The open, n-tier architecture of Enterprise Random Password Manager™ (ERPM) enables responsive, reliable, and secure management of the world’s largest and most complex enterprise networks.
If you’ve tried scripted solutions or conventional password vaulting software to get control of your privileged accounts, you already know that these approaches can quickly fall behind, leaving you to deal with stale account information. As a result, you’ve probably had to rely on tedious, manual processes to keep privileged credentials secure, account information up-to-date, and service and application interdependencies accounted for with each password change to prevent outages and lockouts.
ERPM is different. ERPM is adaptive, self-aware, and scalable – so you can reliably discover and manage privileged accounts on the largest, most complex, and highly dynamic networks. It’s built from the ground up to provide comprehensive auto-discovery, randomization, and privileged account management.
- With ERPM you can forget the about tedious, manual management processes you’ll find with password vault-type solutions.
- Automation and auto-discovery in ERPM reduces your manual labor and enables rapid, longer-term configuration so you’ll secure your network with far less work.
- ERPM has the global enterprise deployments to prove it’s scalable – with individual customers each managing hundreds of thousands of privileged accounts on hundreds of thousands of systems.
- Regardless of the size of your network, ERPM truly excels at getting your privileged accounts under control – quickly, painlessly and permanently.
Open, Scalable and Secure
ERPM is built on Microsoft SQL Server – with full support for network load balancing and clustering technologies – to give you unmatched scalability and reliability.
The use of a fully documented, industry-standard data store helps you leverage your organization’s trusted processes for high availability, management, monitoring – giving you unmatched transparency and control. Data-at-rest security of privileged credentials is assured by default AES-256 encryption and options for a FIPS 140‑2 validated module and PKCS#11 hardware encryption.
ERPM continuously, dynamically and in real-time identifies and inventories all of the privileged accounts and their interdependencies on your network.
- It continuously tracks and secures privileged accounts on your systems, network appliances, databases and applications.
- Combined with its unique account propagation capabilities, ERPM enumerates interdependent accounts before updating credentials to help you avoid the service disruptions and account lockouts that can arise with other solutions.
- ERPM is a C++ multi-threaded application that adapts to changing networks – with discovery and management failover logic that automatically retries systems that could be offline, have very slow response times, or reside on unreliable and high-latency network links.
- You can easily adjust ERPM threading operations to deliver more or less throughput – depending on the condition of your network and computer hardware. With ERPM, more complete automation means you’ll spend less time maintaining the product.
Zone Processors for Reliability
ERPM deploys its scheduling services– known as Zone Processors – remotely to better manage distributed systems on large and complex networks.
- By giving you the option to confine account discovery and management operations to individual LAN networks – communicating only SQL management information to the remote database– Zone Processors can help you minimize bandwidth usage and latency problems over potentially slow, unreliable, and expensive WAN links.
- The deployment of additional Zone Processors can add to the scheduling depth by overcoming hardware limitations, allowing more concurrent password change jobs and less delay for time-sensitive jobs such as an emergency password changes and account elevation requests.
- In addition to lowering costs and improving reliability over global networks, the Zone Processor architecture facilitates failover and load balancing capabilities that can further increase responsiveness and reliability, helping your organization more effectively meet regulatory compliance mandates.
- Zone Processors add redundancy to the existing scheduling system so jobs can be processed even if the primary console can’t be reached because of network or hardware issues.
- Zone Processors can work in concert with your network security appliances to discover and mitigate unsecured privileged identities and enforce your policies inside of network DMZs. The architecture can take advantage of a single open port from the Zone Processor on your known host machine to help you minimize management traffic through firewalls.
- The deployment of Zone Processors can accommodate networks that include untrusted domains by controlling privileged access and password change jobs from a single location, using an account that is trusted on the target domain.
Data Warehouse for Responsive Reporting
Regardless of the size of your network, with ERPM you’ll spend less time waiting for detailed auditing and compliance reports thanks to an optimized, independent data warehouse.
- The data warehouse is a reporting database that operates separately from the primary data store, ensuring that even the most complex queries run efficiently, without impacting other processes.
- Proven to reliably manage dynamic production networks with hundreds of thousands of managed systems – including the internal and customer-serving networks of nearly half of all Fortune Global 50 companies – the ERPM architecture assures that your management and reporting interfaces stay responsive, and your system and account information is always up to date.
Contact us to learn more about how Lieberman Software can help you secure your organization’s privileged accounts.