Privilege Manager 6.0 licensing options:
Privilege Manager for Sudo evaluation license allows you to manage unlimited Sudo Plugin hosts for 30 days; after 30 days, you are allowed to manage 10 Sudo Plugin hosts without receiving an alert.
NOTE: A newly installed policy server comes with an evaluation license. You can install multiple evaluation licenses, but only one license of each type.
Although licenses are allocated on a per-agent basis, you install the licenses on Privilege Manager policy servers.
The pmlicense command allows you to display current license information, update a license (an expired one or a temporary one before it expires) or create a new one. (See Install Licenses or Displaying License Usage for more examples of using the pmlicense command.)
You can deploy Privilege Manager software within any organization using UNIX® and/or Linux® systems. Privilege Manager offers a scalable solution to meet the needs of the small business through to the extensive demands of the large or global organization.
There is no right or wrong way to deploy Privilege Manager, and an understanding of the flexibility and scope of the product will aid you in determining the most appropriate solution for your particular requirements. This section describes four sample implementations:
Decide which of the following configurations you want to set up:
Sudo Plugin Configuration: Join a Privilege Manager for Sudo host to a sudo policy server group.
NOTE: Policy servers can only be joined to policy groups they host (that is, manage). You cannot join a Sudo Plugin host to a pmpolicy server group or the PM Agent host to a sudo policy server group.
A single-host installation is typically appropriate for evaluations, proof of concept and demonstrations of Privilege Manager for Unix. This configuration example installs all of the components on a single UNIX®/Linux® host, with protection offered only within this single host. All logging and auditing takes place on this host.
Figure 6: Single Host Implementation
The medium business model is suitable for small organizations with relatively few hosts to protect, all of which may be located within a single data centre.
This configuration example comprises multiple UNIX®/Linux® hosts located within the SME space and one or more web servers located in a DMZ.
The tunneling feature (pmtunneld), enables Privilege Manager for Unix to control privileged commands on the web servers across a firewall, within the DMZ. This configuration significantly reduces the number of open ports at the firewall.
Multiple policy server components (pmmasterd) are installed in a failover configuration, with groups of agents balanced between the policy servers. If a policy server is unavailable for any reason, the agents will failover to the alternative policy server.
Figure 7: Medium Business Implementation