▲ 3 r/CyberARk
PSM in DMZ environment
Looking for best practices for deploying CyberArk PSM for non-domain joined Windows DMZ servers. we are considering deploying a dedicated PSM server in the DMZ. We are Privilege Cloud ISPSS.
Current environment:
- Windows DMZ servers are NOT domain-joined
- Admins currently access them using local Windows accounts
Questions:
- What is the recommended CyberArk architecture for this scenario?
- What outbound ports/connectivity are required from a DMZ PSM server to the CyberArk Vault in Privileged Cloud?
- Any special considerations for installing/configuring the RDS role on a non-domain-joined PSM server?
- How are PSMConnect and PSMAdminConnect typically configured in non-domain joined environments? Local accounts on the PSM server?
Would appreciate hearing real-world implementations, lessons learned, or any architecture recommendations
u/MysticCyber26 — 8 days ago