Skip to main content


Hitachi ID Privileged Access Manager is designed to scale to support over 1,000,000 password changes per 24 hour period, in a physically and geographically replicated (i.e., high availability / disaster-proof) configuration.

This is accomplished using a number of technologies:

  1. Concurrent operation by multiple Privileged Access Manager servers -- i.e., a multi-master replication model.
  2. A multi-threaded "push-mode" service that can push out tens of thousands of new passwords to servers, routers and applications every hour.
  3. A local workstation service that can "pull" new passwords onto devices such as laptops at random intervals, in order to support devices unreachable from a central server while distributing server workload over the hours of the day.
  4. A data replication protocol that is tolerant of both low-bandwidth and high-latency.

Read More:

  • Network Architecture:
    How user PCs, servers, network devices, multiple, replicated Privileged Access Manager nodes and other elements interact on the network.
  • Replicated Credential Vault:
    Replicated storage of passwords to privileged accounts in multiple, physically distant, encrypted vaults.
  • Included Connectors:
    Systems on which Privileged Access Manager can discover accounts, randomize passwords and launch login sessions.
  • Infrastructure Auto-discovery:
    Automatically finding and classifying workstations, servers, applications and network devices as well as privileged accounts and services on each one.
  • Non-target integrations:
    Integrations between Privileged Access Manager and IT infrastructure where it may not be managing passwords or privileged access -- such as e-mail systems, incident management applications and more.
  • Workflow Requests and Approvals:
    Enabling users to request and approve one-off access to sensitive accounts.
  • Concurrent Access to Accounts:
    Limiting how many administrators can simultaneously manage a system and keeping administrators informed of one-anothers activity.
  • Single Sign-on Mechanisms:
    Options for connecting users to privileged accounts, through credential injection, trust manipulation and temporary group membership, all without displaying passwords from the vault.
  • Server requirements:
    Sizing, configuration and number of servers on which to deploy Privileged Access Manager.
  • Scalability:
    Scaling to manage passwords across millions of devices.
  • Emergency access:
    Access to Privileged Accounts During Emergencies.
  • Language Support:
    A list of languages supported in the web portal.
page top page top