Chat now with support
Chat with Support

Safeguard for Sudo 6.1 Common Documents - Administration Guide

One Identity Privileged Access Suite for Unix Introducing Privilege Manager for Sudo Planning Deployment Installation and Configuration Upgrade Privilege Manager for Sudo System Administration Managing Security Policy Administering Log and Keystroke Files Troubleshooting Privilege Manager Variables Privilege Manager programs Installation Packages Unsupported Sudo Options Privilege Manager for Sudo Policy Evaluation

Single host deployment

A single-host installation is typically appropriate for evaluations, proof of concept, and demonstrations of Privilege Manager. This configuration example installs all of the components on a single UNIX/Linux host, with protection offered only within this single host. All logging and auditing takes place on this host.

Medium business deployment

The medium business model is suitable for small organizations with relatively few hosts to protect, all of which may be located within a single data center.

This configuration example comprises multiple UNIX/Linux hosts located within the SME space and one or more web servers located in a DMZ.

Multiple policy server components (pmmasterd) are installed in a failover configuration, with groups of plugin hosts balanced between the policy servers. If a policy server is unavailable for any reason, the plugin hosts will failover to the alternative policy server.

Figure 3: Medium business implementation

Large business deployment

This is an example of how a large business might deploy Privilege Manager. Some global companies prefer to fragment their requirement and deploy multiple instances as shown in the medium-sized business model.

This example comprises three policy servers, two are balancing the load of multiple plugin hosts. This may be necessary if there is a high level of audit and/or a significant volume of requested elevated privilege. Further, there is an additional policy server configured as a failover should one or both policy servers become unavailable.

Figure 4: Large business implementation

Installation and Configuration

This is an overview of the steps necessary to set up your environment to use Privilege Manager software:

To configure a primary policy server

  1. Check the server for installation readiness.
  2. Install the Privilege Manager policy server package.
  3. Configure the primary policy server.
  4. Join the primary policy server to policy group.

To configure a secondary policy server

  1. Check the host for installation readiness.
  2. Install the Privilege Manager policy server package.
  3. Configure the secondary policy server.
  4. Join the Sudo Plugin host to the secondary policy server.

To install the Sudo Plugin on a remote host

  1. Check the remote host for installation readiness.
  2. Install the Privilege Manager software on the remote host.
  3. Join the Sudo Plugin host to the policy server.

The following topics walk you through these steps.

Related Documents