ARCON Privileged Access Management Review

Enables provisioning of administrative access, records administrative activities in logs


What is our primary use case?

Controlling the privileged access to all the target servers.

What is most valuable?

Provisioning of all administrative access through this solution. The privileged administrators are logging in to the solution using their domain ID and then getting access to the required servers based on their credentials. The administrators do not need to know the actual administrator's password. Otherwise, in an environment if you have N of servers, the administrator needs to know the ID password of each and every server. After implementation of this solution they are all stored in the password vault of this solution.

So in this case, let's say one administrator is managing a hundred servers. He may not know the different passwords of the different servers. That person will log in to this solution using his domain ID and password and he will get access to the servers he is managing. This is a primary use of this particular solution.

And then, after storing this administrator password in this password vault of the solution, the solution can automatically go and change the password based on the defined frequency with the defined complexity.

Additionally, it is recording video records for Windows and command-line reports for others, Linux and AIX, of whatever activities being carries by that particular administrator.

What needs improvement?

One thing which needs improvement is where it is keeping video logs of Windows Servers, whatever activities are being carried out by the administrator. Because Windows logs are a video, they are unsearchable, so if you need to search for a specific administrator and what he has done on a server, right now you need to go through different video logs of that particular timeframe. I think they are coming up with an additional feature where in it can be indexed and can be searchable.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

We haven't had any issues with stability.

We have designed a solution such that it has been implemented in both the production as well as the DR environments. Whenever we wanted to upgrade the product to the next version, we upgrade the DR first, then production. And whenever production is being upgraded, the entire access is switched over to DR for all the users. So effectively there is no down time for the end users, the administrators.

The stability of the product becomes very important. Otherwise, if the server in the solution is down, all the administrators lose their access for administration. It has proved its stability over the last five to six years.

What do I think about the scalability of the solution?

We never had scalability issues. The primary issue will be storing the logs. The storage is attached to the SAN, so whenever there is a space crunch, in terms of storing the logs, we just increase the SAN storage. That's it. In terms of computer requirements, we never had an issue in terms of performance.

How is customer service and technical support?

We had a little different model altogether. We had their resource on site for our support. We used to talk to the onsite person only. So I wouldn't be a right person to give you feed back on the tech support, as such. But whenever we had to escalate to tech support, there was a good response.

Which solutions did we use previously?

We did not have a previous solution.

How was the initial setup?

The setup is pretty straightforward, it is normal. There is application server, there's a gateway server and there's a database server. I don't think there is any complexity in that. 

What's my experience with pricing, setup cost, and licensing?

The product's pricing is good value.

In terms of licensing, go for user-based licensing, without any limit on the target servers.

Which other solutions did I evaluate?

We evaluated different solutions. We evaluated CyberArk and, if I remember correctly, we had evaluated one more Indian product. I don't recollect its name.

Primarily we took the decision to go ahead with ARCON because the criteria for privileged administrative environment as a domain was evolving a lot at that time. It was in 2012. We felt that they offered many customizations, anything which was required that was specific to the customer's environment. They offered that customization to us. And they have come up with a number of customizations, and a number of good features over that period of time. With CyberArk, we didn't have that much flexibility in terms of customizing the product.

What other advice do I have?

Obviously your administrators should participate in the decision to buy this product, because they will have to go through the solution to access any server or any device on which they wish to do administration. At times, initially, it may seem to people who are doing administration that their flexibility is removed. You have to make them aware that the solution brings them flexibility in terms of not remembering the passwords of many servers; when they have a number of servers to be administered, they write down the passwords. Those issues are taken away.

It also provides a lot of security to the administrator himself. He can also review what commands fired, what commands did not fire.

The solution was suited for the purpose when we evaluated it, and it has also evolved to meet the different needs, additional needs. I think it's continuing to evolve.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email