• Site Map
• Contact Us

• Home
• Our Company
• News &  Events
• Products
• Services
• Resource Center
• Community

Products Core Products ID-Archive

ID-Archive: Securing Administrator Passwords

Overview

ID-Archive is a system for securing privileged passwords across large numbers of devices. ID-Archive regularly randomizes privileged passwords on workstations, servers and applications. Random passwords are encrypted and replicated across at least two servers, and may be disclosed:

1. To administrators, after they have authenticated and their requests have been authorized.
2. To applications, replacing embedded passwords.
3. To Windows workstations and servers, where they are used to run services.

Password changes and disclosure are closely controlled and audited, to satisfy policy and regulatory requirements.

Problems with Managing Privileged Passwords

Many organizations have insecure processes for managing privileged passwords -- local IDs and passwords embedded in servers, workstations and applications with elevated privileges. Inappropriate disclosure of these passwords would lead to serious security compromise:

• Hundreds or thousands of workstations and servers often share the same administrator credentials. If one device is compromised, all are compromised.
• With thousands of workstations and servers, it is difficult or impossible to ever change these passwords. Privileged passwords remain the same for months or years, creating an extended window of opportunity for an attacker to crack them.
• If administrator passwords are rarely changed, as IT staff turn over, ex-staff retain access to sensitive systems.

Managing Workstation Passwords

To manage privileged passwords on workstations, ID-Archive includes a service, which installs on each workstation and which contacts a central server to coordinate local password changes.

This architecture has several important advantages:

• The workstation service uses only HTTPS to communicate with the central server and works even when the workstation is connected behind NAT devices, firewalls or application proxies.
• The workstation service does not randomize passwords unless it has established connectivity with the central privileged password management server. This avoids a situation where the central server does not know the new password value for a workstation.
• Dynamic IP addresses have no impact on this architecture.
• Physical relocation and long periods of detached network connectivity may delay updates to local passwords, but do not introduce a failure whereby the local administrator passwords on a workstation are unknown.

Managing Server Passwords

To manage administrator passwords on servers -- i.e., IT assets attached to the network at fixed addresses, each ID-Archive server runs a password updating service. This service periodically runs a connector, also on the ID-Archive server, that communicates with a single target server and changes a single password. Upon successfully setting the new password, the service updates the ID-Archive server with the new password, thus making it available to IT staff. The new password is automatically, immediately and securely replicated to all other ID-Archive servers.

This process is repeated thousands of times daily, for different types of servers (Windows, Unix, Linux, DBMS, mainframe, application, etc.), using different types of connectors. Connectors for over 70 types of servers and applications are included with ID-Archive.

High Availability and Data Replication

Once deployed, ID-Archive becomes an essential part of an organization's IT infrastructure, since it alone houses privileged passwords for thousands of networked devices. An outage in ID-Archive would mean that administrative access to a range of devices is interrupted -- a major outage to IT service.

Since servers occasionally break down, ID-Archive supports load balancing and data replication between multiple physical servers. Any data updates written to its credential database are replicated, in real time, across all servers.

In short, ID-Archive incorporates a highly available, replicated, multi-master architecture.

To provide out-of-the-box data replication, ID-Archive includes a database service that replicates data between multiple instances. This service can be configured use either Oracle or Microsoft SQL Server databases as the physical storage mechanism. Hitachi ID recommends one physical database instance per ID-Archive server, normally on the same physical hardware as ID-Archive itself.

The ID-Archive replicating data service can be configured to use any of the following SQL database engines as its physical data store:

• Oracle 10g, Enterprise Edition.
• Microsoft SQL Server 2005, Enterprise Edition.
• Oracle 10g, Express Edition (free download from http://oracle.com/).
• Microsoft SQL Server 2005, Express Edition (free download from http://microsoft.com/).

The ID-Archive data replication system makes it both simple and advisable for organizations to build a highly-available ID-Archive server cluster, spanning multiple servers, with each server placed in a different physical site. Replication traffic is encrypted, authenticated, bandwidth-efficient and tolerant of latency, making it suitable for deployment over a WAN.

This multi-site, multi-master replication is configured at no additional cost, beyond that of the hardware for additional ID-Archive servers, and with minimal administrative effort.

Network Architecture

The ID-Archive network architecture is illustrated in Figure [link].

    ID-Archive Network Architecture Diagram (1)

© Hitachi ID Systems, Inc. 2008. All rights reserved.