100% found this document useful (1 vote)

197 views

Lab Guide

labovi

Uploaded by

Tatjana Kuburic

Available Formats

Download as PDF, TXT or read online on Scribd

100% found this document useful (1 vote)

197 views

Lab Guide

labovi

Uploaded by

Tatjana Kuburic

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 88

CA Privileged Access Manager 2.5.

x:
Administration Foundations 200
<Brand> <Product>
Lab Guide

Clarifier (what comes after the colon)

Lab Guide

04PIM2010S

04PIM2010LG1

- PROPRIETARY AND CONFIDENTIAL INFORMATION 2016 CA. All rights reserved. CA confidential & proprietary information. For CA, CA Partner and CA
Customer use only. No unauthorized use, copying or distribution. All names of individuals or of companies
referenced herein are fictitious names used for instructional purposes only. Any similarity to any real
persons or businesses is purely coincidental. All trademarks, trade names, service marks and logos
referenced herein belong to their respective companies. These Materials are for your informational
purposes only, and do not form any type of warranty. The use of any software or product referenced in the
Materials is governed by the end users applicable license agreement. CA is the manufacturer of these
Materials. Provided with Restricted Rights.

CA Privileged Access Manager 2.5.x: Administration Foundations 200

Table of Contents
Introduction 1
Guided Practice 3-1: Users 5
Guided Practice 3-2: Import Users from AD 9
Guided Practice 3-3: RADIUS Users 13
Guided Practice 3-4: CSV User Import 15
Guided Practice 4-2: Manually Add a Device 18
Guided Practice 4-3: Export/Import from csv File 20
Guided Practice 4-4: AD Import of Devices 22
Guided Practice 4-5: Auto discovery of Devices 25
Guided Practice 4-6: Establish Baseline Devices 27
Guided Practice 5-1: Command Line Filter 29
Guided Practice 5-2: Socket Filter 31
Guided Practice 5-3: SSH Access Policy 33
Guided Practice 5-4: RDP Access Policy 37
Guided Practice 5-5: Web Access Policy 39
Guided Practice 6-1: Password Composition Policies 40
Guided Practice 6-2: Password View Policies 43
Guided Practice 6-3: Vault for SMTP Account 44
Guided Practice 6-4: Vault for Syslog/Splunk Account 46
Guided Practice 6-5: Windows Domain Service Account 48
Guided Practice 6-6: WDS Master/Slave Accounts 50
Guided Practice 6-7: UNIX Accounts with Username/Password 52
Guided Practice 6-8: Windows Proxy GUI Install 54
Guided Practice 6-9: Windows Proxy Silent Install 56
Guided Practice 6-10: Local Windows Account 58
Guided Practice 6-11: UNIX Accounts with SSH Key 60
Guided Practice 7-1: Automated Login to UNIX Systems 61
Guided Practice 7-2: Automated Login to Windows Systems 63
Guided Practice 7-3: Automated Login to Web Applications 66
Guided Practice 8-1: Configuration of Password Management 68
TOC-1
2015 CA. All rights reserved.

CA Privileged Access Manager 2.5.x: Administration Foundations 200

Guided Practice 9-1: PM Target Groups 70

Guided Practice 9-2: PM User Groups 72
Guided Practice 9-3: Auditor User 74
Appendix: Dynamic Lab Environment Access and User Guide 75
Self-Directed Learning Access and Instructions 77
Instructor-Led Class Set-Up 81
Best Practices 83
Troubleshooting 84

TOC-2
2015 CA. All rights reserved.

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

CA Privileged Access Manager 2.5.x:

Administration Foundations 200: Lab Guide Introduction
Goals

This lab guide provides you with opportunities to practice what you learn in the course as
well as apply what you learn in real-world scenarios.

Scenario
Voonair Airlines is a fictitious niche airline providing service to the Arctic. The company provides
access to areas that are otherwise inaccessible for residents and researchers and has been
successful in this area. The Voonair IT Security team recently discovered unauthorized access to
servers that contain sensitive data. While the existing security posture at Voonair is strong, there
were no measures for protecting privileged identities which were acquired as part of a social
engineering attack.
The company has decided to strengthen their security around privileged identities and direct access
to servers that contain sensitive data. Voonair has partnered with CA Technologies to deploy CA
PAM to meet their needs.
As part of Voonair Airlines IT staff and following the configuration course, you will now configure,
administer and test CA PAM 2.5.x functionality.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Dynamic lab test environment architecture

The following depicts the dynamic lab environment you will use for proof-of-concept testing:

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Process Overview
This foundations course will focus on the Administration section depicted below. Additional
courses are being continually added to support various typical integrations.

Architecture

Architecture and
Features

CA Technologies

Configuration

Appliance
Configuration
Firewall Permissions

CA Privileged Access Manager 2.5.x: Administration Foundations 200

Administration
Access Control
Credential
Management
Password
Management
Access Control and
Automated Login
Access Control Web
Services

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

The Dynamic lab environment will start with all VMs already logged in as voonair\administrator
(caeducation). You do not need to log off the machines when suspending. Some labs require you to
log in as a different user. Use these steps to log off/on to a virtual machine as the domain admin:

To log off of Windows

Server 2012, RIGHTCLICK the Start button
and select Shut down
or sign out > Sign out

To log on, click the CtrlAlt-Del button in the

Skytap menu bar

Unless otherwise
instructed, log in to
each VM as the domain
admin
voonair\administrator
with password
caeducation

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 3-1: Users

Goals

To demonstrate how to create users and groups via the GUI and CSV import.

Scenario

One of the first steps following configuration of CA PAM is to create or import

users. This first exercise covers manual creation and the importing of users using
a CSV file.

Time

10 Minutes

Instructions: Connect to the virtual machine named Access and from the desktop launch the
shortcut labeled Privileged Access Manager A.
Log on to Privileged Access
Manager A
User: super
Password: caeducation1

Create a User Group for your

team/department
a. From the Users menu, select
Manage Groups

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

b. Select Create Local Group

c. Enter a descriptive Groupname
(for example, My Group)
d. Assign the Global Administrator
role for now
e. Click Save

Add 2 Users manually to the group

you created via the CA Privileged
Access Manager Interface:
a. From the Users menu, select
Manage Users
b. Select Create User
c. Fill in the required fields in RED
d. Select Global Administrator
from available roles in the Roles
section
e. Select System Admin Group
from Available Group in the PM
group section
f. Select the Group you created in
the prior step and then click Add
g. click Save
h. Repeat steps a. through g. for a
second user

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Export the Users .csv file:

a. From the Users menu, select
Import/Export Users
b. Select Export Users
c. Open the file in MS Excel

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Modify and import the updated

users CSV file:
a. In the CSV file, copy one of the
test users you created and paste
to three new rows
b. Modify the user name, first/last
name, and the email address
c. Populate the password column
(E) with Password1 for the new
users
d. Leave the rest of the fields as
copied and save the CSV file to
the desktop. Close the excel file.
e. From the Users menu, select
Export/Import users (if you are
already at this screen, you may
skip this step)
f. Click Browse and select the
updated CSV file and then click
Import Users
g. Confirm success and if errors,
download the CSV import
results and correct the CSV file
before importing again
h. From the Users menu, select
Manage Users and observe the
imported users

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 3-2: Import Users from AD

Goals

Onboarding users to CA PAM can also be done by importing from an LDAP source
such as Active Directory. After users have been imported, you will assign the
appropriate roles to the groups.

Scenario

Voonair has determined specific groups of users within AD are required to utilize
CA PAM for access the privileged identities.

Time

15 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Log on to Privileged Access
Manager A
User: super
Password: caeducation1
a. From the Users menu, select
Manage Groups
b. Select Import LDAP Group
c. Select OK to connect to Active
Directory using the LDAP
Browser

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

a. Expand XsuiteUsers and select

each group that starts with ABC
Vision located under
XsuiteUsers of the Voonair
domain.
b. Select Register Select Groups
with Xsuite Appliance
c. On the Register Groups screen
change the Authentication Type
to LDAP
d. Select Register Groups
A message of the group registration
status will display.
e. Click Close
f. Click X to exit the Xceedium
LDAP Browser

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

a. From the Users menu, select

Manage Groups and observe
the imported LDAP groups
b. From the User menu, select
Manage users and observe that
LDAP imported users cannot be
deleted

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Assign roles to the imported AD

groups
a. Select Manage Groups from the
Users menu
b. Click on the ABC Vision
Admins group and assign the
role Delegated Administrator
c. Click the User Groups Add
Group and select ABC Vision
Admins from the drop down
menu.
d. Click the Device Group Add
Group and select All Devices
from the drop down menu
e. Click Save
f. Repeat the process for the ABC
Vision Auditor group:
Assign the role Auditor,
User group: ABC Vision
Auditors, and the
Device Group: All Devices
g. Click Save for the ABC Visions

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 3-3: RADIUS Users

Goals

Create a user group configured for RADUIS authentication. Users are created at
the first login and the role is assigned based on the group configuration. This
exercise will demonstrate this configuration and functionality.

Scenario

In addition to LDAP, Voonair would like to allow users to authenticate via

RADIUS.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create user group rad-grp1
a. Select Manage Groups from the
Users menu
b. Select Create RADIUS Group
c. Set the Groupname to rad-grp1
d. Set the Authentication type =
RADIUS
e. Add the role Configuration
Manager as the role
f. Remove Standard User role by
selecting Remove
g. Click Save
Log Off from PAM A by selecting Log
Off in the top right hand corner

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Login as RADIUS user

a. Username: rad1
b. Password: caeducation
Observe that the user is a
configuration manager with access
only to Global Settings
Log Off from PAM A by selecting Log
Off in the top right hand corner
Login as RADIUS user
a. Username: rad2
b. Password: caeducation
Observe the login response
(rad2 user does not exist)

Login as Global Admin (super).

Verify that user rad1 exists.
Users>Manage Users

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 3-4: CSV User Import

Goals

Create users via a CSV import file. This exercise will lead you through importing
users from a CSV file. This is a good method for importing users that are not
available in the user store.

Scenario

Voonair has a set of users that must be imported as they do not existing in Active
Directory.

Time

5 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Import users from a CSV file
a. From the Users menu, select
Import/Export Users
b. Browse to C:\ClassFiles\PAMBootstrap-1.5\
c. Select PAM-users.csv and click
Open
d. Select Import Users
Confirm 100% import complete with
no errors.

Select Users, then Manage Users

Verify that user CLI was imported.
This user is in the CSV import file,
however it was not created
previously.
CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 4-1: Services

Goals

Configure SSH access using PuTTY local client and web access to the Splunk
servers. This will be utilized during a later exercise.

Scenario

Vooniars UNIX / Linux administrators would like to use PuTTY for SSH access to
servers that they manage. Additionally, Voonair will require access to Splunk be
controlled by CA PAM.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create a new service for locally
installed putty SSH client
a. From the Services menu, select
TCP/UDP Services
b. Click on Create TCP/UDP Service
c. Enter PuTTY as Service Name
d. Enter Port: 22
e. Protocol: TCP
f. Application Protocol: SSH
g. Client application
c:\util\putty.exe -ssh <Local IP> P <First Port>
h. Click Save
Create a new service for Splunk
a. From the Services menu, select
TCP/UDP Services
b. Click on Create TCP/UDP Service
c. Service Name: Splunk
d. Port: 8000
e. Protocol: TCP
f. Application Protocol: Web
Portal
g. Launch URL:
https://<Local IP>:<First Port>
CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

h. Browser type: Xceedium

Browser
i. Click Save
Testing of this will occur later, as
there are other settings required
before you can utilize these options.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 4-2: Manually Add a Device

Goals

Create a device and device group using the CA PAM web interface. Group
membership is also explored for different ways to add and remove devices.

Scenario

Before devices are imported in an automated manner, its best to understand

the options available for a given device.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create a new device for unix1 server
a. From the Devices menu, select
Manage Devices
b. Click Create Device
c. Device Name: unix1
d. Address: 192.168.0.21
e. Access methods: Click on SSH
f. Under Services, click Add and
select PuTTY as a service
g. Device type is Access and
Password Management (Both
should be checked)
h. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create a device group for UNIX

a. From the Devices menu,
select Manage Groups
b. Select Create Device Group
c. Group Name: UNIX
d. Check SSH in the access
methods section
e. Add PuTTY as a Service
f. Click on the Devices field,
and select unix1 checkbox
g. Click Save
To demonstrate an alternate way of
adding a device to a group, remove
unix1 from the UNIX device group
using the device group menu.
Edit the unix1 device and add it to
the UNIX device group.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 4-3: Export/Import from csv File

Goals

Create additional devices using a CSV file. You will export existing devices in
order to then modify the CSV and import the changes.

Scenario

With the number of devices that Voonair will manage on CA PAM, creating them
via the web interface is not practical. This is the first method of device import
you will explore.

Time

15 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Export devices to a CSV file.
a. From the Devices menu, select
Import/Export Devices
b. Click Export Devices and open
the file with Microsoft Excel
Edit the csv file and duplicate the
device unix1 to unix2 and unix3
a. Necessary changes are device
name and address/hostname (as
seen in the image on the left)
b. Save the file on your desktop
and be sure it is in CSV format.
c. Close the excel file

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Import the device csv file.

a. From the Devices menu, select
Import/Export Devices
b. Browse for the file on your
desktop that was updated and
select Import Devices.
Confirm 100% success from the
import
Select Devices, then Manage
Devices
Observe that the unix2 and unix3
devices are imported.

Click to expand unix2, and verify

UNIX in Groups.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 4-4: AD Import of Devices

Goals

Import devices from specific groups in Active Directory and observe the results.
The test group will be deleted and not saved during this exercise.

Scenario

Devices that belong to a domain can also be imported via an LDAP group. Since
Voonair utilizes Active Directory services, you will import devices from specific
groups.

Time

10 Minutes

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Choose Domain Controllers devices

and register the device group by
selecting Register Groups.
Close the screen once the group has
been registered by selecting Close.
Close the Xceedium LDAP Browser
by clicking on the X in the top right
hand corner of the open window.

Observe devices being added to CA

Privileged Access Manager
Observe the group and device
additions

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Select the Domain Controller

checkbox and Delete the device
group as they will be re-created
later from a static import file.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 4-5: Auto discovery of Devices

Goals

Using Autodiscovery, find and add all devices within a specified IP range.

Scenario

You can discover devices and add them automatically to CA PAM. This is helpful
for when the target device population for a specified netmask or IP range is not
known.

Time

15 Minutes depending on the length of the scan process

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Scan the subnet for new devices
a. From the Devices menu, select
Autodiscovery
b. Change radio button to Range
and enter Address range:
192.168.0.10 to 192.168.0.50
c. Click Scan and beware that the
scan may take several minutes
to complete

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Once the devices have been

scanned:
a. Add the following found devices:
1. adserver.voonair.local
2. nfs.voonair.local
3. win1.voonair.local
4. win2.voonair.local
5. mssql.voonair.local
6. oracle.voonair.local
b. Click Save/Update
c. Click Continue

Observe the new devices in the

Manage Devices list

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 4-6: Establish Baseline Devices

Goals

Remove all previously created Devices and Services to prepare for additional lab
exercise.

Scenario

In order to ensure that your lab environment is built correctly for future lab
exercises and to save you time in having to do repetitive work, you will remove
previously created services and devices. You will then import Services and
Devices from CSV files provided.

Time

10 Minutes

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Remove all devices created.

a. From the Devices menu, select
Manage Devices
b. Select the checkbox next to the
Name field to select all devices
that you are able to delete.
c. Click Delete
Remove all device groups created.
a. From the Devices menu, select
Manage Groups
b. Select and Delete the UNIX
group
Import services from a prepared csv
file:
a. From the Services menu, select
Import/Export Services
b. Browse for file:
c:\classfiles\PAM-Bootstrap1.5\PAM-Services.CSV
c. Click Import Services
Confirm import 100% with no errors
Import devices from prepared csv
file:
a. From the Devices menu, select
Import/Export Devices
b. Browse for the file
c:\classfiles\PAM-Bootstrap1.5\PAM-Devices.csv
c. Click Import Devices
Confirm 100% completed with no
errors

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 5-1: Command Line Filter

Goals

Create command filters using both keywords and regex to observethe

differences.

Scenario

To add additional protection to the use of privileged accounts, certain commands

on UNIX / Linux will be prohibited from use on specific accounts. Use of these
commands can then be limited to other accounts that have things like full session
recording and active review of the recordings.

Time

10 Minutes

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create a command line filter to

block commands
a. From the Policy menu, select
Manage Policies and then select
Manage Filters
b. On the Command Filter Config
tab, Change the Action After
Limit Exceeded to Logout of
terminal device
c. Click Save Command Filter
Config
d. Select Manager Filters again
e. Select the Command Filter Lists
tab and select Create List
f. Name it Simple Blocked
g. Enter Keyword passwd and
check Alert and Block and click
Add Keyword
h. Enter Keyword su and check
Alert and Block.
i. Save the list updates

Create a command line filter to

block commands
a. From the Manage Filters screen,
select Create List under the
Command Filter Lists tab
b. Name it RegEx Blocked
c. In the Keyword command enter:
.*(^|\W)passwd($|\W).* and
check the Regexp checkbox.
d. Click Add Keyword
e. In the Keyword command enter:
.*(^|\W)su($|\W).* and check
the Regexp checkbox.
f. Save the new list
CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 5-2: Socket Filter

Goals

Create socket filters in order to further create white and blacklists for RDP and
SSH for specific devices.

Scenario

Voonair has determined that Socket Filters are needed.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
a. From the Policy menu, select
Manage Policies and then select
Manage Filters
b. Select Socket Filter Config
c. Change Action After Limit
Exceeded to Logout of terminal
device
d. Enable SFA Monitoring and
Log All Access
e. Enter a Violation e-mail message
as seen in the image on the
right. (RDP is not allowed on
this network. Your activity has
been reported to Information
Security)
f. Click Save Socket Filter Config

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create an RDP socket filter blacklist

a. Open Manage Filters if closed
from prior exercise
b. Select the Socket Filter Lists
option and select Create List
c. Enter a name for the filter and
select Blacklist (For example:
Block RDP and Alert)
d. Block and alert all RDP
connections to 192.168.0.0/16
on port 3389
e. Click Save
Create an SSH socket filter blacklist
a. Click Create List.
b. Enter a name for the filter and
select Blacklist (For example:
Block RDP/SSH and Alert)
c. Block and alert all SSH
connections to 192.168.0.0/16
for ports 3389, 22
This can be done by adding a port to
the existing Socket Filter or creating
a new entry
d. Save the updates
Create an SSH socket filter whitelist
Select Create List
a. Enter a name for the filter and
select Whitelist(For example:
Permit SSH to Unix1
b. Create a new Socket Filter List to
Permit SSH connections to
192.168.0.21
a. Save the new list

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 5-3: SSH Access Policy

Goals

Scenario

Time

Create SSH access policies that utilize both CA PAM built in SSH client or the local
PuTTY installation. Also, connections will be made with the configured access
users to observe the options and restrictions configured as part of the access
policy. Lastly, observe the session recordings of your attempted access.
As you continue configuring CA PAM, this exercise begins to put it all together.
You will now assign an access policy to specific users/groups and devices/device
groups.
20 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Best Practice Tip: For the remainder of the labs, it is highly recommended you use two web
browsers instead of logging in and out. You may leave your super account logged in (default:
Firefox), but open a separate Internet Explorer browser and launch PAMA when the lab
instructions tell you to login as abc-admin1.
Create an access policy for SSH
access to UNIX1:
a. From the Policy menu, select
Manage Policies
b. User (Group): enter admin1 and
select the abc-admin1 user
c. Device (Group): unix1
d. Click Create Policy
e. Access: Add SSH
f. Enable Command Line session
recording
g. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Observe the access page and

connect to UNIX1 server:
a. Connect to CA PAM as
User: abc-admin1
Password: caeducation
(remember this is an LDAP user)
b. Connect to unix1 using SSH and
login as adm1 with password
caeducation
c. Execute some basic commands,
cd /
ls l

d. Type exit and press enter to

leave the SSH session.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create an access policy for SSH +

PuTTY access to UNIX device group
a. From the Policy menu, select
Manage Policies
b. User (Group): abc-admin1
c. Device (Group): 168-UNIX
d. Click Create Policy
e. Access: Click Add, select SSH
f. Services: Click Add, select putty
g. Use a command filter:
Simple Blocked
h. Use a socket filter: Block
RDP/SSH and Alert
i. Chose to record session: Select
Command Line and
Bidirectional
j. Click Save
Observe the examples below to
review different access methods
and violation recordings
Connect to the access page: Restart
Session if still logged in as abcadmin1:
abc-admin1
LDAP, password: caeducation
a. Connect to UNIX2 server using
SSH access.
b. Login as adm1 with password
caeducation
c. Run prohibited commands three
times (created in prior exercises,
passwd or su). Session will be
terminated.
d.
View the recording of the sessions.
a. Go back to the super account reconnect to CA PAM (password:
caeducation1)
CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

b. Observe the different playback

for SSH and PuTTY sessions
(session recordings from the
sessions menu)

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 5-4: RDP Access Policy

Goals

Create an RDP access policy for a specific device and a device group. The session
recordings will also be viewed as part of this exercise.

Scenario

Now access policy will be created for RDP to Windows servers.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create an access policy for RDP
access to WIN1 server.
Login in as the super user.
a. From the Policy menu, select
Manage Policies
b. User (Group): abc-admin1
c. Device (Group): win1
d. Select Create Policy
e. Add Access: RDP
f. Use a socket filter: Block
RDP/SSH Alert
g. Choose to record session:
Graphical
h. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create an additional access policy

for RDP access to all Windows
servers:
a. Select Policy > Manage Policy
b. Set user to abc-admin1
c. Device Group: 168-Windows
d. Select Create Policy
e. Set Access = RDP
f. Choose to record session:
Graphical
g. Click Save

Log off. Observe the access page

User: abc-admin1
Password: caeducation
Connect to WIN1 server using RDP.
a. Login as adm1 with password
caeducation (leave domain
empty)
b. Connect to WIN2, login with
same account as step a.
Log off. Login as super, password:
caeducation1.
To view the session recordings:
From the Sessions menu, select
Session Recordings

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 5-5: Web Access Policy

Goals

Create a web access policy to use Splunk via CA PAM. You will also connect using
this policy to observe the access process as well as the subsequent session
recording.

Scenario

In addition to managing access via SSH and RDP, web access control is also
required as part of the Voonair security strengthening.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create an access policy for Splunk
service to syslog server.
a. From the Policy menu, select
Manage Policies
b. User (Group): abc-admin1
c. Device: 168.0 syslog
d. Click Create Policy
e. Services: Add Splunk
i. Choose to record session:
Web Portal
j. Click Save
Observe the access page and
connect to Syslog using Splunk.
a. Login as admin with password
caeducation

View the recording of the session.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-1: Password Composition Policies

Goals

Create password composition policies to be used for Windows, UNIX, and Oracle
accounts. You will utilize these policies in later lab exercises.

Scenario

As part of password management, the composition policies must be created to

match destination requirements for target devices and user stores. Additionally,
the requirements of Voonair in some cases are more stringent than the user
store or operating system requires.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create a Password Composition
Policy (PCP) for Windows.
a. From the Policy menu, select
Manage Passwords
b. Now from the Targets menu,
select Password Composition
Policies and then click Add
c. Enter Windows as the Name
d. Create a description for the PCP,
for example: Password
composition policy for Windows
Account.
e. Maximum length should be 24
or more characters
f. Set Maximum Password Age =
7 days (click the enable option in
order to enter the 7 days)
g. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create a Password Composition

Policy (PCP) for UNIX. Click Add.
a. Name: UNIX
b. Enter a description. For
example: Password composition
policy for UNIX servers
c. Maximum length should be 24
or more characters
b. Use password age 30 days (click
the enable option in order to
enter 30 days)
c. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create a Password Composition

Policy (PCP) for Oracle. Click Add.
a. Name: Oracle
b. Description: Password
Composition policy for Oracle
Servers/Databases
c. Maximum length should be 24
or more characters
d. Uncheck special characters
d. Use password age 1 day (click
the enable option in order to
enter 1 day)
e. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-2: Password View Policies

Goals

Create password view policies to change after view and change after checkin/check-out. You will utilize these policies in later lab exercises.

Scenario

Voonair has requirements for changing password upon view and use, since the
goal of CA PAM implementation is to provide access to target devices without
exposing the passwords to the user.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create a PVP for Change Password
on View.
a. From the Policy menu, select
Manage Passwords
b. Now from the Workflow menu,
select Password View Policies,
and then click Add
c. Change Password on View after
3 minutes
d. Name it so you recognize it, e.g.
CPOV-3
Create a PVP for Checkout/checkin
a. Checkin after 60 minutes.
b. Name it so you recognize it, e.g.
Checkout-60

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-3: Vault for SMTP Account

Goals

Create a target application and target account for the SMTP server and email
account. This will also be utilized in later lab exercises.

Scenario

To support management of credentials, they must be stored in the CA PAM vault.

This lab demonstrates the configuration of target accounts and applications.

Time

5 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
SMTP Target Server
a. From the Devices menu, select
Manage Devices
b. Review device: XXX.99 SMTP
c. Verify it has Device Type
Password Management

SMTP Target Application

a. From the Policy menu, select
Manage Passwords
b. From the Targets menu, select
Applications and select Add
c. Find server smtp.pam.intra
d. Add application name Vault
smtp
e. Set application type Generic
f. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

SMTP Target Account

a. From the Targets menu, select
Accounts and select Add
b. Find server smtp.pam.intra
c. Find application Vault smtp
d. Set the account name to
administrator
e. Set PVP to Default
f. Set Password to caeducation1
g. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-4: Vault for Syslog/Splunk Account

Goals

Create a target application and target account for the Syslog/ plunk account.
This will be utilized in later lab exercises.

Scenario

Similar to the 6-3 lab, this time you are vaulting the Syslog/Splunk account

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Syslog Target Server
a. From the Devices menu, select
Manage Devices
b. Review device
syslog.voonair.local
c. Verify it has type Password
Management
Splunk Target Application
a. While syslog.voonair.local is
selected in the Manage Devices
section, select Manage Target
Applications and then click Add
b. Find server syslog.voonair.local
c. Add application name Vault
syslog/splunk
d. Set application type Generic
e. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Splunk Target Account

a. While in the Target Application
list, select Go to Accounts List
and click Add
b. Find server syslog.voonair.local
c. Find application Vault
syslog/splunk
d. Set PVP to Default
e. Set the account name to: admin
and password: caeducation
f. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-5: Windows Domain Service Account

Goals

Create a target application and target account for a Windows domain service
account. This will be utilized in later lab exercises.

Scenario

Another iteration of vaulting credentials, this time for a Windows domain service
account.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Windows Domain Service Target
Server. The Active Directory is the
target server for WDS type
accounts.
a. From the Devices menu, select
Manage Devices
b. Review AD device (IP address
192.168.0.10)
c. Device Type at least Password
Management
d. Select Manage Target
Applications for the next step

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

WDS Target Application

a. From the Application List, select
Add
b. Find the AD server
c. Use application name:
WDS AD
d. Application type:
WindowsDomainServices
e. Password Composition Policy:
Windows
f. Domain: voonair.local
g. Use port: 636
h. In Descriptor1 add Windows
i. Scroll down and Click Save
Add Windows Domain a Target
Account
a. From the Application List, select
Go To Accounts List in the upper
left and click Add
b. Find the AD server and WDS
application
c. Account name: testadmin1
d. Enter password: caeducation
e. Enter the users DN
you can use the LDAP browser
to find it.
CN=Test Admin 1,CN=Users,DC=voonair,DC=local

f. Move synchronized radio button

to both
g. In Descriptor1 add Windows
h. Save
Green circle with check mark
indicates account is synchronized.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-6: WDS Master/Slave Accounts

Goals

Create a Target Account and configure so that the password is managed/updated

using another account. This will be utilized in a later lab exercise.

Scenario

It is a best practice to have an account that is able to manage passwords for

other accounts on the domain, user store, or target device.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Add Windows Domain a Target
Account.
a. From the Targets menu, select
Accounts
b. Click Add
c. Find the AD server and WDS AD application
d. Account name: testadmin2
e. Enter password random value
f. Enter the users DN.
You can use the LDAP browser
to find it.
CN=Test Admin 2,CN=Users,DC=voonair,DC=local

g. Move synchronized radio button

to both
h. Change the change process to
use testadmin1 as master
account
i. In Descriptor1 add Windows
j. Save
Green circle with check mark
indicates account is synchronized.
CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Observe that the master/slave

account can be used where the
account password is unknown.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-7: UNIX Accounts with Username/Password

Goals

Create target applications and accounts for various UNIX accounts.

Scenario

Local accounts on the target device can and will be managed by CA PAM for the
Voonair implementation.

Time

15 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
UNIX Target Server
a. From the Devices menu, select
Manage Devices
b. Review UNIX1 device
Device Type at least Password
Management
UNIX Target Application
a. From the Manage Devices
display, select Manage Target
Applications and Click Add
b. Find the unix1 server
c. Use application name: UNIX
unix1
d. Application type: UNIX
e. Password Composition Policy:
UNIX
f. Set UNIX variant (in Script
Processor section) to Linux
g. In Descriptor1 add UNIX
h. Scroll down and click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

UNIX Target Account

a. From the Application List screen,
select Go To Accounts List in the
upper left and Click Add
b. Find the unix1 server and UNIX unix1 application
c. Account name: adm1
d. Enter password: caeducation
e. Move synchronized radio button
to both
f. In Descriptor1 add UNIX and
click Save
Green circle with check mark
indicates account is synchronized

Create adm2 (password:

caeducation) on unix1 server as
target account
Create adm1 (password:
caeducation) on unix2 server as
target account.
unix2 Target Application will also
need to be created

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-8: Windows Proxy GUI Install

Goals

Install a Windows Proxy using the GUI installer.

Scenario

Unlike UNIX/Linux, Windows accounts cannot be done natively by CA PAM.

Therefore an agent is installed to perform this and other duties.

Time

20 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
This is the GUI installer of the CA
PAM Windows Proxy.
Login to win1 as user Administrator
with password caeducation (local
account, not voonair domain)
Install the Windows proxy
a. Run the installer as
Administrator for the Windows
proxy:
C:\software\setup-windowsagent-4.5.3-v2.exe

b. Accept default choices and enter

the CA PAM VIP (192.168.0.5 or
xsuitea.voonair.local) as the
Server Name
c. Start the cspmagentd service
d.
Login to CA Privileged Access
Manager and find the proxy
registration.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Activate the proxy.

It is found in Targets > Proxies

Use the Devices > Tools and verify

that port 27077 is open to Win1
server.
IP Address: 192.168.0.31
Ports: 0-30000

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-9: Windows Proxy Silent Install

Goals

Install the Windows proxy on a second Windows server using the silent install
script option.

Scenario

This is a repeat of the process from lab 6-8, except that now the installation is
done silently again a second Windows server.

Time

15 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
This is the silent installer of the CA
Privileged Access Manager Windows
Proxy.
Login to win2 as user Administrator
with password caeducation
Silent install the Windows proxy.
a. Run the silent installer script for
Windows proxy as Administrator
c:\scripts\install-proxy.bat
b. Confirm that the cspmagentd
service is running or start if
needed.

Login to CA Privileged Access

Manager and find the proxy
registration.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Activate the proxy running on win2.

It is found in Targets > Proxies

Use the Devices > Tools and verify

that port 27077 is open to Win2
server.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-10: Local Windows Account

Goals

Create a target application utilizing a Windows proxy to manage local

credentials. You will also create the necessary target account.

Scenario

Target accounts local to Windows servers will also be managed by CA PAM for
Voonairs implementation. This will utilize the proxy server to manage the
credentials.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create a target application for
server win1 of type Windows Proxy.
a. Set Application Name to Win1proxy
b. Choose Application Type:
Windows Proxy
c. Choose the scope to be Local
Account
d. Choose the proxy installed on
the win1 server
e. Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create a target account.

a. Select Win1-proxy Application
b. Account Name: adm1
c. Create a random password
You do not need to know the
account password
d. Select Update both the
password authority server and
the target
e. Chose to use proxy credentials
update the account
f. Chose to force update the
password and click save
Green circle with check mark
indicates account is synchronized.
Create another target account for
local account adm2 on win1-proxy
using similar settings as you did in
the step prior

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 6-11: UNIX Accounts with SSH Key

Goals

Create a Target Account to manage SSH keys on a UNIX server.

Scenario

SSH keys within the Voonair infrastructure are also in scope for the deployment.
You will need to create the necessary configuration to support this need.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
UNIX Target Account SSH key
a. Create a new Target Account
b. Find the unix1 server and UNIX
- unix1 application
c. Account name: ec2-user
d. Change the protocol to SSH-2
Public Key
e. Current SSH key is found on
C:\classfiles\PAM-Bootstrap1.5\Keys\UX
Private key id_rsa (no
password on the key)
Public key id_rsa.pub
f. Move synchronized radio button
to Update both
g. In Descriptor1 add UNIX
h. Save
Green circle with check mark
indicates account is synchronized.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 7-1: Automated Login to UNIX Systems

Goals

Create access policy to allow for single sign on using vaulted credentials.

Scenario

Voonair would like for administrators to access target devices without entering
or exposing the credentials. This process will configure that access.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
It is assumed that Error! Reference
source not found. has been
completed.
Edit access policy for abc-admin1
user and unix1 server.
a. Associate adm1 account to the
SSH access method
b. Show the access page and select
SSH
Automated login using adm1 should
happen.

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Multiple accounts for automated

login
a. Add adm2 to the SSH access
method as a possible login
account for unix1 / abc-admin1
access policy
b. Show the access page and select
SSH
a. A popup allowing a choice of
adm1 and adm2 is shown
b. Select either of the accounts
and automated login should
happen

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 7-2: Automated Login to Windows Systems

Goals

Create the necessary configuration to support automated login to Windows

target devices.

Scenario

Voonair would also prefer the Windows administrators access their target
devices without entering or exposing the credentials.

Time

15 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create a device group for Windows
domain servers.
a. Use the AD as credential source
b. Add the AD server and Win1
server as a device to the group
c. Select RDP as Access Method
d. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create an access policy for Windows

domain group.
a. Continue using abc-admin1 or
the user to which you are using
for testing access policies. (likely
not super)
b. Add RDP access and associate
one or more domain accounts

Show the access page and select

RDP for the AD server and for the
Win1 server.
a. If only one account is associated
automated login will happen
b. If more than one account is
associated select which account
to use
c. If you cannot access win1 as
abc-admin1, recall that you may
have an access policy for this
user and device combination
from prior labs
Create an access policy for Win1
server.
a. RDP access method and
associate one local account
b. Option to modify your prior
access policy for Win1 device
and abc-admin1 user (which
may also be blocking RDP to
Win1 from prior labs)
When returning to the access page,
dont forget to Select Restart
Session before attempting access
due to the policy change

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Show the access page and select

RDP for the Win1 server.
a. Observer that a choice of
multiple accounts including AD
and local accounts

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 7-3: Automated Login to Web Applications

Goals

Create the necessary configuration for automated login to web applications,

Splunk in this case. You will also connect to Splunk to test single sign on.

Scenario

Following the method for UNIX and Windows servers, access to web applications
should also be done in a single sign on manner.

Time

15 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create or edit access policy for user:
abc-admin1 / syslog server
a. Add or update the Splunk_SSO
service and associate the Vault
Syslog/Splunk account
b. Click Save
a. Login as abc-admin1, show the
access page and select
Splunk_SSO.
b. If the learn mode was not done
an error is shown
c. Select Splunk_SSO(Learn) to
begin

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Complete the learn mode step for

Splunk_SSO.
a. Right click on each field and
mark accordingly and then save
the learn mode activity

Show the access page and select

Splunk_SSO. To observe the SSO
behavior

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 8-1: Configuration of Password Management

Goals

Configure Password Management for alerting (email) settings and confirm that
alerts are sent via email.

Scenario

Password management requires additional configuration before any workflow

configuration can be done.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Setup e-mail server connection
a. Be sure that you are in
Password Management and
from the Settings menu, select
E-mail settings
b. Chose Vault SMTP account
created in Lab 6-3 as the
account for e-mail configuration.
c. The hostname should be set to
smtp.voonair.local
d. Set the one click approver
to the address of your appliance
(xsuitea.voonair.local)
e. Set the from e-mail to
xsuite@voonair.local
f. Scroll down and then Click Save
g. Update message is at the top of
the screen

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Test e-mail notification from

Password Management.
a. From the Workflow menu,
select Password View Policies
and create a PVP using e-mail
notification
Set super (email is
configured as
administrator@voonair.local)
and Save

b. Assign the e-mail PVP to an

account
c. You will need to edit a target
account as well and enable
password viewing, adm1 on
UNIX1 in this example
d. Edits access policy for abcadmin1 / unix1 to enable
viewing of the password for
adm1 on unix1
e. While connected as super,
ensure that email addresses is
setup as
administrator@voonair.local by
clicking on the my info option at
that top of the CA PAM web UI
f. Login as abc-admin1 and view
the adm1 password on unix1
g. An e-mail notification should be
received
h. Connect to the ADS virtual
server and open Microsoft
Outlook to see message to the
Administrator account

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 9-1: PM Target Groups

Goals

Create static and dynamic target groups for password management. Observe the
devices added to each group.

Scenario

Since the management of several target devices will follow a similar model,
Target Groups can be created for ease of management.

Time

15 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create a (static) Target Group
UNIX containing all UNIX Server
accounts.
In Password Management:
Select Targets and then Target
Groups.
Click Add Static Group
Name: UNIX
Under Group Servers, select the
plus sign and filter devices on
hostname beginning with unix
Click Save and then Click Show
to observe the accounts visible
through the target group

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Create a (static) Target Group adm

for all adm accounts.
a. Filter on account name.
Observe the accounts visible
through the target group

Create a (dynamic) Target Group

SAP for all account where
Descriptor1 contains a specific
keyword.
a. Filter on Descriptor1 containing
the keyword SAP
b. Click Save and then Show to
observe accounts visible
through the target group
c. Update two target accounts and
add SAP to its Descriptor1
field
Observe accounts visible through
the target group

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 9-2: PM User Groups

Goals

Create user groups for various user types. You will also login as various users to
test group membership and permission inheritance.

Scenario

As was done for devices, users will also be added to groups for ease of
management.

Time

15 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
Create a PM User group for UNIX
account administrators.
a. From the Groups menu, select
User Groups and click Add
b. Chose PM role TargetAdmin
Chose Target Group UNIX
c. Click Save
Create / update a CA PAM user
(Student10 for example)
a. Chose role Standard User and
Password Manager
Verify that no additional
inherited roles exists for the
user
b. Assign the PM User Group UNIX
account administrators to the
user
Verify that there are no other
PM groups assigned to the
user
c. Click Save

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

d. Login in as this user and

navigate to Manage Passwords
Observe the target accounts visible
for the user
For the same user, add the role
Delegated Administrator.
a. Chose groups
All users
A device group for UNIX
servers
b. Clicks Save
c. Login as the user
d. The user can create policies for
other users but only a subset of
servers
e. The user can create/update PM
accounts on UNIX servers

CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

CA Privileged Access Manager 2.5.x: Administration Foundations 200 Training Exercises

Guided Practice 9-3: Auditor User

Goals

Create an Auditor user and observer the system access that is granted.

Scenario

To support the needs of Voonair auditors, a read only user with access to CA
PAM is required.

Time

10 Minutes

Instructions: Continue using the browser session from the prior exercise or if closed, connect to
the virtual machine named Access and from the desktop launch the shortcut labeled Privileged
Access Manager A
In PM create a user group
for read-only
a. Chose PM role read-only
b. Target group: Targets - all
accounts
c. Click Save

Create a CA PAM user

a. Remove the Standard User role
b. Assign the Auditor role
For all users and all devices
c. Assign the Password Manager
role
Assign the PM User group
just created
Login as the auditor user
a. Observe that no access
option exists
b. Observe that read-only
capabilities in PM to everything
CA Technologies

CA Privileged Access Manager 2.5.x: Administration Foundations 200

Appendix: CA Technologies Dynamic Lab Environment

Appendix: Dynamic Lab Environment Access and User Guide

Getting Started
Dynamic Lab Environment is the name of the CA Education virtual environment for labs and
practice activities. The technology behind the Dynamic Lab Environment is provided by Skytap and
some of the instructions in this document reference Skytap.
This appendix provides the following information:

System and network requirements

Self-Directed Learning login and usage information
Setting up an environment (other than Self-Directed Learning)
Instructor-Led classroom set up
Best practices
Troubleshooting
Escalating unresolved issues

System Requirements
The minimum system requirements for an individual client machine accessing the Dynamic Lab
Environment are listed below. Please check that you meet the minimum requirements and that
you have the equipment you need before attempting to use the environment.
Operating
Systems
Browsers

Windows XP/2003/Vista/2008/Windows 7/2008 R2/Windows 8/2012

Mac OS X 10.7 or higher (Lion or Mountain Lion)
Linux variants with supported browser and Java versions
Internet Explorer 8, 9, or 10
Mozilla Firefox
Google Chrome
Mac OS X Safari

Java Version

The acceptable Java versions are Java 1.6, 1.7, or newer.

If you are unsure which version of Java you are running, simply click the following link and it
will auto-detect: http://java.com/en/download/installed.jsp or type java -version in the
terminal for Linux.
If you are running OS X, please see Running Java on Mac OS X.
For information on installing Java on your local Linux machine, see How to install Java on my
local Linux machine.

CA Technologies

CA Privileged Access Manager 2.5x: Administration Foundations 200

Appendix: CA Technologies Dynamic Lab Environment

Network Requirements
We recommend a minimum download speed of 1.16 Mb/sec (150 KB/sec) per client connection
(i.e., each individual user). In addition, we recommend latency of 250ms or less.

CA Privileged Access Manager 2.5x: Administration Foundations 200

CA Technologies

Appendix: CA Technologies Dynamic Lab Environment

Self-Directed Learning Access and Instructions

After you register for the course, you will receive a system-generated email that includes two
important pieces of information:
A published URL to access your assigned lab environment
The date and time on which your access to that environment expires
Keep this email as you will need to use the URL whenever you access your lab environment.
Here is a sample email with the two pieces of information highlighted:

Access Your Assigned Lab Environment

Click on the published URL from the email or paste the link in your web browser to access your
assigned lab environment. Use this same link each time you access your dynamic lab environment.
A sample environment with multiple Virtual Machines (VMs) is shown below:

CA Technologies

CA Privileged Access Manager 2.5x: Administration Foundations 200

Appendix: CA Technologies Dynamic Lab Environment

The above sample environment includes three VMs. Your particular environment will be
appropriate for the course activities for which you have registered.
NOTE: When you initially access your environment, you may see a Java prompt, asking if
you want to run this application. Click Run if you see this prompt. It will enable you to
properly connect into the environment and enable the keyboard to work correctly.

Manage Your Assigned Lab Environment

You are allocated a certain amount of lab session time to complete all of the activities associated
with a given course. That time starts once you access your environment and continues to run until
the end date and time specified in the email. The clock continues to run even if you are not actively
working in the environment unless you manage your environment.
Use the Suspend and Run buttons to manage your lab environment. These buttons are shown
below:

Using Suspend to preserve your lab time

Click the Suspend button to stop the Run Time clock. Do this any time you are not working on
course activities to preserve your remaining time. You can suspend any or all of the VMs in your
environment by clicking in the check box in each VM window and then clicking the Suspend button.
The Suspend button is called out in the following sample where all three VMs have been checked:

CA Privileged Access Manager 2.5x: Administration Foundations 200

CA Technologies

Appendix: CA Technologies Dynamic Lab Environment

When you click Suspend, your allocated lab time is preserved and the time clock remains paused
until you change the status to Run. The VMs in a suspended environment display that status as
shown in the following image:

Once you have suspended your environment, you can minimize or close the browser window in
which the environment has been running. Use the same URL you were sent in email to re-open
your environment when you are ready to resume.

Using Run to resume running your lab time

Click the Run button to start up suspended VMs and restart the Run Time clock. The Run button is
called out in the following sample:

This may take several minutes. The environment is ready the when VMs are highlighted in green
and display a Running status. Click on the machine(s) you want to directly access to start or resume
your lab activities.

Tracking lab time using the Run Time clock

The Run Time clock in the upper right corner of your set of VMs tracks how much dynamic lab
environment time you have left.

CA Technologies

CA Privileged Access Manager 2.5x: Administration Foundations 200

Appendix: CA Technologies Dynamic Lab Environment

Network Requirements
We recommend a minimum download speed of 1.16 Mb/sec (150 KB/sec) per client connection
(i.e., each individual user). In addition, we recommend latency of 250ms or less.
If you have a group of 15 users, each connecting to their own client session from the same physical
location concurrently, the recommended amount of bandwidth required is
1.16Mb/sec per user x 15 or 17.5Mb/sec.

Connection Test
If you are connecting for the first time, or connecting from a computer you have never used before,
run the connection and speed tests to make sure that your browser supports a connection to the
Dynamic Lab Environment. These tests are hosted by Skytap directly.
Use the following URL to use the Skytap Connectivity Checker to run connection and speed tests:
https://cloud.skytap.com/tools/connectivity

CA Privileged Access Manager 2.5x: Administration Foundations 200

CA Technologies

Appendix: CA Technologies Dynamic Lab Environment

Instructor-Led Class Set-Up

The Dynamic Lab Environment is accessed directly through a URL link that is provided to the
instructor by a system-generated email. The email includes a class URL as well as instructor and
student position URLs. A sample email is shown below:

1. Click the URL link or copy and paste the link to your web browser. If the URL link is valid, your
web browser will load the environment with the appropriate VM or VM set for hands-on
activities.
2. Examine all VMs and ensure they are running by selecting them and clicking the Run button to
power them on.

CA Technologies

CA Privileged Access Manager 2.5x: Administration Foundations 200

Appendix: CA Technologies Dynamic Lab Environment

Once they are powered on, all VMs will show that they are in a running status and you may
log in to the VMs by clicking the desired VM machine.
3. Click the desired VM machine to connect directly to it.

Note: Most VMs will take you directly to the desktop, but if you are prompted to enter login info,
use the following credentials:
- Username: administrator
- Password: caeducation

Students should have been sent an email message telling them to run the tests before class starts.
Best practice is for the instructor to send an email message to your students to introduce yourself
as the instructor and remind them to run the connectivity test before the class starts.

CA Privileged Access Manager 2.5x: Administration Foundations 200

CA Technologies

Appendix: CA Technologies Dynamic Lab Environment

Best Practices
Use the following list of best practices to help you avoid potential issues with the Dynamic Lab
Environment:
Ensure that you are connected to a dedicated hardwired network connection on a
broadband internet connection.

Do not use Wi-Fi connection because it is more susceptible to higher latency issues
impacting performance.

Close all applications and documents you are not using for your virtual training; applications
running in the background may use up your computer's bandwidth and affect system
performance.

You should not be connected to a corporate VPN while connecting to the virtual training
class.

CA Technologies

CA Privileged Access Manager 2.5x: Administration Foundations 200

Appendix: CA Technologies Dynamic Lab Environment

Troubleshooting
Run both Connectivity Checker and Speed Test from appropriate application regions and submit
results to educationlabs@ca.com. Before the start of class, make sure your browser supports a
connection to the remote labs.

CA Privileged Access Manager 2.5x: Administration Foundations 200

CA Technologies

Privileged Remote Access - 24.1.2 - Lab Guide - R2
No ratings yet
Privileged Remote Access - 24.1.2 - Lab Guide - R2
208 pages
Trailhead Virtual Bootcamp For Platform Developer Slide Deck
100% (1)
Trailhead Virtual Bootcamp For Platform Developer Slide Deck
111 pages
Heisig - Remembering The Kanji 2
100% (2)
Heisig - Remembering The Kanji 2
199 pages
CyberArk Interview Questions and Answers
No ratings yet
CyberArk Interview Questions and Answers
11 pages
Mlmanufacturing Cloud Accredited Professional - Exam Guide
No ratings yet
Mlmanufacturing Cloud Accredited Professional - Exam Guide
5 pages
300 420 Ensld PDF
No ratings yet
300 420 Ensld PDF
3 pages
PAM 3.X Configuration Foundations 200 - Lab Guide
No ratings yet
PAM 3.X Configuration Foundations 200 - Lab Guide
84 pages
04pim3001s LG
No ratings yet
04pim3001s LG
175 pages
CA Identity Suite 14.x: Implementation - Integrate The Components 200
No ratings yet
CA Identity Suite 14.x: Implementation - Integrate The Components 200
52 pages
CA Identity Suite 14.x: CA Identity Manager - Implement Provisioning 200
No ratings yet
CA Identity Suite 14.x: CA Identity Manager - Implement Provisioning 200
54 pages
CA Identity Suite 14.x: Implementation - Install The Components 200
No ratings yet
CA Identity Suite 14.x: Implementation - Install The Components 200
170 pages
Administrative Access Best Practices
No ratings yet
Administrative Access Best Practices
26 pages
Lab Guide
No ratings yet
Lab Guide
92 pages
How To Create A Read Only User For Tablespace DCO Monitoring in LogicMonitor
No ratings yet
How To Create A Read Only User For Tablespace DCO Monitoring in LogicMonitor
8 pages
CyberArk PAS - Adminstration PDF
100% (3)
CyberArk PAS - Adminstration PDF
321 pages
Lab Guide - 24.1 r02
No ratings yet
Lab Guide - 24.1 r02
211 pages
CA Identity Suite 14.x: CA Identity Portal - Create Analytics Collectors 200
No ratings yet
CA Identity Suite 14.x: CA Identity Portal - Create Analytics Collectors 200
22 pages
VSphere OSS 8 Lab 01
No ratings yet
VSphere OSS 8 Lab 01
12 pages
Weblogic Server 11G R1 (10.3.5) : Student Manual
No ratings yet
Weblogic Server 11G R1 (10.3.5) : Student Manual
16 pages
AW - WS1DM - Lab Manual Days 3 - 4
No ratings yet
AW - WS1DM - Lab Manual Days 3 - 4
118 pages
reseller_keycloak_quick_installation
No ratings yet
reseller_keycloak_quick_installation
9 pages
Configure a Panorama Administrator with Certificate-Based Authentication for the Web Interface
No ratings yet
Configure a Panorama Administrator with Certificate-Based Authentication for the Web Interface
4 pages
AZ-104-demo
No ratings yet
AZ-104-demo
9 pages
Administrative Access Best Practices
No ratings yet
Administrative Access Best Practices
26 pages
Security Gateway Virtual Edition - Network Mode: Release Notes
No ratings yet
Security Gateway Virtual Edition - Network Mode: Release Notes
10 pages
VLab Demo - Using APM For Single Sign-On - V12.0.B
No ratings yet
VLab Demo - Using APM For Single Sign-On - V12.0.B
10 pages
VSphere ICM 8 Lab 06
No ratings yet
VSphere ICM 8 Lab 06
37 pages
Viewmanager3 Admin Guide
No ratings yet
Viewmanager3 Admin Guide
182 pages
CyberArk LATAM Certiifcations q2 2021
No ratings yet
CyberArk LATAM Certiifcations q2 2021
20 pages
Ca Siteminder R12.X Administrator Exam (Cat-160) : Study Guide
No ratings yet
Ca Siteminder R12.X Administrator Exam (Cat-160) : Study Guide
12 pages
AZ-104-demo
No ratings yet
AZ-104-demo
9 pages
Common Issues
No ratings yet
Common Issues
32 pages
AG6_WAF_in_OCI_ed1
No ratings yet
AG6_WAF_in_OCI_ed1
22 pages
PL 400
No ratings yet
PL 400
19 pages
S4H - 790 IAM - Authorization Concept Guidelines For S4HANA Cloud
No ratings yet
S4H - 790 IAM - Authorization Concept Guidelines For S4HANA Cloud
23 pages
SC 100 Demo
No ratings yet
SC 100 Demo
16 pages
CyberArk training content
No ratings yet
CyberArk training content
17 pages
IaC Security - Lab Guide
No ratings yet
IaC Security - Lab Guide
32 pages
7.2r01-PWS Lab
No ratings yet
7.2r01-PWS Lab
144 pages
VSphere ICM 8 Lab 05
No ratings yet
VSphere ICM 8 Lab 05
14 pages
CyberArk Security Fundamentals For Privileged Account Security
No ratings yet
CyberArk Security Fundamentals For Privileged Account Security
6 pages
Configure a Panorama Administrator With Certificate-Based Authentication for the Web Interface
No ratings yet
Configure a Panorama Administrator With Certificate-Based Authentication for the Web Interface
3 pages
Veeam One 12 0 Quick Start Guide
No ratings yet
Veeam One 12 0 Quick Start Guide
55 pages
Zscaler for Users - Essentials - Hands On Lab Guide 2023
No ratings yet
Zscaler for Users - Essentials - Hands On Lab Guide 2023
108 pages
Veeam One 12 0 Quick Start Guide
No ratings yet
Veeam One 12 0 Quick Start Guide
54 pages
Z-Sync-Cyberthreat Protection LabGuide v1.0
No ratings yet
Z-Sync-Cyberthreat Protection LabGuide v1.0
38 pages
Solarwinds Breach Identity Security Best Practices To Reduce Risk and Regain Control
No ratings yet
Solarwinds Breach Identity Security Best Practices To Reduce Risk and Regain Control
2 pages
Kerio Control GSG en 7.1.2 2333
No ratings yet
Kerio Control GSG en 7.1.2 2333
5 pages
Training content for Cloud Service Providers - English
No ratings yet
Training content for Cloud Service Providers - English
4 pages
VMware VCP 2V0-731 PDF Exam Material - Latest 2018
No ratings yet
VMware VCP 2V0-731 PDF Exam Material - Latest 2018
7 pages
sa
No ratings yet
sa
27 pages
02 CP Security 101 Gaia Lab
No ratings yet
02 CP Security 101 Gaia Lab
55 pages
Check-Point: Exam Questions 156-215.80
No ratings yet
Check-Point: Exam Questions 156-215.80
21 pages
EDU DATASHEET ViewInstallConfigureManage V51
No ratings yet
EDU DATASHEET ViewInstallConfigureManage V51
2 pages
BalaBit Auditing WMware View Sessions With Shell Control Box
No ratings yet
BalaBit Auditing WMware View Sessions With Shell Control Box
9 pages
ZCCP-IA Student Lab Guide_v7.1_6.2
No ratings yet
ZCCP-IA Student Lab Guide_v7.1_6.2
78 pages
VCP Co Certification Details
No ratings yet
VCP Co Certification Details
3 pages
11 - PSM Customization For Windows Applications - Exercise Guide
No ratings yet
11 - PSM Customization For Windows Applications - Exercise Guide
30 pages
CompTIA Net Sec Questions - by - .Heery - .154q
No ratings yet
CompTIA Net Sec Questions - by - .Heery - .154q
77 pages
CA Privileged Access Manager r3.x: Administration Foundations
No ratings yet
CA Privileged Access Manager r3.x: Administration Foundations
296 pages
Microsoft Azure Security Technologies Practice Tests AZ-500
From Everand
Microsoft Azure Security Technologies Practice Tests AZ-500
iCertify Training
No ratings yet
Learning VMware vRealize Automation: Learn the fundamentals of vRealize Automation to accelerate the delivery of your IT services
From Everand
Learning VMware vRealize Automation: Learn the fundamentals of vRealize Automation to accelerate the delivery of your IT services
Sriram Rajendran
No ratings yet
DigMandarin Grammar Lesson Hui and Neng
No ratings yet
DigMandarin Grammar Lesson Hui and Neng
4 pages
Numpy Essentials Paperback
No ratings yet
Numpy Essentials Paperback
2 pages
Step-by-Step Guide For Using LSMW To Update Customer Master Records
No ratings yet
Step-by-Step Guide For Using LSMW To Update Customer Master Records
18 pages
Informatica ETL Naming Conventions
No ratings yet
Informatica ETL Naming Conventions
2 pages
Install Pentaho BI Server 4
No ratings yet
Install Pentaho BI Server 4
4 pages
Tutorial 11 Solutions
No ratings yet
Tutorial 11 Solutions
7 pages
PHP Hotel ManagementSYNOPSIS
No ratings yet
PHP Hotel ManagementSYNOPSIS
2 pages
SAP PRESS - Catalog - 2010 PDF
No ratings yet
SAP PRESS - Catalog - 2010 PDF
32 pages
Strings
No ratings yet
Strings
8 pages
Connecting SAC With SAP ANALYTICS Cloud Kit 1.0 - SAP Blogs
No ratings yet
Connecting SAC With SAP ANALYTICS Cloud Kit 1.0 - SAP Blogs
17 pages
Software Detailed Design Template
100% (1)
Software Detailed Design Template
5 pages
FS Clos
No ratings yet
FS Clos
8 pages
Am Cloud Connect Operation Overview 8AL91354ENAA 5 en
No ratings yet
Am Cloud Connect Operation Overview 8AL91354ENAA 5 en
21 pages
Step: A Key To Cad/Cam Systems Integration: Mechanical Engineering Dept., Middle East Technical University - ANKARA
No ratings yet
Step: A Key To Cad/Cam Systems Integration: Mechanical Engineering Dept., Middle East Technical University - ANKARA
6 pages
Chapter 17
No ratings yet
Chapter 17
14 pages
Microsoft 70-410
No ratings yet
Microsoft 70-410
28 pages
Lnvgy FW LXPM xwl116g-3.19 Anyos Noarch
No ratings yet
Lnvgy FW LXPM xwl116g-3.19 Anyos Noarch
4 pages
65 Must-Read Books For Coders
100% (2)
65 Must-Read Books For Coders
3 pages
Confidentiality, Integrity, Availability (CIA)
No ratings yet
Confidentiality, Integrity, Availability (CIA)
9 pages
Pega
No ratings yet
Pega
6 pages
Foundation of Information Technology (Code - 165) Sample Question Paper Time: 3 Hrs Max. Marks: 40
No ratings yet
Foundation of Information Technology (Code - 165) Sample Question Paper Time: 3 Hrs Max. Marks: 40
3 pages
DNSSec-why - Richard Lamb
No ratings yet
DNSSec-why - Richard Lamb
32 pages
CSC112 Study Questions by Premier
No ratings yet
CSC112 Study Questions by Premier
12 pages
Lab Ex 1,2 Oop
No ratings yet
Lab Ex 1,2 Oop
15 pages
Oracle Dba Notes
No ratings yet
Oracle Dba Notes
20 pages
Azure Virtual MC
No ratings yet
Azure Virtual MC
1 page
Aras Innovator 2023 Release Programmers Guide
No ratings yet
Aras Innovator 2023 Release Programmers Guide
107 pages
Lesson 07 Patient Diagnosis Report Solution
No ratings yet
Lesson 07 Patient Diagnosis Report Solution
8 pages
University of Colorado - Oracle Data Integrator Resouces and Useful Links - 2017-06-05
No ratings yet
University of Colorado - Oracle Data Integrator Resouces and Useful Links - 2017-06-05
5 pages
DFD Placement Cell
No ratings yet
DFD Placement Cell
9 pages
HR Ahmedabad Sample Count975
No ratings yet
HR Ahmedabad Sample Count975
72 pages
OneFS 8.2.0 Backup and Recovery Guide PDF
No ratings yet
OneFS 8.2.0 Backup and Recovery Guide PDF
132 pages