One identity Safeguard for privileged sessions 6.0 series User manual



OneIdentitySafeguardforPrivileged

Sessions6.0

InstallationGuide

Thisguidecontainsproprietaryinformationprotectedbycopyright.Thesoftwaredescribedinthisguide

isfurnishedunderasoftwarelicenseornondisclosureagreement.Thissoftwaremaybeusedorcopied

onlyinaccordancewiththetermsoftheapplicableagreement.Nopartofthisguidemaybereproduced

ortransmittedinanyformorbyanymeans,electronicormechanical,includingphotocopyingand

recordingforanypurposeotherthanthepurchaser’spersonalusewithoutthewrittenpermissionof

OneIdentityLLC.

TheinformationinthisdocumentisprovidedinconnectionwithOneIdentityproducts.Nolicense,

expressorimplied,byestoppelorotherwise,toanyintellectualpropertyrightisgrantedbythis

documentorinconnectionwiththesaleofOneIdentityLLCproducts.EXCEPTASSETFORTHINTHE

TERMSANDCONDITIONSASSPECIFIEDINTHELICENSEAGREEMENTFORTHISPRODUCT,

ONEIDENTITYASSUMESNOLIABILITYWHATSOEVERANDDISCLAIMSANYEXPRESS,IMPLIEDOR

STATUTORYWARRANTYRELATINGTOITSPRODUCTSINCLUDING,BUTNOTLIMITEDTO,THE

IMPLIEDWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSE,ORNON-

INFRINGEMENT.INNOEVENTSHALLONEIDENTITYBELIABLEFORANYDIRECT,INDIRECT,

CONSEQUENTIAL,PUNITIVE,SPECIALORINCIDENTALDAMAGES(INCLUDING,WITHOUT

LIMITATION,DAMAGESFORLOSSOFPROFITS,BUSINESSINTERRUPTIONORLOSSOF

INFORMATION)ARISINGOUTOFTHEUSEORINABILITYTOUSETHISDOCUMENT,EVENIF

ONEIDENTITYHASBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.OneIdentitymakesno

representationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthis

documentandreservestherighttomakechangestospecificationsandproductdescriptionsatany

timewithoutnotice.OneIdentitydoesnotmakeanycommitmenttoupdatetheinformation

containedinthisdocument.

Ifyouhaveanyquestionsregardingyourpotentialuseofthismaterial,contact:

OneIdentityLLC.

Attn:LEGALDept

4PolarisWay

AlisoViejo,CA92656

RefertoourWebsite(http://www.OneIdentity.com)forregionalandinternationalofficeinformation.

Patents

OneIdentityisproudofouradvancedtechnology.Patentsandpendingpatentsmayapplytothis

product.Forthemostcurrentinformationaboutapplicablepatentsforthisproduct,pleasevisitour

websiteathttp://www.OneIdentity.com/legal/patents.aspx.

Trademarks

OneIdentityandtheOneIdentitylogoaretrademarksandregisteredtrademarksofOneIdentity

LLC.intheU.S.A.andothercountries.ForacompletelistofOneIdentitytrademarks,pleasevisit

ourwebsiteatwww.OneIdentity.com/legal.Allothertrademarksarethepropertyoftheir

respectiveowners.

Legend

WARNING: A WARNING icon highlights a potential risk of bodily injury or property

damage, for which industry-standard safety precautions are advised. This icon is

often associated with electrical hazards related to hardware.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if

instructions are not followed.

SPSInstallationGuide

Updated-February2020

Version-6.0

Contents

Preface 5

Summaryofcontents 5

Introduction 6

Package contents inventory 7

One Identity Safeguard for Privileged Sessions Hardware Installation

Guide 8

InstallingtheSPShardware 8

InstallingtwoSPSunitsinHAmode 11

Hardware specifications 12

OneIdentitySafeguardforPrivilegedSessions(SPS)T1 12

OneIdentitySafeguardforPrivilegedSessions(SPS)T4 13

OneIdentitySafeguardforPrivilegedSessions(SPS)T10 14

OneIdentitySafeguardforPrivilegedSessions(SPS)Appliance3000 15

OneIdentitySafeguardforPrivilegedSessions(SPS)Appliance3500 16

One Identity Safeguard for Privileged Sessions Software Installation Guide18

InstallingtheSPSsoftware 18

One Identity Safeguard for Privileged Sessions VMware Installation Guide 21

InstallingSPSunderVMwareESXi/ESX 21

LimitationsofSPSunderVMware 22

One Identity Safeguard for Privileged Sessions Hyper-V Installation Guide 24

LimitationsofSPSunderHyper-V 24

InstallingSPSunderHyper-V 25

Installing One Identity Safeguard for Privileged Sessions as a Kernel-

based Virtual Machine 27

InstallingSPSasaKernel-basedVirtualMachine 27

LimitationsofSPSunderKVM 28

Deploying One Identity Safeguard for Privileged Sessions from the Azure

Marketplace 30

Prerequisites 30

SPS 6.0 Installation Guide

Limitations 31

DeployOneIdentitySafeguardforPrivilegedSessionsfromtheMicrosoftAzure

Marketplace 33

HighAvailabilityandredundancyinMicrosoftAzure 35

Redundancy 35

HighAvailability 35

Virtual appliance maintenance 36

ModifyingthedisksizeofaSPSvirtualappliance 36

About us 37

Contactingus 37

Technicalsupportresources 37

SPS 6.0 Installation Guide

Preface

WelcometotheOneIdentitySafeguardforPrivilegedSessions6.0InstallationGuide.

ThisdocumentdescribeshowtosetuptheOneIdentitySafeguardforPrivilegedSessions

(SPS)hardware,andhowtoinstallSPSoncertifiedhardwareorasavirtualappliance.

Summary of contents

IntroductionprovidesbackgroundinformationanddescribesthemainpurposeoftheOne

IdentitySafeguardforPrivilegedSessionsInstallationGuide.

PackagecontentsinventoryliststhecontentsofthepackageyoureceivewiththeOne

IdentitySafeguardforPrivilegedSessions(SPS).

OneIdentitySafeguardforPrivilegedSessionsHardwareInstallationGuidedescribeshow

tosetuptheSPShardware.

HardwarespecificationsdescribesthehardwarespecificationsoftheSPSappliance.

OneIdentitySafeguardforPrivilegedSessionsSoftwareInstallationGuidedescribeshow

toinstallSPSoncertifiedhardware.

OneIdentitySafeguardforPrivilegedSessionsVMwareInstallationGuidedescribeshowto

installSPSasaVMwarevirtualappliance.

OneIdentitySafeguardforPrivilegedSessionsHyper-VInstallationGuidedescribeshowto

installOneIdentitySafeguardforPrivilegedSessions(SPS)asaHyper-Vvirtualappliance.

InstallingOneIdentitySafeguardforPrivilegedSessionsasaKernel-basedVirtualMachine

describeshowtoinstallOneIdentitySafeguardforPrivilegedSessions(SPS)asaKernel-

basedVirtualMachine.

DeployingOneIdentitySafeguardforPrivilegedSessionsfromtheAzureMarketplace

describeshowtoinstallOneIdentitySafeguardforPrivilegedSessions(SPS)fromthe

MicrosoftAzureMarketplace.

SPS 6.0 Installation Guide

Preface

Introduction

Theaimofthisguideistoprovidedetailed,step-by-stepinstructionsonhowtosetupand

installOneIdentitySafeguardforPrivilegedSessionsonunpackingitandanysubsequent

occasionsthatmightrequirethere-installationoftheproduct.

NotethatthecontentsofthisdocumentwerepreviouslyincludedintheAdministration

Guide.Thisstandaloneguidewascreatedto:

lImprovehowinformationisorganizedintheOneIdentitySafeguardforPrivileged

Sessionsdocumentationset.

lMakeiteasierforuserstofindinformationrelevanttotheirroles,context,andhow

theyusetheproduct.

SPS 6.0 Installation Guide

Introduction

Package contents inventory

Carefullyunpackallservercomponentsfromthepackingcartons.Thefollowingitems

shouldbepackagedwiththeOneIdentitySafeguardforPrivilegedSessions:

lAOneIdentitySafeguardforPrivilegedSessionsappliance,pre-installedwiththe

latestOneIdentitySafeguardforPrivilegedSessionsfirmware.

lOneIdentitySafeguardforPrivilegedSessionsaccessorykit,includingthefollowing:

lOne Identity Safeguard for Privileged Sessions 6.0 Packaging Checklist

(this document).

lGPLv2.0license.

lRackmounthardware(dependingonappliancetype).

lPowercable.

ThedefaultBIOSandIPMIpasswordsareinthedocumentation.

SPS 6.0 Installation Guide

Package contents inventory

One Identity Safeguard for

Privileged Sessions Hardware

Installation Guide

ThisdocumentdescribeshowtosetuptheOneIdentitySafeguardforPrivilegedSessions

(SPS)hardware.Refertothefollowingdocumentsforstep-by-stepinstructions:

lSafeguard Sessions Appliance 3000:seetheSC113 Chassis Series User's Manual,

Chapter 6: Rack Installation,availableonlineat

https://www.supermicro.com/manuals/chassis/1U/SC113.pdf.

lSafeguard Sessions Appliance 3500:seetheSuperServer 1029U-T Series User's

Manual, Chapter 2: Server Installation,availableonlineat

https://www.supermicro.com/manuals/superserver/1U/MNL-1973.pdf.

lFordetailsonhowtoinstallasingleSPSunit,seeInstallingtheSPShardware.

lFordetailsonhowtoinstallatwoSPSunitsinhighavailabilitymode,seeInstalling

twoSPSunitsinHAmode.

Installing the SPS hardware

ThefollowingdescribeshowtoinstallasingleSPSunit.

To install a single SPS unit

1. UnpackSPS.

2. (Optional)InstallSPSintoarackwiththesliderails.Sliderailsareavailableforall

SPSappliances.

3. Connectthecables.

a. ConnecttheEthernetcablefacingyourLANtotheEthernetconnectorlabeled

as1.Thisisphysicalinterface1ofSPS.Thisinterfaceisusedfortheinitial

configurationofSPS,andformonitoringconnections.(Fordetailsonthe

rolesofthedifferentinterfaces,see"Networkinterfaces"inthe

AdministrationGuide.)

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Hardware Installation Guide

b. (Optional)TouseSPSacrossmultiplephysical(L1)networks,youcanconnect

additionalnetworksusingphysicalinterface2(Ethernetconnector2)and

physicalinterface3(Ethernetconnector3).

c. Connect an Ethernet cable that you can use to remotely support the SPS

hardware to the IPMI interface of SPS. For details, see the following

documents:

ForSafeguardSessionsAppliance3000and3500,seetheX9SMTIPMI

User'sGuide.

CAUTION:

Connect the IPMI before plugging in the power cord. Failing to

do so will result in IPMI failure.

CAUTION: SECURITY HAZARD!

The IPMI interface, like all out-of-band management interfaces,

has known vulnerabilities that One Identity cannot fix or have

an effect on. To avoid security hazards, One Identity

recommends that you only connect the IPMI interface to well-

protected, separated management networks with restricted

accessibility. Failing to do so may result in an unauthorized

access to all data stored on the SPS appliance. Data on the

appliance can be unencrypted or encrypted, and can include

sensitive information, for example, passwords, decryption keys,

private keys, and so on.

For more information, see Best Practices for managing servers

with IPMI features enabled in Datacenters.

NOTE:

TheadministratorofSPSmustbeauthorizedandabletoaccesstheIPMI

interfaceforsupportandtroubleshootingpurposesincasevendor

supportisneeded.

ThefollowingportsareusedbytheIPMIinterface:

lPort623(UDP):IPMI(cannotbechanged)

lPort5123(UDP):floppy(cannotbechanged)

lPort5901(TCP):videodisplay(configurable)

lPort5900(TCP):HID(configurable)

lPort5120(TCP):CD(configurable)

lPort80(TCP):HTTP(configurable)

d. (Optional)ConnecttheEthernetcableconnectingSPStoanotherSPSnodeto

theEthernetconnectorlabeledas4.Thisisthehighavailability(HA)interface

ofSPS.(Fordetailsontherolesofthedifferentinterfaces,see"Network

interfaces"intheAdministrationGuide.)

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Hardware Installation Guide

e. (Optional)TheSafeguardSessionsAppliance3500isequippedwithadual-port

SFP+interfacecardlabeledAandB.Optionally,connectasupportedSFP+

moduletotheseinterfaces.

NOTE:

Foralistofcompatibleconnectors,seeLinuxBaseDriverfor10Gigabit

IntelEthernetNetworkConnection.NotethatSFPtransceiversencoded

fornonIntelhostsmaybeincompatiblewiththeIntel82599EBhost

chipsetfoundinSPS.

4. Poweronthehardware.

5. ChangetheBIOSpasswordontheOneIdentitySafeguardforPrivilegedSessions.

ThedefaultpasswordisADMINorchangeme,dependingonyourhardware.

6. ChangetheIPMIpasswordontheOneIdentitySafeguardforPrivilegedSessions.

ThedefaultpasswordisADMINorchangeme,dependingonyourhardware.

NOTE:

EnsurethatyouhavethelatestversionofIPMIfirmwareinstalled.Youcan

downloadtherelevantfirmwarefromtheOneIdentityKnowledgebase.

TochangetheIPMIpassword,connecttotheIPMIremoteconsole.

NOTE:

IfyouencounterissueswhenconnectingtotheIPMIremoteconsole,addthe

DNSnameortheIPaddressoftheIPMIinterfacetotheexceptionlist

(whitelist)oftheJavaconsole.Fordetailsonhowtodothis,seetheJavaFAQ

entrytitledHowcanIconfiguretheExceptionSiteList?.

7. Followingboot,SPSattemptstoreceiveanIPaddressautomaticallyviaDHCP.Ifit

failstoobtainanautomaticIPaddress,itstartslisteningforHTTPSconnectionson

the192.168.1.1IPaddress.

ToconfigureSPStolistenforconnectionsonacustomIPaddress,completethe

followingsteps:

a. AccessSPSfromthelocalconsole,andloginwithusernamerootand

passworddefault.

b. SelectShells > Core shellintheConsoleMenu.

c. ChangetheIPaddressofSPS:

ifconfig eth0 <IP-address> netmask 255.255.255.0

Replace<IP-address>withanIPv4addresssuitableforyourenvironment.

d. Setthedefaultgatewayusingthefollowingcommand:

route add default gw <IP-of-default-gateway>

Replace<IP-of-default-gateway>withtheIPaddressofthedefaultgateway.

e. Typeexit,thenselectLogoutfromtheConsoleMenu.

8. ConnecttotheSPSwebinterfacefromaclientmachineandcompletetheWelcome

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Hardware Installation Guide

Wizardasdescribedin"TheWelcomeWizardandthefirstlogin"inthe

AdministrationGuide.

NOTE:

TheAdministrationGuideisavailableontheSafeguardforPrivilegedSessions

Documentationpage.

Installing two SPS units in HA mode

ThefollowingdescribeshowtoinstallSPSwithhighavailabilitysupport.

To install SPS with high availability support

1. ForthefirstSPSunit,completeInstallingtheSPShardware.

2. ForthesecondSPSunit,completeSteps1-3ofInstallingtheSPShardware.

3. ConnectthetwounitswithanEthernetcableviatheEthernetconnectorslabeledas4.

4. Poweronthesecondunit.

5. ChangetheBIOSandIPMIpasswordsonthesecondunit.Thedefaultpasswordis

ADMINorchangeme,dependingonyourhardware.

6. ConnecttotheSPSwebinterfaceofthefirstunitfromaclientmachineandenable

thehighavailabilitymode.NavigatetoBasic Settings > High Availability .Click

Convert to Cluster,thenreloadthepageinyourbrowser.

7. ClickReboot Cluster.

8. Waituntiltheslaveunitsynchronizesitsdisktothemasterunit.Dependingonthe

sizeoftheharddisks,thismaytakeseveralhours.Youcanincreasethespeedofthe

synchronizationviatheSPSwebinterfaceatBasic Settings > High Availability

> DRBD sync rate limit.

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Hardware Installation Guide

Hardware specifications

TheOneIdentitySafeguardforPrivilegedSessions(SPS)appliancesarebuiltonhigh

performance,energyefficient,andreliablehardwarethatareeasilymountedintostandard

rackmounts.

ThefollowingsectionsprovidedetailedinformationofSPSappliances.

One Identity Safeguard for Privileged

Sessions (SPS) T1

Unit:1

Number of disk slots:2(internalonly)

Redundant PSU:0

Mainboard:X8SIL-F

Chipset:Intel3420

NIC:

l2xIntel®82574LGigabitEthernetController

l1xSupermicroAOC-SG-i2DualGbEPCI-Ex4

IPMI:NuvotonWPCM450,SMT(Latestver.:3.16)

CPU:1xIntelXeonX34302.4GHzQuad

RAM:2x4GBSamsungDDR3-1600ECC/UnbufferedSTD

HDD:2xSeagateConstellationES.31TBSATAIII

RAID:SoftwareRAID

RAID type:RAID1

Chassis (H x W x D):43mmx426mmx356mm(1U)

Chassis (H x W x D):1,7"x16,8"x14,0"(1U)

Chassis:SuperChassis512-200B

SPS 6.0 Installation Guide

Hardware specifications

Weight:7,7kg/17lbs

Wattage IDLE:50Watt

Wattage LOAD:243Watt

System MTBF (h):42216hours

Electrical:100-240V,60-50Hz,4-2Amp

Operating temperature:10°Cto35°C

Non-operating temperature:-40°Cto70°C

Humidity range:8%to90%

Non-operating humidity:5%to95%

Compliant to:CE,cCSAus,FCC,VCCI-A

Linktomanufacturerdocumentation

One Identity Safeguard for Privileged

Sessions (SPS) T4

Unit:1

Number of disk slots:4

Redundant PSU:1

Mainboard:X9SPU-F

Chipset:IntelC216ExpressPCH

NIC

l2xIntel®82574LGigabitEthernetController

l1xSupermicroAOC-SG-i2DualGbEPCI-Ex4

IPMI:NuvotonWPCM450RA0BX,SMT(Latestver.:3.38)

CPU:1xIntelXeonE3-1275v23.5GHzQuad

RAM:2x4GBSamsungDDR3-1600ECC/UnbufferedSTD

HDD:4xSeagateConstellationES.32TBSATAIII

RAID:

lLSIMegaRAIDSAS9271-4iSGL

l+LSILSIiBBU09BBU

RAID type:RAID10

Chassis (H x W x D): 43mmx437mmx650mm

Chassis: (H x W x D)1,7"x17,2"x25,6"

Chassis:SuperChassis815TQ-R500UB

SPS 6.0 Installation Guide

Hardware specifications

Weight:16,5kg/38lbs

Wattage IDLE:60Watt

Wattage LOAD:547Watt

System MTBF (h):69667hours

Electrical:100-240V,60-50Hz,6.2-2.6Amp

Operating temperature:10°Cto35°C

Non-operating temperature:-40°Cto70°C

Humidity range:8%to90%

Non-operating humidity:5%to95%

Compliant to:CE,cCSAus,FCC,VCCI-A

Linktomanufacturerdocumentation

One Identity Safeguard for Privileged

Sessions (SPS) T10

Unit:2

Number of disk slots:12

Redundant PSU:1

Mainboard:X9DRW-7TPF+

Chipset:Intel®C602J

NIC:

l1xIntel®82599DualPort10GSFP+

l1xIntel®i350DualPortGigabitEthernet

l1xSupermicroAOC-SG-i2DualGbEPCI-Ex4

IPMI:NuvotonWPCM450BMC,SMT(Latestver.:3.39)

CPU:2xIntelXeonE5-2630v22.6GHz

RAM:8x4GBSamsungDDR3-1600ECC/UnbufferedSTD

HDD:13xSeagateConstellation.2SAS1TB2.5"

RAID:

lLSI2208(1GBcache)

l+SupermicroBTR-0022L-LSI00279BBU

l+ChenbroCK22803Expander

RAID type:RAID50

Chassis (H x W x D):89mmx437mmx684mm

SPS 6.0 Installation Guide

Hardware specifications

Chassis (H x W x D):3,5"x17,2"x26,93"

Chassis:SuperChassis219A-R920WB

Weight:23,6kg/52lbs

Wattage IDLE:106Watt

Wattage LOAD:987Watt

System MTBF (h):36683hours

Electrical:100-240V,50-60Hz,11-4.5Amp

Operating temperature:10°Cto35°C

Non-operating temperature:-40°Cto70°C

Humidity range:8%to90%

Non-operating humidity:5%to95%

Compliant to:CE,cCSAus,FCC,VCCI-A

Linktomanufacturerdocumentation

One Identity Safeguard for Privileged

Sessions (SPS) Appliance 3000

Unit:1U

Drive Bays:8x2.5

Redundant PSU:Yes

NIC:4x1GBase-TEthernetports

IPMI:version2.0

CPU:IntelXeonE3-12753.60Ghz4Core

Memory:2x16GB

HDD:4x2TB

RAID:LSIMegaRAIDSAS9361-4i

RAID Type:RAID5

Usable Storage:6TB

Chassis (W x H x D):17.2"x1.7"x23.5"(437x43x650mm)

Weight:35lbs(15.9kg)

Wattage IDLE / LOAD:N/A

Electrical:500WRedundantAC-DCPowerSupplies

Operating Temperature:5°Cto35°C(41°Fto95°F)

Non-operating Temperature:-40°Cto60°C(-40°Fto140°F)

Humidity Range:8%to90%(non-condensing)

SPS 6.0 Installation Guide

Hardware specifications

Non-operating Humidity:5%to95%(non-condensing)

Compliant to:CE,cCSAus,FCC,VCCI-A

Linktomanufacturerdocumentation

List of appliance ports

1. Redundantpowersupplies

2. Serialport

3. 2xUSBports

4. 2xUSBports

5. 2xRJ45GbEEthernetports

6. VGAport

7. 4x1GBase-TEthernetports

8. DedicatedIPMILANport

One Identity Safeguard for Privileged

Sessions (SPS) Appliance 3500

Unit:1U

Drive Bays:10x2.5

Redundant PSU:Yes

NIC:

l2x1GBase-TEthernetports

l2x10GBase-TEthernetports

IPMI:version2.0

CPU:2xIntelXeonSilver41102.1Ghz8Core

Memory:8x8GB

HDD:8x2TB+1HotSpare

RAID:

SPS 6.0 Installation Guide

Hardware specifications

lLSIAvagoCacheVaultPowerModule02(CVPM02)Kit

l1xBroadcomMegaRAIDSAS9361-16i+

RAID Type:RAID50

Usable Storage:12TB

Chassis (W x H x D):17.2"x1.7"x28.5"(437x43x724mm)

Weight:41lbs(18.6kg)

Wattage IDLE / LOAD:N/A

Electrical:750WRedundantAC-DCPowerSupplies

Operating Temperature:10°Cto35°C(50°F~95°F)

Non-operating Temperature:-40°Cto60°C(-40°Fto140°F)

Humidity Range:8%to90%(non-condensing)

Non-operating Humidity:5%to95%(non-condensing)

Compliant to:CE,cCSAus,FCC,VCCI-A

Linktomanufacturerdocumentation

NOTE:TheOneIdentitySafeguardforPrivilegedSessions(SPS)Appliance3500is

equippedwithadual-port10Gbitinterface.ThisinterfacehasSFP+connectors(notRJ-

45)labeledAandB,andcanbefoundrightoftheLabel1and2Ethernetinterfaces.If

youwantfastercommunication,forexample,incaseofhighdataload,youcanconnect

uptotwo10GSFP+transceivers.Thesetransceiversarenotshippedwiththeoriginal

packageandhavetobepurchasedseparately.

List of appliance ports

1. Redundantpowersupplies

2. 2xRJ4510GbEEthernetports

3. 2x3.0USBports

4. DedicatedIPMILANport

5. Serialport

6. VGAport

7. 2x1GBase-TEthernetports

8. 2xSFP+10GbEports

SPS 6.0 Installation Guide

Hardware specifications

One Identity Safeguard for

Privileged Sessions Software

Installation Guide

ThisdocumentdescribeshowtoinstalltheOneIdentitySafeguardforPrivileged

Sessions(SPS)softwareonacertifiedhardware.Thelistofcertifiedhardwareis

availableatOneIdentity.

NotethatinstallingandreinstallingSPScantakealongtime,especiallyforaHAcluster.

Therearenosupportedworkaroundsforreducingthenecessarydowntime.OneIdentity

recommendstestingSPSinavirtualenvironment,andusingphysicalhardwareonlyfor

verifyingHAfunctionalityandmeasuringperformance.

Installing the SPS software

ThefollowingdescribeshowtoinstallanewSPSonaserver.

Prerequisites:

When installing SPS on a physical hardware, make sure that you use a One Identity-

supported appliance, and that every hard disk required for the particular appliance is

inserted. Installing SPS without the required number of hard disks can cause

erroneous behavior.

To install a new SPS on a server

1. LogintoyoursupportportalanddownloadthelatestOneIdentitySafeguardfor

PrivilegedSessionsinstallationISOfile.Notethatyouneedtohavepartneraccess

todownloadOneIdentitySafeguardforPrivilegedSessionsISOfiles.Ifyouarea

partnerbutdonotseetheISOfiles,youcanrequestpartneraccesswithin

supportportal.

2. MounttheISOimage,orburnittoaCD-ROM.

3. ConnectyourcomputertotheIPMIinterfaceofSPS.Fordetails,seethefollowing

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Software Installation Guide

documents:

ForSafeguardSessionsAppliance3000and3500,seetheX9SMTIPMIUser'sGuide.

4. Powerontheserver.

5. LogintotheIPMIwebinterface,andboottheOneIdentitySafeguardforPrivileged

SessionsinstallationCDontheserverusingavirtualCD-ROM.Fordetails,seethe

followingdocuments:

ForSafeguardSessionsAppliance3000and3500,seetheX9SMTIPMIUser'sGuide.

6. WhentheOneIdentitySafeguardforPrivilegedSessionsinstallerstarts,select

Installer,pressEnter,andwaituntiltheserverfinishesthebootprocess.

TIP:

Fortestingpurposes,youcanspeedupinstallationattheexpenseofslowing

downRAIDsynchronization.AddthefollowingkernelparametertoInstallerin

GRUB:

lazy_itable_init=true

Thisoptiondefersfullfilesysteminitialization,requiringthekerneltofinishit

duringRAIDsynchronization,whichslowsthatprocessdownconsiderably.This

isnotrecommendedinaproductionenvironment.

7. InstallingSPSwillcompletelydeletethecontentsoftheharddisks.If youwant

toproceedinstallingSPS,enterYEStostarttheinstallationprocess.Dependingon

thesizeofthedisks, theinstallationprocesstakes fromafewminutestoan

hourtocomplete.

CAUTION:

Hazard of data loss All data on the disks will be deleted.

8. Theinstallerdisplaysthefollowingmessage:Waiting for RAID sync...,andstarts

tosynchronizethedisksofSPS.

lYouarerecommendedtowaituntilthesynchronizationfinishes.RAID

synchronizationisatwo-stepprocess,theprogressoftheactivestepis

indicatedontheprogressbar.Waituntilbothstepsarecompleted.Notethat

thissynchronizationtakesseveralhours,dependingonthesizeofthehard

disks(about8hoursontheaverage).

lToskiptheRAIDsynchronization,pressCtrl+Alt+DeletetorebootSPS.Note

thatthesystemwillautomaticallyperformthesynchronizationafterthefirst

boot,butinthiscasetheprocesswilltakeseveraldays.

9. Whentheinstallationisfinished,theInstallation finished successfullymessageis

displayed.Unmounttheinstallationmedia,thenpressCtrl+Alt+DeletetorebootSPS.

WaituntilthesystemrebootsanddisplaystheIPaddressitacceptsmanagement

connectionson.

10. If you are installing the slave node of a SPS cluster, skip this step.EntertheIP

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Software Installation Guide

addressdisplayedinthepreviousstepintoyourbrowserandverifythattheWelcome

WizardoftheOneIdentitySafeguardforPrivilegedSessionsisavailable.(Ifyou

havetocreateanaliasIPaddressforyourcomputerthatfallsintothe

192.168.1.0/24subnet(forexample192.168.1.10),see"TheinitialconnectiontoOne

IdentitySafeguardforPrivilegedSessions(SPS)"intheAdministrationGuide.)

NOTE:

Fordetailsonthesupportedwebbrowsersandoperatingsystems,see

"Supportedwebbrowsersandoperatingsystems"intheAdministrationGuide.

Figure 1: The Welcome Wizard

11. Poweroffthesystem.

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Software Installation Guide

This manual suits for next models

Table of contents

Other One Identity Network Hardware manuals

One Identity

One Identity Safeguard for Privileged Sessions T1 User manual

Popular Network Hardware manuals by other brands

Tomar

Tomar Strobecom II 4140 user guide

Cerio

Cerio OW-400 A1 user manual

peplink

peplink Pepwave Device Connector Rugged user manual

Avigilon

Avigilon ACC VMA-RPA-RGD-8P2 user guide

Stellar Cyber

Stellar Cyber Photon 250 Installation & quick start guide

Ebyte

Ebyte E01-2G4M27S user manual

NEXTIVITY

NEXTIVITY SHIELD MegaFi quick start guide

ZyXEL Communications

ZyXEL Communications NSA-210 Support notes

Panasonic

Panasonic i-pro WJ-NT304 operating instructions

Airspan

Airspan AirHarmony-4000 installation guide

D-Link

D-Link ShareCenter Pulse DNS-320 user manual

GL Communications

GL Communications PacketExpert SA PXE104 Quick install guide

Vaisala

Vaisala Veriteq vNet PoE Device user guide

ACTi

ACTi PMAX-0333 Quick installation guide

Zhone

Zhone TNE Product guide

SMSC

SMSC EVB-EMC2101 user manual

Cooper Controls

Cooper Controls EtherN.8 RDM user guide

Comelit

Comelit IPNVR064A08NBSL manual

One Identity Safeguard for Privileged Sessions 6.0 Series User manual

Popular Network Hardware manuals by other brands