One Identity Safeguard for Privileged Sessions 6.2.0 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS) The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Forwarding data to third-party systems Joining to One Identity Starling
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help LDAP user and group resolution in SPS

Prerequisites and limitations

Before starting to use One Identity Safeguard for Privileged Sessions (SPS) with external indexers, consider the following:

  • If there is a firewall between the host of the external indexer and SPS, enable two-way communication between them.

    The default port is TCP/12345. To change the port number, you have to modify the indexer settings on SPS, and upload the new configuration to the external indexer(s).

  • To protect the sensitive data in the audit trails, ensure that the audit trails are encrypted. For details on encrypting audit trails, see Encrypting audit trails.

  • Make sure to permit indexer access only to the hosts that really run external indexers on the Basic Settings > Local Services > Indexer service page of the SPS web interface.

  • To process graphical audit trails that contain Asian characters, make sure that you have uploaded a license to SPS that enables indexing Asian characters.

    NOTE:

    The current OCR engine cannot guarantee accurate character recognition for Asian characters smaller than 30 x 30 pixels. If you encounter problems with character recognition for Asian characters, increase resolution settings in your connection.

  • The external indexer can be installed on the following 64-bit operating systems: Red Hat Enterprise Linux Server 6.7, Red Hat Enterprise Linux Server 7, CentOS 6.7, and CentOS 7. The installer is a self-contained package that includes every required dependency of the indexer.

If your security policy does not permit the above limitations, or your environment does not make it possible to fulfill them, do not use external indexers with SPS.

Hardware requirements for the external indexer host

NOTE: This is a data-driven part of the product. Hardware requirements and exact memory usage cannot be safely predicted as the actual memory usage depends on the contents of the sessions.

  • CPU: You can configure the number of audit trails that an indexer host processes at the same time. For optimal performance, each indexer process should have a dedicated CPU core.

  • Memory requirements: In addition to the memory requirements of the operating system of the host, the indexer requires about 300 MB memory for each worker process, depending on the protocol of the indexed audit trails. The audit trails of terminal connections require less memory.

  • Disk: The indexer requests the data from One Identity Safeguard for Privileged Sessions (SPS) in small chunks, it does not store the entire audit trail nor any temporary files. You will need only disk space for the operating system, and a few GB to store logs.

For example, if you want to have a host that can process 6 audit trails at the same time, you need 6 CPU cores and 1.8 GB of memory for the indexer service. If you install only a minimal operating system and the external indexer on the host, 6 GB disk space should be enough.

Configuring One Identity Safeguard for Privileged Sessions (SPS) to use external indexers

The following describes how to configure One Identity Safeguard for Privileged Sessions (SPS) to accept connections from external indexer services.

To configure SPS to accept connections from external indexer services

  1. Log in to the SPS web interface, and navigate to Basic Settings > Local Services > Indexer service.

  2. Select Indexer service.

  3. Select Enable remote indexing.

    Figure 208: Basic Settings > Local Services > Indexer service > Enable remote indexing — Configure external indexers

  4. In the Listening addresses > Address field, select the network interface where SPS should accept external indexer connections. Repeat this step to add other interfaces if needed.

    The available addresses correspond to the interface addresses configured in Basic Settings > Network > Interfaces. Only IPv4 addresses can be selected.

  5. Select Restrict clients, and list the IP address and netmask of your external indexer hosts.

    Use an IPv4 address.

  6. Click Commit.

Installing the external indexer

Prerequisites

The external indexer can be installed on the following 64-bit operating systems: Red Hat Enterprise Linux Server 6.7, Red Hat Enterprise Linux Server 7, CentOS 6.7, and CentOS 7. The installer is a self-contained package that includes every required dependency of the indexer.

To install the external indexer

  1. Log in as root to the host that you want to use to index your audit trails.

  2. Copy the installer package to the host.

    NOTE:

    Due to legal reasons, installation packages of the external indexer application will be available only from the SPS web interface. After SPS versions 6.3 and 6.0.2 are released, the installation packages will be removed from our website.

  3. Install the package using the package manager of the operating system. For example:

    yum install external-indexer-standalone-<version-number>.x86_64.rpm

    The installer performs the following steps automatically.

    • Unpacks the indexer files into the /opt/external-indexer/ directory.

    • Installs the related init scripts (the /etc/init.d/external-indexer init script, and adds the init script configuration to /etc/sysconfig/external-indexer).

    • Creates the indexer user and usergroup. This is an unprivileged user that is used to run the indexer application.

    • Registers the service to start automatically on system boot. Note that the indexer init script uses bind mount points.

  4. Edit the firewall rules of the host to accept connections from One Identity Safeguard for Privileged Sessions (SPS) on the TCP/12345 port. For example:

    iptables -A INPUT -p tcp --destination-port 12345 --jump ACCEPT
    NOTE:

    If there is a firewall between the indexer host and SPS, enable two-way communication between them on the TCP/12345 port.

  5. Configure the indexer. For details, see Configuring the external indexer.

Related Documents