Privileged Account Manager provides load balancing and failover capabilities based on the hierarchical structure of the hosts. Before organizing your hosts into domains and subdomains, refer to Section 12.0, Load Balancing for information about these features.
When you install Privileged Account Manager, a top-level domain Hosts is automatically created. To rename this domain, see Modifying a Domain. You can create subdomains under the top-level domain.
On the home page of the console, click Hosts.
Select an existing domain to add a subdomain to the existing domain.
Click Add Domain in the task pane and on the Add Domain page specify the subdomain name.
Click Add.
Select to perform any of the following tasks:
To configure the domain, continue with Modifying a Domain.
To add hosts to the domain, continue with Adding a Host.
To move existing hosts to this domain, continue with Moving a Host.
Use this page to modify the domain name and encryption settings. The encryption settings apply to all hosts within the domain, unless you modify the host encryption settings. Host settings overwrite domain settings.
On the home page of the console, click Hosts.
In the navigation pane, select the domain you want to modify.
In the task pane, click Modify Domain.
Configure the following options:
Domain Name: Name of the domain is displayed in this field. You can change the name by specifying a new domain name.
Audit Zone: Specify an audit zone for this domain. For example, DOMAZ1. For more information about audit zones, see Managing Audit Zones.
NOTE:By default, the domain is associated with audit zone 0.
Location: Select the country and the province where the domain is located. Based on the selected value, the domains are mapped to the corresponding coordinates in the Deployment Dashboard.
Key Configuration: Select this option to enable configuration of the encryption key and encryption of the databases stored on the hosts in this domain.
Host Key Rollover(days): Specify how many days the host key can be used before generating a new key for the hosts in this domain.
Db Key Rollover(days): Specify how many days the database key can be used before generating a new key for the hosts in this domain.
Encrypt: Select the databases you want to encrypt for the hosts in this domain.
Ensure that you select the appropriate database for encryption. When you encrypt some database, it may cause performance issues. NetIQ recommends to encrypt the following:
auth.db: it contains usernames
registry.db: it contains the hosts.
cmdctrl.db: it contains command control rules with usernames and hosts.
PrvCrdVlt.db: It secures the account and key credentials in the Enterprise Credential Vault.
NOTE:The encryption of auditing data (/audit/cmdctrl.db) can be enabled from the Reporting console. See Audit Settings.
Click Finish.
You cannot delete a domain if it contains any host. So, you must delete or move the hosts before attempting to delete a domain. For information about moving a host, refer Moving a Host.
On the home page of the console, click Hosts.
The navigation pane displays the current hierarchy of the Framework.
In the navigation pane, select the domain you want to delete.
In the task pane, click Delete Domain.
Click Finish.