Veritas Appliance Guide for CyberArk Plugin Configuration
Veritas Flex Appliance Console PSM
The Veritas Flex Appliance Console PSM is a CyberArk plugin component. The plugin enables you to initiate, monitor, and record privileged login sessions, and usage of administrative and user accounts for the web user passwords that are stored in a CyberArk password vault. A Remote Desktop connection starts up in Windows and records the entire session.
The following describes the requirements and tasks that you must perform before you can configure the plugin:
A configured Flex Appliance on a compatible version. See the following article for the list of supported versions:
A standard CyberArk Marketplace account to download the plugin.
A CyberArk PAM (Privileged Access Manager) solution.
Download the Veritas Flex Appliance Console PSM Plugin from the following CyberArk Marketplace site and install it:
https://cyberark-customers.force.com/mplace/s/#a352J000001I69RQAS-a392J000001og4pQAA
Limitations:
For the best experience and to avoid errors on the CyberArk website, use Google Chrome version 109.0.5414.129 (64-bit).
The PSM uses the password from a vault for the user logons. A Remote Desktop Session is invoked to log in. The login is fully automatic as it matches the form elements in the Web UI login and then clicks on . The architecture uses the standard CyberArk architecture where it records the sessions that are stored in the vault.
After you have downloaded and installed the plugin, perform the following configuration steps in the application on the CyberArk site.
To configure the plugin for a Flex Appliance with a configured web interface
- Log in to the CyberArk PVWA and verify that the Record and save session activity is Active, as follows:
After logging in, on the left side of the main page, click the Policies icon, then click Policies > Master Policy.
In the Master Policy window, click the arrow next to Session Management to expand it and verify that Record and save session activity is Active.
If it is not active, on the lower right of the window, click Edit Settings and change it to Active.
- Verify that the IP address of the PSM server you want to connect to is correct, as follows:
On the left side of the main page, click the Administration icon, then click Configuration Options > Options.
In the left column of the Options window, expand Privileged Session Management > Configured PSM Servers > Connection Details > Servers to verify the IP address.
- Set the EnforceCertificateValidation option to No, as follows:
In the left column of the Options window, expand Connection Components.
Scroll down and expand PSM-VeritasFlexApplianceWeb > Target Settings > Web Form Settings .
In the Properties section, in the Value column, set EnforceCertificateValidation to No, then click Apply.
- Add the ID value of PSM-VeritasFlexApplianceWeb as a connection component, as follows:
In the left column of the Options window, scroll down and click PSM-VeritasFlexApplianceWeb.
In the Properties section, in the first row for the ID, click and drag to highlight the ID in the Value column, then right-click and select Copy.
On the left side of the main page, click the Administration icon, then click Platform Management > Veritas Flex Appliance API Via REST > Edit.
Click on the following elements in the order as shown:
Right click on UI & Workflows and select Add Privileged Session Management.
Right click again on UI & Workflows and select Add Connection Components.
Right click on Connection Components and select Add Connection Component.
Paste the ID content, then click Apply and OK.
- Restart the Cyber-Ark Privileged Session Manager as follows:
Navigate to Services [Local], right-click on Cyber-Ark Privileged Session Manager and select Restart.