The following roadmap outlines the steps to follow to install Privileged Identity.
Back up the solution's data store and encryption key.
- If there are any difficulties during or after upgrade and a rollback is required, the upgraded database may prevent previous functionality from working. The database and encryption key (or related settings) are required for disaster recovery purposes.
- Understand the product requirements prior to installation.
- Check the release notes for important information on this release of the product.
- Ensure you are prepared for the installation.
For more information, please see Install Privileged Identity Prerequisites .
- Stop the existing Deferred Processing Service.
- Use the management console or Windows Services snap-in to stop the existing deferred processing service.
iI product versions 5.5.2 and earlier, the Deferred Processing Service was called "Enterprise Random Password Manager Deferred Processing Service".
- Stop and remove any existing zone processors.
- If upgrading from version 5.5.0 or later, it is sufficient to re-copy and replace the updated zone processor files and upgrade the integration components and cross-platform support library. Be sure to take notes on the current configuration.
- If upgrading from version 5.4.0 or earlier, zone processors should be removed first, then re-installed due to file and registration differences. Failure to do so will render the zone processors inoperable. Be sure to take notes on the current configuration.
Remove existing web sites.
- If upgrading from version 5.5.2 or earlier, the web site registration and naming process follows a different process than 18.104.22.168 or later. Failure to remove existing web sites will cause multiple registrations with different names to appear in the web site registration dialog and can cause your security and other settings not to take effect.
- Install the base Privileged Identity program.
- This step will install the management console.
For more information, please see Install the Management Console .
Configure and Register Privileged Identity.
- Complete the setup wizard.
- Register Privileged Identity.
- Configure permissions to launch the management console (optional.
- Configure database settings (optional).
- Configure encryption settings (optional).
The first time Privileged Identity is run, a mini-setup wizard will run through a series of pages that handle the configuration of the various components of the product, such as database connections and encryption settings. Don't worry if you do not yet have all information required at this point, as all configurations may be performed or changed after the installation, as well.
For more information, please see the setup wizard .
Completing the Registration dialog enables switching from demo mode to extended demo mode or switching from demo mode to commercial mode.
For more information, please see Register the Privilege Identity Instance .
Following installation, any user who is an administrator of the system where the management console is installed and who also has access to the program data store will have the ability to launch the application. Configuring these permissions allows you to enable MFA requirements for launching the console as well, as define what aspects of the management console are available to users of the console.
If necessary, reconfigure database settings such as provider, connection limits, or connection strings for high-availability configurations.
For more information, please see Configure Database Settings in the admin guide .
Passwords managed by Privileged Identity are encrypted and then stored in the secure data store. The use of HSM or software-based encryption is supported at all times and may be changed at any point in time.
For more information, see the Configuring Encryption Settings in the admin guide .
- Install the web application.
The web application is used by consumers and auditors. Consumers will retrieve secured passwords or establish sessions through a delegated and audited process. Auditors will be able to generate reports and audit settings.
For more information, plese see Install the Web Application .
Install the web service.
The web service provides API-based functionality via a SOAP or REST-based URI and is required by the web application, PowerShell, federated logins (SAML/OAUTH), and application launcher modules. The web service is deployed from a separate installer or can be pushed from the management console with version 22.214.171.124 of the product or later.
For more information, please see Install the Web Service .
Install one or more zone processors (optional).
A zone processor is a remotely deployed scheduling service designated to perform specific jobs against a specific list (management set) of systems and devices. Conversely, the default deferred processor is installed with the management console and will handle any configured jobs against any and all lists of systems. Zone processors are typically used in DMZs or distributed networks where normal communication may not be allowed. Zone processors are also used to improve the job processing throughput of the entire solution. Zone processors may also require secondary installations of integration components and the cross-platform support library.
For more information, please see Deploy Zone Processors..
Install the PowerShell cmdlets (optional).
PowerShell cmdlets extend the management of Privileged Identity to a command line scripting environment.
For more information, please see Installing the PowerShell Cmdletsin the Privileged Identity PowerShell API Guide, pages 8-11.
Install the application launching and session recording components (optional).
Application launching allows users to enter a privileged session without gaining access to the underlying credentials (password, key, etc.) using a secured host where session recording may also be enabled for the session.
For more information, please see Installing the Application Launcher and Session Recording .
Install the Syslog Forwarder Service (optional).
This service is listed for syslog UDP traffic and retransmits it using SSL or TCP on the same or different port for greater security and reliability when forwarding events to loggers and SIEM products.
For more information, please see Using the Syslog Forwarder to Forward Syslog & MSMQ in the Privileged Identity Admin Guide, page 468.
If you are ready to begin your upgrade to the latest version of Privileged Identity, be sure to first visit Install Privileged Identity Prerequisites .