Replicated Credential Vault
Database Architecture Overview
All Hitachi ID Privileged Access Manager components, including user interface screens,
reports, service programs and command-line / batch processes
access the database using the same architecture:
- A client component calls a client wrapper library.
- The client wrapper library communicates with a Privileged Access Manager database
service using an IPC. This may be shared memory (same server,
very fast) or TCP/IP socket (remote server, encrypted communication
using a shared key).
- The Privileged Access Manager database service authenticates clients, checks what
they are allowed to see/do and invokes stored procedures to read from
and write to the database.
- Stored procedures, installed on the relational database back end
(e.g., Microsoft SQL Server or Oracle Database Server), access data
in the local schema and return results.
- Calls to stored procedures which insert, delete or update records
are forwarded by the database service to its replicating peers, so that
each database instance may be kept up to date.
- Data returned by stored procedures is passed back to the calling
This architecture is advantageous for several reasons:
- Built-in data replication makes it easy to configure Privileged Access Manager
in a high-availability, fault-tolerant architecture.
- Using stored procedures rather than direct SQL calls significantly
improves performance while leaving open the possibility of future
- Using a Privileged Access Manager database service to front-end the physical database
enables robust access controls and easy-to-manage database replication.
- Wrapping data calls in an encrypted protocol enables secure
configuration in a distributed environment, over untrusted
Privileged Access Manager includes built-in data replication between servers.
Data replication between Privileged Access Manager servers occurs in real time --
all updates to one server's database are queued up and sent to
other (peer) servers as well. If a peer server is unavailable,
database updates are automatically retried when the server becomes
All replication is performed at the application level, over an encrypted
TCP/IP socket. This makes configuration of a replicated environment
straightforward and eliminates the need to license and configure
a replicated RDBMS server product.
Application-level replication is especially helpful for deployments where
Privileged Access Manager servers are physically distant from one another, for example
to provide fault tolerance in the event of a disaster at a single
data center. Database replication provided by database vendors such as
Microsoft or Oracle is very difficult to configure where the network
between nodes is insecure, unreliable, low bandwidth or high latency.
Since a WAN network normally exhibits all of these problems, Hitachi ID Systems
built replication right into Privileged Access Manager to operate reliably under
these same constraints.
Privileged Access Manager data replication is secure. Data transmitted between
servers is encrypted and each endpoint authenticates the other. Replication
uses relatively low bandwidth and is tolerant of high latency, making
it suitable for deployment across physically distant sites. Replication is
fault tolerant, in that failed transmissions are queued and retried
until they succeed.
Privileged Access Manager uses a special form of replication when writing new passwords,
called a distributed commit. Essentially, new passwords are written to
multiple servers before being updated on target systems. This mechanism
is designed to eliminate the possibility that a new password will be
written to a target system but lost due to a server crash before it
can be written to disk.
- Network Architecture:
How user PCs, servers, network devices, multiple, replicated Privileged Access Manager nodes and other elements interact on the network.
- Replicated Credential Vault:
Replicated storage of passwords to privileged accounts in multiple, physically distant, encrypted vaults.
- Included Connectors:
Systems on which Privileged Access Manager can discover accounts, randomize passwords and launch login sessions.
- Infrastructure Auto-discovery:
Automatically finding and classifying workstations, servers, applications and network devices as well as privileged accounts and services on each one.
- Non-target integrations:
Integrations between Privileged Access Manager and IT infrastructure where it may not be managing passwords or privileged access -- such as e-mail systems, incident management applications and more.
- Workflow Requests and Approvals:
Enabling users to request and approve one-off access to sensitive accounts.
- Concurrent Access to Accounts:
Limiting how many administrators can simultaneously manage a system and keeping administrators informed of one-anothers activity.
- Single Sign-on Mechanisms:
Options for connecting users to privileged accounts, through credential injection, trust manipulation and temporary group membership, all without displaying passwords from the vault.
- Server requirements:
Sizing, configuration and number of servers on which to deploy Privileged Access Manager.
Scaling to manage passwords across millions of devices.
- Emergency access:
Access to Privileged Accounts During Emergencies.
- Language Support:
A list of languages supported in the web portal.