立即与支持人员聊天
与支持团队交流

One Identity Safeguard for Privileged Passwords 2.11 - User Guide

System requirements

One Identity Safeguard for Privileged Passwords has several graphical user interfaces that allow you to manage access requests, approvals, and reviews for your managed accounts and systems:

  • The Windows desktop client consists of an end-user view and administrator view. The fully featured desktop client exposes all of the functionality of Safeguard based on the role of the authenticated user.
  • The web client is functionally similar to the desktop client end-user view and useful for requestors, reviewers, and approvers. Many administration functions are available as well.
  • The web management console displays whenever you connect to the virtual appliance and is used for first time configuration.
    When setting up a virtual environment, carefully consider the configuration aspects such as CPU, memory availability, I/O subsystem, and network infrastructure to ensure the virtual layer has the necessary resources available. See One Identity's Product Support Policies for more information on environment virtualization.

Ensure that your system meets the minimum hardware and software requirements for these clients.

If a Safeguard Sessions Appliance is joined to Safeguard for Privileged Passwords, session recording is handled via Safeguard for Privileged Session. The join is initiated from Safeguard for Privileged Sessions. For details about the join steps and issue resolution, see the One Identity Safeguard for Privileged Sessions Administration Guide.

Bandwidth

It is recommended that connection, including overhead, is faster than 10 megabits per second inter-site bandwidth with a one-way latency of less than 500 milliseconds. If you are using traffic shaping, you must allow sufficient bandwidth and priority to port 655 UDP/TCP in the shaping profile. These numbers are offered as a guideline only in that other factors could require additional network tuning. These factors include but are not limited to: jitter, packet loss, response time, usage, and network saturation. If there are any further questions, please check with your Network Administration team.

Desktop client system requirements

The desktop client is a native Windows application suitable for use on end-user machines. You install the desktop client by means of an MSI package that you can download from the appliance web client portal. You do not need administrator privileges to install One Identity Safeguard for Privileged Passwords.

NOTE: PuTTY is used to launch the SSH client for SSH session requests and is included in the install. The desktop client looks for any user-installed PuTTY in the following locations:

  • Any reference to putty in the PATH environment variable
  • c:/Program Files/Putty
  • c:/Program Files(x86)/Putty
  • c:/Putty

If PuTTY is not found, the desktop client uses the version of PuTTY that it installed at:

<user-home-dir>/AppData/Local/Safeguard/putty.

If the user later installs PuTTY in any of the locations above, the desktop client uses that version which ensures the user has the latest version of PuTTY.

Table 3: Desktop client requirements
Component Requirements
Technology

Microsoft .NET Framework 4.6 (or later)

Windows platforms

64-bit editions of:

  • Windows 7
  • Windows 8.1
  • Windows 10
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2
  • Windows Server 2016

If the appliance setting, TLS 1.2 Only is enabled, (Administrative Tools | Settings | Appliance | Appliance Information), ensure the desktop client also has TLS 1.2 enabled. If the client has an earlier version of TLS enabled, you will be locked out of the client and will not be able to connect to Safeguard for Privileged Passwords.

Considerations:

  • Internet Explorer security must be set to use TLS 1.0 or higher. Ensure the proper "Use TLS" setting is enabled on the Advanced tab of the Internet Options dialog (In Internet Explorer, go to Tools | Internet Options | Advanced tab).
  • To use FIDO2 two-factor authentication, you will need a web browser that supports the WebAuthn standard.

Desktop Player

See One Identity Safeguard for Privileged Sessions [version] Safeguard Desktop Player User Guide available at: One Identity Safeguard for Privileged Sessions - Technical Documentation, User Guide.

Web client system requirements

Table 4: Web requirements
Component Requirements
Web browsers

Desktop browsers:

  • Google Chrome 77 (or later)
  • Microsoft Internet Explorer 11 and Edge
  • Mozilla Firefox 69 (or later)

NOTE: To use FIDO2 two-factor authentication, you will need a web browser that supports the WebAuthn standard.

Mobile device browsers:

  • Apple iOS 13 (or later)
  • Google Chrome on Android version 77 (or later)

The web client is implemented for modern web browser technology, using:

  • HTML5
  • CSS
  • JavaScript

NOTE: If your browser lacks these required technologies, then use the desktop client.

Product licensing

One Identity Safeguard for Privileged Passwords is made up of a core set of features, such as the UI and Web Services layers, and a number of modules.

Hardware appliance

The One Identity Safeguard for Privileged Passwords 2000 Appliance ships with the following module which requires a valid license to enable functionality:

  • Privileged Passwords
  • Privileged Sessions

You must install a valid license for each Safeguard for Privileged Passwords module to operate. More specifically, if any module is installed, Safeguard for Privileged Passwords will show a license state of Licensed and is operational. However, depending on which models are licensed, you will see limited functionality. That is, even though you will be able to configure access requests:

  • If a Privileged Passwords module license is not installed, you will not be able to request a password release.
  • If a Privileged Sessions module license is not installed, you will not be able to initiate a session access request from the embedded sessions module.

Virtual appliance licensing

The Safeguard for Privileged Passwords virtual appliance requires a valid Microsoft Volume License Agreement that includes licensing for Windows 10 Enterprise. Privileged sessions is available via a join to Safeguard for Privileged Sessions.

The virtual appliance will not function unless the operating system is properly licensed.

As a Safeguard for Privileged Passwords user, if you get an "appliance is unlicensed" notification, contact your Appliance Administrator.

相关文档