One Identity Safeguard 2000 User manual
One Identity Safeguard 2.1
Appliance Setup Guide
Copyright 2018 One Identity LLC.
ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide
is furnished under a software license or nondisclosure agreement. This software may be used or copied
only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced
or transmitted in any form or by any means, electronic or mechanical, including photocopying and
recording for any purpose other than the purchaser’s personal use without the written permission of
One Identity LLC .
The information in this document is provided in connection with One Identity products. No license,
express or implied, by estoppel or otherwise, to any intellectual property right is granted by this
document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE
TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT,
ONEIDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR
STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-
INFRINGEMENT. IN NO EVENT SHALL ONEIDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT
LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF
INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF
ONEIDENTITY HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity make no
representations or warranties with respect to the accuracy or completeness of the contents of this
document and reserves the right to make changes to specifications and product descriptions at any
time without notice. One Identity do not make any commitment to update the information contained
in this document.
If you have any questions regarding your potential use of this material, contact:
One Identity LLC.
Attn: LEGAL Dept
4 Polaris Way
Aliso Viejo, CA 92656
Refer to our Web site (http://www.OneIdentity.com) for regional and international office information.
Patents
One Identity is proud of our advanced technology. Patents and pending patents may apply to this
product. For the most current information about applicable patents for this product, please visit our
website at http://www.OneIdentity.com/legal/patents.aspx.
Trademarks
One Identity and the One Identity logo are trademarks and registered trademarks of One Identity
LLC. in the U.S.A. and other countries. For a complete list of One Identity trademarks, please visit
our website at www.OneIdentity.com/legal. All other trademarks are the property of their
respective owners.
Legend
WARNING: A WARNING icon indicates a potential for property damage,
personal injury, or death.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss
of data if instructions are not followed.
IMPORTANT,NOTE,TIP,MOBILE, or VIDEO: An information icon indicates supporting
information.
Safeguard Appliance Setup Guide
Updated - January 2018
Version - 2.1
Contents
One Identity Safeguard 2000 appliance 4
Package contents 4
Front and back panels 5
Operating conditions and regulatory compliance 6
Setting up the appliance 8
Warnings and precautions 13
Standardized warning statements for AC systems 15
About us 18
Contacting us 18
Technical support resources 18
Safeguard 2.1 Appliance Setup Guide 3
1
One Identity Safeguard 2000
appliance
This chapter provides a list of the main components included in the package and a
description of the main features of the One Identity Safeguard 2000 Appliance. It also
describes the operating conditions and regulatory compliance.
Package contents
In addition to this guide, the One Identity Safeguard package contents include:
1. One Identity Safeguard 2000 Appliance
2. Rail (2)
3. Ethernet cable
4. Extra rail installation brackets
5. Power cord (2)*
6. 1 6FT DB9F/DB9F SERIAL Cable
* The included power cords are approved by use only in specific countries or regions.
Before using a power cord, verify that it is rated and approved for use in your location. The
power cord is for AC mains installation only.
If any items are missing from your package, contact Support at:
https://support.oneidentity.com
Safeguard 2.1 Appliance Setup Guide
One Identity Safeguard 2000 appliance
4
Front and back panels
The following diagram shows the front and back panels on the One Identity Safeguard
2000 Appliance.
Safeguard 2.1 Appliance Setup Guide
One Identity Safeguard 2000 appliance
5
Operating conditions and regulatory
compliance
Operating conditions (運行條件)
Input (輸入/输入):100-140 / 180-240 Vac, 50-60 Hz, 8.5-6.0 / 5.0-3.8 A
Operating Temperature (工作溫度): 5 C to 35 C
Altitude of Operation (m)…: Up to 2000 m (操作高度(m):最高2000 m)
Regulatory compliance
Electromagnetic Emissions: FCC Class A, EN 55032 Class A, EN 61000-3-2/-3-3, CISPR 32
Class A, VCCI Class A
Electromagnetic Immunity: EN 55024/CISPR 24, (EN 61000-4-2, EN 61000-4-3, EN 61000-
4-4, EN 61000-4-5, EN 61000-4-6, EN 61000-4-8, EN 61000-4-11)
Safety: CSA/EN/IEC/UL 60950-1 Compliant, UL or CSA Listed (USA and Canada), CE
Marking (Europe)
FCC warning
This equipment has been tested and found to comply with the regulations for a Class A
digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide
reasonable protection against harmful interference when the equipment is operated in a
commercial environment. This equipment generates, uses, and can radiate radio frequency
energy and, if not installed and used in accordance with this user’s guide, may cause
harmful interference to radio communications. Operation of this equipment in a residential
area is likely to cause harmful interference, in which case the user will be required to
correct the interference at his or her own expense.
CE Mark warning
This is a Class A product. In a domestic environment, this product may cause radio
interference, in which case the user may be required to take adequate measures.
VCCI warning
This is a Class A product. In a domestic environment, this product may cause radio
interference, in which case the user may be required to take adequate measures.
Safeguard 2.1 Appliance Setup Guide
One Identity Safeguard 2000 appliance
6
Taiwan BSMI Class A Warning Statement
This is a Class A Information Product, when used in residential environment, it may cause
radio frequency interference, under such circumstances, the user may be requested to take
appropriate countermeasures.
Safeguard 2.1 Appliance Setup Guide
One Identity Safeguard 2000 appliance
7
2
Setting up the appliance
Follow these steps to set up and configure the One Identity Safeguard 2000 Appliance.
NOTE: Before you start, ensure that you install the Microsoft .NET Framework 4.6 (or
greater) on your management host.
Step 1: Prepare for installation
Gather the following items before you start the appliance installation process:
1. Laptop
2. IP address
3. IP subnet mask
4. IP gateway
5. DNS server address
6. NTP server address
NOTE: If a Safeguard appliance is going to be used for both Privileged
Passwords and Privileged Sessions, you need this network interface inform-
ation for both the appliance and the sessions module.
7. One Identity Safeguard license(s)
NOTE: One Identity Safeguard ships with the following modules, each requiring
a valid license to enable functionality:
lOne Identity Safeguard Privileged Passwords
lOne Identity Safeguard Privileged Sessions
NOTE: If you purchased One Identity Safeguard, the appropriate license file(s) should
have been sent to you via email. If you have not received an email or need it to be
resent, visit https://support.oneidentity.com/contact-us/licensing. If you need to
request a trial key, please send a request to sales@oneidentity.com or call +1-800-
306-9329.
Safeguard 2.1 Appliance Setup Guide
Setting up the appliance
8
Step 2: Rack the appliance
Prior to installing the racks for housing the appliance, see Warnings and precautions
Step 3: Power on the appliance
Prior to powering up the appliance, see Standardized warning statements for AC systems
The One Identity Safeguard 2000 Appliance includes dual power supplies for redundant AC
power and added reliability.
1. Plug the power cords to the power supply sockets on the appliance back and then
connect the cords to AC outlets.
TIP: As a best practice, connect the two power cords to outlets on different
circuits. One Identity recommends using an UPS on all appliances.
2. Press the Green check mark button on the front panel of the appliance for NOmore
than one second to power on the appliance.
CAUTION: Once the Safeguard appliance is booted, DONOT press and
hold the Green check mark button. Holding this button for four or
more seconds will cold reset the power of the appliance and may
result in damage.
You can use the Red X button to shutdown the appliance. Once the Safeguard
appliance is booted, press and hold the Red X button for four seconds until it
displays POWER OFF.
NOTE: If the Safeguard appliance is not yet booted, it may be necessary to
press the Red X button for up to 13 seconds.
CAUTION: Once the Safeguard appliance is booted, DONOT press and
hold the Red X button for more than 13 seconds. This will hard power
off the appliance and may result in damage.
Step 4: Connect the management host to the appliance
IMPORTANT: The appliance can take up to five minutes to boot up. In addition, ping
replies have been disabled on the appliance, so you will not be able to ping this
secure appliance.
1. Connect an Ethernet cable from the laptop to the MGMT port on the back of
the appliance.
2. Set the IPaddress of the laptop to 192.168.1.100, the subnet mask to 255.255.255.0,
and no default gateway.
Safeguard 2.1 Appliance Setup Guide
Setting up the appliance
9
NOTE: MGMT:The port used for a secure first-time configuration of the
appliance.
This IP address is a fixed address that cannot be changed. It will always be
available in case the primary interface becomes unavailable.
MGMT IPaddress: 192.168.1.105
NOTE: X0: The "primary interface" that connects your appliance to the
network.
You must change the primary interface IP to match your network configuration.
Default X0 IP: 192.168.0.105
Step 5: Log into Safeguard
1. Open a browser on the laptop and connect to the IPaddress of the MGMT port
https://192.168.1.105
NOTE: If you have problems accessing the configuration interface, check your
browser Security Settings or try using an alternate browser.
2. Accept the certificate and continue.
NOTE: This is only safe when using an Ethernet cable connected directly to the
appliance.
3. Log into the Safeguard Web client using the bootstrap administrator account:
lUser name: admin
lPassword: Admin123
NOTE: Best practice: To keep your Safeguard appliance secure, change the
default password for the bootstrap administrator’s account.
To change the password from the web client, click Settings in the upper
right corner of the screen and select Change Password.
4. Configure the primary network interface (X0):
a. On the Appliance Configuration page, configure the following:
NOTE: Click (or tap) the Edit icon to modify these settings.
lTime: Enable NTP and set the primary NTP server; if desired, set the
secondary NTP server, as well. Click (or tap) Save.
NOTE: By default, the NTP server is set to pool.ntp.org.
lNetwork (X0):
lEnter the appliance's IPv4 and/or IPv6 address information (IP
address, Subnet Mask, Gateway)
lEnter the DNS server address.
Safeguard 2.1 Appliance Setup Guide
Setting up the appliance
10
lOptional, enter the DNS suffixes.
lClick (or tap) Save.
NOTE: The Network Interface (X1) information must be configured to
use One Identity Safeguard for Privileged Sessions. You can configure the
Network Interface (X1) for the Privileged Sessions module now or
later using the Windows desktop client or web client.
Step 6: Connect the appliance to the network
lConnect an Ethernet cable from your primary interface (X0) on the appliance to
your network.
Step 7: Configure Safeguard
1. Download and install the Safeguard Windows desktop client application from the web
client's application settings.
NOTE: You must log into the web client using the bootstrap administrator
account from Step 5.
2. Run the desktop client and log in with the configured IPv4 or IPv6 address for the
primary interface (X0).
NOTE: To log in with an IPv6 address, enter it in square brackets.
3. License one or both of the Safeguard modules using the provided license file(s):
a. One Identity Safeguard Privileged Passwords
b. One Identity Safeguard Privileged Sessions
4. Designate an archive server for storing session recordings.
NOTE: Defining archive server configurations and assigning an archive server
to an appliance are done from the desktop's Administrative Tools view:
lGo to Settings |Backup and Retention |Archive Servers to
configure archive servers.
lGo to Settings |Sessions |Session Recordings Storage Manage-
ment to assign an archive server to an appliance for storing recording
files.
Step 8: Backup Safeguard
Immediately after your initial installation of Safeguard, make a backup of your
Safeguard appliance.
NOTE: The default backup schedule runs at 22:00 MST, which can be modified rather
than manually running a backup.
Safeguard 2.1 Appliance Setup Guide
Setting up the appliance
11
1. From the Safeguard desktop Home page, select Administrative Tools.
2. In Settings, select Backup and Retention | Backups.
3. Click (or tap) Run Now from the action bar.
Step 9: Update Safeguard
Download the latest update from: https://support.oneidentity.com/one-identity-
safeguard/.
1. From the Safeguard desktop Home page, select Administrative Tools.
2. In Settings, select Appliance | Updates.
3. Click (or tap) Upload a File and browse to select an update file.
NOTE: When you select a file, Safeguard uploads it to the server, but does not
install it.
4. Click (or tap) Install Now to install the update file immediately.
5. Once you have updated Safeguard, be sure to backup your Safeguard appliance.
Step 10: Add a user with Authorizer administrative permissions
The Authorizer administrator is responsible for granting administrative access to One
Identity Safeguard.
1. From the Safeguard desktop Home page, select Administrative Tools.
NOTE: This is where you add all the objects you need to write access request
policies, such as users, accounts, and assets.
2. In Administrative Tools, select Users.
3. Click (or tap) Add User from the action bar and create a Safeguard user with a
"local" authentication provider and Authorizer Administrator permissions.
NOTE: When you choose Authorizer permissions, Safeguard also selects User
and Help Desk permissions. These additional settings cannot be cleared.
4. Log out:
a. In the upper-right corner of the screen, click (or tap) the user avatar.
b. Select Log Out.
Safeguard 2.1 Appliance Setup Guide
Setting up the appliance
12
A
Warnings and precautions
The following precautions must be taken for proper installation.
Rack precautions
lEnsure that the leveling jacks on the bottom of the rack are fully extended to the
floor with the full weight of the rack resting on them.
lIn a single-rack assembly, stabilizers should be attached to the rack. In a multi-rack
assembly, the racks should be coupled together.
lAlways ensure the rack is stable before extending a component from the rack.
lExtend only one component at a time; extending two or more components
simultaneously may cause the rack to become unstable.
Component precautions
lReview the electrical and general safety precautions. For more information, see
Standardized warning statements for AC systems on page 15.
lDetermine the placement of each component in the rack BEFORE you install the rails.
lInstall the heaviest components on the bottom of the rack first, and then work up.
lUse a regulating uninterruptible power supply (UPS) to protect the component
from power surges, voltage spikes and to keep your system operating in case of a
power failure.
lAllow the hot plug SATA drives and power supply modules to cool before
touching them.
lAlways keep the rack's front door and all panels and components on the appliance
closed when not servicing to maintain proper cooling.
Safeguard 2.1 Appliance Setup Guide
Warnings and precautions
13
Appliance and mounting considerations
The following conditions are required for proper installation:
Ambient operating temperature
If installed in a closed or multi-rack assembly, the ambient operating temperature of the
rack environment may be greater than the ambient temperature of the room. Therefore,
consideration should be given to installing the equipment in an environment compatible
with the manufacturer's maximum rated ambient temperature (Tmra).
Reduced airflow
Mount the equipment into the rack so that the amount of airflow required for safe operation
is not compromised.
Mechanical loading
Mount the appliances evenly in the rack in order to prevent a hazardous condition due to
uneven mechanical loading.
Circuit overloading
Consideration must be given to the connection of the equipment to the power supply circuit.
Appropriate consideration of equipment nameplate ratings must be used when addressing
this concern. Do not overload the circuit.
Reliable ground
Reliable grounding of rack-mounted equipment must be maintained at all times. To ensure
this, the rack itself should be grounded. Particular attention must be given to power supply
connections other than the direct connections to the branch circuit, such as power strips.
Safeguard 2.1 Appliance Setup Guide
Warnings and precautions
14
B
Standardized warning statements
for AC systems
The following statements are industry standard warnings, provided to warn the user of
situations which have the potential for bodily injury. Should you have questions or
experience difficulty, contact One Identity technical support for assistance. Only certified
technicians should attempt to install or configure components.
Read this appendix in its entirety BEFORE installing or configuring components in the One
Identity Safeguard 2000 Appliance.
NOTE: These warning statements are also available in multiple languages on the One
Identity support site:
https://support.oneidentity.com/one-identity-safeguard/2.1/technical-documents.
Warning definition
WARNING: This warning symbol means danger. You are in a situation that
could cause bodily injury. Before you work on any equipment, be aware of
the hazards involved with electrical circuitry and be familiar with
standard practices for preventing accidents.
Installation instructions
WARNING: Read the installation instructions before connecting the system
to the power source.
Circuit Breaker
WARNING: This product relies on the building's installation for short-
circuit (overcurrent) protection. Ensure that the protective device is rated
not greater than: 250 V, 20 A.
Safeguard 2.1 Appliance Setup Guide
Standardized warning statements for AC systems
15
Power Disconnection Warning
WARNING: The system must be disconnected from all sources of power
and the power cord removed from the power supply module(s) before
accessing the chassis interior to install or remove system components.
Equipment installation
WARNING: Only trained and qualified personnel should be allowed to
install, replace, or service this equipment.
Restricted area
WARNING: This unit is intended for installation in restricted access areas.
A restricted access area can be accessed only through the use of a special
tool, lock and key, or other means of security. (This warning does not
apply to workstations).
Battery handling
WARNING: There is a danger of explosion if the battery is replaced incor-
rectly. Replace the battery only with the same or equivalent type recom-
mended by the manufacturer. Dispose of used batteries according to the
manufacturer's instructions.
Redundant power supplies
WARNING: This unit might have more than one power supply connection.
All connections must be removed to de-energize the unit.
Backplane voltage
WARNING: Hazardous voltage or energy is present on the backplane when
the system is operating. Use caution when servicing.
Comply with local and national electrical codes
WARNING: Installation of equipment must comply with local and national
electrical codes.
Safeguard 2.1 Appliance Setup Guide
Standardized warning statements for AC systems
16
Product disposal
WARNING: Ultimate disposal of this product should be handled according
to all national laws and regulations.
Hot swap fan warning
WARNING: The fans might till be turning when you remove the fan
assembly from the chassis. Keep fingers, screwdrivers, and other objects
away from the openings in the fan assembly's housing.
Power cable and AC adapter
WARNING: When installing the product, use the provided or designated
connection cables, power cables and AC adapters. Using any other cables
and adapters could cause a malfunction or a fire. Electrical Appliance and
Material Safety Law prohibits the use of UL or CSA -certified cables (that
have UL/CSA shown on the code) for any other electrical devices than
products designed by One Identity LLC only.
Safeguard 2.1 Appliance Setup Guide
Standardized warning statements for AC systems
17
About us
About us
Contacting us
For sales or other inquiries, visit https://www.oneidentity.com/company/contact-us.aspx
or call +1-800-306-9329.
Technical support resources
Technical support is available to One Identity customers with a valid maintenance contract
and customers who have trial versions. You can access the Support Portal at
https://support.oneidentity.com/.
The Support Portal provides self-help tools you can use to solve problems quickly and
independently, 24 hours a day, 365 days a year. The Support Portal enables you to:
lSubmit and manage a Service Request
lView Knowledge Base articles
lSign up for product notifications
lDownload software and technical documentation
lView how-to-videos
lEngage in community discussions
lChat with support engineers online
lView services to assist you with your product
Safeguard 2.1 Appliance Setup Guide
About us
18
Other manuals for Safeguard 2000
1
Table of contents
Other One Identity Firewall manuals
Popular Firewall manuals by other brands
Watchguard
Watchguard Firebox T45 quick start guide
Real Fires
Real Fires 900 Installation instruction
Watchguard
Watchguard Firebox M4600 Hardware guide
Allo.com
Allo.com STM user manual
Barracuda Networks
Barracuda Networks Spam Firewall Outbound quick start guide
Fortinet
Fortinet FortiGate FortiGate-500 Administration guide
Barracuda
Barracuda CloudGen F900 Revision B CCC manual
Barracuda
Barracuda NextGen F180 instructions
D-Link
D-Link DFL-600 user manual
Fortinet
Fortinet FortiGate 60C-LENC quick start guide
Fortinet
Fortinet FortiGate FortiGate-100A quick start guide
BaseWall
BaseWall Dual WAN VPN Firewall VPN 3000 user guide