Business Challenge


When passwords are changed regularly, a robust storage mechanism is needed to store them. This storage must:

  • Prevent unauthorized disclosure.
  • Be highly available, even when there is a physical disaster.
  • Lose no data, again even when faced with a site outage.

Hitachi ID Privileged Access Manager Solution


Privileged Access Manager includes an encrypted, replicated storage mechanism:

  • All credentials are encrypted using a customer-specific key, which itself is encrypted and protected.
  • All database commits are distributed across multiple Privileged Access Manager servers, in real time, over an encrypted communication channel and with retries in the event of a connection problem.
  • Any credential can be retrieved from any Privileged Access Manager server.
  • Replication is tolerant of low bandwidth and high latency and deployment of vaults in multiple cities is strongly recommended.
  • In the event that a single Privileged Access Manager server is disconnected or even destroyed, no special steps are required to 'activate' the other servers -- they are all active, all the time.

An encrypted, distributed, active-active database architecture ensures high availability and strong security without human intervention in the event of a disaster.