Customer-managed Privileged Access Service additional requirements

See the following details to prepare for installation and deployment of the customer-managed Privileged Access Service. Note that requirements for managed and internal database configurations vary; see Variations for managed and internal databases.

For additional deployment information, see Privileged Access Service deployment checklist.

Getting the software

  • Get a license key from your assigned Sales Engineer.
  • Get the unlock code from your assigned Sales Engineer.
  • Navigate to the Centrify Download Center and use provided codes to download the software.

Servers you need before you install

You will need a total of five Windows 2012 R2 or 2016 servers as follows:

Vault cluster servers

Three Windows Servers with the following:

  • 16 GB RAM
  • 2 CPUs
  • 1 fixed IP address per machine.
  • Windows Failover Cluster Service installed

Connector servers

Two Windows Servers with the following:

  • 8 GB RAM
  • 2 CPUs
  • 1 Fixed IP address per machine

IP addresses you need before you install

  • Internal Web IP: vault name requires DNS IP and name.
  • Internal WFCS IP: the main server requires a virtual IP.

Note:   This is the administration access point for the cluster.

Certificates you need before you install

  • Web signed certificate IP: This should be a commercial certificate with a built-in root of trust.

Note:   This is for the URL of the vault.

  • Use either a self-signed certificate or use your own custom and/or internal CA.

Note:   If you use your own custom and/or internal CA, you must create a certificate with all DNS names in SAN (subject alternate names) of all clustered nodes.

Database setup to prepare before you install

Also see Variations for managed and internal databases for additional requirements.

  • Choose a database name (example: vaultDB).
  • Choose a database username (example: vaultDB).

Note:   The database name and database username must be the same.

Security steps to take before you install

  • Plan for a place to store cl.conf file.

Note:   The cl.conf file is a very sensitive file with a security vulnerability, handle accordingly.

Variations for managed and internal databases

Managed database configurations:

  • Separate the PostgreSQL cluster
  • Install FastDB on an external database

Internal database configuration:

  • Requires two ISCSI disks