Password Safe deployment and failover guide

Password Safe is your privileged access management solution to ensure your resources are protected from insider threats. It combines privileged password and session management to discover, manage, and audit all privileged credential activity.

Password Safe creates and secures privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system.

Password Safe's random password generator algorithm does not use any common phrases or dictionary words as inputs or in its generation. It selects each password character randomly from the list of allowable characters, numerals, and symbols to build the password.

Password Safe is supported on a hardened U-Series Appliance that creates and secures privileged accounts through automated password management, encryption, secure storage of credentials, and a sealed operating system.

More specifically, you can use Password Safe to accomplish the following:

  1. Scan, identify, and profile all assets for automated Password Safe management, ensuring no credentials are left unmanaged.
  2. Control privileged user accounts, applications, SSH keys, cloud admin accounts, RPA accounts, and more.
  3. Use adaptive access control for automated evaluation of just-in-time context for authorization access requests.
  4. Monitor and record live sessions in real time and pause or terminate suspicious sessions.
  5. Enable a searchable audit trail for compliance and forensics, and achieve complete control and accountability over privileged accounts.
  6. Restrict access to critical systems, including assets and applications, keeping them safe from potential inside threat risks.

This document describes three common deployment methods and examines scenarios that demonstrate disaster mitigation following loss of access to either primary components, or entire sites within a given environment. The quantity and location of components are in this document for illustrative purposes only.

Disaster recovery use cases

The following are Disaster Recovery (DR) use cases to consider:

  • In a DR scenario, do you need to go to through the session proxy?
  • Do you execute a password change action while in DR?
  • In a DR scenario, do you need the user IDs to be the same as in primary?
  • Does everyone have the same role in a DR Scenario?
  • Do groups, systems, and deployment scenarios match?

Configurations supported: advantages and disadvantages

Many different configurations are supported to scale from single site installations to multi-site, geographically dispersed environments. This document outlines the following:


Sometimes called multi-active, this deployment type allows multiple nodes (Password Safe instances) to be active simultaneously. Each node is connected directly to the database.


  • Unlimited scalability.
  • Redundancy of components.


  • Requires an external database.
  • Redundant database configurations such as SQL Always On are expensive.
  • It is the responsibility of the customer to ensure that the database is securely hardened.


Two U-Series Appliances are required for active/passive. The internal databases are replicated, and a heartbeat sent from the primary indicates to the secondary if it should take over operations.


  • Easy to set up.
  • All HA is incorporated within the solution.


  • An external load balancer is required for auto-switching users to the active U-Series Appliance.
  • The failover process can take 10 minutes or longer.

Single U-Series Appliance with vMotion

For deployments where only one U-Series Appliance is desired, VMware vMotion can be used to keep the U-Series Appliance continuously available even if the physical server running the virtual image goes offline for any reason.


  • Cost effective HA with a single U-Series Appliance.
  • Provides HA and continuous operation during host server outages.


  • Relies on VMware vMotion to be setup and configured correctly.
  • Does not provide redundancy in the event of a software failure.