Press "Enter" to skip to content

CyberArk PAS v11.1 Install & Configure – 1. Infrastructure and Environment Introduction

4

CyberArk PAS v11.1 Lab Install & Configure – 51Sec Lab

1. Infrastructure and Environment Introduction

This is based on my v11.1 testing lab at home. All installation and configuration steps have been recorded into my YouTube NetSec channel. In this series,  I will try to cover all installation methods (Automatic, Manual, PAS installer) as much as I can to show you how to build a CyberArk LAB at home.

Lab Infrastructure Overview

Diagram – https://blog.51sec.org/2020/04/cyberark-pas-51sec-lab-install.html

Lab hierarchical architecture diagram

Basic Lab VM List

Vault 1 – 2G RAM, 1vCPU – 192.168.2.21
PSM 1 – 4G RAM, 2vCPU – 192.168.2.25
PVWA/CPM 1 – 4GRAM, 2vCPU – 192.168.2.23

51sectest.com DC with installed CA, Email Server, Syslog- 192.168.2.11

Advanced Lab VM List

Vault 1 – 2G RAM, 1vCPU -Win2012 – 192.168.2.21
Vault 2 – 2G RAM, 1vCPU -Win2012 – 192.168.2.22

PSM 1 – 4G RAM, 2vCPU -Win2012 – 192.168.2.25
PSM 1 – 4G RAM, 2vCPU -Win2012 – 192.168.2.26
PSM SSH/HTML5 GW- 4G RAM, 2vCPU – CentOS 7 – 192.168.2.27

PTA – – 4G RAM, 2vCPU -Win2012 – 192.168.2.28

PVWA/CPM 1 – 4GRAM, 2vCPU – 192.168.2.23
PVWA/CPM 1 – 4GRAM, 2vCPU – 192.168.2.24

51sectest.com DC with installed CA, Email Server, Syslog- 192.168.2.11

DC Preparing

Set up your own domain and domain controller. In my lab, I am using 51sectest.com as my lab domain. All accounts have been set up to use one password for easy to remember. In the lab, anywhere we need a password, it will set up same as this one. One password for whole lab, it will make your lab life much easier.

On DC, I installed CA server on it. It will be used for later to enable certs authentication, RDP over SSL, LDAP over SSL etc.

To demonstrate integration with LDAP, Email, NTP, Syslog, I have installed email server, ntp server and syslog server on this DC. I will show you how I did that.

For NTP server, by default, the first domain controller that is installed on a Windows Server domain is automatically configured to be a reliable time source.

Email server, I installed MailEnable as my LDAP integrated email server.

Syslog server, I am using free Solarwinds Kiwi Syslog server.

Domain Groups:
1. CyberArk Auditors
2. CyberArk Safe managers
3. CyberArk Users
4. CyberArk Vault Admins

Lab

1. Infrastructure and Environment Introduction
2. Vault installation
2.1 System configuration
2.2 Pre-requisite for vault installation
2.3 Vault installation
2.4 Post vault installation





References

 
  1. Bhagya Shroff Bhagya Shroff

    Hi John,
    Thanks for the important information and various blogs on CyberArk. It is very helpful. I want to replicate the same environment from one to another. For example, I have created an environment in Staging, created safes, on boarded accounts, policies, workflow etc. now want to replicate in Production. How can I do it? Your suggestions would be much appreciated

    • netsec netsec

      I am not seeing a perfect solution for staging and production. Best way is documenting what you have done on staging environment then re-produce it in your production environment.

      Clone your vm and bring it into same domain always not good idea. Bring it into a different domain should work but you will need to deal with certs issue. I have not tried that in production. Still prefer re-produce the steps you did in stage environment.

      let me know if you have some good ideas.

  2. Suresh Suresh

    where to download the cyberark software

    • netsec netsec

      You will need a CyberArk account to download them. Talk to your CyberArk representative for trial license and software.

Leave a Reply

%d bloggers like this: