Hitachi ID Privileged Access Manager comes with a rich variety of built-in connectors. These
support both end user devices (e.g., PCs, laptops) and network attached
infrastructure such as servers, routers, firewalls, network devices,
databases and applications.
Click here to see the list of included connectors
Routers, Switches, Firewalls, Lights-out Adapters
Privileged Access Manager can manage passwords to privileged accounts on a wide
variety of network devices, from vendors such as Cisco, Juniper and F5.
These are generally managed over SSH, where:
- A connector running on Privileged Access Manager nodes establishes SSH
sessions to the managed device, to get a list of local admin IDs,
randomize passwords, validate password values, etc.
- An ActiveX executed on user laptops can launch an SSH client
such as PuTTY, inject credentials from the vault and so
provide single sign-on for IT staff who need sign into
Optional Client Software
Privileged Access Manager does not require any client software to run, beyond a
web browser. That said, Privileged Access Manager client software is provided for
- To trigger privileged password changes on mobile laptops by
contacting one of the central Privileged Access Manager servers and request a
new, random password. This is done with a Service on Windows and
a cron job on Linux/Unix. Appropriate client software is provided
for the following, at any service pack / patchlevel:
- Windows 2000.
- Windows XP.
- Windows Vista~10.
Clients for other Unix variants are made available on demand.
- To launch automatic connections from an IT worker's Privileged Access Manager
login session to target systems, using Remote Desktop Services, SSH
or other tools. This is accomplished using ActiveX controls
embedded in the Privileged Access Manager web portal and consequently only works with
the Internet Explorer web browser. The Privileged Access Manager UI works with
other browsers, but other browsers cannot launch automatic connections.
Nothing needs to be installed on the user's PC for this to work.
Included in Price
Almost all Privileged Access Manager connectors are included in the base price.
The sole exception is the native z/OS Mainframe Connector -- one of
three methods used to integrate with RAC/F, ACF/2 and TopSecret --
which is licensed separately.
- Network Architecture:
How user PCs, servers, network devices, multiple, replicated Privileged Access Manager nodes and other elements interact on the network.
- Replicated Credential Vault:
Replicated storage of passwords to privileged accounts in multiple, physically distant, encrypted vaults.
- Included Connectors:
Systems on which Privileged Access Manager can discover accounts, randomize passwords and launch login sessions.
- Infrastructure Auto-discovery:
Automatically finding and classifying workstations, servers, applications and network devices as well as privileged accounts and services on each one.
- Non-target integrations:
Integrations between Privileged Access Manager and IT infrastructure where it may not be managing passwords or privileged access -- such as e-mail systems, incident management applications and more.
- Workflow Requests and Approvals:
Enabling users to request and approve one-off access to sensitive accounts.
- Concurrent Access to Accounts:
Limiting how many administrators can simultaneously manage a system and keeping administrators informed of one-anothers activity.
- Single Sign-on Mechanisms:
Options for connecting users to privileged accounts, through credential injection, trust manipulation and temporary group membership, all without displaying passwords from the vault.
- Server requirements:
Sizing, configuration and number of servers on which to deploy Privileged Access Manager.
Scaling to manage passwords across millions of devices.
- Emergency access:
Access to Privileged Accounts During Emergencies.
- Language Support:
A list of languages supported in the web portal.