ERPM Scalability and Performance

Privilege
Management
that Scales


Responsive, Reliable, and Secure Management of Your Privileged Accounts

If you've tried scripted solutions or conventional password vaulting software to get control of your privileged accounts, you already know that these approaches can quickly fall behind, leaving you to deal with stale account information. As a result, you've probably had to rely on tedious, manual processes to keep privileged credentials secure, account information up-to-date, and service and application interdependencies accounted for with each password change to prevent outages and lockouts.

Enterprise Random Password Manager (ERPM™) is different. 

ERPM is adaptive, self-aware, and scalable – so you can reliably discover and manage privileged accounts on the largest, most complex, and highly dynamic networks. It's built from the ground up to provide comprehensive auto-discovery, randomization, and privileged account management.

  • With ERPM you can forget the about tedious, manual management processes you'll find with password vault-type solutions. 

  • Automation and auto-discovery in ERPM reduces your manual labor and enables rapid, longer-term configuration so you'll secure your network with far less work.

  • ERPM has the global enterprise deployments to prove it's scalable – with individual customers each managing many hundreds of thousands of privileged accounts on hundreds of thousands of systems.

  • Regardless of the size of your network, ERPM truly excels at getting your privileged accounts under control - quickly, painlessly and permanently.

Open, Scalable and Secure

ERPM is built on your choice of Microsoft SQL Server or Oracle databases – with full support for network load balancing and clustering technologies – to give you unmatched scalability and reliability. 

The use of a fully documented, industry-standard data store helps you leverage your organization’s trusted processes for high availability, management, monitoring – giving you unmatched transparency and control. Data-at-rest security of privileged credentials is assured by default AES-256 encryption and options for a FIPS 140‑2 validated module and PKCS#11 hardware encryption.

Self-Aware

ERPM continuously, dynamically and in real-time identifies and inventories all of the privileged accounts and their interdependencies on your network.

  • It continuously tracks and secures privileged accounts on all of your systems, network appliances, databases and applications

  • Combined with its unique account propagation capabilities, ERPM enumerates interdependent accounts before updating credentials to help you avoid the service disruptions and account lockouts that can arise with other solutions.

  • ERPM is a C++ multi-threaded application that adapts to changing networks – with discovery and management failover logic that automatically retries systems that could be offline, have very slow response times, or reside on unreliable and high-latency network links. 

  • You can easily adjust ERPM threading operations to deliver more or less throughput – depending on the condition of your network and computer hardware. With ERPM, more complete automation means you'll spend less time maintaining the product

Programmatic Access

To keep pace with the demands of cloud service providers and the very largest enterprise networks, ERPM has evolved to a service platform where discovery, auditing and access control can be managed by machines instead of direct human intervention. This new programmatic capability allows you to manage the entire privileged identity management lifecycle via any language or platform, thereby providing PIM as a Service or PIM as a Platform.

With its current release, ERPM provides two separate programmatic interfaces – Web services (SOAP) and PowerShell™ – that expose all aspects of privileged identity management including:

  • Privileged account discovery and tracking that is both sufficiently broad in platform scope and deep in terms of account discovery (including discovery and tracking of process and service interdependencies to enable safe, automated changes of any interdependent accounts)
  • Propagation of password changes to all referenced locations
  • Delegation rules for human and machine access
  • Reporting of privileged account activity
  • Ongoing detection and decommissioning of inactive accounts as they are removed

The new programmatic interfaces interact with datacenter workflow frameworks such as Microsoft System Center Orchestrator and, in the case of the largest service provider networks, custom in-house frameworks.

Zone Processors for Reliability

ERPM deploys its scheduling services– known as Zone Processors – remotely to better manage distributed systems on large and complex networks. 

  • By giving you the option to confine account discovery and management operations to individual LAN networks – communicating only SQL management information to the remote database– Zone Processors can help you eliminate bandwidth usage and latency problems over potentially slow, unreliable, and expensive WAN links. 

  • In addition to lowering costs and improving reliability over global networks, the ERPM Zone Processor architecture facilitates failover and load balancing capabilities that can further increase responsiveness and reliability, helping your organization more effectively meet regulatory compliance mandates.

  • Zone Processors can also work in concert with your network security appliances to discover and mitigate unsecured privileged identities and enforce your policies inside of network DMZs. The architecture reliably manages systems across domain security boundaries and helps to minimize outbound management traffic through your firewalls for enhanced security.

Data Warehouse for Responsive Reporting

Regardless of the size of your network, with ERPM you'll spend less time waiting for detailed auditing and compliance reports thanks to an optimized, independent data warehouse

  • The data warehouse is a reporting database that operates separately from the primary data store, ensuring that even the most complex queries run efficiently, without impacting other processes.

  • Proven to reliably manage dynamic production networks with hundreds of thousands of managed systems – including the internal and customer-serving networks of nearly half of all Fortune Global 50 companies – the ERPM architecture assures that your management and reporting interfaces stay responsive, and your system and account information is always up to date.

Contact us to learn more about how Lieberman Software can help you secure your organization's privileged accounts.