Cyber-Ark's product was sent to us in pre-configured VMware-format virtual machines. While it's Cyber-Ark's policy to install 100% of its products, we requested this optional product delivery mode that allowed us to install the product ourselves.

Enterprise Password Vault (EPV) stunned us with the breadth of server operating systems, devices and applications for which it can supply privileged password system support.

EPV, because of its comparatively deep LDAP support, could work with virtually everything in our lab, ranging from virtualized Windows, Linux, FreeBSD, and MacOS servers to Microsoft SQL Server and Cisco IOS devices. The examples of how to connect to these devices and customize EPV 'Vaults' and 'Safes' gave us templates to use that didn't mandate becoming experts in how this privilege account manager works. EPV's infrastructure 'intelligence' and its integration level are a cut above the competition.

Click to see: Cyber-Ark EPV holds passwords in managed 'safes' that can be verified and reconciled automatically.

Everything we used in our test bed was covered. Linux? Check. Solaris? Check. MacOS? Check. FreeBSD? Check. If LDAP (this includes Windows LDAP) is correctly configured, the integration is very fast. If you've got a quirky LDAP deployment, then the user interface helps you configure generic privileged password objects to be used across the network. EPV also created vaults and safes for secure data storage, as well as secure network directories under LDAP, with ease.

There are four components to the EPV system, its Enterprise Password Vault (the password and access storage system), its Central Password Manager (CPM -- the core privileged account management application), its Password Vault Web Access System (PVWA – which provides the method by which users request passwords and high-level administrators approve the requests), and EPV's Application Identity Management component (AIM -- which performs application-to-application password management.)

EPV uses a vault -- and safes within the vault where passwords are kept for specific resources on the network – a metaphor to allow administrators to aggregate access groups by like-type.

Inside each vault are groups that use a common methodology to gain access to a resource requiring privileged access. For instance, we tapped recommended vaults provided by Cyber-Ark and used them to create access to our test Windows 2003, Linux, and BSD servers with relative ease, as the settings are understandable and rapidly replicated.