Hitachi ID Privileged Access Manager is designed to scale to support over 1,000,000 password changes per 24 hour period, in a physically and geographically replicated (i.e., high availability / disaster-proof) configuration.
This is accomplished using a number of technologies:
- Concurrent operation by multiple Privileged Access Manager servers -- i.e., a multi-master, active-active replication model.
- A multi-threaded "push-mode" service that can push out tens of thousands of new passwords to servers, routers and applications every hour.
- A local workstation service that can "pull" new passwords onto devices such as laptops at random intervals, in order to support devices unreachable from a central server while distributing server workload over the hours of the day.
- A data replication protocol that is tolerant of both low-bandwidth and high-latency.
User logins to target systems are usually direct, rather than proxied. This yields significant performance advantage as there are no choke points on privileged login sessions.
Video capture is policy-driven, rather than "always on" -- this
reduces load. That said, a single Privileged Access Manager server can accept about
100 concurrent video streams, using efficient client-side encoding
and differential compression. Organizations that need more can simply
stand up multiple, load-balanced, replicated Privileged Access Manager servers.