What is our primary use case?
With Safeguard, there are two virtual appliances. There is one that helps you manage passwords and then there is another one that helps you record the sessions. You can configure it to record whatever you do when you make the remote calls.
We use this solution for a bank. My current project is to onboard all the bank's security assets onto Safeguard. It will be used for admins to have secure access to the server.
What is most valuable?
The part of this product that I like the most is the transparent mode. That is the number one advantage of the product. I also like the ease-of-use. That is what Quest is known for. The interface is interactive, relatively easy-to-use.
I like the fact that we are using a proxy server. Also, I like the fact that it is integrated in such a way that I can connect to my Linux and Unix resources using my AD credentials. They map the AD credentials to Linux accounts. So, when I am connected to my AD accounts, it acts as a sort of proxy to convert it to the Unix account that it is configured for. That is quite useful.
What needs improvement?
The only part of the Safeguard solution that I think could be a problem over time is the amount of storage it takes in the sessions. For example, because it records in real-time video it takes a lot of resources. So, it has not been a problem yet, but we are looking at a solution where we allocate the cost of that additional capacity differently. Then there will be enough resources to compensate for whatever the storage needs are. It just takes a large amount of storage for each current session.
Another thing that I would like to see them improve is that I would like them to make the transparent board a little bit more transparent. The transparent mode is something I use often and it is the best feature of the product but that is also why I see how it can be improved. It might just be a little bit easier to use.
For how long have I used the solution?
We are a long-time Quest partner and have only been using the product for the past five months. We just got onboarded to the One Identity product. This is my first project with One Identity.
What do I think about the stability of the solution?
One of the things I really like about the One Identity solution is the fact that it can be configured in active-active cluster mode. It is just a little pricey because you have to purchase the additional licensing just to be able to do an active-active configuration.
But I like it also because it is a virtual appliance. This means I can configure a high-availability cluster anyhow I want. If I have it on a VMware cluster, I can enable high-availability or any virtual cluster solution that makes sure it is highly available. I would do that using VMware storage. This makes it a more stable and flexible solution.
The fact that I do not have to worry about other incidental things is good. I am not connected to an external database server. So all the dependencies, patching, and additional setup is something I do not have to do on the One Identity appliance. Everything is on a hardware appliance. In other words, I do not really even have to worry about securing my security device. It may not be the first thing to think about, but because you deployed a security device, now you have to worry about securing it. As it is all-in-one as a hardware appliance, I do not have to worry about all that.
What do I think about the scalability of the solution?
We have not had any issues with scalability to this point and it is handling our capacity and needs. The only potential issue would be budgeting for additional licensing, which would not be a problem in our case, and handling the resource usage. These are not really limiting.
Between the banking client and our company, not everyone has been onboarded yet to the One Identity Safeguard. But in the end, we are looking at probably about 500 servers and I think a total of about 180 admins. This seems realistic using this product.
How are customer service and technical support?
My impression of support is that the guys there are very helpful. They are eager to jump in and to help you out. Yes, I think it is a great service.
How was the initial setup?
I think that the initial setup was very straight forward. Pretty much a piece of cake, actually. With our implementation strategy, the deployment actually took only about two hours. That is including the discovery of the assets. It is a relatively large enterprise network, so discovery can potentially take some time. This was very reasonable.
What's my experience with pricing, setup cost, and licensing?
The approximate cost on a yearly basis is in the ballpark of about 80 grand, $80,000. That is for about 100 servers. That is the standard license fee. There are not really any additional costs once you purchase that. Sometimes you can have professional services included with it. For example, if you take a week of professional services or if you need them to do the install. That is the only additional charge.
Which other solutions did I evaluate?
As a long-time Quest partner, this was an easy choice to make. Because we were already partners it made sense to work with their other solutions.
What other advice do I have?
The advice I would give to organizations considering this solution would be that before they make a commitment they need to try to find a local support resource. They will want to be able to get local support because that can be critical. But otherwise, I think it is a good product and a good buy. I would buy it again. As a partner, I would also sell it again because I am confident in it as a product and a solution.
On a scale from one to ten, where one is the worst and ten is the best, I would rate the One Identity Safeguard solution as a nine-point-five out of ten. I'm very happy. If I have to choose an integer, it would have to be a nine. Ten would mean it is perfect and there are things I think can be improved.
Which deployment model are you using for this solution?
Securely store, manage, record and analyze privileged access
Prevent security breaches and limit damage by putting in place a privileged access management solution. Get a free 45-day trial, or request a demo of One Identity SafeGuard.