Privileged Identity Installation Prerequisites
In this section, we'll cover the installation prerequisites for Privileged Identity. Based on your starting host system configuration, your actual installer experience may vary.
While we provide documentation and support to set up and configure Privileged Identity along with the various technologies it uses, product admins should have knowledge in the following areas:
- Microsoft SQL Server and all target databases
- IIS web server technologies
- Network administration
- System administration
Privileged Identity is an n-tier product, with individual components operating exclusively of each other. While the different components can be hosted on a single system, we recommend that you distribute them across multiple systems as resources permit. When deployed across multiple hosts, loss of the management console would have no functional effect on the web app or web service, just as loss of the web app or web service would not affect the management console.
Privileged Identity requires a Microsoft SQL Server database to store program data. All component host servers should be patched, secured, and configured according to your corporate patching strategy to help ensure that the password store will not be compromised.
The primary components are:
- Management Console: Primary administrative interface for general configuration of the software
For more information, please see Host System Requirements.
- Web Service: Used by various components, including the web app, to perform programmatic access and management of the product
- Web Application: Primary user interface to retrieve managed credentials or establish sessions
- Database: Data store where managed passwords and most program configurations are stored
All software components require communication with the database.
Privileged Identity is supported in a physical, virtual (cloud), or physical-virtual mixed environment. If any components will be shared on a single host, then simply combine the requirements.
The database should be placed on a separate system to keep the encrypted data segregated from the encryption key.
Additional components include the following:
- Deferred Processing Service: Used with scheduled jobs and automatic retry options (included in download package)
- Zone Processors: Used to manage segregated, distributed, and untrusted networks
Zone processors are a licensed feature of Privileged Identity.
- Integration Components: Additional connectors used by zone processors, remote web services, and web applicatsions to integrate with email, help desk systems, syslog output, etc. (included in IntegrationComponents.msi)
- Cross-Platform Support Library: Used to manage and discover non-Windows-based systems and devices (e.g., Linux, Unix, iOS) from zone processors (included in CrossPlatformSupportLibrary.msi)
- Email Server: (Optional) Used to send email notifications
Configuration of an email server (including enabling SSL and establishing a certificate trust) is done outside Privileged Identity.
- IIS Media Services: (Optional) Used to stream recordings of sessions run through application launching (included in download package)
A poorly configured virtual host can impede the software's ability to work. Make sure that the recommended resource allotments for each component have been met, and if possible, allow for dynamic increases in memory and storage. Supported host virtualization platforms are Hyper-V Server 2012 R2 or later, VMware ESX, and VMware Workstation.