NetIQ Privileged Account Manager 3.2 includes new features and resolves several previous issues.
NetIQ Privileged Account Manager, formerly known as NetIQ Privileged User Manager, helps IT administrators to manage the identity and access of super user accounts, by providing controlled super user access to authorized users. You can post feedback in the Privileged Account Manager Community Support Forum, our community Web site that also includes product notifications, blogs, and product user groups.
To download this product, see the NetIQ Downloads Web site. For more information about this release and for the latest release notes, see the Privileged Account Manager Documentation Web site.
The following sections outline the enhancements and issues resolved in this release:
Privileged Account Manager now supports accessing the X11 applications through an SSH relay session. You can access the X11 applications by enabling X11 feature in the appropriate SSH relay policy. In addition, you can also configure to enable the video recording of the X11 enabled SSH relay session which you can playback from the reporting console. For more information about the X11 configuration, refer X11 Configuration.
PAM Sniffer is an independent tool provided by Privileged Account Manager to identify all the privileged accounts in the target systems, such as Unix, Linux, Domains, Windows, and Directories. Using this tool you can identify all the privileged accounts available in the system and utilize it effectively. For more information about accessing and configuring this tool, refer PAM Sniffer.
Privileged Account Manager now supports password checkout for cloud services, such as OpenStack and Amazon Web Services (AWS). You can checkout privileged account password for these cloud services from the user console and gain privileged access to the cloud services. For information about configuring password checkout for cloud services, refer Enabling Password Checkout for OpenStack and Enabling Password Checkout for Amazon Web Services.
From this release, Privileged Account Manager supports storage of the Enterprise Credential Vault objects in external LDAP directories.You can choose to store the Enterprise credential Vault objects either in the native SQLite database or in the external LDAP directory. For more details about this feature refer, Managing Datastore.
Privileged Account Manager provides a Deployment Dashboard which shows how the privileged account manager hosts are geographically located with the help of a map. In addition, it also contains a live risk view that highlights all the hosts on which a risky operation was performed. For more information about accessing and configuring the Deployment Dashboard refer, Deployment Dashboard.
In addition to the Host Console, Privileged Account Manager now supports upgrade through the Privileged Account Manager installer. Using the Privileged Account Manager installer you can upgrade from PAM 3.2 to any higher version. For steps to upgrade Privileged Account Manager using the installer refer, Upgrading Using the Privileged Account Manager Installer.
In addition to the existing command line options, Privileged Account Manager now supports install, uninstall, rollback, and upgrade through command line from the respective agent machine. For more information about these commands, refer Install and Uninstall Packages From Agent Machine and Upgrade and Rollback Packages.
This release adds support to the following Advanced Authentication methods:
Fingerprint
Smart card
RFID card
The following enhancements are available for videos:
Privileged Account Manager now provides a facility to configure a common video conversion settings which will be applied to all the Windows and SSH session policies that performs video capture. You can make use of this settings to optimize the video conversion process.
For more information, refer Configuring the Video Conversion Settings
Video storage is enhanced to support videos grouping based on year and month. By storing videos in this format you can easily identify and retrieve the videos.
For more information, refer Configuring the Video Path (Optional)
Videos are stored in WebM format from this release. To play the videos created in previous versions such as 3.0 or lower, you must convert them to .webm format.
For more information, refer Converting the FLV Videos to WebM
Video capture and playback is supported for SSH Relay with X11 applications enabled.
This release provides REST APIs for managing Enterprise Credential Vault.
In this release, OpenSSL libraries are upgraded to version 1.0.2k.
This release includes support for the following:
Platform: Windows 2008 R2 Terminal Server, Windows Server 2016, and Windows 10
Browser: Microsoft Edge
NOTE:Video playback is not supported in Edge browser as the Edge browser does not support WebM format.
This release includes fixes for the following security vulnerabilities:
CVE-2017-7437 - Addresses the reflected cross-site scripting (XSS) vulnerability that could result in the storage of uncontrolled information.
CVE-2017-7438 - Addresses the DOM cross-site scripting (XSS) vulnerability.
Privileged Account Manager 3.2 provides software fixes for the following issues:
Fix: In this release, a loading indicator is displayed in the Reporting Console when fetching the session log entries. (Bug 1037063)
Issue: When you use Find Host to locate a host in the Host Console, the host details are displayed in the details pane but the host is not highlighted in the navigation pane.
Fix: In this release, when you use Find Host the domain expands and highlights the appropriate host in the Navigation Pane. (Bug 968471)
Issue: RDP data encryption error is displayed when launching the RDP Relay session to the Windows Server 2012 R2 from Windows 8.1 or Windows 10 machine.This error occurs because Privileged Account Manager does not support the latest RDP Client versions.(Bug 990415)
Fix: RDP Relay session launches successfully without any error.
Fix: This issue is fixed in this release.(Bug 1036321)
For information about hardware requirements, supported operating systems and browsers, and software requirements, see Installation Requirements
in the NetIQ Privileged Account Manager 3.2 Installation Guide.
To install Privileged Account Manager, see the NetIQ Privileged Account Manager 3.2 Installation Guide.
To obtain the purchased license, log in to the NetIQ Customer Center and download the software and the license key. The ISO image contains the following directories and files for Framework Managers, Agents, and the Package Manager:
|
Package |
Description |
|---|---|
|
netiq-npum-agent-3.2-aix-5.1-powerpc.bff.gz |
Agent package for AIX 5.1 |
|
netiq-npum-manager-3.2-aix-5.1-powerpc.bff.gz |
Framework Manager package for AIX 5.1 |
|
Package |
Description |
|---|---|
|
netiq-npum-agent-3.2-hpux-11.00-hppa.depot.gz |
Agent package for HP-UX 11 and 11i HPPA |
|
netiq-npum-agent-3.2-hpux-11.23-ia64.depot.gz |
Agent package for HP-UX 11i v2 and v3 Itanium |
|
netiq-npum-manager-3.2-hpux-11.00-hppa.depot.gz |
Framework Manager package for HP-UX 11 & 11i HPPA |
|
netiq-npum-manager-3.2-hpux-11.23-ia64.depot.gz |
Framework Manager package for HP-UX 11i v2 and v3 Itanium |
|
Package |
Description |
|---|---|
|
netiq-npum-agent-3.2-linux-2.6-x86_64.rpm |
Agent package for Linux on Intel 64-bit machines with a 2.6 kernel |
|
netiq-npum-agent-3.2-linux-2.6-intel.rpm |
Agent package for Linux on Intel 32-bit machines with a 2.6 kernel |
|
netiq-npum-manager-3.2-linux-2.6-x86_64.rpm |
Framework Manager package for Linux on Intel 64-bit machines with a 2.6 kernel |
|
netiq-npum-manager-3.2-linux-2.6-intel.rpm |
Framework Manager package for Linux on Intel 32-bit machines with a 2.6 kernel |
|
Package |
Description |
|---|---|
|
netiq-npum-agent-3.2-solaris-2.8-intel.pkg.gz |
Agent package for Solaris 2.8 Intel |
|
netiq-npum-agent-3.2-solaris-2.8-sparc.pkg.gz |
Agent package for Solaris 2.8 SPARC |
|
netiq-npum-manager-3.2-solaris-2.8-intel.pkg.gz |
Framework Manager package for Solaris 2.8 Intel |
|
netiq-npum-manager-3.2-solaris-2.8-sparc.pkg.gz |
Framework Manager package for Solaris 2.8 SPARC |
|
Package |
Description |
|---|---|
|
netiq_pum_agent_3.2_x86.msi |
Agent package for Windows 32-bit computer |
|
netiq_pum_agent_3.2_x64.msi |
Agent package for Windows 64-bit computer |
|
netiq_pum_manager_3.2_x86.msi |
Framework Manager package for Windows 32-bit computer |
|
netiq_pum_manager_3.2_x64.msi |
Framework Manager package for Windows 64-bit computer |
|
Package |
Description |
|---|---|
|
netiq-npum-packages-3.2.tar.gz |
The zip file for setting up a local package manager. |
You can upgrade to Privileged Account Manager from the previous versions of Privileged User Manager. For more information on upgrading, see Upgrading NetIQ Privileged Account Manager
in the NetIQ Privileged Account Manager 3.2 Installation Guide.
IMPORTANT:After upgrading to Privileged Account Manager 3.2, the console packages Enterprise Credential Vault (prvcrdvlt) and Access Dashboard (userreqdashboard) are removed from your Framework Manager. You must manually install these packages. For more information, see Post Upgrade Task.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Issue: Selecting and moving multiple objects by using the Shift/ Ctrl key does not work.
Workaround: To move multiple objects, you can use shift + select the required objects, or use Select All. (Bug 915307)
Issue: When you right-click Start on a Windows 2012 server, the Run as privileged user option does not get displayed. (Bug 901032)
Workaround: To workaround this issue, right-click the application in the folder where the application is installed to execute Run as privileged user.
Issue: When Command Control Objects are added simultaneously in large numbers, the objects do not appear in the console. This is an intermittent behavior. (Bug 908307)
Workaround: No Workaround.
Issue: In the administration console, when you search for unregistered hosts by clicking Hosts > List Unregistered Hosts > IP Range, the Failed to list unregistered agents error is displayed. (Bug 832747)
Workaround: Ensure that when you install Agents, you register it with the Manager for Privileged Account Manager.
Issue: In the Reporting console of Privileged Account Manager when you save the changes to syslog settings, such as select SSL, or Allow Persistent Connections, the changes are not applied. (Bug 895993)
Workaround: To workaround this issue, restart Privileged Account Manager.
Issue: Uninstalling Privileged Account Manager 3.2 through Windows Add/Remove Programs displays an error. This issue occurs only when the Privileged Account Manager is upgraded to 3.2 using Privileged Account Manager 3.2 installer. (Bug 1029461)
Workaround: Uninstall Privileged Account Manager through command line or Privileged Account Manager 3.2 installer.
Issue: The NPAM service commands such as start, stop, restart and status does not work in SUSE Linux Enterprise Server 12 or later. (Bug 1041284)
Workaround: To workaround this issue, perform one of the following:
Reboot the system using the following command:
reboot
(or)
shutdown -r now
Kill and restart the NPAM process using the following command:
pkill unifid
/etc/init.d/npum start
After performing one of the preceding steps, you can verify the NPAM process running status by executing the following command:
/etc/init.d/npum status
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2017 NetIQ Corporation. All Rights Reserved.