Releases use the following version designations:
- Long Term Support (LTS) Releases: The first digit identifies the release and the second is a zero (for example, 6.0 LTS).
- Maintenance LTS Releases: A third digit is added followed by LTS (for example, 6.0.6 LTS).
- Feature Releases: The Feature Releases version numbers are two digits (for example, 6.6).
Customers choose between two paths for receiving releases: Long Term Support (LTS) Release or Feature Release. See the following table for details.
Table 6: Comparison of Long Term Support (LTS) Release and Feature Release
|
Long Term Support (LTS) Release |
Feature Release |
General Release |
Scope: Includes new features, resolved issues and security updates
Versioning: The first digit identifies the LTS and the second digit is a 0 (for example, 6.0 LTS, 7.0 LTS, and so on). |
Scope: Includes the latest features, resolved issues, and other updates, such as security patches for the OS
Versioning: The first digit identifies the LTS and the second digit is a number identifying the Feature Release (for example, 6.6, 6.7, and so on). |
Maintenance Release |
Scope: Includes critical resolved issues
Versioning: A third digit designates the maintenance LTS Release (for example, 6.0.6 LTS). |
Scope: Includes highly critical resolved issues
Versioning: A third digit designates the maintenance Feature Release (for example, 6.6.1). |
Release and support details can be found at Product Life Cycle.
|
CAUTION: Downgrading from the latest Feature Release, even to an LTS release, voids support for SPP. |
One Identity strongly recommends always installing the latest revision of the release path you use (Long Term Support path or Feature Release path).
Moving between LTS and Feature Release versions
You can move from an LTS version (for example, 6.0.7 LTS) to the same feature version (6.7) and then patch to a later feature version. After that, you can patch from the minimum version for the patch, typically N-3. If you move from an LTS version to a feature version, you will receive a warning like the following which informs you that you will only be able to apply a Feature Release until the next LTS Release:
Warning: You are patching to a Feature Release from an LTS Release. If you apply this update, you will not be able to upgrade to a non-Feature Release until the next LTS major release version is available. See the Administration Guide for details.
You cannot move from a Feature Release to LTS Release. For example, you cannot move from 6.7 to 6.0.7 LTS. You have to keep upgrading with each new Feature Release until the next LTS Release version is published. For this example, you would wait until 7.0 LTS is available.
Patching
You can only patch from a major version. For example, if you have version 6.6 and want to patch to 7.7, you must patch to 7.0 LTS and then apply 7.7.
An LTS major version of One Identity Safeguard for Privileged Passwords (SPP) will only work with the same LTS major version of Safeguard for Privileged Sessions (SPS). For the best experience, it is recommended you use the latest supported version.
The SPP Appliance is built specifically for use only with the SPP privileged management software that is already installed and ready for immediate use. It comes hardened to ensure the system is secure at the hardware, operating system, and software levels.
The following tables list the One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance specifications and power requirements.
Table 7: 4000 Appliance: Feature specifications
Processor |
Intel Xeon 4310T 2.3 GHz |
# of Processors |
1 |
# of Cores per Processor |
10 cores (20 threads) |
L2/L3 Cache |
15 MB Cache |
Chipset |
Intel C621A Chipset |
DIMMs |
ECC DDR4-2667 |
RAM |
64 GB |
Internal HD Controller |
Supermicro AOC-S3908L-H8iR-16DD |
Disk Hard Drive |
4 x Seagate Exos 7E10 2TB SAS 512e |
Availability |
TPM 2.0, EEC Memory, Redundant PSU |
I/O Slots |
2x PCIe 4.0 x16 FHHL 1x PCIe 4.0 x16 HHHL |
RAID |
RAID10 |
NIC/LOM |
Broadcom P210TP - 2 x 10G BASE-T Broadcom P210P - 2 x 10G SFP+ |
Power Supplies |
Redundant, 500W/600W, Auto Ranging (100v~240V), RoHS and REACH compliant |
Fans |
6 Supermicro FAN-0141L |
Chassis |
1U Rack |
Dimensions (HxWxD) |
43 x 437.0 x 650.0 (mm)
1.7 x 17.2 x 25.6 (in) |
Weight |
Max: 37 lbs (16.78 Kg) |
Table 8: 3000 Appliance: Feature specifications
Processor |
Intel Xeon E3-1275v6 3.8 GHz |
# of Processors |
1 |
# of Cores per Processor |
4 cores (8 threads) |
L2/L3 Cache |
8MB L3 Cache |
Chipset |
Intel C236 Chipset |
DIMMs |
Unbuffered ECC UDIMM DDR4 2400MHz |
RAM |
32 GB |
Internal HD Controller |
LSI MegaRAID SAS 9361-4i Single |
Disk Hard Drive |
4 x Seagate 7E2000 2TB SAS 512E |
Availability |
TPM 2.0, EEC Memory, Redundant PSU |
I/O Slots |
x16 PCIe 3.0, x8 PCIe 3.0 |
RAID |
RAID10 |
NIC/LOM |
4 port - dual GbE LAN with Intel i210-AT |
Power Supplies |
Redundant, 700W, Auto Ranging (100v~240V), ACPI compatible |
Fans |
1 Supermicro SNK-P0046P and 2 Micron 16GB 2666MHz 2R ECC Unb Z01B Dual Label |
Chassis |
1U Rack |
Dimensions (HxWxD) |
43 x 437.0 x 597.0 (mm)
1.7 x 17.2 x 23.5 (in) |
Weight |
Max: 37 lbs (16.78 Kg) |
Table 9: 2000 Appliance: Feature specifications
Processor |
Intel Xeon E3-1275v5 3.60 GHz |
# of Processors |
1 |
# of Cores per Processor |
4 |
L2/L3 Cache |
4 x 256KB L2, 8MB L3 SmartCache |
Chipset |
Intel C236 Chipset |
DIMMs |
DDR4-2400 ECC Unbuffered DIMMs |
RAM |
32GB |
Internal HD Controller |
LSI MegaRAID SAS 9391-4i 12Gbps SAS3 |
Disk |
4 x Seagate EC2.5 1TB SAS 512e |
Availability |
TPM 2.0, EEC Memory, Redundant PSU |
I/O Slots |
x16 PCIe 3.0, x8 PCIe 3.0 |
RAID |
RAID10 |
NIC/LOM |
3 x Intel i210-AT GbE |
Power Supplies |
Redundant, 700W, Auto Ranging (100v~240V), ACPI compatible |
Fans |
4 x 40mm Counter-rotating, Non-hot-swappable |
Chassis |
1U Rack |
Dimensions
(HxWxD) |
43 x 437.0 x 597.0 (mm)
1.7 x 17.2 x 23.5 (in) |
Weight |
Max: 46 lbs (20.9 Kg) |
Miscellaneous |
FIPS Compliant Chassis |
Table 10: One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance: Power requirements
Input Voltage |
100-240 Vac |
Frequency |
50-60Hz |
Power Consumption (Watts) |
170.9 |
BTU |
583 |
SPP is also available as a virtual appliance and from the cloud. For details see:
The front panel of the One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance contain the following controls for powering on, powering off, and scrolling through the LCD display.
-
Green check mark button: Use the Green check mark button to start the appliance. Press the Green check mark button for NO more than one second to power on the appliance.
|
Caution: Once the SPP Appliance is booted, DO NOT press and hold the Green check mark button. Holding this button for four or more seconds will cold reset the power of the appliance and may result in damage. |
-
Red X button: Use the Red X button to shut down the appliance. Press and hold the Red X button for four seconds until the LCD displays POWER OFF.
|
Caution: Once the SPP Appliance is booted, DO NOT press and hold the Red X button for more than 13 seconds. This will hard power off the appliance and may result in damage. |
- Down, up, left, and right arrow buttons: When the appliance is running, the LCD home screen displays: Safeguard for Privileged Passwords <version number>. Use the arrow buttons to scroll through the following details:
- Serial: <appliance serial number>
- X0: <appliance IP address>
- MGMT: <management IP address>
- MGMT MAC: <media access control address>
- IPMI: <IP address for IPMI>
Table 11: Appliance LCD and controls
Green check mark button |
Use the Green check mark button to start the appliance. Press the Green check mark button for NO MORE THAN one second to power on the appliance.
|
Caution: Once the SPP Appliance is booted, DO NOT press and hold the Green check mark button. Holding this button for four or more seconds will cold reset the power of the appliance and may result in damage. | |
Red X button |
Use the Red X button to shut down the appliance. Press and hold the Red X button for four seconds until the LCD displays POWER OFF.
|
Caution: Once the SPP Appliance is booted, DO NOT press and hold the Red X button for more than 13 seconds. This will hard power off the appliance and may result in damage. | |
Down, up, left, and right arrow buttons |
When the appliance is running, the LCD home screen displays:
Use the arrow buttons to scroll through the following details:
- Serial: <appliance serial number>
- X0: <appliance IP address>
- MGMT: <management IP address>
- MGMT MAC: <media access control address>
- IPMI: <IP address for IPMI>
|
|
CAUTION: All customers upgrading to SPP 7.0 require a new license. For more information, contact Support. |
As a SPP user, if you get an "appliance is unlicensed" notification, contact your Appliance Administrator.
Hardware appliance
The One Identity Safeguard for Privileged Passwords 4000 Appliance, 3000 Appliance and 2000 Appliance ship with the Privileged Passwords module which requires a valid license to enable functionality.
You must install a valid license. Once the module is installed, SPP shows a license state of Licensed and is operational. If the module license is not installed, you have limited functionality. That is, even though you will be able to configure access requests, if a Privileged Passwords module license is not installed, you will not be able to request a password release.
Virtual appliance Microsoft Windows licensing
You must license the virtual appliance with a Microsoft Windows license. We recommend using either the MAK or KMS method. Specific questions about licensing should be directed to your Sales Representative. The virtual appliance will not function unless the operating system is properly licensed.
Licensing setup and update
To enter licensing information when you first log in
The first time you log in as the Appliance Administrator, you are prompted to add a license. The Success dialog displays when the license is added.
On the virtual appliance, the license is added as part of Initial Setup. For more information, see Setting up the virtual appliance..
IMPORTANT: After successfully adding a license, the Software Transaction Agreement will be displayed and must be read and accepted in order to use SPP.
To configure reminders for license expiration
To avoid disruptions in the use of SPP, the Appliance Administrator must configure the SMTP server, and define email templates for the License Expired and the License Expiring Soon event types. This ensures you will be notified of an approaching expiration date. For more information, see Enabling email notifications..
Users are instructed to contact their Appliance Administrator if they get an "appliance is unlicensed" notification.
As an Appliance Administrator, if you receive a "license expiring" notification, apply a new license.
To update the licensing file
Safeguard licenses can be updated both on hardware and virtual machines, whereas OS licenses can be updated only on virtual machines.
To perform licensing activities
Navigate to Appliance Management > Appliance > Licensing.
-
To upload a new license file, click Upload new license file and browse to select the current license file. The Software Transaction Agreement will also be displayed during this process and must be read and accepted in order to complete the licensing process.
-
To remove the license file, select the license and click Remove selected license.
-
To get more information on the license and to export license data, click the What do these numbers mean? button, or click on the numbers in the tile.
If you want to export data about users, desktops or systems in CSV or JSON format, navigate to the table from which you want to export data by clicking the corresponding tab, for example Users Used.
Click the export icon located on the table. For more information on exporting, see Exporting data.
Below is the list of the available tabs.
For device-based licenses:
-
General
-
Desktops Used
-
Other Desktops
-
Systems Used
-
Other Systems
-
History
For user-based licenses:
-
General
-
Users Used
-
Password Vault Only
-
Other Users
-
History
-
The General tab, contains general information about the license: