Backup Accounts

Solutions of Privileged Access Management class are a combination of hardware, software and organizational tools that protect privileged accounts from unauthorised use.

One of the Axidian Privilege protection mechanisms is isolation of account passwords in the Axidian Privilege Core storage, encryption of those, as well as change of passwords to random or user-specified values on schedule or upon request.

The Axidian Privilege Core storage is a critical element. If it is damaged, then all the resources become inaccessible, since account passwords are unknown either to administrators or users.

It is highly recommended to assign a backup account for every resource. This account must possess local administrator privileges (Windows) or have privileges to execute SUDO command (Unix\Linux). This would allow to restore resource accessibility in case the data storage of Axidian Privilege Core fails. Therefore, you should assign an employee who is responsible for storing the backup accounts and passwords.

Access to Axidian Privilege

To provide for security of Axidian Privilege components, it is recommended to install the system according to Basic deployment. In this case, the following components are installed on a single server:

• Axidian Privilege Core
• Axidian Privilege IdP
• Axidian Privilege Management Console
• Axidian Privilege User Console
• Axidian Privilege Log Server
• Axidian Privilege EventLog
• Microsoft SQL Server or PostgreSQL

Placing the key components of Axidian Privilege and data storage to a single server allows to reduce risk of their unauthorized use. The following ports must be open to provide for correct operation: