One identity Safeguard for privilegedsessions 6.0 User manual



OneIdentitySafeguardforPrivileged

Sessions6.0

InstallationGuide

Thisguidecontainsproprietaryinformationprotectedbycopyright.Thesoftwaredescribedinthisguide

isfurnishedunderasoftwarelicenseornondisclosureagreement.Thissoftwaremaybeusedorcopied

onlyinaccordancewiththetermsoftheapplicableagreement.Nopartofthisguidemaybereproduced

ortransmittedinanyformorbyanymeans,electronicormechanical,includingphotocopyingand

recordingforanypurposeotherthanthepurchaser’spersonalusewithoutthewrittenpermissionof

OneIdentityLLC.

TheinformationinthisdocumentisprovidedinconnectionwithOneIdentityproducts.Nolicense,

expressorimplied,byestoppelorotherwise,toanyintellectualpropertyrightisgrantedbythis

documentorinconnectionwiththesaleofOneIdentityLLCproducts.EXCEPTASSETFORTHINTHE

TERMSANDCONDITIONSASSPECIFIEDINTHELICENSEAGREEMENTFORTHISPRODUCT,

ONEIDENTITYASSUMESNOLIABILITYWHATSOEVERANDDISCLAIMSANYEXPRESS,IMPLIEDOR

STATUTORYWARRANTYRELATINGTOITSPRODUCTSINCLUDING,BUTNOTLIMITEDTO,THE

IMPLIEDWARRANTYOFMERCHANTABILITY,FITNESSFORAPARTICULARPURPOSE,ORNON-

INFRINGEMENT.INNOEVENTSHALLONEIDENTITYBELIABLEFORANYDIRECT,INDIRECT,

CONSEQUENTIAL,PUNITIVE,SPECIALORINCIDENTALDAMAGES(INCLUDING,WITHOUT

LIMITATION,DAMAGESFORLOSSOFPROFITS,BUSINESSINTERRUPTIONORLOSSOF

INFORMATION)ARISINGOUTOFTHEUSEORINABILITYTOUSETHISDOCUMENT,EVENIF

ONEIDENTITYHASBEENADVISEDOFTHEPOSSIBILITYOFSUCHDAMAGES.OneIdentitymakesno

representationsorwarrantieswithrespecttotheaccuracyorcompletenessofthecontentsofthis

documentandreservestherighttomakechangestospecificationsandproductdescriptionsatany

timewithoutnotice.OneIdentitydoesnotmakeanycommitmenttoupdatetheinformation

containedinthisdocument.

Ifyouhaveanyquestionsregardingyourpotentialuseofthismaterial,contact:

OneIdentityLLC.

Attn:LEGALDept

4PolarisWay

AlisoViejo,CA92656

RefertoourWebsite(http://www.OneIdentity.com)forregionalandinternationalofficeinformation.

Patents

OneIdentityisproudofouradvancedtechnology.Patentsandpendingpatentsmayapplytothis

product.Forthemostcurrentinformationaboutapplicablepatentsforthisproduct,pleasevisitour

websiteathttp://www.OneIdentity.com/legal/patents.aspx.

Trademarks

OneIdentityandtheOneIdentitylogoaretrademarksandregisteredtrademarksofOneIdentity

LLC.intheU.S.A.andothercountries.ForacompletelistofOneIdentitytrademarks,pleasevisit

ourwebsiteatwww.OneIdentity.com/legal.Allothertrademarksarethepropertyoftheir

respectiveowners.

Legend

WARNING: A WARNING icon highlights a potential risk of bodily injury or property

damage, for which industry-standard safety precautions are advised. This icon is

often associated with electrical hazards related to hardware.

CAUTION: A CAUTION icon indicates potential damage to hardware or loss of data if

instructions are not followed.

SPSInstallationGuide

Updated-September2019

Version-6.0

Contents

Preface 5

Summaryofcontents 5

Introduction 6

Package contents inventory 7

One Identity Safeguard for Privileged Sessions Hardware Installation

Guide 8

InstallingtheSPShardware 8

InstallingtwoSPSunitsinHAmode 11

Hardware specifications 12

One Identity Safeguard for Privileged Sessions Software Installation Guide14

InstallingtheSPSsoftware 14

One Identity Safeguard for Privileged Sessions VMware Installation Guide 17

InstallingSPSunderVMwareESXi/ESX 17

LimitationsofSPSunderVMware 18

One Identity Safeguard for Privileged Sessions Hyper-V Installation Guide 20

LimitationsofSPSunderHyper-V 20

InstallingSPSunderHyper-V 21

Installing One Identity Safeguard for Privileged Sessions as a Kernel-

based Virtual Machine 23

InstallingSPSasaKernel-basedVirtualMachine 23

LimitationsofSPSunderKVM 24

Deploying One Identity Safeguard for Privileged Sessions from the Azure

Marketplace 26

Prerequisites 26

Limitations 27

DeployOneIdentitySafeguardforPrivilegedSessionsfromtheMicrosoftAzure

Marketplace 29

HighAvailabilityandredundancyinMicrosoftAzure 31

Redundancy 31

SPS 6.0 Installation Guide 3

HighAvailability 31

Virtual appliance maintenance 32

ModifyingthedisksizeofaSPSvirtualappliance 32

About us 34

Contactingus 34

Technicalsupportresources 34

SPS 6.0 Installation Guide 4

Preface

WelcometotheOneIdentitySafeguardforPrivilegedSessions6.0InstallationGuide.

ThisdocumentdescribeshowtosetuptheOneIdentitySafeguardforPrivilegedSessions

(SPS)hardware,andhowtoinstallSPSoncertifiedhardwareorasavirtualappliance.

Summary of contents

IntroductionprovidesbackgroundinformationanddescribesthemainpurposeoftheOne

IdentitySafeguardforPrivilegedSessionsInstallationGuide.

PackagecontentsinventoryliststhecontentsofthepackageyoureceivewiththeOne

IdentitySafeguardforPrivilegedSessions(SPS).

OneIdentitySafeguardforPrivilegedSessionsHardwareInstallationGuidedescribeshow

tosetuptheSPShardware.

HardwarespecificationsdescribesthehardwarespecificationsoftheSPSappliance.

OneIdentitySafeguardforPrivilegedSessionsSoftwareInstallationGuidedescribeshow

toinstallSPSoncertifiedhardware.

OneIdentitySafeguardforPrivilegedSessionsVMwareInstallationGuidedescribeshowto

installSPSasaVMwarevirtualappliance.

OneIdentitySafeguardforPrivilegedSessionsHyper-VInstallationGuidedescribeshowto

installOneIdentitySafeguardforPrivilegedSessions(SPS)asaHyper-Vvirtualappliance.

InstallingOneIdentitySafeguardforPrivilegedSessionsasaKernel-basedVirtualMachine

describeshowtoinstallOneIdentitySafeguardforPrivilegedSessions(SPS)asaKernel-

basedVirtualMachine.

DeployingOneIdentitySafeguardforPrivilegedSessionsfromtheAzureMarketplace

describeshowtoinstallOneIdentitySafeguardforPrivilegedSessions(SPS)fromthe

MicrosoftAzureMarketplace.

SPS 6.0 Installation Guide

Preface

Introduction

Theaimofthisguideistoprovidedetailed,step-by-stepinstructionsonhowtosetupand

installOneIdentitySafeguardforPrivilegedSessionsonunpackingitandanysubsequent

occasionsthatmightrequirethere-installationoftheproduct.

NotethatthecontentsofthisdocumentwerepreviouslyincludedintheAdministration

Guide.Thisstandaloneguidewascreatedto:

lImprovehowinformationisorganizedintheOneIdentitySafeguardforPrivileged

Sessionsdocumentationset.

lMakeiteasierforuserstofindinformationrelevanttotheirroles,context,andhow

theyusetheproduct.

SPS 6.0 Installation Guide

Introduction

Package contents inventory

Carefullyunpackallservercomponentsfromthepackingcartons.Thefollowingitems

shouldbepackagedwiththeOneIdentitySafeguardforPrivilegedSessions:

lAOneIdentitySafeguardforPrivilegedSessionsappliance,pre-installedwiththe

latestOneIdentitySafeguardforPrivilegedSessionsfirmware.

lOneIdentitySafeguardforPrivilegedSessionsaccessorykit,includingthefollowing:

lOne Identity Safeguard for Privileged Sessions 6.0 Packaging Checklist

(this document).

lGPLv2.0license.

lRackmounthardware(dependingonappliancetype).

lPowercable.

ThedefaultBIOSandIPMIpasswordsareinthedocumentation.

SPS 6.0 Installation Guide

Package contents inventory

One Identity Safeguard for

Privileged Sessions Hardware

Installation Guide

ThisdocumentdescribeshowtosetuptheOneIdentitySafeguardforPrivilegedSessions

(SPS)hardware.Refertothefollowingdocumentsforstep-by-stepinstructions:

lSafeguard Sessions Appliance 3000:seetheSC113 Chassis Series User's Manual,

Chapter 6: Rack Installation,availableonlineat

https://www.supermicro.com/manuals/chassis/1U/SC113.pdf.

lSafeguard Sessions Appliance 3500:seetheSuperServer 1029U-T Series User's

Manual, Chapter 2: Server Installation,availableonlineat

https://www.supermicro.com/manuals/superserver/1U/MNL-1973.pdf.

lFordetailsonhowtoinstallasingleSPSunit,seeInstallingtheSPShardware.

lFordetailsonhowtoinstallatwoSPSunitsinhighavailabilitymode,seeInstalling

twoSPSunitsinHAmode.

Installing the SPS hardware

ThefollowingdescribeshowtoinstallasingleSPSunit.

To install a single SPS unit

1. UnpackSPS.

2. (Optional)InstallSPSintoarackwiththesliderails.Sliderailsareavailableforall

SPSappliances.

3. Connectthecables.

a. ConnecttheEthernetcablefacingyourLANtotheEthernetconnectorlabeled

as1.Thisisphysicalinterface1ofSPS.Thisinterfaceisusedfortheinitial

configurationofSPS,andformonitoringconnections.(Fordetailsonthe

rolesofthedifferentinterfaces,see"Networkinterfaces"inthe

AdministrationGuide.)

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Hardware Installation Guide

b. (Optional)TouseSPSacrossmultiplephysical(L1)networks,youcanconnect

additionalnetworksusingphysicalinterface2(Ethernetconnector2)and

physicalinterface3(Ethernetconnector3).

c. Connect an Ethernet cable that you can use to remotely support the SPS

hardware to the IPMI interface of SPS. For details, see the following

documents:

ForSafeguardSessionsAppliance3000and3500,seetheX9SMTIPMI

User'sGuide.

CAUTION:

Connect the IPMI before plugging in the power cord. Failing to

do so will result in IPMI failure.

CAUTION: SECURITY HAZARD!

The IPMI interface, like all out-of-band management interfaces,

has known vulnerabilities that One Identity cannot fix or have

an effect on. To avoid security hazards, One Identity

recommends that you only connect the IPMI interface to well-

protected, separated management networks with restricted

accessibility. Failing to do so may result in an unauthorized

access to all data stored on the SPS appliance. Data on the

appliance can be unencrypted or encrypted, and can include

sensitive information, for example, passwords, decryption keys,

private keys, and so on.

For more information, see Best Practices for managing servers

with IPMI features enabled in Datacenters.

NOTE:

TheadministratorofSPSmustbeauthorizedandabletoaccesstheIPMI

interfaceforsupportandtroubleshootingpurposesincasevendor

supportisneeded.

ThefollowingportsareusedbytheIPMIinterface:

lPort623(UDP):IPMI(cannotbechanged)

lPort5123(UDP):floppy(cannotbechanged)

lPort5901(TCP):videodisplay(configurable)

lPort5900(TCP):HID(configurable)

lPort5120(TCP):CD(configurable)

lPort80(TCP):HTTP(configurable)

d. (Optional)ConnecttheEthernetcableconnectingSPStoanotherSPSnodeto

theEthernetconnectorlabeledas4.Thisisthehighavailability(HA)interface

ofSPS.(Fordetailsontherolesofthedifferentinterfaces,see"Network

interfaces"intheAdministrationGuide.)

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Hardware Installation Guide

e. (Optional)TheSafeguardSessionsAppliance3500isequippedwithadual-port

SFP+interfacecardlabeledAandB.Optionally,connectasupportedSFP+

moduletotheseinterfaces.

NOTE:

Foralistofcompatibleconnectors,seeLinuxBaseDriverfor10Gigabit

IntelEthernetNetworkConnection.NotethatSFPtransceiversencoded

fornonIntelhostsmaybeincompatiblewiththeIntel82599EBhost

chipsetfoundinSPS.

4. Poweronthehardware.

5. ChangetheBIOSpasswordontheOneIdentitySafeguardforPrivilegedSessions.

ThedefaultpasswordisADMINorchangeme,dependingonyourhardware.

6. ChangetheIPMIpasswordontheOneIdentitySafeguardforPrivilegedSessions.

ThedefaultpasswordisADMINorchangeme,dependingonyourhardware.

NOTE:

EnsurethatyouhavethelatestversionofIPMIfirmwareinstalled.Youcan

downloadtherelevantfirmwarefromtheOneIdentityKnowledgebase.

TochangetheIPMIpassword,connecttotheIPMIremoteconsole.

NOTE:

IfyouencounterissueswhenconnectingtotheIPMIremoteconsole,addthe

DNSnameortheIPaddressoftheIPMIinterfacetotheexceptionlist

(whitelist)oftheJavaconsole.Fordetailsonhowtodothis,seetheJavaFAQ

entrytitledHowcanIconfiguretheExceptionSiteList?.

7. Followingboot,SPSattemptstoreceiveanIPaddressautomaticallyviaDHCP.Ifit

failstoobtainanautomaticIPaddress,itstartslisteningforHTTPSconnectionson

the192.168.1.1IPaddress.

ToconfigureSPStolistenforconnectionsonacustomIPaddress,completethe

followingsteps:

a. AccessSPSfromthelocalconsole,andloginwithusernamerootand

passworddefault.

b. SelectShells > Core shellintheConsoleMenu.

c. ChangetheIPaddressofSPS:

ifconfig eth0 <IP-address> netmask 255.255.255.0

Replace<IP-address>withanIPv4addresssuitableforyourenvironment.

d. Setthedefaultgatewayusingthefollowingcommand:

route add default gw <IP-of-default-gateway>

Replace<IP-of-default-gateway>withtheIPaddressofthedefaultgateway.

e. Typeexit,thenselectLogoutfromtheConsoleMenu.

8. ConnecttotheSPSwebinterfacefromaclientmachineandcompletetheWelcome

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Hardware Installation Guide

Wizardasdescribedin"TheWelcomeWizardandthefirstlogin"inthe

AdministrationGuide.

NOTE:

TheAdministrationGuideisavailableontheSafeguardforPrivilegedSessions

Documentationpage.

Installing two SPS units in HA mode

ThefollowingdescribeshowtoinstallSPSwithhighavailabilitysupport.

To install SPS with high availability support

1. ForthefirstSPSunit,completeInstallingtheSPShardware.

2. ForthesecondSPSunit,completeSteps1-3ofInstallingtheSPShardware.

3. ConnectthetwounitswithanEthernetcableviatheEthernetconnectorslabeledas4.

4. Poweronthesecondunit.

5. ChangetheBIOSandIPMIpasswordsonthesecondunit.Thedefaultpasswordis

ADMINorchangeme,dependingonyourhardware.

6. ConnecttotheSPSwebinterfaceofthefirstunitfromaclientmachineandenable

thehighavailabilitymode.NavigatetoBasic Settings > High Availability .Click

Convert to Cluster,thenreloadthepageinyourbrowser.

7. ClickReboot Cluster.

8. Waituntiltheslaveunitsynchronizesitsdisktothemasterunit.Dependingonthe

sizeoftheharddisks,thismaytakeseveralhours.Youcanincreasethespeedofthe

synchronizationviatheSPSwebinterfaceatBasic Settings > High Availability

> DRBD sync rate limit.

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Hardware Installation Guide

Hardware specifications

OneIdentitySafeguardforPrivilegedSessionsappliancesarebuiltonhighperformance,

energyefficient,andreliablehardwarethatareeasilymountedintostandardrackmounts.

Product Redundant

PSU

Processor Memory Capacity RAID IPMI

SPST-1 No Intel(R)

Xeon(R)

X3430@

2.40GHz

2x4GB 2x1TB SoftwareRAID Yes

SPST-4 Yes Intel(R)

Xeon(R)E3-

1275V2@

3.50GHz

2x4GB 4x2TB LSIMegaRAID

SAS9271-4iSGL

Yes

SPST-10 Yes 2xIntel(R)

Xeon(R)E5-

2630V2@

2.6GHz

8x4GB 13x1TB LSI2208(1GB

cache)

Yes

Safeguard

Sessions

Appliance

3000

Yes 1xIntel

XeonE3-

1275

3.60GHz

8Core

2x16

4x2TB

NLSAS

LSIMegaRAID

SAS9361-4i

Single

Yes

Safeguard

Sessions

Appliance

3500

Yes 2xIntel

XeonSilver

41102.1Ghz

8Core

(=16Core)

8x8GB 9x2TB

NLSAS

1xBroadcom

MegaRAIDSAS

9361-16i+LSI

Avago

CacheVault

PowerModule02

(CVPM02)Kit

Yes

Table 1: Hardware specifications

TheSafeguardSessionsAppliance3500isequippedwithadual-port10Gbitinterface.This

interfacehasSFP+connectors(notRJ-45)labeledAandB,andcanbefoundrightofthe

SPS 6.0 Installation Guide

Hardware specifications

Label1and2Ethernetinterfaces.Ifyouwantfastercommunication,forexample,incase

ofhighdataload,youcanconnectuptotwo10Gbitnetworkcards.Thesecardsarenot

shippedwiththeoriginalpackageandhavetobepurchasedseparately.

SPS 6.0 Installation Guide

Hardware specifications

One Identity Safeguard for

Privileged Sessions Software

Installation Guide

ThisdocumentdescribeshowtoinstalltheOneIdentitySafeguardforPrivileged

Sessions(SPS)softwareonacertifiedhardware.Thelistofcertifiedhardwareis

availableatOneIdentity.

NotethatinstallingandreinstallingSPScantakealongtime,especiallyforaHAcluster.

Therearenosupportedworkaroundsforreducingthenecessarydowntime.OneIdentity

recommendstestingSPSinavirtualenvironment,andusingphysicalhardwareonlyfor

verifyingHAfunctionalityandmeasuringperformance.

Installing the SPS software

ThefollowingdescribeshowtoinstallanewSPSonaserver.

Prerequisites:

When installing SPS on a physical hardware, make sure that you use a One Identity-

supported appliance, and that every hard disk required for the particular appliance is

inserted. Installing SPS without the required number of hard disks can cause

erroneous behavior.

To install a new SPS on a server

1. LogintoyoursupportportalanddownloadthelatestOneIdentitySafeguardfor

PrivilegedSessionsinstallationISOfile.Notethatyouneedtohavepartneraccess

todownloadOneIdentitySafeguardforPrivilegedSessionsISOfiles.Ifyouarea

partnerbutdonotseetheISOfiles,youcanrequestpartneraccesswithin

supportportal.

2. MounttheISOimage,orburnittoaCD-ROM.

3. ConnectyourcomputertotheIPMIinterfaceofSPS.Fordetails,seethefollowing

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Software Installation Guide

documents:

ForSafeguardSessionsAppliance3000and3500,seetheX9SMTIPMIUser'sGuide.

4. Powerontheserver.

5. LogintotheIPMIwebinterface,andboottheOneIdentitySafeguardforPrivileged

SessionsinstallationCDontheserverusingavirtualCD-ROM.Fordetails,seethe

followingdocuments:

ForSafeguardSessionsAppliance3000and3500,seetheX9SMTIPMIUser'sGuide.

6. WhentheOneIdentitySafeguardforPrivilegedSessionsinstallerstarts,select

Installer,pressEnter,andwaituntiltheserverfinishesthebootprocess.

TIP:

Fortestingpurposes,youcanspeedupinstallationattheexpenseofslowing

downRAIDsynchronization.AddthefollowingkernelparametertoInstallerin

GRUB:

lazy_itable_init=true

Thisoptiondefersfullfilesysteminitialization,requiringthekerneltofinishit

duringRAIDsynchronization,whichslowsthatprocessdownconsiderably.This

isnotrecommendedinaproductionenvironment.

7. InstallingSPSwillcompletelydeletethecontentsoftheharddisks.If youwant

toproceedinstallingSPS,enterYEStostarttheinstallationprocess.Dependingon

thesizeofthedisks, theinstallationprocesstakes fromafewminutestoan

hourtocomplete.

CAUTION:

Hazard of data loss All data on the disks will be deleted.

8. Theinstallerdisplaysthefollowingmessage:Waiting for RAID sync...,andstarts

tosynchronizethedisksofSPS.

lYouarerecommendedtowaituntilthesynchronizationfinishes.RAID

synchronizationisatwo-stepprocess,theprogressoftheactivestepis

indicatedontheprogressbar.Waituntilbothstepsarecompleted.Notethat

thissynchronizationtakesseveralhours,dependingonthesizeofthehard

disks(about8hoursontheaverage).

lToskiptheRAIDsynchronization,pressCtrl+Alt+DeletetorebootSPS.Note

thatthesystemwillautomaticallyperformthesynchronizationafterthefirst

boot,butinthiscasetheprocesswilltakeseveraldays.

9. Whentheinstallationisfinished,theInstallation finished successfullymessageis

displayed.Unmounttheinstallationmedia,thenpressCtrl+Alt+DeletetorebootSPS.

WaituntilthesystemrebootsanddisplaystheIPaddressitacceptsmanagement

connectionson.

10. If you are installing the slave node of a SPS cluster, skip this step.EntertheIP

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Software Installation Guide

addressdisplayedinthepreviousstepintoyourbrowserandverifythattheWelcome

WizardoftheOneIdentitySafeguardforPrivilegedSessionsisavailable.(Ifyou

havetocreateanaliasIPaddressforyourcomputerthatfallsintothe

192.168.1.0/24subnet(forexample192.168.1.10),see"TheinitialconnectiontoOne

IdentitySafeguardforPrivilegedSessions(SPS)"intheAdministrationGuide.)

NOTE:

Fordetailsonthesupportedwebbrowsersandoperatingsystems,see

"Supportedwebbrowsersandoperatingsystems"intheAdministrationGuide.

Figure 1: The Welcome Wizard

11. Poweroffthesystem.

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Software Installation Guide

One Identity Safeguard for

Privileged Sessions VMware

Installation Guide

ThistutorialdescribesthepossibilitiesandlimitationsofinstallingOneIdentitySafeguard

forPrivilegedSessions(SPS)6.0asavirtualapplianceunderaVMwareESXiserver.

Installing SPS under VMware ESXi/ESX

ThefollowingdescribeshowtoinstallanewSPSunderVMware ESXi or ESX.

To install a new SPS under VMware ESXi or ESX

1. CreatethevirtualmachineforSPSusingthefollowingsettings.Notethatthese

settingsaresuitableforevaluationpurposes.TotestSPSundersignificantload,

contactOneIdentityforrecommendations.

lGuestoperatingsystem:Linux/Ubuntu 64-bit

lAllocatememoryforthevirtualmachine.SPSrequiresaminimumof4GiB(8

GiBisrecommended)ofmemory.Therecommendedsizeforthememory

dependsontheexactenvironment,butconsiderthefollowing:

lThebasesystemrequires4GiBofmemory.

lSPSrequiresabout1-5MiBofmemoryforeveryactiveconnection,

dependingonthetypeoftheconnection—graphicalprotocolsrequire

morememory.

lTheharddiskcontrollermustbeLSI Logic Parallel.

lDonotuseRAIDfortheharddisk,usethedataduplicationfeaturesofyour

virtualenvironmentinstead.Thatway,asingleharddiskissufficientforthe

system.Ifyouneedtousethebuilt-inRAIDsupportofSPSforsomereason,

usetwoharddisks,andSPSwillautomaticallyusetheminsoftwareRAID.

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions VMware Installation Guide

CAUTION:

Hazard of data loss When you install or reinstall SPS in a virtual

environment, always create new hard disks. Using existing hard

disks can cause unexpected behavior and operational problems.

lConfigureafixedsizediskwithatleast20GiBspace.About10GiBis

requiredforthebasesystem,theremainingdiskspaceisusedtostore

data.Toincreasetheinitialdisksize,seeModifyingthedisksizeofaSPS

virtualappliance.

l

NOTE:

SPSwillusethenetworkcardwiththelowestPCIIDaseth0(Physical

interface 1),thecardwiththesecondlowestPCIIDaseth1(the

Physical interface 2),andsoon.Insomecases,thismightdifferfrom

thelabelsintheVMWaremanagementinterface,forexample,itis

possiblethateth0willbelabeledasNetwork adapter 4,andasaresult,

theSPSWelcomeWizardwillnotbeavailableonNetwork adapter 1.

SPSrequiresatleastonenetworkcard(preferablyVMXNET3)tofunction.

Configurationscanuseupto6networkcards.

NOTE:

Thefourth(eth3)networkcardisreservedforHighAvailabilitymodeby

default.Therefore,makesureyouenable,butdonotattach,thefourth

(eth3)networkcardtoanetwork.

2. Aftercreatingthevirtualmachine,editthesettingsofthemachine.Setthe

followingoptions:

a. UnderOptions > VMware ToolsenabletheShutdown, Suspend, Reset

options,otherwisetheSPSadministratorwillnotbeabletoaccessthese

functionsfromtheSPSwebinterface.

b. UnderOptions > Boot optionsenabletheForce BIOS Setupoption.Thisis

requiredtobeabletocheckthesystemtime(andmodifyitifneeded)before

installingSPS.

3. LogintoyoursupportportalanddownloadthelatestOneIdentitySafeguardfor

PrivilegedSessionsinstallationISOfile.NotethatyouneedtohavepurchasedSPS

asavirtualapplianceorhavepartneraccesstodownloadOneIdentitySafeguardfor

PrivilegedSessionsISOfiles.IfyouareapartnerbutdonotseetheISOfiles,you

canrequestpartneraccesswithinsupportportal.

4. MounttheISOimageandbootthevirtualmachine.Followtheon-screeninstructions

toinstallSPS.

Limitations of SPS under VMware

Thefollowinglimitationsapplytorunningversion6.0ofSPSunderVMware:

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions VMware Installation Guide

lSPScanbeinstalledunderthefollowingVMwareversions:

lVMwareESXi5.5orlater.

lVMwareESXi6.0orlater.

lVMwareESXi6.5orlater.

lSPScanonlyusefixeddiskspaceassignedtothevirtualhost,itisnotpossibletouse

on-demanddiskallocationscenarios.Toincreasethesizeofthevirtualdisk,see

ModifyingthedisksizeofaSPSvirtualapplianceonpage32.

lIfHighAvailability(HA)operationmodeisrequiredinavirtualenvironment,usethe

HAfunctionprovidedbythevirtualenvironment.

lHardware-relatedalertsandstatusindicatorsofSPSmaydisplayinaccurate

information,forexample,displaydegradedRAIDstatus.

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions VMware Installation Guide

One Identity Safeguard for

Privileged Sessions Hyper-V

Installation Guide

ThistutorialdescribesthepossibilitiesandlimitationsofinstallingOneIdentitySafeguard

forPrivilegedSessions(SPS)6.0asavirtualapplianceunderaHyper-Vserver.

Limitations of SPS under Hyper-V

Version6.0ofSPShasnospecialsupportforrunningunderHyper-V.Whilethebasic

functionalityofSPSisnotaffectedbyrunningasavirtualappliance,thefollowing

limitationsapply:

lIfHighAvailability(HA)operationmodeisrequiredinavirtualenvironment,usethe

HAfunctionprovidedbythevirtualenvironment.

lHardware-relatedalertsandstatusindicatorsofSPSmaydisplayinaccurate

information,forexample,displaydegradedRAIDstatus.

lWhenrunningSPSunderMicrosoftHyper-V,ensurethatthenetworkinterfacesare

actuallyconnectedtothenetwork.WhenrunningunderHyper-V,SPSindicateson

theBasic Settings > Network > Ethernet linkspagethatthereisalinkevenif

thenetworkinterfaceisconfiguredandenabled,butnotconnectedtothenetwork.

lWhenrebootingSPSinHyper-V,thefollowingcriticalerrormessagemayappearin

theeventlogoftheHyper-Vhost:

<Virtual machine name> was reset because an unrecoverable error occurred on a

virtual processor that caused a triple fault.

Thisisnormal,thereisnoproblemwithSPS.Fordetails,seeTriplefaultineventlog

showsresetofLinuxvirtualmachines.

SPS 6.0 Installation Guide

One Identity Safeguard for Privileged Sessions Hyper-V Installation Guide

This manual suits for next models

Table of contents

Other One Identity Server manuals

One Identity

One Identity Safeguard for Privileged Passwords 2000 User manual

Popular Server manuals by other brands

QNAP

QNAP TS-31P3 Series user guide

Dell

Dell PowerEdge 2410 manual

Dell

Dell PowerEdge R610 Hardware owner's manual

Compaq

Compaq ProLiant DL380 G2 installation guide

Stentofon

Stentofon alphaCom XE Installation, configuration & operation

Xblue Networks

Xblue Networks X-50 Quick installation guide

DMP Electronics

DMP Electronics eBox-3300 user manual

Dell

Dell PowerEdge R910 Getting started with

D-Link

D-Link Epress EtherNetwork DP-301P+ Quick installation guide

Gigabyte

Gigabyte G293-S45-AAP1 user manual

HPE

HPE Apollo 2000 Gen10 Plus System Product End-of-Life Disassembly Instructions

Vivotek

Vivotek VS2402 Quick installation guide

IBM

IBM XGS 5200 Assembly instructions

Penguin Computing

Penguin Computing Altus 2804i Technical guide

Oracle

Oracle Sun Fire X4240 Service manual

Dell

Dell PowerEdge 2500 Activation guide

TimeTools

TimeTools DirekTronik 119-0219 T300 Hardware installation guide

NCR

NCR S26 user guide

One Identity Safeguard for PrivilegedSessions 6.0 User manual

Popular Server manuals by other brands