Enterprise Random Password Manager™ (ERPM) is an n-tiered, agentless privileged access management solution that secures large and complex enterprise networks. The ERPM architecture consists of:
ERPM is an n-tier solution comprising a management console, database and web application.
The Management Console provides centralized administration for ERPM. This is where management sets, system lists, users, groups and role-based access workflows are configured and managed. The Management Console application must be installed on Windows Server 2008 or above.
The Management Console application requires access to a SQL Server database to store password credentials (encrypted) and audit logs. The construction of the required tables, views, stored procedures, and security roles are handled automatically by the application. You can leverage your organization’s trusted processes for database management, monitoring, and high availability – giving you unmatched transparency and control.
ERPM encrypts the information it stores about systems, users and access at multiple points. Credentials and system data are stored in an AES-256 encrypted database. ERPM provides the option for hardware-based encryption, at FIPS 140-2 Levels 2 and 3, when used with a PKCS #11 device. ERPM also provides secure and delegated storage of important documents and files from within the data store.
The Web Application provides your authorized staff with audited access to credentials, configuration settings and reports. The responsive HTML 5 web interface can be customized as required to efficiently access and administer ERPM from your device.
The web application also provides multi language support that lets you select from more than 20 languages, including English, German, French, Russian, Spanish, Portuguese, Chinese (simplified and traditional) and more.
Platform Support and Enterprise Integrations
ERPM offers more extensive platform support than any other privileged identity management solution – including nearly all operating systems, databases, and network devices. It also leads the industry in out of the box enterprise integrations with help desk systems, security frameworks, directory services and other IT security solutions.
ERPM offers interfaces with Windows PowerShell® and SOAP web services that provide a programmatic option for privileged identity management in large, multi-tenant organizations. The discovery, auditing and access control of credentials and SSH keys in large enterprises and service providers can be managed entirely by machines, rather than through direct human interaction.
The SOAP-based Web Services interface allows programmatic orchestration of nearly all product features, including password check-in/checkout, credentials changes and auditing. A command line interface in the form of PowerShell cmdlets allows virtually any operation that can be completed with ERPM to be performed with these cmdlets.
High Availability and Disaster Recovery
With its n-tier architecture ERPM is easy to configure for high availability and disaster recovery.
You can deploy ERPM alongside your other mission-critical applications using an enterprise edition Microsoft SQL Server. Use of an open and reliable database standard delivers 99.99%+ uptime that can’t be matched by security appliances, proprietary data stores, and open-source databases. Because ERPM is a multi-tier, software-based, agentless solution, its components can be easily distributed to match your network architecture.
Scalability and Performance
The n-tier architecture of ERPM enables responsive, reliable and secure management of some of the world’s largest and most complex enterprises. The multi-threaded solution is capable of changing privileged credentials on 2,000 machines per minute per node.
The product provides enterprise scalability in the form of zone processing which distributes the processing workload. Zone Processors are scheduling services deployed remotely to manage systems in the associated region. They communicate back to a centralized database.
Zone processing is designed to meet the needs of geographically dispersed environments, such as when a company may have many offices located around the world. Zone processing is also useful for environments with special security concerns for demilitarized zone (DMZ) systems.
Horizontal scaling is achieved through multi-threaded processing and distributed load balancing across zones. An unlimited number of management consoles and concurrent web servers/sites may be connected for scaling.
Ease of Deployment
ERPM installs quickly and is easy to deploy and configure. It has been designed from the ground up to be operationally efficient, and integrations with new systems management, SIEM, help desk and other applications are simple to implement. There are numerous interfaces and integration points within the product and a large number of technology integrations are provided out-of-the-box.
ERPM is provided as a software application for on-premises deployment, or as an application in the Microsoft Azure marketplace for cloud deployments. It can also be deployed “headless” or programmatically via PowerShell cmdlets or SOAP-based web services.
Contact us to learn more about how Lieberman Software can help you secure your organization’s privileged identities.