Privilege Cloud architecture

The following diagram presents a detailed view of the Privilege Cloud architecture in the CyberArk Identity Security Platform Shared Services (ISPSS) environment, including ports and protocols.

Component

Description

Customer environment

Customer domain and machines, set up according to security guidelines and prerequisites.

Identity Administration

Identity Administration Administration is an identity access management solution that enforces privilege, enables access and secures DevOps. It enables to integrate with external Identity Providers such as LDAP, RADIUS, IDP or Cloud directories for user provisioning, and provides user management interface to assign roles and permissions.

Privilege Cloud

Privilege Cloud enables your organization to securely store, rotate and isolate credentials (for both human and non-human users), monitor sessions, and deliver scalable risk reduction to the business.

The Privilege Cloud customer setup includes:

  • The Windows Connector (Connector) for establishing privileged sessions with Windows target machines

  • Optionally, Secure Tunnel client, for SIEM syslog and setup of offline access using CyberArk Remote Access

  • Optionally, the Unix connector (PSM for SSH) for establishing privileged sessions with Unix target machines.

For details on each of these components, see Welcome to CyberArk Privilege Cloud.

The Privilege Cloud cloud includes:

  • Privilege Cloud Portal user interface for setting up and managing safes and accounts, connecting to organizational targets, and monitoring sessions.

  • Vault enables organizations to secure, manage, automatically change and log all activities associated with all Privileged Passwords and SSH Keys.