• Site Map
• Contact Us

• Home
• Our Company
  • Customers
  • Careers
  • Contact Us
  • RSS & Blogs
• Products
  • Identity Manager
  • Password Manager
  • Group Manager
  • Privileged Password Manager
  • Download evaluation
  • Releases
  • CC Certification
• Solutions
  • Security, Governance and Regulatory Compliance
  • Reduce IT Support Cost
  • Improve User Service
• Support
  • Shipping products
  • Supported versions
  • Customer Portal
  • Create Incident
• Services
  • Solution Delivery Services
  • Solution Delivery Process
  • Education
  • Upgrades
  • AdMax Program
  • Outsourced IdM Administrator Service
  • Guarantee
• News &  Events
  • Press Releases
  • Press Coverage
  • Upcoming Events
  • Archived Webinars
• Resource Center
  • White Papers
  • Independent Reviews
  • Brochures
  • Slide Decks
  • Case Studies
  • Regulatory Compliance
  • Certifications
  • Community
• Partners
  • Technology Partners
  • Certified Resellers
  • System Integrators and Consultants
  • Managed Service Providers
  • Public Sector
  • Partner Portal
  • Partner Programs

Technology Auto Discovery

  

Auto Discovery

Finding and auto-configuring servers

(1) In organizations with large numbers of servers, clearly it is desirable to auto-discover and auto-maintain a list of servers and lists of accounts to manage on each server, rather than manually adding and maintaining thousands of separate target systems and accounts.

To auto-discover servers, most organizations pull data from an Active Directory or LDAP directory. Computer objects discovered in the directory are classified based on their attributes and automatically managed (or not) and attached to appropriate resource groups, where policies are applied.

A second auto-discovery process probes each managed system to find accounts that should be managed. On all systems, a list of local users is generated. On Windows systems (as distinct from other platforms), this process also lists services, scheduled jobs, IIS anonymous access directories and DCOM services, and see what accounts are used to run each of them. Import rules determine which of these accounts will be managed by Hitachi ID Privileged Password Manager (e.g., based on account attributes, group IDs, etc.) and to which security policy to attach each account.

Alternatives to Active Directory- or LDAP-driven computer object lists include DNS queries or zone transfers, IP port scans of specific subnets and data imports from an inventory management system.

Privileged Password Manager also includes an automated mechanism to inform programs that store a copy of passwords of new password values. A plug-in program is provided to connect to Windows servers after each password change and automatically update Service Control Manager, Windows Scheduler, IIS or DCOM with new password values.

Finding and auto-configuring workstations

(2) In organizations that deploy the Privileged Password Manager workstation service, there is no need to manually configure client devices in the Privileged Password Manager database. Instead, the workstation service is installed on devices through one of several means:

1. By being made a part of the standard workstation software image.
2. By being distributed through a system such as SMS.
3. By being distributed using an Active Directory Group Policy Object (AD GPO).

Once installed, the Privileged Password Manager workstation service automatically starts and registers itself, along with all local user accounts with the central Privileged Password Manager server cluster.

The software installation MSI package is constructed on the Privileged Password Manager server and includes information about the Privileged Password Manager server URL, what resource groups workstations should be attached to, etc. This means that software installation can be fully automated and does not present a user interface.

A similar approach is used to deliver .tar format installation packages to Unix and Linux workstations.

© Hitachi ID Systems, Inc. . All rights reserved.