Hitachi ID Privileged Access Manager Training Details
Hitachi ID Privileged Access Manager is a system for securing access to privileged accounts.
- Training by Realtime Expert trainer
- Live Online Classes
- Free study material
- Online virtual Classes available in morning, evening and weekend
- The format is 40% theory, 60% Hands-on.
- It is a 20 days program and extends up to 2hrs each.
- The format is 40% theory, 60% Hands-on.
- It is a 5 days program and extends up to 8hrs each.
- Private Classroom arrenged on request and minimum attendies for batch is 4.
- Install replica
- AD target (source of profiles)
- AD target (source of computers)
- Configure the system to omit disabled accounts (for login)
- Configure the system to "manage" all AD groups (for ACLs)
- Run and troubleshoot psupdate
- Log viewer
- Configure a manual WinNT target
- Configure a manual Linux target
- Configure a simple MSP for these two targets
- password policy and randomization schedule
- account names to include
- plug-ins to support (cmd-line/putty + RDP)
- checkout limits
- Configure a simple User Class for a few users
- Link the MSP to the User Class to get ACLs
- Run psupdate to get passwords randomized
- Show logs and reports that illustrate what happened
- Sign into the UI with AD creds
- Checkout access
- Checkout launch RDP to one system
- Checkout launch SSH to one system
- Run reports to show that this activity was captured
- Introduce a bunch of fake computers on AD
- Introduce the simulator for WinNT targets
- Show the 'discovered systems' and 'system attributes' data that gets loaded into PAM
- Define some import rules
- Run through and troubleshoot discovery/import/management
- Use the simulator to introduce daily evolution of the infrastructure
- Show that the system responds during PSUPDATE with appropriate discovery and management/unmanagement
- Discuss "unmanage" rules -- e.g., for systems that have been offline for too long.
- Show the HiPAM dashboard
- Implement exit traps for various types of failures
- replication problems
- psupdate problems
- failed authentication and authorization
- Show and use reports:
- who checked out what?
- who got rejected?
- who is busy vis-a-vis the system?
- mobility, NAT, firewalls, powerdown, etc.
- Configure and deploy MSI to a WinXP and a Win7 client
- Discuss scenarios: where/when to use workflow
- Request attributes and attribute validation
- Selecting authorizers (focus on userclass, not plug-ins)
- Consensus (N of M) and veto power
- Automatic reminder e-mails
- Automatic escalation after non-response
- Early escalation (e.g., if authorizer is out of office)
- Reports and dashboards: what's going on in the workflow engine?
- The roles of workflow and delegation managers
- Intro to the Windows security model (why do we have to manage these darned things?)
- Cases where service accounts are already managed by Windows (IIS, SCM in some cases)
- Server-local accounts
- Domain-level accounts and special challenges due to Microsoft "best practices"
- Using updsvcpass
- Reports to find service accounts and see how they are used
- Intro to the problem of embedded passwords in programs and scripts
- Alternative solution approaches:
- modify the app to use an API to fetch a current password
- leave the password where it lies and push new values into the cfg file or similar
- Security catch-22:
- authenticating users into the API?
- caching passwords and securing the cache
- Introduce the HiPAM API:
- API-enabling users
- OTP in authentication
- IP subnet filtering (CIDR masks)
- The need for an API wrapper
- Generating key material with which to obscure cached passwords and OTPs
- Caching and serialization
- Simplifying use of the API
Install the software
Targets and auto-discovery
Manual targets and intro to policies
Basic user experience
Infrastructure auto-discovery and import rules
Ongoing support and maintenance
Introduce pull mode
Workflow for one-off requests
Service accounts on Windows
Embedded accounts and passwords
4.6 / 5.0
90% recommend this course
Average Rating For
- Content 4.5
- Knowledge 4.5
- Assignment 4.2
- Institute 4.3
- Instructor 4.4
Great experience! Thanks Ecorptrainings for providing an online learning platform where courses can be taken from anywhere and anytime as per convenience. I attended Workday training and Workday HCM training and both the courses were really good. I would definitely recommend Ecorptrainings Thanks Ecorp
Ecorptrainings is an interactive and innovative way of evangelizing us toward various courses. The best stars for Ecorptrainings lies on the ticket solving and their tailored courses. Instructors are knowledgeable and interactive in teaching. Workday training sessions are well structured with a proper content in helping us to dive. Good course material and structured modules in each course..