Password Safe Cloud Resource Broker Installation and Configuration Guide

This document explains how Password Safe Cloud uses resource brokers within resource zones to manage resources across segmented networks and how to configure resource zones.

A resource zone is a group of resources on your network. You can create an unlimited number of resource zones to meet the requirements for how your network is segmented; however, one zone for your entire network is sufficient. At least one resource zone is required. Password Safe Cloud creates a default resource zone called Default, which is a catch-all for all domains and workgroups in your network.

Password Safe Cloud uses resource brokers to communicate with the systems in your resource zones. A resource broker is a bundle of software that contains all of the services and components required for Password Safe Cloud to interact with your on-premises servers using TCP 443 for communication.

You must download the Resource Broker Installer from the Password Safe Cloud portal and install the broker on a Windows Server 2019 x64 or greater system in your network. Each resource zone must have at least one resource broker installed, but we recommend you install two or more for efficiency and redundancy of functionality. You may install up to ten resource brokers in each resource zone.

Installing a resource broker on Wiindows 2016 x64 is supported; however, Windows 2019 x64 is recommended.

A resource zone uses a collection of resource brokers to handle the following four core Password Safe functions. Azure uses a round-robin technique to communicate with the resource brokers within the zone to handle these functions.

  • Authentication against LDAP/Active Directory: Allows authentication into Password Safe against your local LDAP/Active Directory domains.
  • Asset and Account Discovery: Uses a discovery scanning agent to discover assets and accounts in your network.
  • Credential Management: Changes passwords or SSH keys on a scheduled or on-demand basis.
  • Session Proxy: Acts as a proxy to allow a standard user to open SSH or RDP sessions on systems in your network.

For more information on the services that are bundled with a resource broker, please see Troubleshoot Resource Brokers Services .