Table Of ContentThe Privileged Appliance and Modules
(TPAM) 2.5.919
System Administrator Guide
Copyright 2017 One Identity LLC.
ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide
is furnished under a software license or nondisclosure agreement. This software may be used or copied
only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced
or transmitted in any form or by any means, electronic or mechanical, including photocopying and
recording for any purpose other than the purchaser’s personal use without the written permission of
One Identity LLC .
The information in this document is provided in connection with One Identity products. No license,
express or implied, by estoppel or otherwise, to any intellectual property right is granted by this
document or in connection with the sale of One Identity LLC products. EXCEPT AS SET FORTH IN THE
TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT,
ONE IDENTITY ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR
STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-
INFRINGEMENT. IN NO EVENT SHALL ONE IDENTITY BE LIABLE FOR ANY DIRECT, INDIRECT,
CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT
LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF
INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF
ONE IDENTITY HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. One Identity make no
representations or warranties with respect to the accuracy or completeness of the contents of this
document and reserves the right to make changes to specifications and product descriptions at any
time without notice. One Identity do not make any commitment to update the information contained
in this document.
If you have any questions regarding your potential use of this material, contact:
One Identity LLC.
Attn: LEGAL Dept
4 Polaris Way
Aliso Viejo, CA 92656
Refer to our Web site (http://www.OneIdentity.com) for regional and international office information.
Patents
One Identity is proud of our advanced technology. Patents and pending patents may apply to this
product. For the most current information about applicable patents for this product, please visit our
website at http://www.OneIdentity.com/legal/patents.aspx.
Trademarks
One Identity and the One Identity logo are trademarks and registered trademarks of One Identity
LLC. in the U.S.A. and other countries. For a complete list of One Identity trademarks, please visit
our website at www.OneIdentity.com/legal. All other trademarks are the property of their
respective owners.
Legend
WARNING: A WARNING icon indicates a potential for property damage,
personal injury, or death.
CAUTION: A CAUTION icon indicates potential damage to hardware or loss
of data if instructions are not followed.
IMPORTANT, NOTE, TIP, MOBILE, or VIDEO: An information icon indicates supporting
information.
TPAM System Administrator Guide
Updated - August 2017
Version - 2.5.919
Contents
Before You Begin 11
Introduction 11
Information to gather 11
Initial Set Up 14
Introduction 14
Recommended steps 14
Start Up 16
Introduction 16
Power on the TPAM appliance 16
Network Settings 18
Introduction 18
Configure the network settings 18
Configure DNS settings 19
View running values 19
Flush DNS 19
DNS suffix search 19
Host file mapping 20
Sys-Admin User ID’s 21
Introduction 21
Details tab 21
Web tab 22
Key based tab 24
Time tab 25
Custom information tab 26
Add a web sys-admin user ID 26
Add a CLI sys-admin user 27
Regenerate keys for CLI users 28
Delete a sys-admin user ID 28
Disable/Enable a sys-admin user ID 28
Unlock a sys-admin user ID 29
TPAM 2.5.919 System Administrator Guide 3
Reset sys-admin user ID password 29
Manage your TPAM sys-admin user ID 29
Promote a user ID 30
Demote a user ID 31
Manage the parmaster user ID 31
Active logins 32
Distributed Processing Appliances (DPAs) 33
Introduction 33
Power on the DPA appliance 34
Configure network settings 34
Enable remote access 35
Changing the setup password while logged into the DPA 36
Using TPAM to manage the DPA dpasetup account 36
Define remote IP address restrictions 37
Prepare the DPA for enrollment 37
Logs menu 37
Increase DPA license count 38
Enroll DPA in cluster 38
Manage DPA settings 39
DPA log tab 40
Remove DPA from a cluster 40
Re-enroll a DPA 41
Change DPA SSH port 41
Manage host file entries 42
DPA configuration using both network cards on a segmented network 42
Net tools 45
DPAs and failover 45
Test DPA 46
DPA version number 46
High Availability Cluster 47
Introduction 47
Details tab 47
Member status tab 49
Snapshots tab 49
TPAM 2.5.919 System Administrator Guide 4
Graphs tab 49
Cluster status tab 50
Logs tab 51
Configure a cluster 51
Remove a cluster member 53
Reboot a replica 53
Automatic failover 54
Functionality on a failed over replica 54
Automatic failback 57
Change the run level 58
Force a failover 58
Unforce a failover 59
Transfer authoritative primary 59
Take over as authoritative primary 60
How to change the replication interval 63
Archive Servers 64
Introduction 64
Configure archive servers 64
Logs 68
Introduction 68
Sys-Admin activity log 68
Security log 68
Firewall log 69
Database log 69
Alerts log 70
Proc log 70
Archive log settings 70
SysLog configuration 71
Reason Codes 72
Introduction 72
Add a reason code 72
Delete a reason code 72
Enable/Disable a reason code 73
Global Settings 74
TPAM 2.5.919 System Administrator Guide 5
Introduction 74
Edit global settings 74
Descriptions 74
Password Rules 97
Introduction 97
Default password rule 97
Add a password rule 97
Delete a password rule 109
Email Configuration 110
Introduction 110
Configure mail agent 110
Start/Stop the mail agent 111
Sent mail report 112
Clear the mail queue 112
Mail agent log 112
Configure email notification 113
Reset to factory defaults 115
Date and Time Configuration 116
Introduction 116
Set date and time 116
Configure network time protocol 116
Keys and Certificates 118
Introduction 118
Manage host keys 118
Manage SSH keys 118
Generate web certificate request 120
Import web certificate 120
TPAM trusted CA certificates 121
Web access trusted CA certificates 122
Reset certificate to factory default 122
Certificate based web access for user IDs 122
Sybase trusted root certificates 123
MySQL trusted root certificates 123
Upload a certificate on a replica 124
TPAM 2.5.919 System Administrator Guide 6
Automation Engine 125
Introduction 125
Agent status tab 125
Start/Stop the auto management engine 126
Disable/Enable an agent 126
Auto Management settings tab 127
Check password queue schedule 127
Manually load the check password queue 128
Agent logs 128
Agents 130
Introduction 130
Daily Maintenance agent 130
Auto Discovery agent 130
Post-Session Processing agent 131
SSH daemon 132
Backups 133
Introduction 133
Backup settings tab 133
Configure the backup schedule 134
On demand backup 134
View backup log 135
View backup history 135
Download an online backup 135
Delete a backup 136
Alerts 137
Introduction 137
Add an alert receiver 137
Delete an alert receiver 138
Alert thresholds 138
Alert details export 138
External Authentication 140
Introduction 140
Certificate based authentication 140
SafeWord 140
TPAM 2.5.919 System Administrator Guide 7
RSA SecureID 141
LDAP 142
Windows Active Directory 143
RADIUS 143
Defender 144
Ticket Systems 145
Introduction 145
Details tab 146
Data tab 150
Special note regarding MySQL data sources 150
Web services 152
Rules listing tab 153
Rule details tab 153
Add a ticket system 155
Add a ticket system rule 156
Duplicate a ticket system rule 156
Delete a ticket system rule 157
Duplicate a ticket system 157
Delete a ticket system 157
Custom Logo 158
Introduction 158
File requirements 158
Upload custom logo 158
Remove custom logo 159
License Management 160
Introduction 160
Adjust license limits 161
License management change log 161
Login Banner and Message of the Day 162
Introduction 162
Login banner 162
Message of the day 162
Net Tools 164
TPAM 2.5.919 System Administrator Guide 8
Introduction 164
The ping utility 164
Nslookup utility 164
TraceRoute utility 165
Telnet test utility 165
Route table management 165
System, O/S Patch, and Job Status Pages 167
Introduction 167
O/S patch status 167
System status page 167
System status graphs 168
How to create a support bundle 170
Job status page 170
Software Updates 171
Introduction 171
Types of software updates 171
Check TPAM current version 172
Download a software update from the customer portal 172
Apply a software update 172
View patch log 173
View patch history 174
Shut Down/Restart the Appliance 175
Introduction 175
Shutdown appliance 175
Restart appliance 175
Restore and Revert 176
Introduction 176
Restore from a backup 176
Apply backup to a cluster 177
Revert to factory default 178
Revert to restore point 179
Remote Access 180
Introduction 180
TPAM 2.5.919 System Administrator Guide 9
Disable remote access 180
CLI Commands for the System Administrator 181
Introduction 181
Command standards 181
Commands 182
Relocating/Readdressing an Appliance 191
Introduction 191
Change a primary’s IP address 191
Change a replica’s IP address 191
Kiosk Access 193
Introduction 193
How to access the kiosk 193
Reset the parmaster password 193
Restore from a backup 194
Revert to a snapshot 194
About us 195
Contacting us 195
Technical support resources 195
TPAM 2.5.919 System Administrator Guide 10
Description:For the most current information about applicable patents for this product, .. The order of the information presented in this manual reflects the (optional) See Add a ticket system on page 155. 22. To install your own web certificate on the TPAM appliance: 1. ':AccountName:', not 'AccountName'.
