Upgrade CyberArk PAM Connector Components (CPM & PSM) for Privilege Cloud

congcong 好物分享

This post summzrize some notes and steps to upgrade the Privilege Cloud Connector and the components for versions 12.7 and later.

Note: Upgrading the CPM and PSM components requires downtime (typically a few minutes). We recommend performing the upgrade at a time that will have the least impact on your operations.

Diagram

https://docs.cyberark.com/PrivCloud/Latest/en/Content/Privilege%20Cloud/PrivCloud-upgrade-connector-12.7-later.htm?tocpath=Setup%7CUpgrade%20Privilege%20Cloud%20connectors%7CUpgrade%20the%20Privilege%20Cloud%20Connector%7C_____1

 

Check CPM and PSM versions

  1. On the Connector, press Windows + R keys simultaneously to launch the Run box.

  2. In the Run box, enter appwiz.cpl, and click OK.

  3. On the Programs and Features page, select CyberArk Privilege Session Manager>CyberArk Central Policy Manager. The versions are displayed.

  4. Based on your Connector version, choose the relevant upgrade flow In this section:

For details about the version files and builds, see Release notes v14.0

In this section:

Connector Management

Install Connector to a new Connector server

To deploy a new connector, you first generate the installation script and then run it on the connector host machine.

To perform the following steps, your user must be assigned to the System Administrator role in Identity Administration.

  1. Sign in to the CyberArk Identity Security Platform Shared Services using the link provided in the CyberArk email.

  2. Click the service picker, and select Connector Management.

  3. On the Connectors page, click Add a connector.

  4. In the Add connector wizard > Define installation details tab define the following details for the Management Agent in the host machine:

  1. Click Next.

  2. In the Copy installation script tab, review the connector settings you defined:

Click Copy script to later copy it to the connector host machine.

The script is available for 5 minutes.

Optionally:

  • Click Renew to renew the script availability for an additional 5 minutes

  • Click Preview to view the script format

Click Close.

https://docs.cyberark.com/ConnectorManagement/Latest/en/Content/Setup/CM_AddConnector.htm?tocpath=Setup%7C_____2#Addaconnector1

Upgrade CPM and Other Components

 

At this moment, Jan 2024, it is still not able to upgrade PSM from Connector Management page.

Connector shows components details

Upgrade Components page

You will need to get your [email protected] credential to process. Reset the installeruser password first since it will be changed in 24 hours after reset.

Upgrade PSM

High Level Steps

  1. Download the Privilege Cloud Connector version 14 upgrade files from the CyberArk Marketplace:
  • Privileged Session Manager-Rls-14.zip 
  • Central Policy Manager-RI14.zip 
  • Privilege Cloud Connector Unified Hardening GPO-v2.2.0.zip 
  • Privilege Cloud Connector Unified Hardening GPO-v2.2.0.txt 

 

Installed version Patch version Download link
PSM 13.2 or older 14.0 https://www.cyberark.com/CA24-04-PSM14
CPM 13.2 or older 14.0 https://www.cyberark.com/CA24-04-CPM14
Privilege Cloud Connector Unified Hardening GPO 2.2.0

 

  1. Follow the instructions in the documentation to upgrade to version 14.
CyberArk Documentation : Upgrade the Privilege Cloud Connector
  • https://docs.cyberark.com/PrivCloud/Latest/en/Content/Privilege%20Cloud/PrivCloud-upgrade-connector.htm
Before you upgrade the PSM component:

  • Make sure you have performed the preparatory steps described in Before you begin, in this topic.

  • Note that as part of the upgrade, legacy PSM logs are grouped in a zip file and copied to internal archive folders for future access if necessary.

To upgrade the PSM component:

  1. Open the PSM installation package you created in Prepare the Privilege CloudConnector machine:.

  2. Right-click Setup.exe, and then select Run as Administrator.

  3. The installation wizard appears. Click Next and follow these steps within the wizard:

    Tab/event

    Step
    Microsoft Visual C++ 2013 Redistributable Package (x64) error Ignore and click Yes to Continue

    If Connector machine is domain-joined, and you logged on with a local user, the following message appears:

    • Click Yes if you are not using the RemoteApp user experience capability.

    • Click No to stop the upgrade, log on with a domain user who is a local administrator, and start the upgrade again.

    Password Vault Web Access Environment page

    Retain the default settings and click Next .

    Vault's Connection Details page

    Retain the default settings and click Next .
    Vault's Username and Password details page

    Enter the same Privilege Cloud admin credentials used for the Connector installation (<subdomain>_admin) and click Next.

    API Gateway connection details page

    Optionally, to apply the PSM automatically unlock accounts capability, enter the Privilege Cloud portal hostname in the Host field:

    <subdomain>.privilegecloud.cyberark.com

    Otherwise, click Next .

    PKI Authentication configuration page

    Optionally, to benefit from the Smart Card authentication for RDP connection capability, select Enable PKI authentication for PSM.

    Otherwise, click Next .

    If message appears, click Yes

  4. In the Hardening page, click Advanced and enter the following selections, depending on in-domain or out-of-domain hardening solution:

    Click Next .

  5. On the Update Complete page, click Finish.

     

    You can restart the Connector machine at a later stage. In any case, you must restart the Connector machine before you can use it.

https://blog.51sec.org

版权声明:
作者:congcong
链接:https://www.techfm.club/p/101764.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>