Chat now with support
Chat with Support

Privilege Manager for Unix 7.0 - Administration Guide

Introducing Privilege Manager for Unix Planning Deployment Installation and Configuration Upgrade Privilege Manager for Unix System Administration Managing Security Policy The Privilege Manager for Unix Security Policy Advanced Privilege Manager for Unix Configuration Administering Log and Keystroke Files InTrust Plug-in for Privilege Manager for Unix Troubleshooting Privilege Manager for Unix Policy File Components Privilege Manager for Unix Variables
Variable names Variable scope Global input variables Global output variables Global event log variables PM settings variables
Privilege Manager for Unix Flow Control Statements Privilege Manager for Unix Built-in Functions and Procedures
Environment functions Hash table functions Input and output functions LDAP functions LDAP API example List functions Miscellaneous functions Password functions Remote access functions String functions User information functions Authentication Services functions
Privilege Manager for Unix programs Installation Packages

Large business deployment

This is an example of how a large business might deploy Privilege Manager for Unix. Some global companies prefer to fragment their requirement and deploy multiple instances as shown in the medium-sized business model.

This example comprises three policy servers, two are balancing the load of multiple agents. This may be necessary if there is a high level of audit and/or a significant volume of requested elevated privilege. Further, there is an additional policy server configured as a failover should one or both policy servers become unavailable.

Figure 5: Large business implementation: Minimum 3 Masters and less than 1000 Agents

Enterprise deployment

This example is based on an organization with offices in London and New York. Again, as with the medium-sized business example, the web servers and corporate web-based applications reside in a DMZ. The requirement to run commands at an elevated level from inside the firewall remains.

Access to the web server and web applications is predominantly, but not exclusively, from the London office. Privilege Manager for Unix tunnelling components are used to breach the firewall to the DMZ.

In addition, internal firewalls are located between the offices in London and New York, and tunneling components are deployed to enable access from office to office and indeed from anywhere to the DMZ.

Within each office, multiple policy servers are configured for load balancing, with each policy server serving a number of agents.

Figure 6: Enterprise deployment implementation: Minimum 4 Masters and 1000 Agents and above

You can extend each of the models described above by, for example, adding more policy servers, configuring additional load balancing, assigning dedicated audit, logging and reporting servers. The models provide a small indication of the flexibility and modular way in which you can configure and implement Privilege Manager for Unix to meet the precise requirements of any size business.

Installation and Configuration

This is an overview of the steps necessary to set up your environment to use Privilege Manager for Unix software:

To configure a primary policy server

  1. Check the server for installation readiness.
  2. Install the Privilege Manager for Unix policy server package.
  3. Configure the primary policy server.
  4. Join the primary policy server to policy group.

To configure a secondary policy server

  1. Check the host for installation readiness.
  2. Install the Privilege Manager for Unix policy server package.
  3. Configure the secondary policy server.
  4. Join the PM Agent to the secondary policy server.

To install the PM Agent on a remote host

  1. Check the remote host for installation readiness.
  2. Install the Privilege Manager for Unix software on the remote host.
  3. Join the PM Agent to the policy server.

The following topics walk you through these steps.

Downloading Privilege Manager for Unix software packages

To download the Privilege Manager for Unix software packages

  1. Go to https://support.oneidentity.com/privilege-manager-for-unix .
  2. On the Product Support - Privilege Manager for Unix page, click Software Downloads under Self Service Tools in the left pane.
  3. On the Privilege Manager for Unix - Download Software page, click Download to the right of the version to be downloaded.

    See Installation Packages for more information about Privilege Manager for Unix native platform install packages.

  4. Read the License Agreement, select the I have read and accept the agreement option, and click Submit.
  5. Download the relevant package from the web page. The Privilege Manager for Unix server package includes the PM Agent and the Sudo Plugin components.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating