Installing the Privileged Account

Security solution for POC

Version 9.5
Including:

Privileged Identity Management Suite

Copyright 1999-2015 CyberArk Software Ltd. All rights reserved.

This document contains information and ideas, which are proprietary to
CyberArk Software Ltd. No part of this publication may be reproduced, stored
in a retrieval system, or transmitted, in any form or by any means, electronic,
mechanical, photocopying, recording, scanning, or otherwise, without the prior
written permission of CyberArk Software Ltd.
POCINS-009-5-0-1

Installing the Privileged Account Security

solution v9.5
This document describes how to install the Privileged Account Security solution v9.5
in POC mode, with the intention of enabling a quicker, simpler, and smoother start to
the POC.
It is intended for the following CyberArk personnel:

Sales engineers

Professional Services engineers

CyberArk Channel Partners

The POC environment includes the following components:

CyberArk Digital Vault

PrivateArk Administrative Client

Central Policy Manager (CPM)

Password Vault Web Access (PVWA)

Installing the Privileged Account Security solution for POC

This installation is specifically for the POC environment and should not be used for
production environments.

Before Installation
1. Create a new folder on your local computer and copy the contents of the
installation CD to it.
2. Configure the CPM installation to run in POC mode.

In the Central Policy Manager installation folder, open

InstallationSettings.ini and set POCMode to Yes.
[InstallationSettings]
POCMode=yes

Save the configuration file and close it.

3. Configure the PVWA installation to run in POC mode.

In the Password Vault Web Access installation folder, open

InstallationSettings.ini and set POCMode to Yes.
[InstallationSettings]
POCMode=yes

Save the configuration file and close it.

Note: Both the CPM and PVWA must be installed in POC mode in order for them
to be able to work together.

Internal and Confidential

CyberArk Software Ltd. | cyberark.com

4. The POC installation includes a plain cmd script that can run all regular PACLI
commands. You can modify this script to create a customized environment for
your POC, create safes, accounts, users and groups, or any other changes that
can be done using PACLI. For more information, refer to the CyberArk Vault CLI
Guide and Reference.
Note: The POC installation uses the following versions of PACLI:
PACLI v5.5.73 The command script uses this version in the
POCInstallation\user folder.
PACLI v4.10.211 The Password Upload Utility uses this version in
the POCInstallation folder.
To Modify the POC Installation Script
i.

In the POCinstallation folder, under the PVWA installation folder, open the
POCCustomScript.cmd script.
This script contains a section that is specifically for customization using
PACLI commands.
REM ******************* add script here ***************
"%~dp0pacli" PACLI command1
"%~dp0pacli" PACLI command2

ii. Specify the PACLI commands that you want to run in this script using the
following format:
"%~dp0pacli" <PACLI command>

As the script is run as part of the installation using the POC internal user, you
do not have to supply user credentials again.
iii. Save the script and close it.
5. Make sure that the user who will run the PasswordUpload Utility during
installation has write permissions on the POCInstallation folder.

Installation
For information about the installation procedures, refer to the Privileged Account
Security Installation Guide.
1. From the CyberArk Vault folder, install the CyberArk Digital Vault.
2. From the Client folder, install the PrivateArk Administrative Client.
3. From the Central Policy Manager folder, start the CPM installation procedure; the
following message appears:

Click Yes to start installing the CPM in POC mode.

4. From the Password Vault Web Access folder, start the PVWA installation
procedure; the following message appears:

Internal and Confidential

CyberArk Software Ltd. | cyberark.com

Click Yes to start installing the PVWA in POC mode.

Privileged Account Security POC Environment

During installation, an environment is created automatically for the POC which
includes the following special features:
The following parameters have new defaults that are more relevant to POC
processes:
Parameter

Location

Description

New
default

RefreshPeriod
(PVWA)

PVConfiguration.xml
General node

Determines how frequently

(in minutes) the Web Access
configurations are read by
the Password Vault Web
Access.

1 minute

DebugLevel

PVConfiguration.xml
Logging node

Controls the level of the

debug log for the PVWA.

High

Interval (CPM)

CPM.ini

Determines the number of

minutes after which the
Central Policy Manager rereads the list of policies, in
order to handle new policies
or remove deleted ones.

1 minute

CPMDebugLevels

CPM.ini

Controls the level of debug

log for the CPM.

1,2

ImmediateInterval Each CPM policy

Affects the time it takes the

CPM to start immediate
operations such as
Change/Verify/Reconcile
Now.

1 minute

SearchForUsages Each CPM policy

Whether or not CPM will

search for Service Accounts
(usages) after changing
passwords successfully.

Yes

Debug

Controls whether or not

debug logs will be created.

Yes

Each CPM policy

Additional
Information node

Internal and Confidential

CyberArk Software Ltd. | cyberark.com

Built-in POC user By default, a unique built-in user called POCAdmin is

created in the Vault with all possible Vault authorizations that may be required for
the POC. In addition, this user belongs to the following groups:

Vault Admins

PVWAMonitor

Auditors

These authorizations and group membership enable the POCAdmin user to

access all the major EPV features, including the following:

Reports

Accounts

Safes Management

Sessions Monitoring

PSM Connections and Transparent Connections

Live Sessions

Master Policy

Platform Management

Customizing the POC Environment During installation a PACLI script creates

a predefined environment for the POC. This script can be configured to create a
customized environment for your POC, create users, run the PasswordUpload
Utility, etc. For more information about configuring this script, refer to Before
Installation, page 2.

Internal and Confidential

CyberArk Software Ltd. | cyberark.com