Deploy Universal Connectors on multiple PSM servers

This topic describes how to deploy a new PSM universal connector on all your PSM servers.

You can also run the Import connection component Rest API.

  1. Prerequisite: Install the connection client

    Install the connection client that you want to integrate on each of the PSM servers that should share this universal connector.

  2. [Optional] Deploy the universal connector for testing.

    Use this method to test the connector before distributing it to all the PSMs.

    1. Copy the package to PSM\Packages folder.

    2. Run the Deploy-Connectors.ps1, located under PSM\Scripts.

        
      CD “C:\Program Files (x86)\CyberArk\PSM\Scripts” 
./Deploy-Connectors.ps1
       

      For troubleshooting, see the log under PSM\Logs\Scripts or run the script with the -Verbose option to display additional log messages.

      After you have tested the connection component, you are ready to share it in the environment.

       

      If a package does not exist in the PSMUniversalConnectors safe during the next configuration refresh, it is deleted from the PSM server.

  3. Deploy universal connector on all PSM servers

    Use this method to automatically deploy a new or updated PSM universal connectors on all of your PSM servers. A centralized repository simplifies management of PSM connectors in the environment and ensures that all servers are aligned with the identical connectors.

    1. To deploy the universal connector to all the PSM servers in your environment, upload the package to the PSMUniversalConnectors Safe. For details, see Add and Manage Files and Documents.

      If you want to first test the connection component, see [Optional] Deploy the universal connector for testing..

    2. All universal connectors in the PSMUniversalConnectors safe are deployed during the next configuration refresh in each PSM. The default configuration refresh interval is ten minutes.

      If the connector package in the safe has been updated, it is also deployed to the PSM . If a connector package is deleted from the safe, it is removed from the PSM.

  4. For custom universal connectors, continue with Configure a Custom Universal Connector.

By default, all connectors added to the PSMUniversalConnectors Safe are automatically deployed to all PSM servers during the next configuration refresh of the PSM server.

To disable automatic connector deployment on a specific PSM, add the EnableConnectorsDeployment parameter to the PSM\basic_psm.ini of the PSM server and set the parameter value to "No".

Delete the connector package from the PSMUniversalConnector Safe to remove it from the universal connector deployment.

After you have deleted the connector files from the PSM machine, remove any unnecessary rules from the AppLocker manually using one of the following options:

Run the PSMConfigureAppLocker.ps1 script located under PSM/Hardening to reset the AppLocker and create rules based on the AppLockerConfiguration.xml file.

 

This script updates the AppLocker by deleting all existing rules and inserting the updated rules based on the PSM\Components\Connectors folder

  1. Open the Local Security Policy

  2. Go to Security Settings > Application Control Policies > AppLocker > Executable Rules

  3. Locate the deny rule for PSMShadowUsers

  4. Open the rule's properties.

  5. Select the Exceptions tab. From the Exceptions lists, select the application you want to remove and click Remove

  6. Press Apply and OK