CyberArk PAS EPV deployment
The CyberArk PAS EPV installation requires two Windows Server virtual machines (VMs):
-
Vault server
-
Components server.
Software
The following tables show the various software installed in the Vault server and Component server VMs.
Windows and other pre-requisite software installed:
| Vault Server VM | Components Server VM |
|---|---|
Windows Server 2022 |
Windows Server 2022 |
.NET Framework 4.8 or higher |
.NET Framework 4.8 or higher |
ASP.NET 4.6 or higher |
|
IIS 7.5 or higher |
|
IIS Management Console |
|
IIS 6 Metabase Compatibility |
Application software installed:
| Vault Server VM | Components Server VM |
|---|---|
Vault Server |
|
Entrust nShield Security World software |
|
CyberArk Central Policy Manager (CPM) |
|
CyberArk Password Vault Web Access (PVWA) |
Domain
The following table shows the domain for the Vault server and Component server VMs.
| Vault Server VM | Components Server VM |
|---|---|
WORKGROUP (not joined) |
<domain-name> (joined) |
Licensing
The keys-master folder should be kept on removable media, for example a CD.
The CyberArk Digital Vault Security Standard states the following about the keys-master folder:
The Recovery Private Key (Master CD) should be stored in a physical safe.
The recprv.key file in this folder is considered extremely sensitive.
It is normally never stored on the server.
Rather, it is kept on removable media and stored in a safe until needed for the ChangeServerKeys.exe command in Rewrap the CyberArk PAS Vault key from the software to HSM.
|