Plan

During the first phase of the deployment, you collect and analyze details about your organization’s requirements and goals. You can then also make preliminary decisions about sizing, network communication, where to install components, and what your zone structure should look like.

Here are the key steps involved:

  • Identify the goals of the deployment.
    • Is identity and privilege management or audit and monitoring service a primary goal?

    • Are identity and privilege management and audit and monitoring service equally important to the organization?

    • Is audit and monitoring service important for specific computers?

    • Is audit and monitoring service important for computers used to perform administrative tasks?

    • Is audit and monitoring service important for computers that host specific applications or sensitive information?

    • Should audit and monitoring service be required for users in specific groups or with specific roles?

      For example, if audit and monitoring service is important, are you primarily interested in auditing Windows servers, such as SQL Server, Exchange, and IIS, administrative workstations, or computers that host specific applications or sensitive information?

  • Assemble a deployment team with Active Directory and other expertise.

    • People with specific knowledge, such as Exchange, IIS, or Sharepoint administrators.

    • If auditing, at least one Microsoft SQL Server database administrator.

  • Provide basic training on Centrify architecture, concepts, and terminology.

  • Study the existing environment to identify target computers where you plan to install Centrify components.

    • Plan for permissions and the appropriate separation of duties for your organization.

    • Review network connections, port requirements, firewall configuration.

      For more information about network communication and the ports used, see Plan for network traffic and data storage.

    • Identify computers for administration.
      • Basic deployment—Access Manager
      • Auditing—Audit Manager and Audit Analyzer consoles

    • Identify computers to be used as collectors, audit stores, and the management database.
      • Verify that you have reliable, high-speed network connections between components that collect and transfer audit data.

      • Verify you have sufficient disk storage for the first audit store database.

    • Identify the initial target group of computers to be managed and audited.
  • Design a basic zone structure that suits your organization.

    • Single or multiple top-level parents.

    • Initial child zones, for example, separate zones for different functional departments or administrative groups.