Lieberman Software Corporation Enterprise Random Password Manager RSA envision Ready Implementation Guide Last Modified: January 27, 2011 Partner Information Product Information Partner Name Web Site Product Name Version & Platform Product Description Lieberman Software Corporation www.liebsoft.com Enterprise Random Password Manager 4.83.1 (Windows XP or later) Enterprise Random Password Manager (ERPM) is the privileged identity management solution that automatically discovers, strengthens, monitors and recovers local, domain and process account passwords in the crossplatform enterprise. It helps you achieve full compliance with your security and operational auditor's privileged account password management and shared account password management requirements.
Solution Summary Each component of Enterprise Random Password Manager (ERPM) can be individually configured to report it's events to a target System Log Server. Configuration for each event are sent as SysLog messages and configured through the ERPM console application. If desired, events can also be sent to multiple event log servers for redundancy. RSA envision Features Enterprise Random Password Manager 4.83.1 EventSource Integration package name Device display name within envision Collection method LiebsoftERPMPE.zip LiebsoftERPMPE Syslog 2
EventSource Integrator Package The RSA envision Intelligence Community is an online forum for customers and partners to exchange technical information and best practices with each other. It also contains the location to download the EventSource Integrator Package for this guide. All envision customers and partners are invited to register and participate in the Intelligence Community: https://rsaenvision.lithium.com. Once you have downloaded the LiebsoftERPMPE package, you must deploy this on all the appliances in your envision site so that envision will support the new event source. When you deploy the package, you run a script that assigns a unique event source type ID to the event source, which envision uses when generating reports. You must deploy the event source XML package on every appliance in your envision site as described in the following table. RSA envision Site Single appliance site Multiple appliance site Multiple appliance site with Enhanced Availability Where to Deploy the Event Source XML Package On the appliance On all components: Application Servers (A-SRVs) Database Servers (D-SRVs) Local Collectors (LCs) Remote Collectors (RCs) On all components: Application Servers (A-SRVs) Database Servers (D-SRVs) Cluster Appliances (CAs) Deploying an EventSource Package To deploy an event source package: 1. Extract the EventSource Package into the following folder: %_ENVISION\etc\devices. 2. Run the script file, UpdateESType.vbs, to assign an event source type ID to the event source. The time the script file takes to run depends on the number of event source XML files that need to be verified. 3. Restart the NIC Service Manager Windows Service. For more information, see the envision Help topic "Start/Stop Services - Manage Services." 4. At this point, you should be able to login to the envision console and see the new device type under Overview System Configuration Devices Manage Device Types listed as LiebsoftERPMPE. 5. Repeat steps 1 to 4 on each appliance in the envision site. 3
Partner Product Configuration Before You Begin This section provides instructions for configuring the Enterprise Random Password Manager with RSA envision. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All Enterprise Random Password Manager components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Enterprise Random Password Manager Configuration In addition to maintaining its own internal log of operations, Enterprise Random Password Manager can be configured to output events to many different types of event consumers/aggregators including RSA envision via SysLog output. To configure an Event Sink Output Type for an RSA envision instance perform the following actions. 1. Open the Event Sink Configuration dialog box within the ERPM console. 2. Create a new Event Sink entry for RSA envision by selecting Settings Extension Components Configure Event Sinks... 4
3. From the Event Sink Definitions dialog box select RSA envision then select OK. 5
4. Using the Event Sink Configuration dialog box, specify the range(s) of events you want to send to RSA envision via SysLog by selecting New and entering the Event ID Range Start and Event ID Range End values. 5. Select Output to SysLog from the Event Sink Output Type drop-down menu. 6. Specify the name of the RSA envision device in the SysLog Server Name field. You can specify the name of the machine as a simple hostname, IP Address, or FQDN as long as DNS resolves the system correctly from each location where an event message generating component is located. 7. Select OK. 6
Certification Checklist for RSA envision Date Tested: January 27, 2011 Certification Environment Product Name Version Operating System Information RSA envision 4.0 SP3 Microsoft Windows 2003 RSA EventSource Integrator 1.1 Microsoft Windows XP RSA Event Source Update (ESU) 20110106- Microsoft Windows XP 120053 Liebsoft Enterprise Random Password Manager 4.83.1 Microsoft Windows XP envision Test Case Device Management Device discovers properly under Manage Monitored Devices Vendor name appears in envision GUI correctly Device can be deleted from Manage Monitored Devices Device can be disabled from Manage Device Types Device Class type is correct under Manage Device Types Device displays properly under Manage Messages to Parse Result Message Management Disabled device creates unknown device in monitored device list Temporary nugget files are removed Queries / Reports Messages for device populate the table columns correctly Ad Hoc report populates variables correctly JJO / PAR = Pass = Fail N/A = Non-Available Function 7
Appendix In certain cases after deploying the ESI Package, the device may come into envision as an Unknown device type. To resolve this issue, complete the following steps. 1. In the envision GUI, select Overview System Configuration Devices Managed Monitor Devices, then click on the IP Address of the Unknown device. 8
2. From the Device Type pull-down menu, select the correct device type. For the name of the device as it appears in envision, refer to the above section RSA envision Features, page 2. 3. Select OK to the information dialog box shown below. 9
4. From the Collection pull-down menu, select Active. 5. Select the Analyze radio button. 6. Click Apply. Important: You must restart the envision NIC Collector Windows Service for your changes to take effect. 10