Privilege Cloud architecture

The following diagram presents a detailed view of the Privilege Cloud architecture, including ports and protocols.



Customer environment

Customer domain and machines, set up according to security guidelines and prerequisites.

Privilege Cloud

Privilege Cloud enables your organization to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business.

The Privilege Cloud customer setup includes:

  • The Windows Connector (Connector) for establishing privileged sessions with Windows target machines

  • Optionally, Secure Tunnel client, for SIEM syslog and setup of offline access using CyberArk Remote Access

  • Optionally, the Unix connector (PSM for SSH) for establishing privileged sessions with Unix target machines.

For details on each of these components, see Welcome to CyberArk Privilege Cloud.

The Privilege Cloud cloud service includes:

  • Privilege Cloud Portal user interface for setting up and managing user access privileges to your organizational resources

  • Vault enables organizations to secure, manage, automatically change and log all activities associated with all Privileged Passwords and SSH Keys.