Privileged Access Management works with virtual machines (VMs) with separate drives that are connected to each other on a shared network. These virtual machines can be hosted by Windows 8.1, Windows Server 2012 R2, or other operating system platforms.
You need a minimum of three virtual machines. If you don't already have an AD domain for PAM to manage, you need one additional VM to act as a CORP domain controller. If you wish to configure the PRIV software for high availability, you need two additional VMs.
The drives where the VM disk images will be stored need at least 120 GB of free disk space. If you plan to deploy for high availability, make sure that the disk subsystem meets the requirements for SQL shared storage. The shared storage can be in the form of Windows Server Failover Clustering cluster disks, disks on a Storage Area Network (SAN), or file shares on an SMB server.
Storage must be dedicated to the bastion environment. Sharing storage with other workloads outside of the bastion environment is not recommended as it could jeopardize the integrity of the bastion environment.
- Privileged Access Management for Active Directory Domain Services is an overview of PAM and how it works.
- Understand the components of PAM is an overview of the various components of PAM.