High-Availability Password Storage

Once deployed, a Privileged access management (PAM) system becomes an essential part of an organization's IT infrastructure, since it alone has access to privileged passwords across thousands of systems. Any interruption to the availability of the PAM system or its password vault means that administrative access to many systems is interrupted -- a major IT service disruption.

In the event of a disaster, such as a fire, flood or power outage recovering access to the password vault is imperative, as work on restoring other services cannot begin until access to privileged accounts on those systems is possible, which requires passwords from the vault. Recovery times for all other systems increase by the time required to recover the PAM service. The recovery time objective for any PAM system should therefore be zero -- this is the most critical system in the enterprise in terms of required service resiliency.

Since servers occasionally break down, Bravura Privilege supports load balancing and data replication between multiple application servers (each on its own hypervisor or hardware) and multiple credential vaults. Any updates written to one database instance are automatically replicated, in real time, over an encrypted communication path, to all other Bravura Privilege servers and all other credential vaults.

In short, Bravura Privilege incorporates a highly available, replicated, multi-master, active-active architecture for both the application and the credential vault. The architecture is active-active, not active-standby as is common with other products.

To provide out-of-the-box data replication, Bravura Privilege includes a database service that replicates updates across multiple database instances. This service uses a Microsoft SQL Server (one per app node) for physical storage. Hitachi ID Systems recommends one physical database per Bravura Privilege server, normally on the same hardware as the Bravura Privilege application.

The Bravura Privilege data replication system makes it both simple and advisable for organizations to build a highly-available Bravura Privilege server cluster, spanning multiple servers, with each server placed in a different data center. Replication traffic is encrypted, authenticated, bandwidth-efficient and tolerant of latency, making it suitable for deployment over a WAN.

This multi-site, active-active replication is configured at no additional cost, beyond that of the hardware for additional Bravura Privilege servers, and with minimal manual configuration.

Bravura Privilege network architecture

Bravura Privilege network architecture

Scaling to Support Thousands of Workstations

To secure privileged accounts on mobile PCs (typically laptops), Bravura Privilege includes a service, which installs on the relevant PCs and which contacts a central server to coordinate local password changes.

This architecture has several important advantages:

  • The local workstation service uses only HTTPS to communicate with the central server and works even when the PC is connected behind NAT devices, firewalls or application proxies.
  • The local workstation service does not randomize passwords unless it has established connectivity with the central privileged access management server. This avoids a situation where the central server does not know the new password value for a PC.
  • Dynamic IP addresses have no impact on this architecture.
  • Physical relocation and long periods of detached network connectivity may delay updates to local passwords, but do not introduce a failure whereby the local administrator passwords on a PC are unknown.