Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

Preparing for your Privilege Management Deployment with the Centrify Infrastructure Service - Part 2

11 April,19 at 11:50 AM

After Preparing for your Privilege Management Deployment with the Centrify Infrastructure Service - Part 1, you will want to configure your Active Directory connection and start considering the import of the systems and accounts that will be managed.


-You will want to identify the Windows hosts for Centrify Connectors installations. These Connectors will serve as your proxy into Active Directory. The Connector handles everything from AD authentication requests and managing account passwords to remote sessions to your systems via SSH and RDP. It is important that you have at least two Connectors installed in your AD domain. You may need additional Connectors depending on your network environment, domain/forest trusts, number of users authenticating, etc...


Determining whether you need a connector

Supporting user authentication for multiple domains

Overall Requirements


-Before installing the Connectors, you will want to do the following:


  • Check the firewall rules from the Centrify Connectors to the Centrify Cloud Service or on-premises Centrify Service instance. These requirements change depending on your deployment method (cloud vs. on-prem), but in both cases port 443 must be available for TCP/IP.
  • Check the firewall rules from the Centrify Connectors to the systems that will have local accounts managed or be access remotely using SSH or RDP. Essentially, the Connectors will be acting as jump boxes into the systems, so you will want to know what ports are going to be used for these operations in advance. 
    • Windows systems should be accessible via RDP if you will be establishing remote login through the Infrastructure Service. The default port is 3389, but this port is customizable. 
    • Windows systems that will have local accounts managed for password rotation will need to have one of the following protocols. This port is also customizable.
    • Unix, Cisco, and other networking devices will need SSH on port 22, by default. 
    • Managing systems


How to install a Centrify Connector


Add Centrify Connector.png


















Download - Install - Regoister Centrify Connector.png



















-You will want to identify and set your Corporate IP Range. This will allow you to specify if users can access a system while they are off the corporate network. You will need to know the public IP ranges of your network environment. This IP range can also be used to change a user's authentication profile to require a second and/or third form of authentication to SSH/RDP to a system or checkout an account password.


Setting Corporate IP ranges


Set the Corporate IP Range.png
















-You will want to identify and set the subnets to be associated with each Connector. This will enhance nertwork performance so that remote sessions are sent to the Connector that is best suited for the system being accessed. Also, if you are using a local client for remote sessions, like Putty or Remote Desktop, then it is required that you map your subnets to the Connectors. For example, the local client will make a jump to a Windows system via direct connection to the Connector over port 5555 for RDP sessions. In order for this to be successful, the service will need to know which Connector the local client should reach out to for a particular system. The local client will use the same process for SSH sessions, but on port 22.


Mapping system subnets to connectors


System Subnet Mapping.png




















 Connector Subnet Mapping.png






























Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.