PAR is licensed based on the total number and type of device (system, database, network device, desktop) PAR will be managing passwords for. The PAR device license includes no limit on the number of users, passwords managed or API/CLI configured access. e-DMZ Security also offers a hybrid user/device license model - we will work with the license model that is most cost effective for your specific topology.
PAR is delivered as a hardened, purpose built appliance, providing the highest level of security and lowest cost of ownership to our customers. Given the nature of the information stored and managed by PAR, an appliance based form factor provides the most secure, easy-to-deploy solution to our customers. PAR is inclusive of all software (PAR application, database, web interface, encryption) and hardware (appliance, embedded hardware firewall) required for deployment. Software only solutions require the customer to purchase, configure and secure required servers, database, web access, etc.
As a purpose built appliance, PAR provides the highest level of security in the market with security features that include: embedded hardware firewall, full disk encryption (AES-256), secure clientless communication, no OS access, and more. Additional information and details on the security attributes of PAR can be found in our Appliance Security Whitepaper.
Passwords stored on PAR are encrypted twice using FIPS certified AES 256 encryption. First, they are encrypted using RSA B-Safe AES 256 encryption prior to storage in the PAR internal database. Second, the entire PAR hard drive is encrypted using GuardianEdge (formally PC Guardian) AES hard disk encryption.
PAR has several built-in configurable options to support disaster recovery and business continuity needs. PAR can be configured with a High Availability second appliance (located anywhere) providing automatic failover. PAR also supports a secondary non-failover replica device along with configurable, secure, off-line back-ups.
Yes, files or other information can be stored on PAR, and all of the same fine-grain access controls, release controls and audit associated with password access can be associated with these files.
PAR is able to scale to meet the needs of today's largest enterprises. PAR is proven in its scalability, being deployed in many of the world's largest enterprises, including 4 of the Forbes 2007 ranked 10 largest enterprises. It is important to clarify how e-DMZ Security views scale - where many vendors may speak in terms of "millions" of passwords, etc. when discussing scale, this is really a number related to the underlying database scale - under this view of scale, PAR can certainly also manage "millions". Based on working with many of the world's largest enterprises in actual production deployments, we have come to view scale in terms of "how many passwords can be managed - including daily password synchronization (check/test, change)." One of the key features of PAR, and a requirement of most of our large enterprise customers, is the requirement to validate stored passwords to match the back-end target account to assure no out-of-sync conditions exist. Understanding that checking a password requires any deployed solution to connect to the back-end target and compare the stored password with the actual account password, it would be impossible for any solution to accomplish this over "millions" of accounts in a timely fashion (typically required to be completed in off hours). Given this fact, unlike other vendors, when asked about scale, we do not reply with "millions" - we have tested, confirmed and proven that PAR is able to scale to manage up to 250,000 accounts in a single ePAR appliance - this includes completion of daily password synchronization at this level in less than 4 hours! This is practical scale vs. theoretical scale.
PAR supports the secure storage, release control and change controls of passwords in an ever expanding list of systems, databases, network devices and more. This list includes but is not limited to: AIX, AS400, BoKS, CheckPoint SP, Cisco CATOS, Cisco Routers, Cisco Switches, Cisco PIX, CyberGuard, Fortinet, HP/UX, LDAP, LDAPS, Linux, Mainframe, Mainframe ACF2/ LDAP RACF/ LDAP TS, MS SQL, Netscreen, NIS Plus, Nokia-IPSO, Novell NDS, Oracle, PowerPassword, Bluecoat ProxySG, Solaris, Sybase, True64 (Untrusted, Enhanced Security), Unixware, Windows, Windows AD, Windows NT.
As e-DMZ is continually adding platform support, please for our most current list.
PAR can easily be extended to include support for privileged sessions by adding and licensing eGuardPost as part of your PAR deployment. The value-added session control features include session access controls, session proxy, session recording and DVR-like replay features. Click here to learn more.
PAR supports a full featured command line interface (CLI) and application programmer interface (API) for C, C++, Java, .net and Perl. Based on API/CLI user configurations, access to both user PAR functions (request password, etc.) and administrative level functions are available. This allows the CLI/API to be used to replace hard-coded embedded script/application passwords as well as for ease-of-integration into the existing enterprise applications and workflow.
No. PAR is a clientless/agentless deployed solution. User and administrative access to PAR is via appropriate role based https interface. Back-end target system communication is via the most secure native protocol, for many devices this will be SSH.
PAR supports Secure ID, Safeword, Active Directory, LDAP and Radius configurable as strong primary or secondary authentication.
PAR supports configurable integration with existing active directory structures. PAR can be configured to tightly couple with AD, such that system and user changes made at an AD level can automatically affect PAR configuration.
PAR is able to tightly integrate with any ticketing system with a back-end database structure. Because PAR works with ticketing systems at a database (vs. front-end) level, we are easily able to directly integrate with your existing ticketing system. As an example, you are able to make entry of a ticket number required as part of a password request, and can configure PAR to reach out to your ticketing system and validate the ticket before PAR proceeds with the password request.
Many PAR customers have deployed PAR to successfully address compliant specific audits including SOX, PCI, HIPAA, Basel II and others. PAR delivers the individual accountability, secure storage, release/change controls and audit demanded by today's growing compliance requirements. Please contact us with any compliance specific questions or audits you might have concerning password management, and we can discuss in detail how PAR can help.
e-DMZ Security is unmatched in its level of customer support. Single level standard maintenance includes 7x24x365 e-DMZ hosted hotline via phone, email and our customer support portal. In addition, we provide under our standard maintenance, appliance replacement services and all product patches and updates.
eDMZ.com site map