One Identity Safeguard for Privileged Sessions 5.7.0 - Packaging Checklist

Package contents inventory

Carefully unpack all server components from the packing cartons. The following items should be packaged with the One Identity Safeguard for Privileged Sessions:

  • A One Identity Safeguard for Privileged Sessions appliance, pre-installed with the latest One Identity Safeguard for Privileged Sessions firmware.

  • One Identity Safeguard for Privileged Sessions accessory kit, including the following:

    • One Identity Safeguard for Privileged Sessions 5 F7 Packaging Checklist (this document).

    • GPL v2.0 license.

  • Rack mount hardware (depending on appliance type).

  • Power cable.

The default BIOS and IPMI passwords are in the documentation.


Was this topic helpful?

[Select Rating]



One Identity Safeguard for Privileged Sessions Hardware Installation Guide

This document describes how to set up the One Identity Safeguard for Privileged Sessions (Safeguard for Privileged Sessions) hardware. Refer to the following documents for step-by-step instructions:


Was this topic helpful?

[Select Rating]



Installing the Safeguard for Privileged Sessions hardware

Purpose:

To install a single Safeguard for Privileged Sessions unit, complete the following steps.

Steps:
  1. Unpack Safeguard for Privileged Sessions.

  2. Optional step: Install Safeguard for Privileged Sessions into a rack with the slide rails. Slide rails are available for all Safeguard for Privileged Sessions appliances.

  3. Connect the cables.

    1. Connect the Ethernet cable facing your LAN to the Ethernet connector labeled as 1. This is physical interface 1 of Safeguard for Privileged Sessions. This interface is used for the initial configuration of Safeguard for Privileged Sessions, and for monitoring connections. (For details on the roles of the different interfaces, see "Network interfaces" in the Administration Guide.)

    2. Optional step: To use Safeguard for Privileged Sessions across multiple physical (L1) networks, you can connect additional networks using physical interface 2 (Ethernet connector 2) and physical interface 3 (Etherner connector 3).

    3. Connect an Ethernet cable that you can use to remotely support the Safeguard for Privileged Sessions hardware to the IPMI interface of Safeguard for Privileged Sessions. For details, see the following documents:

      For Safeguard for Privileged Sessions T4 and T10, see the X9 SMT IPMI User's Guide. For Safeguard for Privileged Sessions T1, see the SMT IPMI User's Guide.

      Caution:

      Connect the IPMI before plugging in the power cord. Failing to do so will result in IPMI failure.

      It is not necessary for the IPMI interface to be accessible from the Internet, but the administrator of Safeguard for Privileged Sessions must be able to access it for support and troubleshooting purposes in case vendor support is needed. The following ports are used by the IPMI interface:

      • Port 623 (UDP): IPMI (cannot be changed)

      • Port 5123 (UDP): floppy (cannot be changed)

      • Port 5901 (TCP): video display (configurable)

      • Port 5900 (TCP): HID (configurable)

      • Port 5120 (TCP): CD (configurable)

      • Port 80 (TCP): HTTP (configurable)

      Access to information available only via the IPMI interface is not mandatory, but highly recommended to speed up the support and troubleshooting processes.

    4. Optional step: Connect the Ethernet cable connecting Safeguard for Privileged Sessions to another Safeguard for Privileged Sessions node to the Ethernet connector labeled as 4. This is the high availability (HA) interface of Safeguard for Privileged Sessions. (For details on the roles of the different interfaces, see "Network interfaces" in the Administration Guide.)

    5. Optional step: The T-10 appliance is equipped with a dual-port SFP+ interface card labeled A and B. Optionally, connect a supported SFP+ module to these interfaces.

      NOTE:

      For a list of compatible connectors, see Linux Base Driver for 10 Gigabit Intel Ethernet Network Connection. Note that SFP transceivers encoded for non Intel hosts may be incompatible with the Intel 82599EB host chipset found in Safeguard for Privileged Sessions.

  4. Power on the hardware.

  5. Change the BIOS password on the One Identity Safeguard for Privileged Sessions. The default password is ADMIN or changeme, depending on your hardware.

  6. Change the IPMI password on the One Identity Safeguard for Privileged Sessions. The default password is ADMIN or changeme, depending on your hardware.

    NOTE:

    Ensure that you have the latest version of IPMI firmware installed. You can download the relevant firmware from the One Identity Knowledge base.

    To change the IPMI password, connect to the IPMI remote console.

    NOTE:

    If you encounter issues when connecting to the IPMI remote console, add the DNS name or the IP address of the IPMI interface to the exception list (whitelist) of the Java console. For details on how to do this, see the Java FAQ entry titled How can I configure the Exception Site List?.

  7. Following boot, Safeguard for Privileged Sessions attempts to receive an IP address automatically via DHCP. If it fails to obtain an automatic IP address, it starts listening for HTTPS connections on the 192.168.1.1 IP address.

    To configure Safeguard for Privileged Sessions to listen for connections on a custom IP address, complete the following steps:

    1. Access Safeguard for Privileged Sessions from the local console, and log in with username root and password default.

    2. In the Console Menu, select Shells > Core shell.

    3. Change the IP address of Safeguard for Privileged Sessions:

      ifconfig eth0 <IP-address> netmask 255.255.255.0

      Replace <IP-address> with an IPv4 address suitable for your environment.

    4. Set the default gateway using the following command:

      route add default gw <IP-of-default-gateway>

      Replace <IP-of-default-gateway> with the IP address of the default gateway.

    5. Type exit, then select Logout from the Console Menu.

  8. Connect to the Safeguard for Privileged Sessions web interface from a client machine and complete the Welcome Wizard as described in "The Welcome Wizard and the first login" in the Administration Guide.

    NOTE:

    The Administration Guide is available on the Safeguard for Privileged Sessions Documentation page.


Was this topic helpful?

[Select Rating]



Installing two Safeguard for Privileged Sessions units in HA mode

Purpose:

To install Safeguard for Privileged Sessions with high availability support, complete the following steps.

Steps:
  1. For the first Safeguard for Privileged Sessions unit, complete Installing the Safeguard for Privileged Sessions hardware.

  2. For the second Safeguard for Privileged Sessions unit, complete Steps 1-3 of Installing the Safeguard for Privileged Sessions hardware.

  3. Connect the two units with an Ethernet cable via the Ethernet connectors labeled as 4.

  4. Power on the second unit.

  5. Change the BIOS and IPMI passwords on the second unit. The default password is ADMIN or changeme, depending on your hardware.

  6. Connect to the Safeguard for Privileged Sessions web interface of the first unit from a client machine and enable the high availability mode. Navigate to Basic Settings > High Availability . Click Convert to Cluster, then reload the page in your browser.

  7. Click Reboot Cluster.

  8. Wait until the slave unit synchronizes its disk to the master unit. Depending on the size of the hard disks, this may take several hours. You can increase the speed of the synchronization via the Safeguard for Privileged Sessions web interface at Basic Settings > High Availability > DRBD sync rate limit.


Was this topic helpful?

[Select Rating]



Self Service Tools
Knowledge Base
Notifications & Alerts
Product Support
Software Downloads
Technical Documentation
User Forums
Video Tutorials
Contact Us
Licensing Assistance
Technical Support
View All
Related Documents

Please note our Privacy Policy recently changed to support GDPR. You may read it here. Continuing to use our website indicates you have accepted the new policy.