When passwords are changed regularly, a robust storage mechanism is needed to store them. This storage must:
- Prevent unauthorized disclosure.
- Be highly available, even when there is a physical disaster.
- Lose no data, again even when faced with a site outage.
Hitachi ID Privileged Access Manager includes an encrypted, replicated storage mechanism:
- All credentials are encrypted using a customer-specific key, which itself is encrypted and protected.
- All database commits are distributed across multiple Privileged Access Manager servers, in real time, over an encrypted communication channel and with retries in the event of a connection problem.
- Any credential can be retrieved from any Privileged Access Manager server.
- Replication is tolerant of low bandwidth and high latency and deployment of vaults in multiple cities is strongly recommended.
- In the event that a single Privileged Access Manager server is disconnected or even destroyed, no special steps are required to 'activate' the other servers -- they are all active, all the time.
An encrypted, distributed, active-active database architecture ensures high availability and strong security without human intervention in the event of a disaster.