Introduction

The Centrify Hyper-scalable Privileged Access Service (Hyper-scalable PAS) deployment model is an on-site solution where you provide your own servers as part of the infrastructure solution. The infrastructure you choose can be either an internal protected network, a private cloud, or a public cloud instance.

Hyper-scalable PAS uses a scalable approach; each installation includes an unlimited number of Web, Background, and optionally TCP Relay (Relay and Logging) nodes running Centrify Privileged Access Servicesoftware on a Windows Server 2016 operating system. These nodes must be able to communicate with each other and the following additional components that make up the installation (for specific component requirements, see Prerequisites):

  • Cache server (Redis)
  • Database server (PostgreSQL)
  • Load Balancer

Additionally, outside of the cluster, a Management node is required to manage the cluster.

See the following for a run time overview of the Hyper-scalable PAS.

Note:   Components with the Centrify icon execute product code provided by Centrify.

Installation concepts

This installation and configuration guide describes how to install, upgrade, and configure the Hyper-scalable PAS as a solution in a high availability (HA) environment. An installation is the configuration for a specific hostname and certificate that define the site enabled by this Centrify PAS deployment. After you install Hyper-scalable PAS, you use the Admin Portal to add, manage, and access the resources, domains, and databases and the corresponding accounts within the Privileged Access Service. The following concepts provide some context that can be helpful in understanding the overall installation process (for an overview of the installation, see Installing Hyper-scalable PAS):

  • Cluster site installation

    A cluster installation/site is defined as the configuration of nodes with the Hyper-scalable PAS software package installed. Each installation/site requires a single hostname and certificate to be defined for that particular site. For example, pas.yourcompany.com indicates a particular site installation, with one hostname, matching host certificate, and database server, while company.acme.com would be a different site installation with a different database server and a different host certificate. To create an installation, you need to install and deploy the Centrify Hyper-scalable PAS software to the Management, Web, Background, and TCP Relay nodes. During installation you create the deployment package that allows you to easily deploy to specific nodes.

  • Deployment

    A Hyper-scalable PASDeployment is the specific version of the software and configuration used to create node instances. This is created and packaged using Centrify-PAS-NewDeployment. That package is then used to create new nodes (see Deployment instance below), which are associated with that specific Deployment.

  • Deployment instance

    A Hyper-scalable PASdeployment instance is a node on a server created using a Deployment package, for example by calling Centrify-PAS-Deploy-WebNode. In addition to Web and Background nodes, you can also deploy the Hyper-scalable PAS software two types of TCP Relay nodes: Logging node and a Relay node.

High availability and scale

The Hyper-scalable PAS gives you the ability to easily add additional Web and Background nodes to make it a scalable, high availability solution. Generally your solution should include two or more Web, Background, and optionally TCP Relay nodes. For more information, see Scaling and High Availability. The following additional components that make up your Hyper-scalable PAS solution will also need to be sized to meet your scalability and high availability needs:

  • Cache (Redis)
  • Database (PostgreSQL)
  • Load balancer
  • Networking and power infrastructures
  • Centrify Connector

The following shows how high availability works in Hyper-scalable PAS.

Note:   Node monitoring is dependent on your organizations chosen software.

Backup and Disaster Recovery

To ensure uninterrupted service in the event of a major system failure, we recommend maintaining a back up of your configuration and database instances. Maintaining these backups helps to ensure fastest recovery from a system failure. For more information on disaster recovery, see Backup and Disaster Recovery.