Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 5.9.0 - Installation Guide

One Identity Safeguard for Privileged Sessions Hyper-V Installation Guide

This tutorial describes the possibilities and limitations of installing One Identity Safeguard for Privileged Sessions (SPS) 5 F9 as a virtual appliance under a Hyper-V server.

Limitations of SPS under Hyper-V

Version 5 F9 of SPS has no special support for running under Hyper-V. While the basic functionality of SPS is not affected by running as a virtual appliance, the following limitations apply:

  • If High Availability (HA) operation mode is required in a virtual environment, use the HA function provided by the virtual environment.

  • Hardware-related alerts and status indicators of SPS may display inaccurate information, for example, display degraded RAID status.

  • When running SPS under Microsoft Hyper-V, ensure that the network interfaces are actually connected to the network. When running under Hyper-V, SPS indicates on the Basic Settings > Network > Ethernet links page that there is a link even if the network interface is configured and enabled, but not connected to the network.

  • When rebooting SPS in Hyper-V, the following critical error message may appear in the event log of the Hyper-V host:

    <Virtual machine name> was reset because an unrecoverable error occurred on a virtual processor that caused a triple fault.

    This is normal, there is no problem with SPS. For details, see Triple fault in event log shows reset of Linux virtual machines.

Installing SPS under Hyper-V

Purpose:

To install a new SPS under Hyper-V, complete the following steps:

Steps:
  1. Create the virtual machine for SPS using the following settings. Note that these settings are suitable for evaluation purposes. To test SPS under significant load, contact One Identity for recommendations.

    • Choose Generation 1 for the virtual machine.

    • Allocate memory for the virtual machine. SPS requires a minimum of 4 GiB (8 GiB is recommended) of memory. The recommended size for the memory depends on the exact environment, but consider the following:

      • The base system requires 4 GiB of memory.

      • SPS requires about 1-5 MiB of memory for every active connection, depending on the type of the connection — graphical protocols require more memory.

    • Configure a fixed size disk with at least 8 GiB space. About 5 GiB is required for the base system, the remaining disk space is used to store data. To increase the initial disk size, see Modifying the disk size of a SPS virtual appliance.

    • Do not use RAID for the hard disk, use the data duplication features of your virtual environment instead. That way, a single hard disk is sufficient for the system. If you need to use the built-in RAID support of SPS for some reason, use two hard disks, and SPS will automatically use them in software RAID.

      Caution:

      Hazard of data loss! When you install or reinstall SPS in a virtual environment, always create new hard disks. Using existing hard disks can cause unexpected behavior and operational problems.

    • SPS requires 4 network cards. After completing the steps of the New Virtual Machine Wizard, add three additional network cards in the Settings of the virtual machine.

      Enable, but do not attach the fourth (eth3) network card to a network.

    • To index connections without significant delay, add two CPU cores to the virtual machine. Note that these settings are suitable for evaluation purposes. To test SPS under significant load, contact One Identity for recommendations. The resource requirements of indexing depend heavily on the amount and type of the indexed traffic, and can also require using external indexer hosts (for details on external indexers, see "Configuring external indexers" in the Administration Guide).

  2. Login to your support portal and download the latest One Identity Safeguard for Privileged Sessions installation ISO file. Note that you need to have purchased SPS as a virtual appliance or have partner access to download One Identity Safeguard for Privileged Sessions ISO files. If you are a partner but do not see the ISO files, you can request partner access within support portal.

  3. Mount the ISO image and boot the virtual machine. Follow the on-screen instructions to install SPS.

Installing One Identity Safeguard for Privileged Sessions as a Kernel-based Virtual Machine

This tutorial describes the possibilities and limitations of installing One Identity Safeguard for Privileged Sessions (SPS) 5 F9 as a virtual appliance using the Kernel-based Virtual Machine (KVM) solution.

Limitations of SPS under KVM

The following limitations apply to running version 5 F9 of SPS under KVM:

  • SPS can be installed under KVM on most modern Linux distributions. One Identity currently tests the following KVM version:

    # virsh version
    Compiled against library: libvirt 1.2.17
    Using library: libvirt 1.2.17
    Using API: QEMU 1.2.17
    Running hypervisor: QEMU 1.5.3
  • SPS can only use fixed disk space assigned to the virtual host, it is not possible to use on-demand disk allocation scenarios.

  • If High Availability (HA) operation mode is required in a virtual environment, use the HA function provided by the virtual environment.

  • Hardware-related alerts and status indicators of SPS may display inaccurate information, for example, display degraded RAID status.

Installing SPS as a Kernel-based Virtual Machine

Purpose:

To install a new SPS as a Kernel-based Virtual Machine, complete the following steps:

Steps:
  1. Create the virtual machine for SPS using the following settings. Note that these settings are suitable for evaluation purposes. To test SPS under significant load, contact One Identity for recommendations.

    • Guest operating system: Linux/Ubuntu 64-bit

    • Allocate memory for the virtual machine. SPS requires a minimum of 4 GiB (8 GiB is recommended) of memory. The recommended size for the memory depends on the exact environment, but consider the following:

      • The base system requires 4 GiB of memory.

      • SPS requires about 1-5 MiB of memory for every active connection, depending on the type of the connection — graphical protocols require more memory.

    • The hard disk controller must be virtio.

    • Do not use RAID for the hard disk, use the data duplication features of your virtual environment instead. That way, a single hard disk is sufficient for the system. If you need to use the built-in RAID support of SPS for some reason, use two hard disks, and SPS will automatically use them in software RAID.

      Caution:

      Hazard of data loss! When you install or reinstall SPS in a virtual environment, always create new hard disks. Using existing hard disks can cause unexpected behavior and operational problems.

    • Configure a fixed size disk with at least 8 GiB space. About 5 GiB is required for the base system, the remaining disk space is used to store data. To increase the initial disk size, see Modifying the disk size of a SPS virtual appliance.

    • SPS requires 4 network cards, all of them must be virtio.

      NOTE:

      SPS will use the network card with the lowest PCI ID as eth0 (Physical interface 1), the card with the second lowest PCI ID as eth1 (the Physical interface 2), and so on. In some cases, this might differ from the labels in the VMWare management interface, for example, it is possible that eth0 will be labeled as Network adapter 4, and as a result, the SPS Welcome Wizard will not be available on Network adapter 1.

      Configure unused network cards — at least the fourth (eth3) — to use internal NAT.

    • To index connections without significant delay, add two CPU cores to the virtual machine. Note that these settings are suitable for evaluation purposes. To test SPS under significant load, contact One Identity for recommendations. The resource requirements of indexing depend heavily on the amount and type of the indexed traffic, and can also require using external indexer hosts (for details on external indexers, see "Configuring external indexers" in the Administration Guide).

  2. Login to your support portal and download the latest One Identity Safeguard for Privileged Sessions installation ISO file. Note that you need to have purchased SPS as a virtual appliance or have partner access to download One Identity Safeguard for Privileged Sessions ISO files. If you are a partner but do not see the ISO files, you can request partner access within support portal.

  3. Mount the ISO image and boot the virtual machine. Follow the on-screen instructions to install SPS.

Related Documents