IMPORTANT: Before deploying, make sure you have read Cloud deployment considerations

SPP ([Official abbreviation of the product name]) can be run in the cloud using Oracle Cloud Infrastructure (OCI).

Disk size considerations

CAUTION: Before making any changes to the disk size, shut down the VM (stopped and deallocated).

SPP deploys with a minimal OS disk size. You should increase the size of the OS disk based on your estimated usage and budget. SPP on hardware comes with 1TB of disk. You can use more or less than this depending on how many assets, accounts, and daily users you expect to have. 500GB is a minimal production disk size and 2TB is the maximum.

  1. Deploy SPP.

  2. Verify you can log in.

  3. Shut down the VM (stopped and deallocated).

  4. Follow Oracle’s guidance for increasing the boot volume (Resizing a Volume).

NOTE: When you start up the VM, SPP automatically resizes the OS disk volume to use the available space.

OCI security considerations

Running SPP in OCI comes with some security considerations that do not apply to the hardware appliance. We recommend:

  • Do not give Safeguard a public IP address.

  • Use the OCI key vault to encrypt the disk.

  • Limit access within OCI to the Safeguard virtual machine. SPP in OCI cannot protect against rogue Administrators in the same way the hardware appliance can.

Deployment steps

SPP is deployed using a custom image which you can download from the One Identity Support Portal. OCI automatically licenses the operating system during the deployment with an OCI KMS.

Larger deployments warrant larger sizing choices. SPP hardware appliances have 32GB of RAM and 4 processors with at least 1TB of disk space.

To deploy [Official abbreviation of the product name]

  1. Go to the One Identity Support Portal for SPP.

  2. On the One Identity Safeguard for Privileged Passwords page, on the side panel, under Self Service Tools, click Software Downloads.

  3. To download the OCI image, click next to the image.

  4. Once you have downloaded the image, import it.

    For instructions, see Importing Custom Windows Images.

  5. Once the instance has finished launching, log into the web client using your static IP address. You will need to use the default user name (admin) and password (<instance id>). You should change the admin password immediately. For more information, see Setting a local user's password.For details, see the Safeguard for Privileged Passwords Administration Guide, Setting a local user's password.

    NOTE: The password is unique for each deployment and the initial password will always be the instance ID of the deployed safeguard server.

View or change the cloud virtual appliance setup

You can view or change the virtual appliance setup.

You can use the SPP web management kiosk on port 9337 for diagnostics and troubleshooting. In order to access the kiosk on an OCI appliance, an administrator must create a policy to allow cloud shell access. You can the access the kiosk by connecting to the Cloud Shell. Once connected, to display the kiosk, press Ctrl+r. For more information on Cloud Shell, see Cloud Shell in the Oracle Cloud Infrastructure Documentation.

You can check the system logs on the Logging Audit page in OCI.

To patch to a new version, use the API.