Platform packages

Target account platforms define the operational and technical settings that determine how the Privileged Access Manager - Self-Hosted solution manages accounts on different platforms and dependencies. All the platforms supported by the system are configured out-of-the-box with default values for most of the settings, and can be used immediately. The technical settings under each platform include settings that determine how the system handles password management operations, transparent connections, PSM connections, and so on.

When a user requires an additional platform, the new platform can be imported into PAM - Self-Hosted conveniently as a platform package. A platform package is a zip archive file that contains the settings and binaries that comprise the platform.

A platform package contains the following files:

File

Description

CPM Policy file

An INI file that contains the settings that determine how the system will manage associated passwords. This file is mandatory. You can create a new CPM Policy file, or use an existing one.

PVWA Settings file

An XML file that contains the PVWA settings of the platform. This file is mandatory.

CPM Plug-in files

EXE or DLL executable files and other files with policy settings for a specific CPM plugin. These files are optional. For example, a CPM plugin that manages PMTerminal-compatible accounts requires a prompts and process file to be added.

This section describes how to create a platform package and use it to import a new platform into PAM - Self-Hosted.

Create a platform package

This section explains how to prepare the contents of a platform package and then create a zip archive file.

The platform package file (zip file) cannot be larger than 20 MB.

If you already have an existing CPM Policy INI file, skip to Step 2.

1. From the PasswordManagerShared Safe, retrieve and open a CPM Policy INI file for a platform similar to the one you are creating the package for, and save it on your local machine. This step saves you having to create a CPM Policy INI file from scratch.
2. Rename the INI file to match the PolicyId you are creating. For example, if the PolicyId is UnixSSH, rename the file as Policy-UnixSSH.ini.
3. For the CPM settings of the platform, modify the following parameters:

Parameter

Description

Acceptable Values

PolicyId

The ID of the policy that the account will associated with.

Alphanumeric, '_' and '-' characters. No whitespaces.

PolicyName

The descriptive name of the platform.

Alphanumeric, '_' and '-' characters and whitespaces.

PolicyType

The type of platform.

  • Regular - for platforms

  • Usage - for dependencies

You can modify any additional parameters according to your specific requirements.

Do one or both of the following steps:

  1. Create an XML file named Policy-<policyid>.xml and save it on your local computer.

  2. Open the new XML policy file and add the following contents to the Devices section:

     

    <Device Name="DeviceName">
    <Policies>
    <placeholder/>
    <Policies>
    </Device>

  3. From the PVWAConfig Safe, open the Policies.xml file and extract the policy element that is the most similar to the platform you are creating the package for.

  4. In your new XML file, replace the <placeholder> element with the policy element you have extracted from the Policies.xml file. The element in your XML file will look similar to the following:

     

    <Device Name="DeviceName">
    <Policies>
    <Policy ID="PlatformID" PlatformBaseID="PlatformBaseID">
    <TicketingSystem />
    <Properties>
    <Required>
    <Property Name="Address" />
    <Property Name="Username" />
    </Required>
    <Optional />
    </Properties>
    <LinkedPasswords />
    <ConnectionComponents />
    <Usage ID="UsageID" PlatformBaseID="PlatformBaseID" PlatformBaseType="PlatformBaseType" PlatformBaseProtocol="PlatformBaseProtocol">
    <Properties>
    </Properties>
    </Usage>
    </Policy>
    </Policies>
    </Device>

  5. In the XML file, modify the value of the following parameters:

    Parameter

    Description

    DeviceName

    An existing device name

    PlatformId

    A value equal to the value configured for the PolicyID in the INI file.

  6. Modify the following parameters to fit your source platform:

    Parameter

    Description

    Acceptable Values

    PlatformBaseID

    The platform ID. The value of this parameter must be equal to the value you configured for the PolicyID in the INI file.

    The PolicyId value

    PlatformBaseType

    The basic type of the platform.

    Unix, Windows, DB2, Oracle, Facebook, etc.

    PlatformBaseProtocol

    The protocol that manages the account.

    SSH, Telnet, HTTP, etc.

    These base parameters will be used internally during upgrade processes.

  7. Modify any additional parameters according to your requirements. This step is optional.

  8. Save the new XML policy file.

Configure new dependencies under the Usages node, as described below.

  1. Create an XML file named Policy-<policyid>.xml and save it on your local computer.

  2. Open the new XML policy file and add the following contents to the Usages section:

     

    <Usage ID="<ID>" PlatformBaseID="<PlatformBaseID>" PlatformBaseType="<PlatformBaseType>" PlatformBaseProtocol="<PlatformBaseProtocol>">>
    <placeholder/>
    </Usage>

  3. From the PVWAConfig Safe, open the Policies.xml file and extract the usage element that is the most similar to the dependency you are now creating the package for.

  4. In your new XML file, replace the <placeholder> element with the policy element you have extracted from the Policies.xml file. The element in your XML file will look similar to the following:

     

    <Usage ID="WinService" PlatformBaseID="WinService" PlatformBaseType="WinService" PlatformBaseProtocol="WinService"> <Properties> <Required> <Property Name="ServiceName" /> <Property Name="Address" /> </Required> <Optional> </Optional> </Properties> <LinkedPasswords> </LinkedPasswords> <DisplayedColumns> </DisplayedColumns> </Usage>

  5. In the XML file, modify the value of the following parameters:

    Parameter

    Description

    Usage ID

    The unique ID of the dependency.

  6. Modify the following parameters to fit your dependency:

    Parameter

    Description

    Acceptable Values

    PlatformBaseID

    The usage ID. The value of this parameter must be equal to the value you configured for the PolicyID in the INI file.

    The Usage ID

    PlatformBaseType

    The basic type of the usage .

    WinService, SchedTask, IISAppPool, Registry, ComPlus, IISAnonymous, etc.

    PlatformBaseProtocol

    The protocol that manages the account.

    SSH, Telnet, HTTP, etc.

    These base parameters will be used internally during upgrade processes.

  7. Modify any additional parameters according to your requirements. This step is optional.

  8. In the Devices section of the file, under the Usages node for each device that will support the usage, add the following:

     

    <Usages> <Usage Name="<usage ID>" /> </Usages>

  9. Save the new XML policy file.

You can add additional files to the package to suit the specific requirements of the platform you’re creating the package for. For example, if you’re creating a package for a CPM plugin that manages PMTerminal-compatible accounts, prepare the prompts and process files now. The system will consider such additional files as CPM plugin files and copy them automatically to the CPM bin folder when the platform package is imported.

To create the platform package, zip the files created in the steps above into a zip archive.

Import a platform package

This section explains how to import a platform package into PAM - Self-Hosted.

  • Only zip files can be imported. All files must be contained in the root path - the zip file must not contain any folders.

  • The platform package file (zip file) that you import cannot be larger than 20 MB.

  1. Log on to the PVWA as an administrative user.

  2. In the Platform Management page, click Import Platform; the Open window appears.

  1. Navigate to the location of the platform package that you want to import, select it, and then click Open.

    PAM - Self-Hosted imports the new platform and applies the new platform settings to all the relevant components.

    A message is displayed to confirm that the policy has been imported successfully. The new supported platform now appears in the list of Target Account Platforms, and is ready to be used. An imported platform is automatically marked as an ‘Active’ platform.

  1. Log on to the PVWA as an administrative user.

  2. In the Platform Management page, click Marketplace.

  1. In the Marketplace, choose the relevant plugin or extension.

  2. Download it to your local computer.

     

    Marketplace CommunityID is required to download plug-ins / extensions from the marketplace, using manual credential entry.

  3. Go back to the Platform Management page in the PVWA and click Import Platform to import the downloaded plugin or extension.