Install Privileged Identity Prerequisites
In this section, we'll cover the installation prerequisites for Privileged Identity. Based on your starting host system configuration, your actual installer experience may vary.
While we provide documentation and support to set up and configure Privileged Identity along with the various technologies it uses, product admins should have knowledge in the following areas:
- Microsoft SQL Server and all target databases
- IIS web server technologies
- Network administration
- System administration
Privileged Identity is an n-tier product, with individual components operating exclusively of each other. While the different components can be hosted on a single system, we recommend that you distribute them across multiple systems as resources permit. When deployed across multiple hosts, loss of the management console would have no functional effect on the web app or web service, just as loss of the web app or web service would not affect the management console.
Privileged Identity requires a Microsoft SQL Server database to store program data. All component host servers should be patched, secured, and configured according to your corporate patching strategy to help ensure that the password store will not be compromised.
The primary components are:
- Management Console - The primary administrative interface for general configuration of the software
For more information, see Host System Requirements.
- Web Service - The resource used by various components, including the web app, to perform programmatic access and management of the product
- Web Application - The primary user interface to retrieve managed credentials or establish sessions
- Database - The data store where managed passwords and most program configurations are stored
All software components require communication with the database.
Privileged Identity is supported in a physical, virtual (cloud), or physical-virtual mixed environment. If any components will be shared on a single host, then simply combine the requirements.
The database should be placed on a separate system to keep the encrypted data segregated from the encryption key.
Additional components include the following:
- Deferred Processing Service - Used with scheduled jobs and automatic retry options. Comes included in the download package.
- Zone Processors - Used to manage segregated and distributed networks.
Zone processors are a licensed feature of Privileged Identity.
- Integration Components - Additional connectors used by zone processors, remote web services, and web applications to integrate with email, help desk systems, syslog output, etc. Comes as IntegrationComponents.msi.
- Cross-Platform Support Library - Used to manage and discover non-Windows-based systems and devices (e.g., Linux, Unix, iOS) from zone processors. Comes included in the download package as CrossPlatformSupportLibrary.msi.
- Email Server - (Optional) Used to send email notifications. Configuration of an email server (including enabling SSL and establishing a certificate trust) is done outside Privileged Identity.
- IIS Web Server with ASP Processing and ASP.NET - Required to use the web application and web service. The IIS server should be supplied with the host operating system.
- IIS Media Services - (Optional) Used to stream recordings of sessions run through application launching.. Comes included in the download package.
A poorly configured virtual host can impede the software's ability to work. Make sure that the recommended resource allotments for each component have been met, and if possible, allow for dynamic increases in memory and storage. Supported host virtualization platforms are Hyper-V Server 2016, VMware ESX, and VMware Workstation.