Skip Links

Network World

  • Social Web 
  • Email 
  • Close
Inside this test package Product-by-product summary
Introduction | Score card | How we did it | Slideshow: PAM review highlights | Test archive

Cyber-Ark tops list of privilege account managers

By Tom Henderson and Rand Dvorak , Network World , 04/28/2008
Newsletter Signup
  • Share/Email
  • Tweet This
  • Comment
  • Print

Cyber-Ark's product was sent to us in pre-configured VMware-format virtual machines. While it's Cyber-Ark's policy to install 100% of its products, we requested this optional product delivery mode that allowed us to install the product ourselves.

Enterprise Password Vault (EPV) stunned us with the breadth of server operating systems, devices and applications for which it can supply privileged password system support.

EPV, because of its comparatively deep LDAP support, could work with virtually everything in our lab, ranging from virtualized Windows, Linux, FreeBSD, and MacOS servers to Microsoft SQL Server and Cisco IOS devices. The examples of how to connect to these devices and customize EPV 'Vaults' and 'Safes' gave us templates to use that didn't mandate becoming experts in how this privilege account manager works. EPV's infrastructure 'intelligence' and its integration level are a cut above the competition.

Everything we used in our test bed was covered. Linux? Check. Solaris? Check. MacOS? Check. FreeBSD? Check. If LDAP (this includes Windows LDAP) is correctly configured, the integration is very fast. If you've got a quirky LDAP deployment, then the user interface helps you configure generic privileged password objects to be used across the network. EPV also created vaults and safes for secure data storage, as well as secure network directories under LDAP, with ease.

There are four components to the EPV system, its Enterprise Password Vault (the password and access storage system), its Central Password Manager (CPM -- the core privileged account management application), its Password Vault Web Access System (PVWA – which provides the method by which users request passwords and high-level administrators approve the requests), and EPV's Application Identity Management component (AIM -- which performs application-to-application password management.)

EPV uses a vault -- and safes within the vault where passwords are kept for specific resources on the network – a metaphor to allow administrators to aggregate access groups by like-type.

Inside each vault are groups that use a common methodology to gain access to a resource requiring privileged access. For instance, we tapped recommended vaults provided by Cyber-Ark and used them to create access to our test Windows 2003, Linux, and BSD servers with relative ease, as the settings are understandable and rapidly replicated.

  • Share/Email
  • Tweet This
  • Comment
  • Print
Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Videos

rssRss Feed