11/4/2015

CyberArk University
Components Installation

Central Policy Manager

 Central Policy Manager (CPM)

 Acts as middleware between Vault and target
systems
 Manages password change processes -
how and when to change a PW
 Constantly communicates with the Vault
 Talks to all managed systems
 Can be a domain member

2
2

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 1
 11/4/2015

CPM – Basic Architecture

3
3

CPM – Distributed Architecture

4
4

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 2
 11/4/2015

Setup and Prerequisites

5
5

Installation Prompts

6 6

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 3
 11/4/2015

Setup Type – Previous Version of Policy Manager

7
7

Vault Username and Password

8
8

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 4
 11/4/2015

Oracle Instant Client

Required for Oracle

password management

9
9

CPM Installation Logs

10
10

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 5
 11/4/2015

Post Installation – New Safes in Vault

11
11

Password Manager Safe

12
12

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 6
 11/4/2015

PasswordManagerShared Safe

The ‘.ini’ files in the

PasswordManagerShared safe contain the
“Automatic Password Management” section
for each platform

13
13

Sample Policy - UnixSSH

Each ini file contains a PolicyID, which will

have a corresponding entry in the
Polcies.xml file.

14
14

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 7
 11/4/2015

Password Vault Web Access

 Password Vault Web Access - PVWA

 Only interface for most users

 Primary interface for Vault Admins (PrivateArk client

is still required for some tasks)

 At least one CPM installed before installing PVWA

PVWA relies on CPM to exist

15
15

PVWA Prerequisites – Web Server (IIS)

16
16

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 8
 11/4/2015

Installation Prompts

17
17

Web Application and Configuration Files Destinations

18
18

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 9
 11/4/2015

Setup Type – Web Interfaces

Mobile Password Vault Web

Access allows access through a
mobile devices. Primary use
cases are:
• Retrieving passwords when
a computer is unavailable
• Approving Dual Control
requests

19
19

Web application details – Authentication Methods

Authentication type
controls which
authentication
methods will be
available from the
PVWA

If you leave the

Default Authentication
set to none, users will
have all
Authentication types
available at the login
screen.

20
20

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 10
 11/4/2015

CPM User

21
21

Vault Server’s Connection Details

22
22

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 11
 11/4/2015

Vault Username and Password

23
23

Installation Complete

24
24

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 12
 11/4/2015

PVWA Safes

25
25

PVWAConfig Safe - Policies.xml

This Policies.xml contains “UI & Workflow”

settings for all platforms.

The PlatformBaseID, ties the

platforms listed in the
Policies.xml with the platforms
contained in the
PasswordManagerShared safe.

26
26

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 13
 11/4/2015

Built-in Components Users

PVWAAppUser is used by
the Password Vault Web
Access for internal
Processing

PVWAGWAccounts is the
Gateway user through
which other users will
access the Vault

27
27

© Cyber-Ark® Software Ltd - No part of this material may be disclosed to any person or firm or reproduced by any
means, electronic and mechanical, without the express prior written permission of Cyber-Ark® Software Ltd. 14