The medium business model is suitable for small organizations with relatively few hosts to protect, all of which may be located within a single data center.
This configuration example comprises multiple UNIX/Linux hosts located within the SME space and one or more web servers located in a DMZ.
The tunneling feature (pmtunneld), enables Privilege Manager for Unix to control privileged commands on the web servers across a firewall, within the DMZ. This configuration significantly reduces the number of open ports at the firewall.
Multiple policy server components (pmmasterd) are installed in a failover configuration, with groups of agents balanced between the policy servers. If a policy server is unavailable for any reason, the agents will failover to the alternative policy server.
Figure 4: Medium business implementation
This is an example of how a large business might deploy Privilege Manager. Some global companies prefer to fragment their requirement and deploy multiple instances as shown in the medium-sized business model.
Figure 5: Large business implementation
This example is based on an organization with offices in London and New York. Again, as with the medium-sized business example, the web servers and corporate web-based applications reside in a DMZ. The requirement to run commands at an elevated level from inside the firewall remains.
Access to the web server and web applications is predominantly, but not exclusively, from the London office. Privilege Manager for Unix tunnelling components are used to breach the firewall to the DMZ.
In addition, internal firewalls are located between the offices in London and New York, and tunneling components are deployed to enable access from office to office and indeed from anywhere to the DMZ.
Within each office, multiple policy servers are configured for load balancing, with each policy server serving a number of agents.
Figure 6: Enterprise deployment implementation
You can extend each of the models described above by, for example, adding more policy servers, configuring additional load balancing, assigning dedicated audit, logging and reporting servers. The models provide a small indication of the flexibility and modular way in which you can configure and implement Privilege Manager to meet the precise requirements of any size business.
This is an overview of the steps necessary to set up your environment to use Privilege Manager software:
To configure a primary policy server
To configure a secondary policy server
To install the PM Agent on a remote host
The following topics walk you through these steps.