In this scenario, you deploy several Password Manager realms in your environment. You can use this scenario in complex environment, when several Password Manager configurations are required.
For example, a service provider can deploy two Password Manager realms, one realm to service company A, and the other - company B.
You can also use this scenario for a test deployment of Password Manager. In this case, the first realm is a production deployment of Password Manager, and the second realm can be used for testing purposes.
When deploying Password Manager in a perimeter network (also known as DMZ), it is recommended to install the Password Manager Service and the sites in a corporate network at first (i.e. use the Full installation option in the Password Manager setup), and then install only the Self-Service and Helpdesk sites in the perimeter network.
When you use this installation scenario, only one port should be open in the firewall between the corporate network and the perimeter network (by default, port number 8081 is used).
For more information on installing the Self-Service and Helpdesk site separately from the Password Manager Service, see Installing Self-Service and Helpdesk Sites on a Standalone Server.
A reverse proxy is a proxy server that is typically deployed in a perimeter network to enhance security of the corporate network. By providing a single point of access to the servers installed in the intranet, the reverse proxy server protects the intranet from an external attack.
If you have the reverse proxy deployed in the perimeter network in your environment, it is recommended to install the Password Manager Service and the Self-Service and Helpdesk sites in the intranet and configure the reverse proxy to redirect requests from external users to the correct intranet URLs of the Password Manager sites.
A Management Policy is a core concept in Password Manager. Management Policies allow you to organize and group settings for dedicated users and helpdesk operators.