Once deployed, Hitachi ID Privileged Access Manager becomes an essential part of an organization's IT infrastructure, since it alone has access to privileged passwords for thousands of networked devices. An interruption to the availability of Privileged Access Manager or its password vault would mean that administrative access to a range of devices is interrupted -- a major IT service disruption.
Since servers occasionally break down, Privileged Access Manager supports load balancing and data replication between multiple physical servers and multiple credential vaults. Any updates written to one database instance are automatically replicated, in real time, over an encrypted communication path, to all other Privileged Access Manager servers and all other credential vaults.
In short, Privileged Access Manager incorporates a highly available, replicated, multi-master architecture for both the application and the credential vault.
To provide out-of-the-box data replication, Privileged Access Manager includes a database service that replicates updates across multiple database instances. This service can be configured to use either Oracle or Microsoft SQL Server databases for physical storage. Hitachi ID Systems recommends one physical database per Privileged Access Manager server, normally on the same hardware as the Privileged Access Manager application.
The Privileged Access Manager data replication system makes it both simple and advisable for organizations to build a highly-available Privileged Access Manager server cluster, spanning multiple servers, with each server placed in a different data center. Replication traffic is encrypted, authenticated, bandwidth-efficient and tolerant of latency, making it suitable for deployment over a WAN.
This multi-site, multi-master replication is configured at no additional cost, beyond that of the hardware for additional Privileged Access Manager servers, and with minimal manual configuration.
Privileged Access Manager Network Architecture Diagram (1)
To secure privileged accounts on mobile workstations (typically laptops), Privileged Access Manager includes a service, which installs on the relevant PCs and which contacts a central server to coordinate local password changes.
This architecture has several important advantages: