Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Respected Contributor.. Pierrot_2 Respected Contributor..
Respected Contributor..
397 views

CyberArk on servers manged by HPSA

We are looking into installing CyberArk Enterprise Password Vault and related modules on Unix and Windows servers managed by HPSA. I was wondering if anyone has seen it working and would like to know the implications taht it would have on HPSA Remote Terminal, OGFS schipts, TLG/ROSH, audit checks etc. 

I have a hard time understanding the way CyberArk works... does it replace the "login" process? etc...

 

Thanks

 

 

Pierre

 

0 Likes
5 Replies
ciufudean Absent Member.
Absent Member.

Re: CyberArk on servers manged by HPSA

The UCMDB team are working / or have already an integration with CyberArk.

0 Likes
Contributor.. johancarstens Contributor..
Contributor..

Re: CyberArk on servers manged by HPSA

 

Hi, I am just enquiring about your experience with HPSA and CyberArk and if you experienced any HPSA functionality limitations?

 

Thank you.

0 Likes
Super Contributor.. Silverloki Super Contributor..
Super Contributor..

Re: CyberArk on servers manged by HPSA

We have not had any issues with SA interacting with our implementation of cyberark.  The setup that we have is using cyberark to provide password management for service accounts that are managed thru LDAP.  So the actual interaction with SA is extremely limited unless your actively trying to use one of those accounts, since SA uses root/localsystem as its intergration account and those are not included in our implemenation of cyberark.  And I don't think even if you were changing Root passwords with it that it would matter since the Agent itself is providing that root level authorizaion.

Now in disclaimer because of the password changing nonsense I have not implemented any portion of that for the SA enviornment itself.  SA has enough issues without trying to change its passwords constantly.  I suspect trying to use Cyberark for your SA accounts would be a painful experience. 

0 Likes
Respected Contributor.. Pierrot_2 Respected Contributor..
Respected Contributor..

Re: CyberArk on servers manged by HPSA

You could import the cyberark LDAP accounts in SA, even have SA specific AD/LDAP groups. when users access managed servers with OGFS or remote terms with these IDs it uses the cyberark policy/passsowrds, if they need elevation of priv, it's handled localy. As for root, usualy used for automations, use only AD/LDAP managed service accounts in SA for "Login as". The difficult part is the reporting of activities, the access rights per users, etc...

0 Likes
Highlighted
Respected Contributor.. mhalderman Respected Contributor..
Respected Contributor..

Re: CyberArk on servers manged by HPSA

My experience has been the same. No issues. I can see where you would get into a situation (recurring jobs) where you need to provide credentials for some job executions that dont run as root/local system though. Importing the AD/LDAP users into HPSA and running the jobs as that user should clean that up though.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.