Tchater maintenant avec le support
Tchattez avec un ingénieur du support

Safeguard for Sudo 7.3 - Administration Guide

Introducing Safeguard for Sudo Planning Deployment Installation and Configuration Upgrade Safeguard for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Supported sudo plugins Troubleshooting Safeguard for Sudo Variables Safeguard for Sudo programs Installation Packages Supported Sudoers directives Unsupported Sudo Options Safeguard for Sudo Policy Evaluation

Estimating size requirements

Policy server deployment requirements

The following recommendations are only provided as a rough guideline. The number of policy servers required for your environment may vary greatly depending on usage.

  • One policy server is suitable for small test environments with less than 50 hosts.

  • Production environments should have a minimum of two policy servers.

  • Add an additional policy server for every 150-200 Safeguard for Sudo hosts.

  • Additional policy servers may be required to support geographically disparate locations.

Safeguard for Sudo licensing

Safeguard for Sudo 7.3 licensing options include:

30-day evaluation licenses

If you want to evaluate Safeguard for Sudo, contact your One Identity sales representative for an evaluation license. It allows you to evaluate Safeguard for Sudo for 30 days with unlimited Sudo Plugin hosts.

Commercial licenses

Both a Sudo Policy and a Sudo Keystoke license is required for Safeguard for Sudo features.

Although licenses are allocated on a per-agent basis, you install the licenses on Safeguard for Sudo policy servers.

The pmlicense command allows you to display current license information, update a license (an expired one or a temporary one before it expires) or create a new one. For more examples of using the pmlicense command, see Installing licenses or Displaying license usage.

Deployment scenarios

You can deploy Safeguard for Sudo software within any organization using UNIX and/or Linux systems. Safeguard for Sudo offers a scalable solution to meet the needs of the small business through to the extensive demands of the large or global organization.

There is no right or wrong way to deploy Safeguard for Sudo, and an understanding of the flexibility and scope of the product will aid you in determining the most appropriate solution for your particular requirements. This section describes the following sample implementations:

  • a single host installation

  • a medium-sized business installation

  • a large business installation

Configuration options

Decide which of the following configurations you want to set up:

  1. Primary Server Configuration: Configure a single host as the primary policy server hosting the security policy for the policy group using either the pmpolicy (Privilege Manager for Unix) or sudo (Safeguard for Sudo) policy type. For more information about these policy types, see Security policy types.

    If you are configuring the primary policy server using the pmpolicy policy type, see the One Identity Privilege Manager for Unix Administration Guide.

  2. Secondary Server Configuration: Configure a secondary policy server in the policy server group to obtain a copy of the security policy from the primary policy server.

  3. Sudo Plugin Configuration: Join a Safeguard for Sudo host to a sudo policy or pmpolicy server group.

Single host deployment

A single-host installation is typically appropriate for evaluations, proof of concept, and demonstrations of Safeguard for Sudo. This configuration example installs all of the components on a single UNIX/Linux host, with protection offered only within this single host. All logging and auditing takes place on this host.

Documents connexes

The document was helpful.

Sélectionner une évaluation

I easily found the information I needed.

Sélectionner une évaluation