Hitachi ID Privileged Access Manager is designed to scale to support over 1,000,000 password
changes per 24 hour period, in a physically and geographically
replicated (i.e., high availability / disaster-proof) configuration.
This is accomplished using a number of technologies:
- Concurrent operation by multiple Privileged Access Manager servers -- i.e.,
a multi-master replication model.
- A multi-threaded "push-mode" service that can push out tens of
thousands of new passwords to servers, routers and applications
- A local workstation service that can "pull" new passwords onto
devices such as laptops at random intervals, in order to support
devices unreachable from a central server while distributing
server workload over the hours of the day.
- A data replication protocol that is tolerant of both
low-bandwidth and high-latency.
- Network Architecture:
How user PCs, servers, network devices, multiple, replicated Privileged Access Manager nodes and other elements interact on the network.
- Replicated Credential Vault:
Replicated storage of passwords to privileged accounts in multiple, physically distant, encrypted vaults.
- Included Connectors:
Systems on which Privileged Access Manager can discover accounts, randomize passwords and launch login sessions.
- Infrastructure Auto-discovery:
Automatically finding and classifying workstations, servers, applications and network devices as well as privileged accounts and services on each one.
- Non-target integrations:
Integrations between Privileged Access Manager and IT infrastructure where it may not be managing passwords or privileged access -- such as e-mail systems, incident management applications and more.
- Workflow Requests and Approvals:
Enabling users to request and approve one-off access to sensitive accounts.
- Concurrent Access to Accounts:
Limiting how many administrators can simultaneously manage a system and keeping administrators informed of one-anothers activity.
- Single Sign-on Mechanisms:
Options for connecting users to privileged accounts, through credential injection, trust manipulation and temporary group membership, all without displaying passwords from the vault.
- Server requirements:
Sizing, configuration and number of servers on which to deploy Privileged Access Manager.
Scaling to manage passwords across millions of devices.
- Emergency access:
Access to Privileged Accounts During Emergencies.
- Language Support:
A list of languages supported in the web portal.