IMPORTANT: Before deploying, make sure you have read Cloud deployment considerations

SPP (SPP) can be run in the cloud using Amazon Web Services (AWS).

To deploy the Amazon Machine Image (AMI) of SPP from AWS, visit the AWS marketplace listing for SPP (here) and follow the Deployment steps.

Disk size considerations

CAUTION: Before making any changes to the disk size, shut down the VM (stopped and deallocated).

SPP deploys with a minimal OS disk size. You should increase the size of the OS disk based on your estimated usage and budget. SPP on hardware comes with 1TB of disk. You can use more or less than this depending on how many assets, accounts, and daily users you expect to have. 500GB is a minimal production disk size and 2TB is the maximum.

Disk size can be handled through Amazon Elastic Compute Cloud (Amazon EC2). For more information, see Getting Started with Amazon EC2. When you start up the VM, SPP automatically resizes the OS disk volume to use the available space.

AWS security considerations

Running SPP in AWS comes with some security considerations that do not apply to the hardware appliance. We recommend:

  • Do not give Safeguard a public IP address.
  • Use the AWS key vault to encrypt the disk.

  • Limit access within AWS to the Safeguard virtual machine. SPP in AWS cannot protect against rogue Administrators in the same way the hardware appliance can.

Static IP address required

Configure the SPP VM with a static IP address in AWS. In AWS, the IP address must not change after the VM is deployed. If you need to change the IP address, take a backup, deploy again, and restore the backup. You can script the VM deploy to pick up an existing virtual NIC with the IP address configuration. For details, see the Amazon Virtual Private Cloud (VPC) documentation.

Deployment steps

AWS automatically licenses the operating system during the deployment with an AWS KMS.

Larger deployments warrant larger sizing choices. SPP hardware appliances have 32GB of RAM and 4 processors with at least 1TB of disk space.

AWS Marketplace steps

  1. Go to the AWS marketplace listing for SPP (here).

  2. On the One Identity Safeguard for Privileged Passwords page, click Continue to Subscribe.

  3. Advance through the resource creation screens to configure your instance. In addition to the Disk size considerations, AWS security considerations, and Static IP address required; One Identity recommends you select the m4.2xlarge instance type.

  4. Once you have finished configuring the instance, select to launch the instance.

    NOTE: The instance launch process may take a while to complete.

  5. Once the instance has finished launching, log into the web client using your static IP address. You will need to use the default username (admin) and password (<instance id>). You should change the admin password immediately. For more information, see Setting a local user's password.For details, see Setting a local user's password in the Safeguard for Privileged Passwords Administration Guide.

    NOTE: The password is unique for each deployment and the initial password will always be the instance ID of the deployed safeguard server.

View or change the cloud virtual appliance setup

You can view or change the virtual appliance setup.

You can use the SPP web management kiosk on port 9337 for diagnostics and troubleshooting.

You can also check the system logs via AWS:

  1. To view the system log from AWS, select Actions, then Instance Settings, and then Get System Log.

  2. Log in via https://<your IP>:9337

To patch to a new version, use the API.