Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 7.2.1 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS)
The philosophy of One Identity Safeguard for Privileged Sessions (SPS) Policies Credential Stores Plugin framework Indexing Supported protocols and client applications Modes of operation Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS) Archive and backup concepts Maximizing the scope of auditing IPv6 in One Identity Safeguard for Privileged Sessions (SPS) SSH host keys Authenticating clients using public-key authentication in SSH The gateway authentication process Four-eyes authorization Network interfaces High Availability support in One Identity Safeguard for Privileged Sessions (SPS) Versions and releases of One Identity Safeguard for Privileged Sessions (SPS) Accessing and configuring One Identity Safeguard for Privileged Sessions (SPS)
Cloud deployment considerations The Welcome Wizard and the first login Basic settings
Supported web browsers The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving Cleaning up audit data Using plugins Forwarding data to third-party systems Starling integration
User management and access control
Login settings Managing One Identity Safeguard for Privileged Sessions (SPS) users locally Setting password policies for local users Managing local user groups Managing One Identity Safeguard for Privileged Sessions (SPS) users from an LDAP database Authenticating users to a RADIUS server Authenticating users with X.509 certificates Authenticating users with SAML2 Managing user rights and usergroups Creating rules for restricting access to search audit data Displaying the privileges of users and user groups Listing and searching configuration changes
Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing One Identity Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings MSSQL-specific settings RDP-specific settings SSH-specific settings Using Sudo with SPS Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS)
Network troubleshooting Gathering data about system problems Viewing logs on One Identity Safeguard for Privileged Sessions (SPS) Changing log verbosity level of One Identity Safeguard for Privileged Sessions (SPS) Collecting logs and system information for error reporting Collecting logs and system information of the boot process for error reporting Support hotfixes Status history and statistics Troubleshooting a One Identity Safeguard for Privileged Sessions (SPS) cluster Understanding One Identity Safeguard for Privileged Sessions (SPS) RAID status Restoring One Identity Safeguard for Privileged Sessions (SPS) configuration and data VNC is not working with TLS Configuring the IPMI from the BIOS after losing IPMI password Incomplete TSA response received Using UPN usernames in audited SSH connections
Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help Configuring SPS to use an LDAP backend Glossary

Configuring external indexers

If One Identity Safeguard for Privileged Sessions (SPS) audits lots of connections, processing and indexing the created audit trails requires significant computing resources, which may not be available in the SPS appliance. To decrease the load on the SPS appliance, you can install the indexer service on external Linux hosts. These external indexer hosts run the same indexer service as the SPS appliance, and can index audit trails, or generate screenshots and replayable video files from the audit trails as needed. The external indexers register on SPS, wait for SPS to send an audit trail to process, process the audit trail, then return the processed data to SPS. The external indexer hosts do not store any data, thus any sensitive data is available on the host while it is being processed.

To use external indexers to process your audit trails, you have to complete the following steps.

Topics:

Prerequisites and limitations

Before starting to use One Identity Safeguard for Privileged Sessions (SPS) with external indexers, consider the following:

  • If there is a firewall between the host of the external indexer and SPS, enable connections from the external indexer to SPS.

    The default port is TCP/12345. To change the port number, you have to modify the indexer settings on SPS, and upload the new configuration to the external indexer(s).

  • To protect the sensitive data in the audit trails, ensure that the audit trails are encrypted. For details on encrypting audit trails, see Encrypting audit trails.

  • Make sure to permit indexer access only to the hosts that really run external indexers on the Basic Settings > Local Services > Indexer service page of the SPS web interface.

  • NOTE: The current OCR engine cannot guarantee accurate character recognition for non-Latin characters smaller than 30 x 30 pixels. If you encounter problems with character recognition for non-Latin characters, increase resolution settings in your connection.

  • The external indexer can be installed on the following 64-bit operating systems: Red Hat Enterprise Linux Server 7, 8, and their derivatives, such as CentOS, Oracle Linux, AlmaLinux, Rocky Linux, etc.

    NOTE: Derivatives are supported only if an issue can be reproduced on an official RHEL distribution. Do not report issues specific to a derivative OS but not to RHEL.

  • Update your system:

    yum update

    Download the External Indexer bundle from the SPS box itself:

    curl https://<SPS-IP>/external-indexer.rpm -o external-indexer.rpm

    Install the bundle:

    yum install external-indexer.rpm

If your security policy does not permit the above limitations, or your environment does not make it possible to fulfill them, do not use external indexers with SPS.

Hardware requirements for the external indexer host

NOTE: This is a data-driven part of the product. Hardware requirements and exact memory usage cannot be safely predicted as the actual memory usage depends on the contents of the sessions.

  • CPU: You can configure the number of audit trails that an indexer host processes at the same time. For optimal performance, each indexer process should have a dedicated CPU core.

  • Memory requirements: In addition to the memory requirements of the operating system of the host, the indexer requires about 300 MB memory for each worker process, depending on the protocol of the indexed audit trails. The audit trails of terminal connections require less memory.

  • Disk: The indexer requests the data from One Identity Safeguard for Privileged Sessions (SPS) in small chunks, it does not store the entire audit trail nor any temporary files. You will need only disk space for the operating system, and a few GB to store logs.

For example, if you want to have a host that can process 6 audit trails at the same time, you need 6 CPU cores and 1.8 GB of memory for the indexer service. If you install only a minimal operating system and the external indexer on the host, 6 GB disk space should be enough.

Configuring One Identity Safeguard for Privileged Sessions (SPS) to use external indexers

The following describes how to configure One Identity Safeguard for Privileged Sessions (SPS) to accept connections from external indexer services.

To configure SPS to accept connections from external indexer services

  1. Log in to the SPS web interface, and navigate to Basic Settings > Local Services > Indexer service.

  2. Select Indexer service.

  3. Select Enable remote indexing.

    Figure 264: Basic Settings > Local Services > Indexer service > Enable remote indexing — Configure external indexers

  4. In the Listening addresses > Address field, select the network interface where SPS should accept external indexer connections. Repeat this step to add other interfaces if needed.

    The available addresses correspond to the interface addresses configured in Basic Settings > Network > Interfaces. Only IPv4 addresses can be selected.

  5. Select Restrict clients, and list the IP address and netmask of your external indexer hosts.

    Use an IPv4 address.

  6. Click Commit.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating