Network Architecture - Hitachi ID Privileged Access Manager
High-Availability Password Storage
Once deployed, Hitachi ID Privileged Access Manager becomes an essential part of an
organization's IT infrastructure, since it alone has access
to privileged passwords for thousands of networked devices.
An interruption to the availability of Privileged Access Manager or its password
vault would mean that administrative access to a range of devices is
interrupted -- a major IT service disruption.
Since servers occasionally break down, Privileged Access Manager
supports load balancing and data replication between multiple
physical servers and multiple credential vaults. Any updates
written to one database instance are automatically replicated, in real
time, over an encrypted communication path, to all other Privileged Access Manager
servers and all other credential vaults.
In short, Privileged Access Manager incorporates a highly available,
replicated, multi-master architecture for both the application
and the credential vault. The architecture is active-active,
not active-standby as is common with other products.
To provide out-of-the-box data replication, Privileged Access Manager includes a database
service that replicates updates across multiple database instances.
This service uses a Microsoft SQL Server (one per app node) for physical
storage. Hitachi ID Systems recommends one physical database per Privileged Access Manager server,
normally on the same hardware as the Privileged Access Manager application.
The Privileged Access Manager data replication system makes it both simple and
advisable for organizations to build a highly-available Privileged Access Manager
server cluster, spanning multiple servers, with each server placed
in a different data center. Replication traffic is encrypted,
authenticated, bandwidth-efficient and tolerant of latency, making it
suitable for deployment over a WAN.
This multi-site, multi-master replication is configured at no additional
cost, beyond that of the hardware for additional Privileged Access Manager servers,
and with minimal manual configuration.
Privileged Access Manager Network Architecture Diagram
Scaling to Support Thousands of Workstations
To secure privileged accounts on mobile PCs (typically
laptops), Privileged Access Manager includes a service, which installs on the relevant
PCs and which contacts a central server to coordinate local
This architecture has several important advantages:
- The local workstation service uses only HTTPS to communicate with the
central server and works even when the PC is connected
behind NAT devices, firewalls or application proxies.
- The local workstation service does not randomize passwords
unless it has established connectivity with the central
privileged access management server. This avoids a situation where the
central server does not know the new password value for
- Dynamic IP addresses have no impact on this architecture.
- Physical relocation and long periods of detached network
connectivity may delay updates to local passwords, but do not
introduce a failure whereby the local administrator passwords on
a PC are unknown.
- Network Architecture:
How user PCs, servers, network devices, multiple, replicated Privileged Access Manager nodes and other elements interact on the network.
- Replicated Credential Vault:
Replicated storage of passwords to privileged accounts in multiple, physically distant, encrypted vaults.
- Included Connectors:
Systems on which Privileged Access Manager can discover accounts, randomize passwords and launch login sessions.
- Infrastructure Auto-discovery:
Automatically finding and classifying workstations, servers, applications and network devices as well as privileged accounts and services on each one.
- Non-target integrations:
Integrations between Privileged Access Manager and IT infrastructure where it may not be managing passwords or privileged access -- such as e-mail systems, incident management applications and more.
- Workflow Requests and Approvals:
Enabling users to request and approve one-off access to sensitive accounts.
- Concurrent Access to Accounts:
Limiting how many administrators can simultaneously manage a system and keeping administrators informed of one-anothers activity.
- Single Sign-on Mechanisms:
Options for connecting users to privileged accounts, through credential injection, trust manipulation and temporary group membership, all without displaying passwords from the vault.
- Server requirements:
Sizing, configuration and number of servers on which to deploy Privileged Access Manager.
Scaling to manage passwords across millions of devices.
- Emergency access:
Access to Privileged Accounts During Emergencies.
- Language Support:
A list of languages supported in the web portal.