One Identity Safeguard for Privileged Passwords 8.0 LTS

One Identity Safeguard for Privileged Passwords 8.0 LTS - Release Notes

Supported platforms

One Identity Safeguard for Privileged Passwords Release Notes > System requirements > Supported platforms

One Identity Safeguard for Privileged Passwords supports a variety of platforms, including custom platforms.

Safeguard for Privileged Passwords tested platforms

The following table lists the platforms and versions that have been tested for Safeguard for Privileged Passwords (SPP). Additional assets may be added to Safeguard for Privileged Passwords. If you do not see a particular platform listed when adding an asset, use the Other, Other Managed, Other Directory, or Linux selection on the Management tab of the Asset dialog. For more information, see Management tab (add asset) in the Safeguard for Privileged Passwords Administration Guide.

Safeguard for Privileged Passwords linked to SPS: Sessions platforms

CAUTION: When linking your One Identity Safeguard for Privileged Sessions (SPS) deployment to your Safeguard for Privileged Passwords (SPP) deployment, ensure that the SPS and SPP versions match the following requirement. For feature releases, the first two parts of the version must match. For example, 7.5. For LTS releases, the first three parts of the version must match. For example, 7.0.5.

When you apply an update to one product that causes the versions not to match according to these rules, you must apply an update to the other product as well so that the version numbers match the rules specified. There might be times when there is only a minor release of SPP or SPS, but not both. The last part of the version number will change, but it will not break the rules. Therefore, you need to install the patch only.

Make sure that you do not mix Long Term Supported (LTS) and feature releases. For example, do not link an SPS version 6.0.1 to an SPP version 6.1.

If One Identity Safeguard for Privileged Passwords (SPP) is linked with a SPS (SPS) appliance, platforms are supported that use one of these protocols:

SPP 2.8 or lower: RDP, SSH
SPP 2.9 or higher: RDP, SSH, or Telnet

Some platforms may support more than one protocol. For example, a Linux (or Linux variation) platform supports both SSH and Telnet protocols.

Table 6: Supported platforms: Assets that can be managed
Platform Name	Tested Versions	Supports SPP	Supports SPS Access	Supports just-in-time (JIT) privileged elevation
ACF2	ACF2 for z/OS 16.0	True	True	True
ADF2 over LDAP	ADF2 for z/OS 16.0	True	False	False
Active Directory	Active Directory	True	False	False
AIX	AIX 7.2 AIX 7.3	True	True	False
Amazon Linux	Amazon Linux 2 Amazon Linux 2023 Amazon Linux Other	True	True	False
Amazon Web Services	Amazon Web Services 1	True	False	True
CentOS Linux	CentOS Linux 7 CentOS Linux 8	True	True	False
Check Point GAiA (SSH)	Check Point GAiA (SSH) R80.30 Check Point GAiA (SSH) R81	True	True	True
Cisco ASA	Cisco ASA 7.X Cisco ASA 8.X Cisco ASA 9.X	True	True	True
Cisco IOS (510)	Cisco IOS 12.X Cisco IOS 15.X Cisco IOS 16.X	True	True	True
Cisco ISE	Cisco ISE 2.7 Cisco ISE 3 Cisco ISE 3.4	True	False	True
Cisco ISE CLI	Cisco ISE CLI 2.7 Cisco ISE CLI 3	True	True	True
Cisco NX-OS	Cisco NX-OS 9.3(7) Cisco NX-OS 9.3(7a)	True	True	False
Debian GNU/Linux	Debian GNU/Linux 10 Debian GNU/Linux 11 Debian GNU/Linux 12	True	True	False
Dell iDRAC	Dell iDRAC 8 Dell iDRAC 9	True	True	True
eDirectory LDAP	eDirectory LDAP 9	True	False	False
ESXi	ESXi 7.0 ESXi 8.0	True	False	True
F5 Big-IP	F5 Big-IP 13.0 F5 Big-IP 14.0 F5 Big-IP 15.0 F5 BIG-IP 16.0 F5 BIG-IP 17.0	True	True	True
Fedora	Fedora 38 Fedora 39	True	True	False
Fortinet FortiOS	Fortinet FortiOS 6.2 Fortinet FortiOS 7.0 Fortinet FortiOS 7.2 Fortinet FortiOS 7.4	True	True	True
FreeBSD	FreeBSD 13 FreeBSD 14	True	True	False
Google Cloud Secret Manager	Current	True	False	False
HP iLO	HP iLO 4 HP iLO 5 HP iLO 6	True	True	True
HP iLO MP	HP iLO MP 2 HP iLO MP 3	True	True	True
HP-UX	HP-UX 11iv3 (B.11.31)	True	True	False
IBM i	IBM i 7.4 IBM i 7.5	True	True	True
JunOS - Juniper Networks	JunOS - Juniper Networks 20 JunOS - Juniper Networks 21 JunOS - Juniper Networks 22 JunOS - Juniper Networks 23	True	True	True
Kubernetes Secrets	Kubernetes Secrets 1.30.6	True	False	False
LDAP	OpenLDAP 2.4	True	False	False
Linux		True	True	True
macOS	macOS 12 macOS 13 macOS 14	True	True	True
MongoDB	MongoDB 5.0 MongoDB 6.0 MongoDB 7.0	True	False	True
MySQL	MySQL 8.0 LTS	True	False	True
Oracle	Oracle 19c Oracle 21c Oracle 23c	True	False	True
Oracle Linux (OL)	Oracle Linux (OL) 7 Oracle Linux (OL) 8 Oracle Linux (OL) 9	True	True	False
PAN-OS	PAN-OS 9.1 PAN-OS 10.1 PAN-OS 10.2 PAN-OS 11.0 PAN-OS 11.1	True	True	True
PostgreSQL	PostgreSQL 12 PostgreSQL 13 PostgreSQL 14 PostgreSQL 15 PostgreSQL 16	True	False	True
RACF	zSecurity Manager for RACF z/VM 2.5	True	True	True
RACF over LDAP	zSecurity Manager for RACF z/VM 2.5	True	False	False
Red Hat Directory Server	Red Hat Directory Server 11 Red Hat Directory Server 12	True	False	True
Red Hat Enterprise Linux (RHEL)	Red Hat Enterprise Linux (RHEL) 7 Red Hat Enterprise Linux (RHEL) 8 Red Hat Enterprise Linux (RHEL) 9	True	True	False
SAP HANA	SAP HANA SAP HANA 2 SPS 07	True	False	True
SAP Netweaver Application Server	SAP Netweaver Application Server 7.5	True	False	True
Safeguard For Privileged Passwords Accounts	SPP 7.0 and newer	True	False	False
Safeguard For Privileged Passwords Users	SPP 7.0 and newer	True	False	False
SPS	SPS 7.0	True	True	True
Solaris	Solaris 10 Solaris 11.3 Solaris 11.4	True	True	False
SonicOS	SonicOS 6.5 SonicOS 7 SonicOSX 7	True	False	True
SonicWALL SMA or CMS	SonicWALL SMA or CMS 11.3.0	True	False	True
SQL Server	SQL Server 2014 SQL Server 2016 SQL Server 2017 SQL Server 2019 SQL Server 2022	True	False	True
SUSE Linux Enterprise Server (SLES)	SUSE Linux Enterprise Server (SLES) 12 SUSE Linux Enterprise Server (SLES) 15	True	True	False
Sybase (Adaptive Server Enterprise)	Sybase (Adaptive Server Enterprise) 15.7 Sybase (Adaptive Server Enterprise) 16 Sybase (Adaptive Server Enterprise) 17	True	False	True
Top Secret - Mainframe	Top Secret - Mainframe r16 zSeries	True	False	True
Top Secret - Mainframe LDAP	Top Secret - Mainframe LDAP r16	True	True	False
Ubuntu	Ubuntu 18.04 LTS Ubuntu 22.04 LTS Ubuntu 22.10 Ubuntu 23.10 Ubuntu 24.04 LTS	True	True	False
VMware vCenter Server	VMware vCenter Server 6.7 VMware vCenter Server 7.0	True	True	True
Windows Desktop	Windows 10 Windows 11	True	True	False
Windows Desktop (SSH)	Windows 10 Windows 11	True	True	False
Windows Desktop (WinRM)	Windows 10 Windows 11	True	True	False
Windows Server	Windows Server 2016 Windows Server 2019 Windows Server 2022	True	True	False
Windows Server (SSH)	Windows Server 2016 Windows Server 2019 Windows Server 2022	True	True	False
Windows Server (WinRM)	Windows Server 2016 Windows Server 2019 Windows Server 2022	True	True	False

Table 7: Supported platforms: Directories that can be searched
Platform Name	Platform Version
Microsoft Active Directory	Windows 2008+ DFL/FFL
LDAP	2.4

For all supported platforms, it is assume that you are applying the latest updates. For unpatched versions of supported platforms, Support will investigate and assist on a case by case basis but it may be necessary for you to upgrade the platform or use SPP's custom platform feature.

IMPORTANT: For the current list of platforms supported by Connect for Safeguard Assets, see the Connect for Safeguard Assets User Guide.

Custom platforms

The following example platform scripts are available:

Custom HTTP
Linux SSH
Telnet
TN3270 transports are available

For more information, see Custom Platforms and Creating a custom platform script in the One Identity Safeguard for Privileged Passwords Administration Guide.

Sample custom platform scripts and command details are available at the following links available from the Safeguard Custom Platform Home wiki on GitHub:

Command-Reference:

https://github.com/OneIdentity/SafeguardCustomPlatform/wiki/Command-Reference
Writing a custom platform script:

https://github.com/OneIdentity/SafeguardCustomPlatform/wiki/WritingACustomPlatformScript
Example platform scripts are available at this location:

https://github.com/OneIdentity/SafeguardCustomPlatform/tree/master/SampleScripts

CAUTION: Example scripts are provided for information only. Updates, error checking, and testing are required before using them in production. Safeguard for Privileged Passwords checks to ensure the values match the type of the property that include a string, boolean, integer, or password (which is called secret in the API scripts). Safeguard for Privileged Passwords cannot check the validity or system impact of values entered for custom platforms.

Long Term Support (LTS) and Feature Releases

One Identity Safeguard for Privileged Passwords Release Notes > System requirements > Long Term Support (LTS) and Feature Releases

Releases use the following version designations:

Long Term Support (LTS) Releases: The first digit identifies the release and the second is a zero (for example, 6.0 LTS).
Maintenance LTS Releases: A third digit is added followed by LTS (for example, 6.0.6 LTS).
Feature Releases: The Feature Releases version numbers are two digits (for example, 6.6).

Customers choose between two paths for receiving releases: Long Term Support (LTS) Release or Feature Release. See the following table for details.

Table 8: Comparison of Long Term Support (LTS) Release and Feature Release
	Long Term Support (LTS) Release	Feature Release
General Release	Scope: Includes new features, resolved issues and security updates Versioning: The first digit identifies the LTS and the second digit is a 0 (for example, 6.0 LTS, 7.0 LTS, and so on).	Scope: Includes the latest features, resolved issues, and other updates, such as security patches for the OS Versioning: The first digit identifies the LTS and the second digit is a number identifying the Feature Release (for example, 6.6, 6.7, and so on).
Maintenance Release	Scope: Includes critical resolved issues Versioning: A third digit designates the maintenance LTS Release (for example, 6.0.6 LTS).	Scope: Includes highly critical resolved issues Versioning: A third digit designates the maintenance Feature Release (for example, 6.6.1).

Release and support details can be found at Product Life Cycle.

CAUTION: Downgrading from the latest Feature Release, even to an LTS release, voids support for SPP.

One Identity strongly recommends always installing the latest revision of the release path you use (Long Term Support path or Feature Release path).

Moving between LTS and Feature Release versions

You can move from an LTS version (for example, 6.0.7 LTS) to the same feature version (6.7) and then patch to a later feature version. After that, you can patch from the minimum version for the patch, typically N-3. If you move from an LTS version to a feature version, you will receive a warning like the following which informs you that you will only be able to apply a Feature Release until the next LTS Release:

Warning: You are patching to a Feature Release from an LTS Release. If you apply this update, you will not be able to upgrade to a non-Feature Release until the next LTS major release version is available. See the Administration Guide for details.

You cannot move from a Feature Release to LTS Release. For example, you cannot move from 6.7 to 6.0.7 LTS. You have to keep upgrading with each new Feature Release until the next LTS Release version is published. For this example, you would wait until 7.0 LTS is available.

Patching

You can only patch from a major version. For example, if you have version 6.6 and want to patch to 7.7, you must patch to 7.0 LTS and then apply 7.7.

An LTS major version of One Identity Safeguard for Privileged Passwords (SPP) will only work with the same LTS major version of SPS (SPS). For the best experience, it is recommended you use the latest supported version.

Appliance specifications

One Identity Safeguard for Privileged Passwords Release Notes > Appliance specifications

The Safeguard for Privileged Passwords Appliance is built specifically for use only with the Safeguard for Privileged Passwords privileged management software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.

The following tables list the One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance specifications and power requirements.

Table 9: 4000 Appliance: Feature specifications
4000 Appliance	Feature / Specification
Processor	Intel Xeon 4310T 2.3 GHz
# of Processors	1
# of Cores per Processor	10 cores (20 threads)
L2/L3 Cache	15 MB Cache
Chipset	Intel C621A Chipset
DIMMs	ECC DDR4-2667
RAM	64 GB
Internal HD Controller	Supermicro AOC-S3908L-H8iR-16DD
Disk Hard Drive	4 x Seagate Exos 7E10 2TB SAS 512e
Availability	TPM 2.0, EEC Memory, Redundant PSU
I/O Slots	2x PCIe 4.0 x16 FHHL 1x PCIe 4.0 x16 HHHL
RAID	RAID10
NIC/LOM	Broadcom P210TP - 2 x 10G BASE-T Broadcom P210P - 2 x 10G SFP+
Power Supplies	Redundant, 500W/600W, Auto Ranging (100v~240V), RoHS and REACH compliant
Fans	6 Supermicro FAN-0141L
Chassis	1U Rack
Dimensions (HxWxD)	43 x 437.0 x 650.0 (mm) 1.7 x 17.2 x 25.6 (in)
Weight	Max: 37 lbs (16.78 Kg)

Table 10: 3000 Appliance: Feature specifications
3000 Appliance	Feature / Specification
Processor	Intel Xeon E3-1275v6 3.8 GHz
# of Processors	1
# of Cores per Processor	4 cores (8 threads)
L2/L3 Cache	8MB L3 Cache
Chipset	Intel C236 Chipset
DIMMs	Unbuffered ECC UDIMM DDR4 2400MHz
RAM	32 GB
Internal HD Controller	LSI MegaRAID SAS 9361-4i Single
Disk Hard Drive	4 x Seagate 7E2000 2TB SAS 512E
Availability	TPM 2.0, EEC Memory, Redundant PSU
I/O Slots	x16 PCIe 3.0, x8 PCIe 3.0
RAID	RAID10
NIC/LOM	4 port - dual GbE LAN with Intel i210-AT
Power Supplies	Redundant, 700W, Auto Ranging (100v~240V), ACPI compatible
Fans	1 Supermicro SNK-P0046P and 2 Micron 16GB 2666MHz 2R ECC Unb Z01B Dual Label
Chassis	1U Rack
Dimensions (HxWxD)	43 x 437.0 x 597.0 (mm) 1.7 x 17.2 x 23.5 (in)
Weight	Max: 37 lbs (16.78 Kg)

Table 11: 2000 Appliance: Feature specifications
2000 Appliance	Feature / Specification
Processor	Intel Xeon E3-1275v5 3.60 GHz
# of Processors	1
# of Cores per Processor	4
L2/L3 Cache	4 x 256KB L2, 8MB L3 SmartCache
Chipset	Intel C236 Chipset
DIMMs	DDR4-2400 ECC Unbuffered DIMMs
RAM	32GB
Internal HD Controller	LSI MegaRAID SAS 9391-4i 12Gbps SAS3
Disk	4 x Seagate EC2.5 1TB SAS 512e
Availability	TPM 2.0, EEC Memory, Redundant PSU
I/O Slots	x16 PCIe 3.0, x8 PCIe 3.0
RAID	RAID10
NIC/LOM	3 x Intel i210-AT GbE
Power Supplies	Redundant, 700W, Auto Ranging (100v~240V), ACPI compatible
Fans	4 x 40mm Counter-rotating, Non-hot-swappable
Chassis	1U Rack
Dimensions (HxWxD)	43 x 437.0 x 597.0 (mm) 1.7 x 17.2 x 23.5 (in)
Weight	Max: 46 lbs (20.9 Kg)
Miscellaneous	FIPS Compliant Chassis

Table 12: One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance: Power requirements
Input Voltage	100-240 Vac
Frequency	50-60Hz
Power Consumption (Watts)	170.9
BTU	583

Safeguard for Privileged Passwords is also available as a virtual appliance and from the cloud.

Appliance LCD and controls

One Identity Safeguard for Privileged Passwords Release Notes > Appliance specifications > Appliance LCD and controls

The front panel of the One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance contain the following controls for powering on, powering off, and scrolling through the LCD display.

Green check mark button: Use the Green check mark button to start the appliance. Press the Green check mark button for NO more than one second to power on the appliance.

Caution: Once the Safeguard for Privileged Passwords Appliance is booted, DO NOT press and hold the Green check mark button. Holding this button for four or more seconds will cold reset the power of the appliance and may result in damage.

Red X button: Use the Red X button to shut down the appliance. Press and hold the Red X button for four seconds until the LCD displays POWER OFF.

Caution: Once the Safeguard for Privileged Passwords Appliance is booted, DO NOT press and hold the Red X button for more than 13 seconds. This will hard power off the appliance and may result in damage.

Down, up, left, and right arrow buttons: When the appliance is running, the LCD home screen displays: Safeguard for Privileged Passwords <version number>. Use the arrow buttons to scroll through the following details:
- Serial: <appliance serial number>
- X0: <appliance IP address>
- MGMT: <management IP address>
- MGMT MAC: <media access control address>
- IPMI: <IP address for IPMI>

Table 13: Appliance LCD and controls

Control

Description

Green check mark button

Use the Green check mark button to start the appliance. Press the Green check mark button for NO MORE THAN one second to power on the appliance.

Red X button

Use the Red X button to shut down the appliance. Press and hold the Red X button for four seconds until the LCD displays POWER OFF.

Down, up, left, and right arrow buttons

When the appliance is running, the LCD home screen displays:

Safeguard for Privileged Passwords <version number>

Use the arrow buttons to scroll through the following details:

Serial: <appliance serial number>
X0: <appliance IP address>
MGMT: <management IP address>
MGMT MAC: <media access control address>
IPMI: <IP address for IPMI>

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.