Enterprise Random Password Manager: Architecture

ERPM Architecture
(Click to Enlarge)


Enterprise Random Password Manager (ERPM™)
continuously detects, secures and grants audited access to privileged accounts in the world’s most dynamic networks. ERPM is architected to handle even the most complex IT environments, so you can:

Deploy with Confidence

  • Fast setup is assured by out-of-the box management of all major computer operating systems, databases, network appliances, VM hypervisors and more.
  • Data-at-rest security of privileged credentials is assured by default AES-256 encryption and options for a FIPS 140‑2 validated module and PKCS#11 hardware encryption.
  • Your choice of Microsoft or Oracle databases to leverage your organization’s trusted processes for database management, monitoring, and high availability – giving you unmatched transparency and control.

Discover More of Your Infrastructure

  • The industry’s only Iron-to-ApplicationSM management of privileged accounts on physical and virtual operating systems, clustered computers, network appliances, out-of-band management devices, hypervisors, middleware, and line-of-business applications.
  • Comprehensive multi-platform support to secure privileged identities on Windows, Linux, Unix, OS/390, AS/400, IOS network appliances and many more.
  • Reliable account propagation – an industry first – continuously detects and secures interdependent accounts and helps you avoid IT service disruptions and application lockouts that occur with manual processes.

Protect in Real-Time

  • Manages and authenticates directly with all leading directories including Active Directory, Oracle Internet Directory, Novell eDirectory, IBM Tivoli Directory Server, OpenLDAP, and more.
  • Instantly enforces organizational policies as staff roles change.
  • Continuously detects and secures privileged accounts present in any LDAP-compliant directory.

Access from Anywhere

  • IT staff get instant, delegated access to check out passwords for faster system repairs. Management and auditors get expanded access, with the ability to authorize requests, configure access, and view comprehensive reports.
  • Time-saving workflows cover a wide range of scenarios for staff access; remote connection features can give authorized vendors and contractors temporary access without their ever seeing a privileged password.
  • Encrypted sessions with the option for highly configurable two-factor authentication assure that only the right staff have access; all passwords are unknown until the audited check-out request and can't be shared or re-used following.

Gain Better Insight

  • Comprehensive auditing and compliance reports give authorized managers instant access to user, system, and account histories alongside operational reports and key performance indicators for your worldwide deployment.
  • A separate data warehouse ensures responsive, in-depth auditing and compliance reporting no matter how complex your network.
  • Works with business intelligence reporting tools such as Crystal Reports™, SQL Server Reporting Services and others so you can create fully customized business reports.

Safeguard Remote Sites

  • Three-tier architecture with remote Zone Processing assures reliable discovery and policy enforcement over high-latency network links.
  • Maintains responsive protection and reporting even across unreliable networks.
  • Reduces expensive WAN bandwidth.

Manage Inside Network DMZs

  • Works with your security appliances to discover and mitigate unsecured privileged identities and enforce your policies inside of network DMZs.
  • Minimizes outbound management traffic through your firewalls for enhanced security.
  • Works across domain security boundaries.

Leverage Your IT Investments

  • Fast, UI-based setup allows you to pull configuration data from any CMDB.
  • Integrates with BMC Atrium, CA CMDB, IBM CCMDB and other CMBDs for its configuration data.
  • Provides the critical foundation for IT service management by auditing staff access to privileged accounts that control configuration settings on hardware, line-of-business applications, databases, and more.

Empower Your Applications