Versions Compared

Old Version 2

changes.mady.by.user Unknown User (anastasia.antonenko)

Saved on

compared with

New Version Current

changes.mady.by.user Unknown User (anastasia.antonenko)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Rebranding

This section describes the steps required to prepare to install Axidian Privilege.

Page Tree
root@self

Storage of video, screenshots and transferred files

File storages are necessary for aggregation and long-term storage of videos, screenshots and files transferred in sessions.

File storage account

Warning
iconfalse

A domain account is required to work with file storage, recommended to use the already created IPAMStorageOps account. 

Create and configure file storage

  1. Log in to the server, which will act as a file storage
  2. Create folders, for example MediaDataShadowCopyScreencasts
  3. Right click on the folder you created, select the item Share with > Specific people
  4. Enter the username, for example IPAMStorageOps and click Add
  5. In the "Permission level" column, click the Read value next to the IPAMStorageOps user and select Read/Write from the menu.
  6. Finish by clicking Share

Data storage

Indeed Identity PAM uses Microsoft SQL Server or PostgreSQL Pro to store data. The following components require databases:

  • IPAMCore - PAM Core component database is used to store Indeed Identity PAM privileged accounts, resources, permissions, and other service data
  • IPAMCoreJobs - PAM Core component database is used to store scheduled jobs
  • IPAMIdp - IdP component database is used to store authenticators of Indeed Identity PAM users and administrators
  • IPAMIdpJobs - IdP component database is used to store scheduled jobs
  • ILS - Log Server component database is used to store the Indeed Identity PAM event

Database creation

...

stylebackground:#FAFAFA
Expand
titleMicrosoft SQL Server
  1. Launch Microsoft SQL Management Studio (SSMS) and connect to Microsoft SQL Server instance
  2. Open the context menu of Databases item
  3. Select the New Database item
  4. Specify a database name, for example IPAMCoreIPAMCoreJobsIPAMIdP, IPAMIdpJobs, ILS
  5. Click ОK

...

stylebackground:#FAFAFA
Expand
titlePostgreSQL, PostgreSQL Pro
  1. Launch pgAdmin and connect to the PostgreSQL Pro server
  2. Open the context menu of the Databases item 
  3. Select Create, Database
  4. Specify a database name, for example: IPAMCoreIPAMCoreJobsIPAMIdP, IPAMIdPJobs, ILS
  5. Click Save

Creating a service account to work with data storage

...

stylebackground:#FAFAFA
Expand
titleMicrosoft SQL Server
  1. Start Microsoft SQL Management Studio (SSMS) and connect to the Microsoft SQL Server instance
  2. Expand the Security item
  3. Open the context menu of Logins item
  4. Select the Create login item
  5. Enter the name, for example IPAMSQLServiceOps
  6. Select SQL Server authentication item and fill in the required fields
  7. Switch to User Mapping item
  8. Check IPAMCoreIPAMCoreJobsIPAMIdP, IPAMIdPJobs and ILS databases
  9. Check database roles db_ownerdb_datareader and db_datawriter
  10. Click ОK

...

stylebackground:#FAFAFA
Expand
titlePostgreSQL, PostgreSQL Pro
  1. Launch pgAdmin and connect to the PostgreSQL Pro server
  2. Open the context menu of the Login/Group Roles item
  3. Select Create, Login/Group Role
  4. Specify a Name, for example IPAMSQLServiceOps
  5. Go to Definition tab, enter the new password for account
  6. Go to Privileges tab, check Yes for Can Login? and Superuser? items
  7. Click Save, repeat for the rest of the databases.
Note
iconfalse

The grants db_owner for Microsoft SQL Server and Superuser for PostgreSQL are required only for the first access to the database.

Backtotop
Delay0
Distance250

...

classrightFloat

...