Tchater maintenant avec le support
Tchattez avec un ingénieur du support

One Identity Safeguard for Privileged Passwords 2.11 - Administration Guide

Introduction System requirements Using the virtual appliance and web management console Using the cloud Setting up Safeguard for Privileged Passwords for the first time Search box Using the web client Installing the desktop client Using the desktop client Privileged access requests Toolbox Accounts Account Groups Assets Asset Groups Discovery Entitlements Partitions Settings
Access Request settings Appliance settings Asset Management settings Backup and Retention settings Certificate settings Cluster settings External Integration settings Messaging settings Profile settings Safeguard Access settings Sessions settings
Users User Groups Disaster recovery and clusters Administrator permissions Preparing systems for management Troubleshooting Frequently asked questions Appendix A: Safeguard ports Appendix B: SPP 2.7 or later migration guidance Appendix C: SPP and SPS join guidance Appendix D: Regular Expressions Appendix E: Historical changes by release Glossary

Backup and Retention settings

Use the Backup and Retention settings to manage your Safeguard for Privileged Passwords backups and archive servers.

It is the responsibility of the Appliance Administrator to configure the Safeguard for Privileged Passwords backup and retention settings.

To ensure the security of the hardware appliance, backups taken from a hardware appliance cannot be restored on virtual appliances, and backups taken from a virtual appliance cannot be restored on a hardware appliance.

Navigate to Administrative Tools | Settings | Backup and Retention.

NOTE:When a backup is created, the state of the sessions module is saved. The session module can be either the joined sessions module (SPS) or the embedded sessions module (SPP). Restoring a backup restores the sessions module to the state when the backup was taken regardless of the state when the restore was started.

Table 120: Backup and Retention settings
Setting Description
Archive servers Where you add and manage archive servers for storing backup files and session recordings

Audit Log Management

Where you define the audit logs to be archived and purged as well as a schedule for performing the audit log archival task

Backup and restore Where you initiate or schedule a backup, upload or download a backup file, or specify the archive server where a backup file is to be stored
Backup retention Where you enable (or disable) backup retention and set the maximum number of backup files you want Safeguard for Privileged Passwords to store on the appliance

About backups

One Identity Safeguard for Privileged Passwords backs up the following:

  • All settings, except:

    • Appliance IP address
    • Network Time Protocol (NTP) configurations
    • Domain Name System (DNS) configuration
  • Transaction history
  • All information about Safeguard for Privileged Passwords objects:

    • Accounts
    • Account groups
    • Assets
    • Asset groups
    • Entitlements
    • Partitions
    • Users
    • User groups

Safeguard for Privileged Passwords encrypts and signs the data before it makes it available for downloading to an off-appliance storage. Only a genuine Safeguard for Privileged Passwords Appliance can decrypt the backup, and then only when it is on the appliance. This means that if a backup has been downloaded from an appliance for off-appliance storage, you must first upload it to an appliance, which will verify the signature, ensuring that it is an authentic backup for Safeguard for Privileged Passwords.

Archive servers

Archive servers are external physical servers where you store backup files and session recordings. Use the Archive Servers page on the Backup and Retention settings view to configure and manage archive servers.

Navigate to Administrative Tools | Settings | Backup and Retention | Archive Servers. The Archive Servers page displays the following information about previously configured archive servers.

Table 121: Archive Servers: Properties
Property Description
Name

The name of the archive server.

Archive Method The transfer protocol type being used.
Network Address The network DNS name or IP address used to connect to the server over the network.
Storage Path The file path where you want to store backup files on the archive server.
Description

Information about the archive server.

Use these toolbar buttons to manage archive server configurations.

Table 122: Archive Servers: Toolbar
Option Description
Add Archive Server Add an archive server. For more information, see Adding an archive server.
Delete Selected

Remove the selected archive server configuration.

Refresh Update the list of archive server configurations.
Edit Modify the selected archive server configuration.

You can store backup files on an external archive server. For more information, see Archive backup.

You can configure an automatic backup schedule and specify which archive server will be used to automatically archive after the scheduled backup. For more information, see Backup settings.

Adding an archive server

Use the Archive Servers page on the Backup and Retention settings view to configure archive servers, which can then be selected to archive a backup file or assigned to an appliance to store its session recordings.

To configure an archive server

  1. Navigate to Administrative Tools | Settings | Backup and Retention | Archive Servers.

  2. Click  Add Archive Server and provide the following:
    Name

    Enter the display name for the archive server.

    Limit: 100 characters

    Description

    Enter information about the archive server.

    Limit: 255 characters

    Network Address

    Enter a network DNS name or the IP address used to connect to the server over the network.

    Limit: 255 characters

    Storage Path

    Enter the file path where you want to store backup files on the archive server.

    Limit: 255 characters

    Archive Method

    Choose a transfer protocol type:

    • CIFS: Common Internet File System.
    • SCP: Secure Copy Protocol
    • SFTP: Secure File Transfer Program
    Port

    The port used by SSH to log in to the managed system.

    NOTE: Not applicable for CIFS archive mode.

    Authentication Type

    Select the type of authentication to be used to access the archive server:

    • Password (default)
    • Directory Account
    • SSH

      NOTE: Not applicable for CIFS archive mode.

    SSH Key Generation and Deployment Settings

    If SSH is selected as the authentication type, select one of the following settings:

    • Automatically Generate the SSH Key
    • Install and Use SSH Key from Safeguard for Privileged Passwords

      Optionally, select Manually Deploy the SSH key check box

      Browse to select the SSH key to be used.

    Account Name

    If Password or SSH is selected as the authentication type, enter the service account name.

    Password

    If Password or SSH is selected as the authentication type, enter the service account password.

    Service Account

    If Directory Account is selected as the authentication type, click Select Account to chose the service account is be used to access the archive server.

    Auto Accept SSH Host Key

    Select this check box to have Safeguard for Privileged Passwords automatically accept the SSH host key when it creates the archive server.

    Test Connection

    Click this button to verify that the appliance can communicate with this archive server. For more information, see About Test Connection.

  3. Click OK.

Once you have configured your archive servers, you need to designate a target archive for both your backup files and session recordings.

Documents connexes