Services Offering

Total Privileged Access Management (TPAM)

Quickstart
TPAM Solution Suite Overview:
Quest Ones Total Privileged Access Management (TPAM) Suite is a robust collection of integrated
modular technologies designed specifically to meet the complex and growing compliance and security
requirements associated with privileged identity management and privileged access control. The TPAM
Suite provides organizations the flexibility to solve the critical issues associated with compliant privileged
control in a modular fashion as needed on an integrated appliance. The key modules that make up the
TPAM Suite are:
Privileged Password Management: Secure storage, release control and change control of
privileged passwords across a heterogeneous deployment of systems and applications is a
requirement for all enterprises. The award winning capabilities of our Password Auto Repository
(PAR) provides the enterprise class features, functions and scalability demanded by todays
environment.
Privileged Session Management: From remote vendors to developer access to production or
other privileged access requirements, the ability to control access, audit access, monitor access
and record access is becoming more critical as companies engage both internal and outsourced
resources. Our award winning TPAM suite provides full session management and controls,
including fine-grain resource access control, active session monitoring and full session recording
in an unmatched size efficient format for future replay.
Privileged Command Management: Enterprises today are being forced to do more with fewer
resources. As a result, the need to provide restricted, controlled and delegated privileged access
to internal resources is growing. The unique configurable privileged command capabilities
provided through eGuardPost supports privileged access control down to the privileged command
level. Not only are you able to control, record and monitor sessions you can limit a users
connection to a specific command for both Unix/Linux and Windows systems.

Approach and Activities

The duration of the TPAM Quickstart offering is expected to be approximately two days for the activities
described below. If additional assistance is required, the consultant will put the customer in touch with the
appropriate contact to scope the effort and create a Statement of Work (SOW).
Planning Call (approximately one hour)
Finalize the logistics for the installation session
Review the customers current environment and current security settings
Ensure that prerequisites are met prior to the arrival of the consultant onsite
Planned Activities:
Administration and Appliance Configuration K/T
Operations considerations and architecture
Troubleshooting
PAR Administrator / ISA K/T
Overview of PAR functionality

April 2011

System/account management and

architecture

Services Offering

Architectural and security overview

Configuration of users and

authentication schemes
Active Directory integration and
architecture
Role based access and user
classification
Advanced architecture and
considerations
Advanced reporting and data
extracts

Advanced system/account
architecture and imports
Troubleshooting

API/CLI configuration

Alias system overview

End user training course (duration

30 minutes to 1 hour)

Overview of PAR/EGP appliance functionality

Architectural overview

Security overview

PAR/EGP role cased authentication

review
PAR/EGP user interface navigation

End user training course (duration

30 minutes to 1 hour)
Requesting and retrieving
passwords
Reporting analysis

Troubleshooting and hands-on labs

Identify Project Team

Define team members and
responsibilities

Pre-Requisites and Assumptions

Pre-install requirements

Determine scope of project

Identify stakeholders

Systems; security; operations;

audit; compliance (what does this
mean?)

Identify Systems to be managed with the following information provided in a spreadsheet or CSV
file for import or manual entry. If AD Integration or generic integration will not be utilized, then the
requirement for adding new systems are as listed below:
Minimum requirements: Platform; accounts; authentication mechanisms; DNS name; IP address;
support entity
Preferred information:

April 2011

Business; location; risk

classification
Define Operations Model
Dual control requirement
Define ISA function within
organization
Define SysAdm for PAR within
organization
Define mailing list
Define Operations requirements
(availability; backup)

Reconciliation requirements

Audit requirements
Identify PAR users
Authentication requirements

Types

Segregation of duties
Identify HA/DR processes

Services Offering

Define DR strategy (HA; Backups)

Define
Audit/Reconciliation/Compliance
functions
Reporting requirements

HA methodology
Backup process

Install and Setup of Appliance:

Physical location preparation-rack,

power, IP/network
Network configuration; DNS
SDT identification and
familiarization
HA configuration
Global options/password rules
SMTP settings
Check timeframe/Change
timeframe
DSS Key; Certificate and internal
password options

Note: you will need to provide a

valid SSL web certification as the
appliance ships with a placeholder
certificate. This can be acquired
from Thawte, Verisign, or other
vendor of your choice. We will
generate the CSR request from the
appliance and send that to the
vendor. Once a valid certification is
returned, we will then upload it to
the appliance.

The Professional Services Organization should receive notice of the pending TPAM Quickstart
request no later than two weeks prior to attempting to schedule services with a customer so that
schedules can be accommodated and to reduce the probability of a reschedule (three weeks is
preferred to accommodate scheduling of resources).

How to get started:

Quest Professional Services is available to both new and existing TPAM customers. In order to leverage
one of our consulting experts and to discuss a tailored plan to fit your specific requirements, please
contact your Quest Account Manager today. They will arrange a call with a Professional Services
Manager to scope the effort for your specific requirements.

Contact your Account Manager for more information

Cost: $6,000 (includes travel and expenses)
* Specific terms and conditions apply.

April 2011