Facets Demo New Batches Starting from Saturday... 22-10-2016
Search Course Here

Live Chat

Hitachi ID Privileged Access Manager


Hitachi ID Privileged Access Manager is a system for securing access to privileged accounts.


  • None


  • It is a 16 days program and extends up to 2hrs each.
  • The format is 40% theory, 60% Hands-on.

  • It is a 4 days program and extends up to 8hrs each.
  • The format is 40% theory, 60% Hands-on.
    Private Classroom arranged on request and minimum attendies for batch is 4.

course content

  • Introduction
  • Install the software
    • Install replica
  • Targets and auto-discovery
    • AD target (source of profiles)
    • AD target (source of computers)
    • Configure the system to omit disabled accounts (for login)
    • Configure the system to "manage" all AD groups (for ACLs)
    • Run and troubleshoot psupdate
    • Log viewer
  • Manual targets and intro to policies
    • Configure a manual WinNT target
    • Configure a manual Linux target
    • Configure a simple MSP for these two targets
      • password policy and randomization schedule
      • account names to include
      • plug-ins to support (cmd-line/putty + RDP)
      • checkout limits
    • Configure a simple User Class for a few users
    • Link the MSP to the User Class to get ACLs
    • Run psupdate to get passwords randomized
    • Show logs and reports that illustrate what happened
  • Basic user experience
    • Sign into the UI with AD creds
    • Checkout access
    • Checkout launch RDP to one system
    • Checkout launch SSH to one system
    • Run reports to show that this activity was captured
  • Infrastructure auto-discovery and import rules
    • Introduce a bunch of fake computers on AD
    • Introduce the simulator for WinNT targets
    • Show the 'discovered systems' and 'system attributes' data that gets loaded into PAM
    • Define some import rules
    • Run through and troubleshoot discovery/import/management
    • Use the simulator to introduce daily evolution of the infrastructure
    • Show that the system responds during PSUPDATE with appropriate discovery and management/unmanagement
    • Discuss "unmanage" rules -- e.g., for systems that have been offline for too long.
  • Ongoing support and maintenance
    • Show the HiPAM dashboard
    • Implement exit traps for various types of failures
      • replication problems
      • psupdate problems
      • failed authentication and authorization
    • Show and use reports:
      • who checked out what?
      • who got rejected?
      • who is busy vis-a-vis the system?
  • Introduce pull mode
    • Motivation
      • laptops
      • mobility, NAT, firewalls, powerdown, etc.
      • scalability
    • Configure and deploy MSI to a WinXP and a Win7 client
  • Workflow for one-off requests
    • Discuss scenarios: where/when to use workflow
    • Request attributes and attribute validation
    • Selecting authorizers (focus on userclass, not plug-ins)
    • Consensus (N of M) and veto power
    • Automatic reminder e-mails
    • Automatic escalation after non-response
    • Early escalation (e.g., if authorizer is out of office)
    • Reports and dashboards: what's going on in the workflow engine?
    • The roles of workflow and delegation managers
  • Service accounts on Windows
    • Intro to the Windows security model (why do we have to manage these darned things?)
    • Cases where service accounts are already managed by Windows (IIS, SCM in some cases)
    • Server-local accounts
    • Domain-level accounts and special challenges due to Microsoft "best practices"
    • Using updsvcpass
    • Reports to find service accounts and see how they are used
  • Embedded accounts and passwords
    • Intro to the problem of embedded passwords in programs and scripts
    • Alternative solution approaches:
      • modify the app to use an API to fetch a current password
      • leave the password where it lies and push new values into the cfg file or similar
    • Security catch-22:
      • authenticating users into the API?
      • caching passwords and securing the cache
    • Introduce the HiPAM API:
      • API-enabling users
      • OTP in authentication
      • IP subnet filtering (CIDR masks)
    • The need for an API wrapper
      • Generating key material with which to obscure cached passwords and OTPs
      • Caching and serialization
      • Simplifying use of the API


Hitachi ID Privileged Access Videos Manager will be updated soon
To Watch More Videos Click Here

Flash News

AngularJS New Batch Start From 09th OCT & 10th OCT.

Hadoop Dev New Batch Start From 10th OCT & 11th OCT.

IBM COGNOS TM New Batch Start From 11th OCT & 12th OCT.

Informatica Dev New Batch Start From 12th OCT & 13th OCT.

Mean Stack New Batch Start 13th OCT & 14th OCT.

SAP BODS new Batch Starting From 14th OCT & 15th OCT.

SAP S/4 HANA New Batch Start From 15th OCT & 16th OCT

Tableau New Batch Start From 16th OCT & 17th OCT


Facets Demo Training

Demo Schedule : 08:30P.M EST / 07:30P.M CST / 05:30P.M PST on 21st OCT & 06:00A.M IST on 22nd OCT
Email :
Rediff Bol :
Google Talk :
MSN Messenger :
Yahoo Messenger :
Skype Talk :