Professional Documents
Culture Documents
13WS-PAS-Install-EPV Configuration and Performance Tuning
13WS-PAS-Install-EPV Configuration and Performance Tuning
13WS-PAS-Install-EPV Configuration and Performance Tuning
CyberArk Training
1
OBJECTIVES
2
VAULT
3
VAULT CONFIGURATION FILES (FILE SYSTEM)
• PrivateArk\Server\Conf.
• dbparm.ini
• license.xml
• paragent.ini
• passparm.ini
• tsparm.ini
• PrivateArk\Server\Logs
• Italog.log
• paragent.log
4 4
VAULT CONFIGURATION FILES AND LOGS (PRIVATEARK)
5 5
VAULT MAIN CONFIGURATION FILES
TSParm.ini • contains the list of directories where the Safe are located.
6 6
DBPARM.INI
7
VAULT LOG FILES
• The CAVaultManager utility enables you to collect log files from the Vault server to
help with troubleshooting, using the “CAVaultManager CollectLogs” command.
• This command creates a folder on the Vault server and stores all of the main INI
and LOG files on the vault server that can be compressed and uploaded to
CyberArk Support when needed.
8
VAULT OPTIMIZATIONS
9
CPM
10
HARDWARE SIZING AND HIGH DEMAND CPM ENVIRONMENTS
11
CONFIGURING THE CPM
2. Or directly in a Target
Platform.
12
CPM SETTINGS
Number of minutes after which the Central Password
Manager re-reads the list of Password Policy files
13
PLATFORM MANAGEMENT
• By default, a number of
platforms are active.
14
INTERVAL SETTINGS
• An interval of 720 or
greater is adequate for
most Platforms.
• Default =1440
• If FromHour/ToHour are
used the interval should
be 1 minute less than half
of the change window.
15
ALLOWED SAFES PARAMETERS
16
FROMHOUR/TOHOUR
Built-in
Admins
1600-2359
17
CONCURRENT OPERATIONS
• Creating a recurring
compliance report on
accounts associated with
a specific Target Account
Platform will be useful in
this analysis
18
RETRY SETTINGS
• MaximumRetries is the
number of times that the
CPM will try to change a
password
• When the password
change process fails
consider increasing the
MaximumRetries value
• MinDelayBetweenRetries
is the minimum delay in
minutes between
password management
process retries. Increasing
this value results in
extending the time
between retries
19
AUTO-DETECTION
20
DETECTION INTERVAL
21
OPTIMIZE LDAP QUERIES
22
PVWA
23
PVWA HARDWARE SIZING
• CyberArk recommends a
dedicated machine for
each component.
24
PVWA REFRESH INTERVAL
25
FREQUENTLY/RECENTLY USED ACCOUNT VIEWS
Reduce heavy aggregation calculation by reducing the number of accounts shown in the
Frequently/Recently Used Account Views.
26
PLATFORM NAME DISPLAY
27
COMMON CONFIGURATION FILES
28
VAULT.INI FILES
29
WHERE IS VAULT.INI?
30
CREDENTIAL FILES
31
SUMMARY
32
QUIZ
1. What is the most effective way to optimize the Digital Vault?
• Ensure the Vault Server meets the minimum System Requirements for memory, CPU and storage.
• Optimize other CyberArk components such as the CPM, PVWA and PSM.
• Contact CyberArk Support for guidance.
2. My company plans to manage 150,000 privileged accounts on multiple platforms. How many CPMs will
I need?
• 2 at a minimum. 1 CPM can manage up to 100,000 privileged accounts on physical hardware.
3. What are a few of the most effective ways to optimize the CPM?
• Stagger password management operations for platforms using FromHour/ToHour parameters.
• Ensure that only platforms with accounts assigned to them, are active.
• Dedicate a physical Windows Server for CPM.
• Use the “Allowed Safes” and “Platforms to Manage” parameters.
34