrator's password
For security reasons, change the password on the Bootstrap Administrator User.
Step 8. After clustering, change the trusted servers, CORS, and redirects setting
As a best practice, after you have created your Safeguard for Privileged Passwords cluster (or if just using a single VM), change the Trusted Servers, CORS and Redirects setting to the empty string or a list of values to integration applications you wish to allow. For more details, see the Safeguard for Privileged Passwords Administration Guide, Trusted Servers, CORS and Redirects.
View or change the virtual appliance setup
You can view or change the virtual appliance setup.
- From the web management console, click Home to see the virtual appliance name, licensing, and networking information.
- After the first setup, SPP updates and networking changes can be made via the web management console by clicking Setup.