Configure PAM to Communicate with Utility Appliances
This content describes how to configure PAM to communicate with Utility Appliances
A PAM server licensed for Server Control and at least one Utility Appliance must already be deployed and running.
To configure PAM to communicate with a Utility Appliance VM, create a corresponding Utility Appliance device. PAM then automatically creates and configures all the other objects that are required to enable integration of the Utility Appliance.
This procedure describes how to add Utility Appliance using the PAM UI. You can also add devices using the External API or by uploading an appropriately formatted CSV file.
Follow these steps:
- Navigate to theDevices,Manage Devicesscreen.
- SelectAddto create a new device for your utility appliance.TheAdd Devicedialog opens.
- Complete the following fields on theBasic Infotab.
- Name: Specify the Utility Appliance name to be displayed on the Access page. You can enter double-byte characters.
- Address: Enter the IP address or FQDN of the Utility Appliance.
- OperatingSystem: SelectUtility Appliance.
- SelectOK.
Your changes are committed. PAM automatically does the following tasks to complete configuration of the device and create and configure other required objects:
Caution
: Do not change the properties of any of the objects that PAM configures. Doing so breaks the integration of the PAM server and the Utility Appliance.- Completes the following otherdeviceconfiguration fields and options that are required for the Utility Appliance device configuration:Basic Infotab:
- Device Type: Sets the following options:
- Access: Designates the Utility Appliance as a potential endpoint for access management
- Password Management: Designates the Utility Appliance as a target device for credential management
- A2A: Sets this option to provide A2A credential management for the Utility Appliance:
- Description 1: Describes the device (specificallyUtility_Appliance)
- Active: Allows the A2A Client to receive credentials
Access Methodtab: Adds theSSHaccess method and configures it for communication with the Utility Appliance
- Creates a correspondingtarget applicationwith the following properties:
- Host Name: The IP address or FQDN of the Utility Appliance device
- Device Name: The name of the Utility Appliance device
- Application Name:“Utility Appliance Application”
- Application Type: UNIX
- Creates a correspondingtarget accountwith the following properties:
- Host Name: The IP address or FQDN of the Utility Appliance device
- Device Name: The name of the Utility Appliance device
- Application Name:“Utility Appliance Application”
- Account Name: “root”
- Password View Policy:The UtilityAppliancePVP policy rotates the Utility Appliance credentials at the end of each connection.
- Protocol: SSH-2 Public Key Authentication”
- Private Key: A generated private key
- Public Key:A generated public key
- Rotates the Utility Appliance target account private and public keys. Both keys are then rotated every time someone logs into the Utility Appliance.
Troubleshooting Tip
: If a message appears stating that the device was defaulted to a Linux OS Type, there was likely a communication error. Information can be found on the Sessions
, Logs
screen.