Chat now with support
Chat with Support

We are currently experiencing issues on our phone support and are working diligently to restore services. For support, please sign in and create a case or email for assistance

One Identity Safeguard for Privileged Sessions 6.0.10 - Installation Guide

Installing the SPS hardware

The following describes how to install a single SPS unit.

To install a single SPS unit

  1. Unpack SPS.

  2. (Optional) Install SPS into a rack with the slide rails. Slide rails are available for all SPS appliances.

  3. Connect the cables.

    1. Connect the Ethernet cable facing your LAN to the Ethernet connector labeled as 1. This is physical interface 1 of SPS. This interface is used for the initial configuration of SPS, and for monitoring connections. (For details on the roles of the different interfaces, see "Network interfaces" in the Administration Guide.)

    2. (Optional) To use SPS across multiple physical (L1) networks, you can connect additional networks using physical interface 2 (Ethernet connector 2) and physical interface 3 (Ethernet connector 3).

    3. Connect an Ethernet cable that you can use to remotely support the SPS hardware to the IPMI interface of SPS. For details, see the following documents:

      For Safeguard Sessions Appliance 3000 and 3500, see the X9 SMT IPMI User's Guide.


      Connect the IPMI before plugging in the power cord. Failing to do so will result in IPMI failure.

      Caution: SECURITY HAZARD!

      The IPMI, like all out-of-band management interfaces, has known vulnerabilities that One Identity cannot fix or have an effect on. To avoid security hazards, One Identity recommends that you only connect the IPMI to well-protected, separated management networks with restricted accessibility. Failing to do so may result in an unauthorized access to all data stored on the SPS appliance. Data on the appliance can be unencrypted or encrypted, and can include sensitive information, for example, passwords, decryption keys, private keys, and so on.

      For more information, see Best Practices for managing servers with IPMI features enabled in Datacenters.


      The administrator of SPS must be authorized and able to access the IPMI for support and troubleshooting purposes in case vendor support is needed.

      The following ports are used by the IPMI:

      • Port 22 (TCP): SSH (configurable)

      • Port 80 (TCP): Web (configurable)

      • Port 161 (UDP, TCP): SNMP (configurable)

      • Port 443 (TCP): Web SSL (configurable)

      • Port 623 (UDP): Virtual Media (configurable)

      • Port 5900 (TCP): IKVM Server (configurable)

      • Port 5985 (TCP): Wsman (configurable)

    4. (Optional) Connect the Ethernet cable connecting SPS to another SPS node to the Ethernet connector labeled as 4. This is the high availability (HA) interface of SPS. (For details on the roles of the different interfaces, see "Network interfaces" in the Administration Guide.)

    5. (Optional) The Safeguard Sessions Appliance 3500 is equipped with a dual-port SFP+ interface card labeled A and B. Optionally, connect a supported SFP+ module to these interfaces.


      For a list of compatible connectors, see Linux Base Driver for 10 Gigabit Intel Ethernet Network Connection. Note that SFP transceivers encoded for non Intel hosts may be incompatible with the Intel 82599EB host chipset found in SPS.

  4. Power on the hardware.

  5. Change the BIOS password on the One Identity Safeguard for Privileged Sessions. The default password is ADMIN or changeme, depending on your hardware.

  6. Change the IPMI password on the One Identity Safeguard for Privileged Sessions. The default password is ADMIN or changeme, depending on your hardware.


    Ensure that you have the latest version of IPMI firmware installed. You can download the relevant firmware from the One Identity Knowledge base.

    To change the IPMI password, connect to the IPMI remote console.


    If you encounter issues when connecting to the IPMI remote console, add the DNS name or the IP address of the IPMI to the exception list (whitelist) of the Java console. For details on how to do this, see the Java FAQ entry titled How can I configure the Exception Site List?.

  7. Following boot, SPS attempts to receive an IP address automatically via DHCP. If it fails to obtain an automatic IP address, it starts listening for HTTPS connections on the IP address.

    To configure SPS to listen for connections on a custom IP address, complete the following steps:

    1. Access SPS from the local console, and log in with username root and password default.

    2. Select Shells > Core shell in the Console Menu.

    3. Change the IP address of SPS:

      ifconfig eth0 <IP-address> netmask

      Replace <IP-address> with an IPv4 address suitable for your environment.

    4. Set the default gateway using the following command:

      route add default gw <IP-of-default-gateway>

      Replace <IP-of-default-gateway> with the IP address of the default gateway.

    5. Type exit, then select Logout from the Console Menu.

  8. Connect to the SPS web interface from a client machine and complete the Welcome Wizard as described in "The Welcome Wizard and the first login" in the Administration Guide.


    The Administration Guide is available on the Safeguard for Privileged Sessions Documentation page.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating