Privilege Management Console Introduction
This section describes the components of the PMC management platform and Privilege Management agents.
- PMC Adapter: The PMC Adapter manages the communication between Privilege Management and PMC.
- PMC Portal: The Internet Information Services (IIS) application that hosts PMC. This is deployed onto an Azure infrastructure as a service (IaaS) virtual machine.
- Load balancer: The purpose of the load balancer is to evenly distribute the workload to maximize performance and capacity. A load balancer allows for dynamic scaling of PMC without requiring any reconfiguration at the client side. The external load balancer is deployed as a service within Azure. It distributes the incoming network traffic from the adapter across the PMC cluster. This maximizes speed and capacity across your infrastructure.
You can optionally configure an internal load balancer, if required. When an internal load balancer is configured alongside the external load balancer, the portal traffic is routed through the internal load balancer, rather than the external load balancer.
- Application Services: The application services are deployed in Azure and are contained in the PMC Service Fabric cluster.
- Application Cache: A Redis cache is deployed as a service in Azure, and stores information from the PMC services and databases to maximize performance.
- Microsoft SQL databases: There are three Azure SQL databases: one for the endpoint audit data that is used for reporting and two for the PMC application services data.
- Privilege Management Reporting database: Contains the Privilege Management auditing data for the PMC reports.
- PMC management database: This is the core PMC database. It holds the majority of data visible in PMC (for example, Computers, Groups, and Users).
- PMC Blob storage database: This database is used for holding Blob data (Binary Large Objects). This is limited to Policy Documents and Adapter Logs, when requested from PMC.
Endpoints you want to manage with PMC need Privilege Management and the Privilege Management PMC Adapter installed. Versions of the PMC Adapter are available for both Windows and Mac operating systems. Onboarding of endpoints into PMC for management is completed as the final step of the deployment, and requires parameters which are managed from the PMC portal.
You can get the PMC deployment package from your BeyondTrust consultant.
The PMC deployment package contains the following folders and files:
- AdapterInstallers: Contains the installer for the adapter.
- Deployment: Contains an AzurePaas folder that contains the resources for deploying the PMC platform to Azure.
- Encipherment: Contains the PowerShell scripts that you can use to encrypt and decrypt strings for PMC.
- Powershell: Contains PowerShell scripts that may be used to perform tasks on endpoints in bulk.
After you have deployed PMC, you need to delete the deployment package from the deployment machine.