Scribd
Upload
43 views

WI-How To Establish PSM Session

This document provides instructions for database administrators (DBAs) to access database servers using privileged accounts via Total Privileged Access Management's (TPAM) privileged session management (PSM) feature. It defines terms related to TPAM and PSM. The steps outlined include logging into the TPAM console, searching for and requesting a PSM session on the target server, and connecting to the session once approved. Assumptions are made that the server and account are onboarded in TPAM and the user is authorized to request PSM sessions.

Uploaded by

Vinu3012
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
43 views

WI-How To Establish PSM Session

This document provides instructions for database administrators (DBAs) to access database servers using privileged accounts via Total Privileged Access Management's (TPAM) privileged session management (PSM) feature. It defines terms related to TPAM and PSM. The steps outlined include logging into the TPAM console, searching for and requesting a PSM session on the target server, and connecting to the session once approved. Assumptions are made that the server and account are onboarded in TPAM and the user is authorized to request PSM sessions.

Uploaded by

Vinu3012
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 9

Merck & Co., Inc.

WI – How to establish PSM


Session to Unix/Linux/Windows
Servers

Database Platform Engineering

Version 1.0
Publication Record
Version Date Author Description
#
1.0 7/30/2014 Reddy Loka Initial Document.
WI – How to establish PSM session to UNIX/Linux/Windows
Servers.

□ Purpose
The purpose of this article is to define the procedures for accessing database
servers using privileged accounts like ormerck, orasp or windows accounts by
DBAs, via TPAM PSM session.

□ Acronyms and Definitions

Acronym – Term Definition


TPAM Total Privileged Access Management System owned and
managed by IT Risk and Compliance Team.
PSM Privileged Session Management
RDP Remote Desktop
PPM Privileged Password Management
VNC Virtual Network Computing

□ References
ITPLN-0019 - Oracle Database ITPLN-0019 - Oracle Database Services Support Plan.
Services Support Plan The purpose of this document is to define the roles,
responsibilities and procedures involved in managing
the Oracle Database Platform

□ Roles and Responsibilities


The following roles define the intended audience of this SOP. These roles are
used in the task/step descriptions within this standard operating procedure.
Role Role Responsibility
DBA DBAs are required to manage access to database servers that are
on-boarded to PAM system using either PSM or PPM sessions.

□ Conventions
The following table defines the typographical conventions used in this
document.
Identifier Description Example
BOLD New Terms The Modify Node window
Computer Literal transcriptions of computer Command names:
Output output
 
 
  Command names
Use the Search command…
 
  Functions names Use opc_conf () function to
Page 3 of 11 SQL Server – Database Platform Engineering Version 1.0
WI – How to establish PSM session to UNIX/Linux/Windows
Servers.
Identifier Description Example
connect
  File Directory names /opt/OV/bin/OpC

 
  Process Names Check to see if opcmona is running
Computer Input Literal transcriptions of computer At the prompt, type: uxwsmgt5
input (e.g., user entries to be  
  typed on a keyboard) appear in
bold Courier New font (Computer
Input text style).
{Note} Supplemental explanatory notes {Note: you can not use this feature
appear in italic font and are enclosed to supply variable names which
in braces {}. Such notes do not must be typed in the expression}
contain any required actions, but may
add context information or indicate
why an action is needed. 9pt Font.
!!Warning!! A warning is enclosed in double !!Warning: Be extremely
exclamation marks and font color careful when editing
is red to indicate disastrous /etc/exports!!
results may occur if not adhered
to.
<variable> Text elements delimited by angle (e.g., <ISID>, <account_name>)
brackets represent placeholders
for information that can vary and
must be determined or verified at
the time the procedure is used.
All such variables are listed and
defined in the Entry Criteria
section.
[Button] Buttons on the user interface. Click [Operator] or Click on the
Buttons will be bolded. [Apply] button
Menu Items A menu followed by a colon (:) Select Actions: Utilities
means that you select the menu, ->Reports…
then the item.

When the item is followed by and


(->), a cascading menu follows.
This information will be bolded.
Keycap Keyboard keys. Press RETURN

□ Assumptions
1. Access to TPAM Servers is granted for your ISID
2. The server and the OS account you plan to use is on-boarded to PAM and enabled
for Privileged Session Management (PSM).
a. On UNIX/Linux servers when you try to login, if the server is already on-
boarded to PAM, you would see a message like below.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Page 4 of 11 SQL Server – Database Platform Engineering Version 1.0


WI – How to establish PSM session to UNIX/Linux/Windows
Servers.
!! This system has been onboarded to TPAM. Please use the
TPAM interface link
below to request privileged access to the server.
!! TPAM URL: http://tacs.merck.com
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
3. Check the spreadsheet below under “Database OS Accounts” or “DB Accounts –
SQL” to see if the account you plan to login with is already on-boarded to PAM.
i. http://ts1.merck.com/com/it_service_management_office/Docume
nts/302%20-%20Global%20Infrastructure%20Operations/GIO
%20Projects/GIO%20PAM%20on%20boarding/PAM
%20schedule%20final_09162014.xlsx

4. Your ISID is authorized for PSM session to the server using the account you plan
to use.

□ Instructions

1. Log in to PAM PRD1 console using below URL with your ISID.
https://tacs.merck.com/par
2. Enter your ISID and Password in the popup login window.

3. Click on No in the pop-up window to not close the tab.

Page 5 of 11 SQL Server – Database Platform Engineering Version 1.0


WI – How to establish PSM session to UNIX/Linux/Windows
Servers.
4. This will open another browser window and takes you to your landing
page (home).
5. Click on Add Session Request

6. Enter the System Name and/or the account name. Adjust Max Rows to
Display value if required. You could also enter partial system and/or
account name followed by % sign. Click on Accounts tab.

7. Select the account for which you are requesting PSM session and click on
Details tab. Please note that the account must be “Available” for you to
Page 6 of 11 SQL Server – Database Platform Engineering Version 1.0
WI – How to establish PSM session to UNIX/Linux/Windows
Servers.
use. On Unix/Linux unlimited PSM sessions are configured for each
account so this would not be an issue. However on windows side we have
five accounts each configured for only one PSM session at a time, so you
need to select the account that is available.

8. Uncheck “Request Immediate” if this is for a future request and enter


date and time you plan on starting this session. Enter the duration for
which you plan on being connected using PSM. Leave the reason code as
is. For Request Reason please enter a remedy WO/Incident/CRQ/PBI
number that you are trying to resolve/service via this session. If none of
the remedy items are applicable then enter a detailed description. Click on
Save Changes.

Page 7 of 11 SQL Server – Database Platform Engineering Version 1.0


WI – How to establish PSM session to UNIX/Linux/Windows
Servers.

9. If an approval is required for this request, email notification would


automatically go to the approvers. Once the required approvals are granted
or if no approvals are required, the Connect button in the bottom will
become enabled during the request window. Click on Connect. Click on
Yes for Java runtime warning message window. VNC XTerm session for
Unix/Linux systems and RDP session for Windows will open in another
browser window. This will also enable the Terminate button in the PAM
window.
10. When you are done using the PSM session, exit out of VNC session
(Unix/Linux) or Log off from RDP session (Windows) and then terminate
the PSM session by clicking on Terminate. If you are done with PSM
session ahead of the requested duration, enter the details stating your work
is complete in “Cancel/Expire Reason:” field and click on Save Changes.
This will completely close your PSM session request and the account will
become available for use by others.

Page 8 of 11 SQL Server – Database Platform Engineering Version 1.0


WI – How to establish PSM session to UNIX/Linux/Windows
Servers.

Page 9 of 11 SQL Server – Database Platform Engineering Version 1.0

You might also like