CyberArk PAS v11.1 Lab Install & Configure – 51Sec Lab

1. Infrastructure and Environment Introduction

This is based on my v11.1 testing lab at home. All installation and configuration steps have been recorded into my YouTube NetSec channel. In this series,  I will try to cover all installation methods (Automatic, Manual, PAS installer) as much as I can to show you how to build a CyberArk LAB at home.

Lab Infrastructure Overview

Diagram –

Lab hierarchical architecture diagram

Basic Lab VM List

Vault 1 – 2G RAM, 1vCPU –
PSM 1 – 4G RAM, 2vCPU –
PVWA/CPM 1 – 4GRAM, 2vCPU – DC with installed CA, Email Server, Syslog-

Advanced Lab VM List

Vault 1 – 2G RAM, 1vCPU -Win2012 –
Vault 2 – 2G RAM, 1vCPU -Win2012 –

PSM 1 – 4G RAM, 2vCPU -Win2012 –
PSM 1 – 4G RAM, 2vCPU -Win2012 –
PSM SSH/HTML5 GW- 4G RAM, 2vCPU – CentOS 7 –

PTA – – 4G RAM, 2vCPU -Win2012 –

PVWA/CPM 1 – 4GRAM, 2vCPU – DC with installed CA, Email Server, Syslog-

DC Preparing

Set up your own domain and domain controller. In my lab, I am using as my lab domain. All accounts have been set up to use one password for easy to remember. In the lab, anywhere we need a password, it will set up same as this one. One password for whole lab, it will make your lab life much easier.

On DC, I installed CA server on it. It will be used for later to enable certs authentication, RDP over SSL, LDAP over SSL etc.

To demonstrate integration with LDAP, Email, NTP, Syslog, I have installed email server, ntp server and syslog server on this DC. I will show you how I did that.

For NTP server, by default, the first domain controller that is installed on a Windows Server domain is automatically configured to be a reliable time source.

Email server, I installed MailEnable as my LDAP integrated email server.

Syslog server, I am using free Solarwinds Kiwi Syslog server.

Domain Groups:
1. CyberArk Auditors
2. CyberArk Safe managers
3. CyberArk Users
4. CyberArk Vault Admins


1. Infrastructure and Environment Introduction
2. Vault installation
2.1 System configuration
2.2 Pre-requisite for vault installation
2.3 Vault installation
2.4 Post vault installation



By Jon

4 thoughts on “CyberArk PAS v11.1 Install & Configure – 1. Infrastructure and Environment Introduction”
  1. Hi John,
    Thanks for the important information and various blogs on CyberArk. It is very helpful. I want to replicate the same environment from one to another. For example, I have created an environment in Staging, created safes, on boarded accounts, policies, workflow etc. now want to replicate in Production. How can I do it? Your suggestions would be much appreciated

    1. I am not seeing a perfect solution for staging and production. Best way is documenting what you have done on staging environment then re-produce it in your production environment.

      Clone your vm and bring it into same domain always not good idea. Bring it into a different domain should work but you will need to deal with certs issue. I have not tried that in production. Still prefer re-produce the steps you did in stage environment.

      let me know if you have some good ideas.

    1. You will need a CyberArk account to download them. Talk to your CyberArk representative for trial license and software.

Leave a Reply