Primary-DR pre-install Tasks

This topic describes the tasks and prerequisites that you should handle right before you install the Digital Vault server in a Primary-DR environment.


Before installing, ensure that your system still complies with security requirements. To learn more, see Security Fundamentals.

Verify the server requirements

Check that the Vault server machine has the requirements as listed in Digital Vault Server.

If you are installing a cluster environment, you should also verify the requirements described in Digital Vault Cluster (High Availability).

Local drive setup for the Vault

You must decide where to install the CyberArk Vault server application on the server, and where the Safes will be installed. These applications should reside in separate folders. We recommend that you install the Safes on an NTFS drive so you can control the permissions.


You must use the same file system on all the Vault servers. For example, if your Safes are on an NTFS partition, the replicated Safes should also be on an NTFS partition (not FAT/FAT32).

The recommended partition size is double the average size of the Safes (the data size).

Make sure that the Vault server is part of a local Workgroup, and not part of a Domain.

Sync the Vault with Network Time Protocol (NTP) 

The Vault must be synchronized with the organization’s NTP server to ensure that the Vault’s activity is in synch with records on all other servers. For additional steps needed to enable connectivity between the hardened Vault and the NTP server, see Configure time synchronization on the Vault Server using NTP.


All Digital Vaults must be configured with NTP. We recommend using the same NTP server for all your Vaults.

Vault installation package

Verify that you have the following items for the installation procedure:

  • CyberArk Vault server and Disaster Recovery Vault software packages

  • Master CD

  • Operator CD

  • License file

Hardware Security Module (HSM) for the server keys

If you are going to use an HSM to store the server keys, do the following before running the Vault installation and hardening:

  1. Review the system requirements for the HSM. See Digital Vault Server.
  2. Install the HSM client on the Vault server machine.
  3. Configure the connection to the HSM server and partition. Follow your HSM vendor configuration instructions.

Administrator user

Only users with Administrator authorizations can install the CyberArk Vault. When you install the Vault, log on to the Server machine as an Administrator user.

Configure the Vault interface language for non-Unicode programs

On the Vault machine, configure the Vault interface language for non-Unicode programs so that you will be able to create Safes, users, and files in multiple languages.


The configuration should be the same on the IIS server, and on the machine where you install the PVWA.

Prepare the CyberArk Vault server

The following preparations should be carried out by the Administrator user.