Skip to main content

Replicated Credential Vault

Database Architecture Overview

All Hitachi ID Privileged Access Manager components, including user interface screens, reports, service programs and command-line / batch processes access the database using the same architecture:

  1. A client component calls a client wrapper library.
  2. The client wrapper library communicates with a Privileged Access Manager database service using an IPC. This may be shared memory (same server, very fast) or TCP/IP socket (remote server, encrypted communication using a shared key).
  3. The Privileged Access Manager database service authenticates clients, checks what they are allowed to see/do and invokes stored procedures to read from and write to the database.
  4. Stored procedures, installed on the relational database back end (e.g., Microsoft SQL Server or Oracle Database Server), access data in the local schema and return results.
  5. Calls to stored procedures which insert, delete or update records are forwarded by the database service to its replicating peers, so that each database instance may be kept up to date.
  6. Data returned by stored procedures is passed back to the calling program.

This architecture is advantageous for several reasons:

  1. Built-in data replication makes it easy to configure Privileged Access Manager in a high-availability, fault-tolerant architecture.
  2. Using stored procedures rather than direct SQL calls significantly improves performance while leaving open the possibility of future schema changes.
  3. Using a Privileged Access Manager database service to front-end the physical database enables robust access controls and easy-to-manage database replication.
  4. Wrapping data calls in an encrypted protocol enables secure configuration in a distributed environment, over untrusted network segments.

Built-in Replication

Privileged Access Manager includes built-in data replication between servers.

Data replication between Privileged Access Manager servers occurs in real time -- all updates to one server's database are queued up and sent to other (peer) servers as well. If a peer server is unavailable, database updates are automatically retried when the server becomes available again.

All replication is performed at the application level, over an encrypted TCP/IP socket. This makes configuration of a replicated environment straightforward and eliminates the need to license and configure a replicated RDBMS server product.

Application-level replication is especially helpful for deployments where Privileged Access Manager servers are physically distant from one another, for example to provide fault tolerance in the event of a disaster at a single data center. Database replication provided by database vendors such as Microsoft or Oracle is very difficult to configure where the network between nodes is insecure, unreliable, low bandwidth or high latency. Since a WAN network normally exhibits all of these problems, Hitachi ID Systems built replication right into Privileged Access Manager to operate reliably under these same constraints.

Privileged Access Manager data replication is secure. Data transmitted between servers is encrypted and each endpoint authenticates the other. Replication uses relatively low bandwidth and is tolerant of high latency, making it suitable for deployment across physically distant sites. Replication is fault tolerant, in that failed transmissions are queued and retried until they succeed.

Privileged Access Manager uses a special form of replication when writing new passwords, called a distributed commit. Essentially, new passwords are written to multiple servers before being updated on target systems. This mechanism is designed to eliminate the possibility that a new password will be written to a target system but lost due to a server crash before it can be written to disk.

Read More:

  • Network Architecture:
    How user PCs, servers, network devices, multiple, replicated Privileged Access Manager nodes and other elements interact on the network.
  • Replicated Credential Vault:
    Replicated storage of passwords to privileged accounts in multiple, physically distant, encrypted vaults.
  • Included Connectors:
    Systems on which Privileged Access Manager can discover accounts, randomize passwords and launch login sessions.
  • Infrastructure Auto-discovery:
    Automatically finding and classifying workstations, servers, applications and network devices as well as privileged accounts and services on each one.
  • Non-target integrations:
    Integrations between Privileged Access Manager and IT infrastructure where it may not be managing passwords or privileged access -- such as e-mail systems, incident management applications and more.
  • Workflow Requests and Approvals:
    Enabling users to request and approve one-off access to sensitive accounts.
  • Concurrent Access to Accounts:
    Limiting how many administrators can simultaneously manage a system and keeping administrators informed of one-anothers activity.
  • Single Sign-on Mechanisms:
    Options for connecting users to privileged accounts, through credential injection, trust manipulation and temporary group membership, all without displaying passwords from the vault.
  • Server requirements:
    Sizing, configuration and number of servers on which to deploy Privileged Access Manager.
  • Scalability:
    Scaling to manage passwords across millions of devices.
  • Emergency access:
    Access to Privileged Accounts During Emergencies.
  • Language Support:
    A list of languages supported in the web portal.
page top page top