Privileged Access Manager - Self-Hosted Architecture

PAM - Self-Hosted provides a ‘Safe Haven’ within your enterprise where all your administrative passwords can be securely archived, transferred and shared by authorized users, such as IT staff, on-call administrators, and local administrators in remote locations.

The multiple security layers (including Firewall, VPN, Authentication, Access control, Encryption, and more) that are at the heart of the PAM - Self-Hosted solution offer you the most secure solution available for storing and sharing passwords in an enterprise environment.

The PAM - Self-Hosted solution is a plug-and-play solution which requires minimum effort to set up, and which can be fully operational in a very short period of time. It can be accessed and managed through a Windows Client, a Web interface, or a variety of APIs.

The following diagram shows the different components of the PAM - Self-Hosted solution and how they interact.

PAM - Self-Hosted Architecture

The PAM - Self-Hosted solution architecture consists of two major elements. One is the Storage Engine (also referred to as “the server” or simply “the Vault”), which holds the data and is responsible for securing the data at rest and ensuring authenticated and controlled access.

The second element is the interface (Windows interfaces, Web interfaces, and SDKs) that communicates with the Storage Engine on one hand and provides access to users and applications on the other. The Storage Engine and the interface communicate using CyberArk’s secure protocol – the Vault protocol.