Configure PAM to Communicate with Utility Appliances

This content describes how to configure PAM to communicate with Utility Appliances
A PAM server licensed for Server Control and at least one Utility Appliance must already be deployed and running.
To configure PAM to communicate with a Utility Appliance VM, create a corresponding Utility Appliance device. PAM then automatically creates and configures all the other objects that are required to enable integration of the Utility Appliance.
This procedure describes how to add Utility Appliance using the PAM UI. You can also add devices using the External API or by uploading an appropriately formatted CSV file.
Follow these steps:
  1. Navigate to the
    Devices
    ,
    Manage Devices
    screen.
  2. Select
    Add
    to create a new device for your utility appliance.
    The
    Add Device
    dialog opens.
  3. Complete the following fields on the
    Basic Info
    tab.
    • Name
      : Specify the Utility Appliance name to be displayed on the Access page. You can enter double-byte characters.
    • Address
      : Enter the IP address or FQDN of the Utility Appliance.
    • Operating
      System
      : Select
      Utility Appliance
      .
  4. Select
    OK
    .
Your changes are committed. PAM automatically does the following tasks to complete configuration of the device and create and configure other required objects:
Caution
: Do not change the properties of any of the objects that PAM configures. Doing so breaks the integration of the PAM server and the Utility Appliance.
  1. Completes the following other
    device
    configuration fields and options that are required for the Utility Appliance device configuration:
    Basic Info
    tab:
    • Device Type
      : Sets the following options:
    • Access
      : Designates the Utility Appliance as a potential endpoint for access management
    • Password Management
      : Designates the Utility Appliance as a target device for credential management
    • A2A
      : Sets this option to provide A2A credential management for the Utility Appliance:
      • Description 1
        : Describes the device (specifically
        Utility_Appliance
        )
      • Active
        : Allows the A2A Client to receive credentials
      Access Method
      tab: Adds the
      SSH
      access method and configures it for communication with the Utility Appliance
  2. Creates a corresponding
    target application
    with the following properties:
    • Host Name
      : The IP address or FQDN of the Utility Appliance device
    • Device Name
      : The name of the Utility Appliance device
    • Application Name
      :
      “Utility Appliance Application”
    • Application Type
      : UNIX
  3. Creates a corresponding
    target account
    with the following properties:
    • Host Name
      : The IP address or FQDN of the Utility Appliance device
    • Device Name
      : The name of the Utility Appliance device
    • Application Name
      :
      “Utility Appliance Application”
    • Account Name
      : “root”
    • Password View Policy
      :
      The UtilityAppliancePVP policy rotates the Utility Appliance credentials at the end of each connection.
    • Protocol
      : SSH-2 Public Key Authentication”
    • Private Key
      : A generated private key
    • Public Key:
      A generated public key
  4. Rotates the Utility Appliance target account private and public keys. Both keys are then rotated every time someone logs into the Utility Appliance.
Troubleshooting Tip
: If a message appears stating that the device was defaulted to a Linux OS Type, there was likely a communication error. Information can be found on the
Sessions
,
Logs
screen.