Lotus Notes,
Microsoft Exchange.
RSA, SafeWord, ActivCard,
Smart cards.
Applications:
Citrix, VMware, Symantec
Backup Exec, CA ARCserve,
McAfee ePolicy Orchestrator.
Network Devices:
Cisco, Juniper, Check Point,
F5, Brocade, HP ProCurve.
In addition, Privileged Access Manager includes a robust SDK and API for developing custom connectors
to any other systems or applications. This includes connectors for:
- Third party job schedulers like Control-M
- Proprietary applications and databases
- Embedded systems like routers, switches, firewalls
- Custom or legacy applications
2. Contents
1 What business problems does Hitachi ID Privileged Access Manager address? 1
2 How does Hitachi ID Privileged Access Manager work? 1
3 How often does Hitachi ID Privileged Access Manager change passwords? 2
4 How do we control who can sign into which privileged accounts? 2
5 How do we grant someone temporary or one-time access to a privileged account? 3
6 Can we configure a "two keys to launch" scenario for super-sensitive systems? 4
7 Can Hitachi ID Privileged Access Manager manage password changes to Windows service
accounts? 4
8 Can Hitachi ID Privileged Access Manager randomize passwords on ....? 6
9 Can Hitachi ID Privileged Access Manager launch an administrator login sessions to ....? 7
10 What happens when an administrator needs to sign into the physical console of a server? 8
11 Which web browsers does Hitachi ID Privileged Access Manager support? 8
11.1 Basic user interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
11.2 ActiveX components used to launch login sessions . . . . . . . . . . . . . . . . . . . . . . . 9
12 Can Hitachi ID Privileged Access Manager you secure privileged passwords on laptops
(which move around and get disconnected)? 9
13 How can we automate the setup and teardown of thousands of systems on Hitachi ID
Privileged Access Manager? 11
14 Can Hitachi ID Privileged Access Manager assign privileges less than full-administrator to
users? 12
15 Can Hitachi ID Privileged Access Manager interoperate with sudo on Unix/Linux? 13
16 Can Hitachi ID Privileged Access Manager integrate with SIEM systems? 14
17 How does Hitachi ID Privileged Access Manager defend itself against compromise of sen-
sitive passwords? 14
i
20. Hitachi ID Privileged Access Manager Frequently Asked Questions
20 How does Privileged Access Manager control access to recorded
login sessions (privacy protection)?
Session monitoring can have serious implications on user privacy and so should be implemented with
great care. The session monitoring infrastructure is subject to strict access control rules and workflow
infrastructure. For example, an auditor must first request the right to perform a given search through session
data. If approved, he can execute the search and may find sessions of interest. The auditor must then
request the right to playback selected sessions. Only if this second request is approved can the auditor
retrieve session data. Of course, all such requests and searches this is indelibly logged.
Another measure used to protect user privacy in Hitachi ID Privileged Access Manager is a pattern-matching
censorship process. Hitachi ID Systems customers are encouraged to define regular expression patterns,
matching passwords, social security numbers, credit card numbers, bank account numbers, etc. A pro-
cess on the Privileged Access Manager server post-processes keystroke and keyword data captured by
the session monitor, searching for matches for these patterns. Matches are deleted from the keystroke and
keyword database.
www.Hitachi-ID.com
500, 1401 - 1 Street SE, Calgary AB Canada T2G 2J3 Tel: 1.403.233.0740 Fax: 1.403.233.0725 E-Mail: sales@Hitachi-ID.com
File: / pub/ wp/ documents/ faq/ hipam/ hipam-faq-1.tex
Date: 2011-07-15