Licensing
It is the responsibility of the Appliance Administrator to manage the Safeguard for Privileged Passwords licenses. For more information, see License: hardware, virtual, expiration.To avoid disruptions in the use of Safeguard for Privileged Passwords, the Appliance Administrator must configure the SMTP server, and define email templates for the License Expired and the License Expiring Soon event types. This ensures you will be notified of an approaching expiration date. For more information, see Enabling email notifications.
To enter licensing information when you first log in
The first time you log in as the Appliance Administrator, you are prompted to add one or more licenses. The Success dialog displays when a license is added.
On the virtual appliance, the license is added as part of Initial Setup. For more information, see Setting up the virtual appliance.
To add new licenses from Settings
- Go to Licensing:
- From the web client, click
Settings on the left. The Settings: Appliance page displays. Click Licensing 
.
- From the desktop client, navigate to Administrative Tools | Settings | Appliance | Licensing.
- Click
to upload a new license file.
-
Browse to select the license file.
Once you add a license, you will see the current license information and a link that allows you to update the license.
These tasks can also be performed from Licensing:
- To add another module license, click Add License and complete the information.
- To delete a license, select the license, then click
Delete.
(desktop client) To update a module license
- Navigate to Administrative Tools | Settings | Appliance | Licensing.
- Select Update License in the lower left corner of a module's licensing information pane.
-
Browse to select the license file. Select Open.
Lights Out Management (BMC)
The Lights Out Management feature allows you to remotely manage the power state and serial console to Safeguard for Privileged Passwords using the baseboard management controller (BMC). When a LAN interface is configured, this allows the Appliance Administrator to power on an appliance remotely or to interact with the Recovery Kiosk.
It is the responsibility of the Appliance Administrator to enable and configure the Lights Out Management feature. When Lights Out Management is enabled, the Appliance Administrator can set or change the password and modify the network information for the baseboard management console (BMC). When disabled, Safeguard for Privileged Passwords immediately resets the password to a random value and resets the network settings to default values.
IMPORTANT: This feature requires a LAN interface to be enabled and configured. One Identity Safeguard for Privileged Passwords's BMC supports the following LAN interfaces to provide this functionality:
- SSH
- IPMI v2
- Web
- Serial over Lan
It is strongly recommended that the LAN interface only be enabled in trusted environments.
To enable Lights Out Management
- Access Lights Out Management in one of two ways:
- Click the Enable Lights Out Management toggle to enable or disable this feature. Set
toggle on or 
toggle off.
- Once enabled, enter the following information about the BMC:
- IP address: The IPv4 address of the host machine.
- Netmask: The network mask IPv4 address.
- Default Gateway: The default gateway IPv4 address.
-
Click the Set BMC Admin Password button to set the password for the host machine.
Maximum password length: 20 characters.
NOTE: If this feature was previously enabled, you will see an Update BMC Admin Password button instead. Optionally, click the Update BMC Admin Password button to reset the password for the host machine.
- Click OK to save the settings on the host machine.
NOTE: Once Lights Out Management is enabled in Safeguard for Privileged Passwords, you can access the BMC via a web interface or by using SSH to connect to the IPMI port to remotely manage the power state and serial console to Safeguard for Privileged Passwords. The default user for accessing the BMC is ADMIN.
Network Diagnostics
Safeguard for Privileged Passwords makes these diagnostic tests available for the Appliance Administrator and Operations Administrator.
NOTE: When you run these diagnostic tests, they are run on the appliance.
Navigate to Administrative Tools | Settings | Appliance |Network Diagnostics.
Table 110: Appliance Tests
| Ping |
To verify network connectivity and response time between the appliance to the specified host. |
| NS Lookup |
To obtain DNS details of the specified host in relation to the appliance. |
| Trace Route |
To obtain route information; traceroute determines the paths packets take from one IP address to another. |
| Telnet |
To test TCP/IP connectivity between the appliance and specified host. |
| Show Routes |
To retrieve routing table information. |
Ping
Use the ping test to verify network connectivity and response time between the Safeguard for Privileged Passwords Appliance and the specified host.
Navigate to Administrative Tools | Settings | Appliance |Diagnostics.
Table 111: Ping diagnostic test settings
|
Ping through |
Select the network interface to issue the diagnostic command:
- Network (X0): To ping the primary interface.
|
|
IP or Hostname |
Enter the remote host's IP address or Hostname. |
| Ping |
Click Ping to run the test.
The test results display in the Output window. |
| More Settings |
Select More Settings to configure these additional (optional) options:
- Resolve IP addresses to hostnames
- Number of echo requests to send
- Send buffer size
- Set 'don't fragment' flag in packet (IPv4 only)
- Time to live
- Type of serve
- Record route for count hops (IPv4 only)
- Time stamp for count hops (IPv4 only)
- Timeout in milliseconds to wait for each reply
|
