Hitachi ID Privileged Access Manager is designed to scale to support over 1,000,000 password changes per 24 hour period, in a physically and geographically replicated (i.e., high availability / disaster-proof) configuration.

This is accomplished using a number of technologies:

  1. Concurrent operation by multiple Privileged Access Manager servers -- i.e., a multi-master, active-active replication model.
  2. A multi-threaded "push-mode" service that can push out tens of thousands of new passwords to servers, routers and applications every hour.
  3. A local workstation service that can "pull" new passwords onto devices such as laptops at random intervals, in order to support devices unreachable from a central server while distributing server workload over the hours of the day.
  4. A data replication protocol that is tolerant of both low-bandwidth and high-latency.

User logins to target systems are usually direct, rather than proxied. This yields significant performance advantage as there are no choke points on privileged login sessions.

Video capture is policy-driven, rather than "always on" -- this reduces load. That said, a single Privileged Access Manager server can accept about 100 concurrent video streams, using efficient client-side encoding and differential compression. Organizations that need more can simply stand up multiple, load-balanced, replicated Privileged Access Manager servers.