Frequently Asked Questions (FAQ)
What platforms are supported by PowerBroker for Servers?
PowerBroker for Servers supports 30 different UNIX/Linux platforms including:
- Debian GNU
- HP-UX
- HP-Tru64
- IBM AIX
- RedHat Enterprise Linux
- Sun Solaris
- SuSE Linux Enterprise
- VMware ESX
A complete list of "certified" platforms can be found in the PowerBroker for Servers README document.
Which types of encryption does PowerBroker for Servers support?
PowerBroker for Servers provides 25 different encryption algorithms, including the U.S. Government standard AES, for administrators to implement per the enterprise’s security model.
Can PowerBroker for Servers use FIPS-140-2 Encryption?
Yes. PowerBroker for Servers integrates with SafeNet Luna SA HSM (Hardware Security Module) to provide the first privileged user management solution to use FIPS 140-2 Security Level 2, and Common Criteria EAL 4+ certified validation. FIPS 140-2 Security ensures regulatory compliance using defined key storage requirements and standards.
How configurable are PowerBroker for Servers’ reporting features? Does PowerBroker for Servers have Entitlement Reporting?
PowerBroker for Servers offers a web-based report generator, and exports reports in XML/HTML and CSV format. Reports include tracking user entitlements/activities, password approvals. Reports are ad-hoc and may contain over 120+ custom data points/columns. Entitlement Reporting is an essential element of audit control. PowerBroker for Servers offers this report to display every command and access-type users are authorized to perform. Entitlement Reports allow auditors and administrators to quickly review which user(s) can do what, where and when. If your organization implemented security policies to restrict user access to specific programs during certain times of the day, this will also be illustrated in the Entitlement Report.
Can PowerBroker for Servers authenticate against third-party applications (e.g., Active Directory and LDAP)?
Yes. More enterprises are using Active Directory and LDAP for authentication throughout their network. Configuring PowerBroker for Servers to authenticate against Kerberos and LDAP/AD is performed in just a few steps.
Can PowerBroker for Servers centrally audit and manage logs produced across multiple servers?
Yes. Log synchronization is a feature administrators can use with the management of PowerBroker for Servers logs to organize data from multiple servers and store on one central PowerBroker for Servers server. This functionality further enables organizations to comply with governmental regulations through secure logging and reliable audit trails.
What are security policy files?
Security policy files are used to build “trust” conditions. Once enough "trust" is established, privileged access is allowed. Rule-based files grant access based on time of day, machine, userid, etc. Users can be assigned expanded privileges within a controlled environment. The security policy file supports a wide range of programming functions (if, else, case), string/parsing (strip, atoi, basename), and other functions.
How configurable is PowerBroker for Servers to match an enterprise’s unique IT security policies?
Using highly-configurable scripting language, PowerBroker for Servers gives administrators the ability to restrict user access to specific applications, commands and files. Administrative options include managing system programs, mounting devices, performing backups, and adding new users. Tasks will be delegated to individuals or groups at a granular level, thus reducing the risk of accidental damage and the threat of malicious activities. PowerBroker for Servers also delegates user access to files, directories and third-party applications and accounts (i.e. database, CRM, ERP, SAP), including generic accounts.
Does BeyondTrust offer any packaged installations for PowerBroker for Servers?
Yes. BeyondTrust offers native package installation bundles for Solaris, Linux, HP-UX and AIX systems to facilitate the installation of PowerBroker for Servers across large multi-platform environments. Administrators will have the ability to deploy PowerBroker for Servers to multiple servers from a remote location, reducing the time and cost associated with having to locally deploy in multiple locations throughout the enterprise.
Does PowerBroker for Servers have any single points of failure?
No. PowerBroker for Servers does not have a single point of failure. This is in stark contrast to “open source” solutions that have a monolithic architecture. Several PowerBroker for Servers failover masters can be deployed, as necessary, to support your unique architectural and high availability needs.
Does PowerBroker for Servers affect performance on UNIX/Linux machines?
There is no notable impact on an ssh system performance when PowerBroker for Servers is running. For example, a PowerBroker for Servers session parallels session, as both have the same minimal impact on systems. PowerBroker for Servers can be installed, configured, used, reconfigured, and un-installed without rebooting any hosts or making any changes in configuration. PowerBroker for Servers’ complete solution can be implemented without requiring any significant modifications to your organization’s applications or machines.
Can administrators view sessions in real-time?
Yes. The pbreplay utility enables administrators to view any terminal session in real-time or at a later date.
Do you offer a management console to expand on PowerBroker for Servers’ features?
PowerBroker for Servers provides a comprehensive solution to implement role-based access controls (RBAC) that provide a needed improvement to the limitations found in operating-system RBACs. Because of RBAC’s obvious value to enterprises, RBAC has been implemented in some form. PowerBroker for Servers’ security approach enriches the security features of current RBAC implementations. Additionally, BeyondTrust offers the PowerBroker Management Console v1.0 (PBMC). When integrated with PowerBroker for Servers v6.0, PBMC strengthens RBAC policies further. PBMC is a web application integrates with BeyondTrust PowerBroker for Servers to manage privileged access lifecycles across heterogeneous environment, and delivers essential advantages in flexibility, separation of duties, audit trails, and strong best-practices security. PBMC features eWorkflow, which provides complete support for separation of duties for policy management. eWorkflow brings intelligent security that is automated and actionable, empowering organizations to make quick and effective decisions that are delegated across the entire network.
How does PowerBroker for Servers address and strengthen RBAC (Role-Based Access Control) requirements?
Yes. BeyondTrust offers PBMC v1.0, a web-based application that provides a centralized console to integrate with BeyondTrust PowerBroker for Servers v6.0 to manage privileged access lifecycles across heterogeneous environments. The PowerBroker™ Management console provides a platform for the automated management of the privileged access lifecycle across heterogeneous environments. The PowerBroker™ Management Console integrates with PowerBroker for Servers® to provide new policy and incident workflows and centralized management capabilities, enabling automated workflows for privileged policy creation, aggregation of privileged logging and audit data, and automated policy propagation in multi-server PowerBroker for Servers® deployments.