Installation
Imprivata Customer Privileged Access Management (CPAM) is a product comprised of three sub-applications in charge of providing:
-
The secure connection between vendors and their customers' assets.
-
The configuration of the remote access.
-
The remote support session manager and monitoring services.
This page contains the requirements to install and use Imprivata Customer Privileged Access Management, a high-level description of each sub-application, and redirects you to detailed instructions on the installation of each component in your CPAM server.
Ensure that you understand your User Type (Vendor or Customer) before following any installation instructions.
Service Requirements
Ensure that you comply with all the requirements in this section. If your operating system, hardware and software, or network configurations fail to meet these requirements, the CPAM server will not function as intended.
Supported Operating Systems
The following table lists the supported operating systems:
| Operating System | Versions |
|---|---|
| Windows | 10, 11 |
| Red Hat (including Alma, CentOS, and Rocky) | 8, 9 |
| Ubuntu | 20.04, 22.04, 24.04 |
| SUSE Enterprise Server | 10, 11, 12, 15, 15.5 |
| Unix | Any version, as long as Java 8 or later is installed. |
System Requirements
Be sure that the Windows or Linux server meets the following minimum system requirements:
-
Java 8
-
1 GHz of CPU
-
250 MB of disk space
-
512 MB of RAM
Internet Connectivity and Required Ports
An active Internet connection is required to complete the installation and to support remote vendor sessions in the customer's computer. The Gatekeeper communicates with the CPAM server using outbound communication only. As a result:
-
Security exceptions to inbound firewall rules to allow access are not required.
-
Outbound traffic is required on the following ports:
| Port | Usage |
|---|---|
| SSH (port 22) |
|
| HTTP (port 80) |
|
| HTTPS (port 443) |
|
Falling back to either HTTP or HTTPS might degrade performance in environments where there are a significant number of concurrent vendor connections or if the vendor connections to one or more services require a large amount of bandwidth. Degraded performance is inherently related to the overhead (latency) that is introduced by adding an HTTP wrapper for encryption.
When possible, use SSH (port 22) to connect to the CPAM server.
Proxies and Web Application Firewalls
If your environment deploys proxies or web application firewalls, consider the following:
-
Deploying a proxy or a network appliance between the CPAM server and the Gatekeeper might cause connection issues, which can result in the Gatekeeper having to fall back to its secondary (HTTP) and tertiary (HTTPS) communication protocols. As noted in Internet Connectivity and Required Ports section of this page, this might result in degraded performance.
-
Deploying a Web Application Firewall (WAF) causes connection issues, as their purpose is to inspect and filter incoming and outgoing HTTP(S) traffic. A WAF causes the Gatekeeper to fall back to HTTP or HTTPS tunneling. Consult your IT and Security department on white-listing the Gatekeeper and your CPAM server.
Installation Guides
Navigate to the installation guide of each component of your CPAM server:
Gatekeeper
A Gatekeeper is the application that handles all interactions between vendors and customers. When the customer installs a Gatekeeper, they can provide vendors with access to selected assets.
Read the Gatekeeper Installation Guide.
IP Connect
IP Connect is a driver that maps the remote host's IP address and hostnames to the administrator's local machine.
Read the IP Connect Installation Guide.
Connection Manager
The Connection Manager is a sub-application that enables the secure connection of a vendor's remote support agent to a target customer environment.
Read the Connection Manager Installation Guide.
