Chat now with support
Chat with Support

One Identity Safeguard for Privileged Passwords 6.0 LTS - Appliance Setup Guide

Virtual appliance backup and recovery

Use the following information to back up and recover a Safeguard for Privileged Passwords virtual appliance. Factory reset is not an option for virtual appliances. To factory reset a virtual appliance, just redeploy the appliance.

Backing up the virtual appliance

To ensure security of the hardware appliance, backups taken from a hardware appliance cannot be restored on virtual appliances and backups taken from a virtual appliance cannot be restored on a hardware appliance.

Backup is handled via Administrative Tools | Settings | Backup and Retention. For more information, see the Safeguard for Privileged Passwords Administration Guide, Backup and retention settings.

Recovery of the virtual appliance

A Safeguard for Privileged Passwords virtual appliance is reset by using the following recovery steps.

On-prem virtual appliance (for example, Hyper-V or VMware)

  1. Redeploy the virtual appliance and run Initial Setup. For more information, see Setting up the virtual appliance.
  2. Restore the backup. For more information, see Backup and Retention settings. For more information, see the Safeguard for Privileged Passwords Administration Guide, Backup and retention settings.

Cloud virtual appliance (for example, AWS or Azure)

  1. Redeploy using the deployment steps:

Completing the appliance setup

After setting up the hardware appliance or virtual appliance, complete these steps.

Step 1: Install the desktop client application and desktop player

NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:

  • Any reference to putty in the PATH environment variable
  • c:/Program Files/Putty
  • c:/Program Files(x86)/Putty
  • c:/Putty

If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:

<user-home-dir>/AppData/Local/Safeguard/putty.

If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.

Installing the Safeguard for Privileged Passwords desktop client application

  1. To download the Safeguard for Privileged Passwords desktop client Windows installer .msi file, open a browser and navigate to:

    https://<Appliance IP>/Safeguard.msi

    Save the Safeguard.msi file in a location of your choice.

  2. Run the MSI package.
  3. Select Next in the Welcome dialog.
  4. Accept the End-User License Agreement and select Next.
  5. Select Install to begin the installation.
  6. Select Finish to exit the desktop client setup wizard.

Installing the Desktop Player

CAUTION: If the Desktop Player is not installed and a user tries to play back a session from the Activity Center, a message like the following will display: No Desktop Player. The Safeguard Desktop Player is not installed. Would you like to install it now? The user will need to click Yes to go to the download page to install the player following step 2 below.

  1. Once the Safeguard for Privileged Passwords installation is complete, go to the Windows Start menu, Safeguard folder, and click Download Safeguard Player to be taken to the One Identity Safeguard for Privileged Sessions - Download Software web page.

  2. Follow the Install Safeguard Desktop Player section of the player user guide found here:

    1. Go to One Identity Safeguard for Privileged Sessions - Technical Documentation.
    2. Scroll to User Guide and click One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide.

  3. For Safeguard Desktop player version 1.8.6 and later, ensure your signed web certificate has a Subject Alternative Name (SAN) that includes each IP address of each of your cluster members. If the settings are not correct, the Safeguard Desktop Player will generate a certificate warning like the following when replaying sessions: Unable to verify SSL certificate. To resolve this issue, import the appropriate certificates including the root CA.

New Desktop Player versions

When you have installed a version of the Safeguard Desktop Player application, you will need to uninstall the previous version to upgrade to a newer player version.

Step 2: Start the desktop client
  1. Log in using the Bootstrap Administrator account.
  2. Run the desktop client and log in with the configured IPv4 or IPv6 address for the primary interface (X0). To log in with an IPv6 address, enter it in square brackets.
  3. License of Safeguard for Privileged Passwords using the provided license file.

  4. Designate an archive server for storing session recordings. Defining archive server configurations and assigning an archive server to an appliance are done from the desktop's Administrative Tools view:

    • Go to Settings | Backup and Retention | Archive Servers to configure archive servers.
    • Go to Settings | Sessions | Session Recordings Storage Management to assign an archive server to an appliance for storing recording files.

  5. To configure the time zone:

    1. Navigate to Administrative Tools | Settings | Safeguard Access | Time Zone.
    2. Select the time zone in the Default User Time Zone drop-down menu.
  6. Ensure that your Safeguard for Privileged Passwords Appliance has the latest software version installed. To check the version:
    1. From the Safeguard for Privileged Passwords Desktop Client, log in with admin account credentials.
    2. Click Settings | Appliance | Appliance Information. The Appliance Version is displayed.

    3. Go to the following product support page for the latest version:

      https://support.oneidentity.com/one-identity-safeguard/download-new-releases

    4. If necessary, apply a patch. Wait for maintenance. If you are installing multiple patches, repeat as needed.
Step 3: Backup Safeguard for Privileged Passwords

Immediately after your initial installation of Safeguard for Privileged Passwords, make a backup of your Safeguard for Privileged Passwords Appliance.

NOTE: The default backup schedule runs at 22:00 MST, which can be modified rather than manually running a backup.
  1. From the Safeguard for Privileged Passwords desktop Home page, select  Administrative Tools.
  2. In Settings, select Backup and Retention | Backups.
  3. Click  Run Now.
Step 4: Update Safeguard for Privileged Passwords

Download the latest update from: https://support.oneidentity.com/one-identity-safeguard/.

  1. From the Safeguard for Privileged Passwords desktop Home page, select  Administrative Tools.
  2. In Settings, select Appliance | Updates.
  3. Click Upload a File and browse to select an update file.

    Note: When you select a file, Safeguard for Privileged Passwords uploads it to the server, but does not install it.

  4. Click Install Now to install the update file immediately.
  5. Once you have updated Safeguard for Privileged Passwords, be sure to back up your Safeguard for Privileged Passwords Appliance.
Step 5: Add a user with Authorizer administrative permissions

The Authorizer Administrator is responsible for granting administrative access to One Identity Safeguard for Privileged Passwords.

  1. From the Safeguard for Privileged Passwords desktop Home page, select  Administrative Tools.

    Note: This is where you add all the objects you need to write access request policies, such as users, accounts, and assets.

  2. In Administrative Tools, select Users.
  3. Click  Add User to create a Safeguard for Privileged Passwords user with a local authentication provider and Authorizer Administrator permissions.

    Note: When you choose Authorizer permissions, Safeguard for Privileged Passwords also selects User and Help Desk permissions. These additional settings cannot be cleared.

  4. Log out:
    1. In the upper-right corner of the screen, click the user avatar.
    2. Select Log Out.
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating