r/CyberARk

Cyberark self hosted architecture

Cyberark self hosted architecture

My friend tried to draw the cyber ark self hosted architecture, but he was unsure regarding it's correctness and whenever he asks someone who knows the subject, they just say it's about the perspective.

Can anyone rectify the mistakes?

u/Puzzleheaded_Pie7947 — 7 hours ago

PSM Session RDP FullScreen Issue

Hi All,

We have a CyberArk SaaS setup where users access CyberArk/IDIRA through AWS AppStream. AppStream provides options such as catalogs, file explorers, fullscreen, etc. Users launch Edge or Chrome from the Catalogs and access the CyberArk portal.

The issue occurs when a user connects to a target machine through PSM and then clicks the Fullscreen option in the AppStream toolbar. The PSM session does not expand to fill the entire screen; instead, it gets cut off at the end, leaving a blank area. Additionally, when exiting fullscreen or minimizing the session, the taskbar does not reappear.

This issue does not occur when users take a direct RDP session from AppStream—the session expands correctly and works as expected.

The Cloud team has confirmed that the issue appears to be related to the PSM configuration. Has anyone experienced a similar issue? Are there any PSM settings or connection component configurations that should be checked or enabled to support proper fullscreen behavior within AWS AppStream?

Any suggestions would be appreciated.

u/Electronic_Doubt_108 — 4 days ago
▲ 0 r/CyberARk+1 crossposts

Is PAM and IAM Enough to Secure Your Platform 100%?

The short answer is no.

This is a misconception I come across quite often.

Don't get me wrong. PAM (Privileged Access Management) and IAM (Identity & Access Management) are both essential components of a modern cybersecurity strategy. They play a critical role in controlling who can access your systems, what they can access, and what permissions they have.

However, they are not designed to solve every security problem.

For example, neither PAM nor IAM is specifically built to stop:

  • Sophisticated bot attacks
  • Credential stuffing
  • Account takeover attempts
  • Fake account creation
  • Web scraping
  • Automated abuse of APIs
  • DDoS attacks
  • Endpoint compromise
  • Insider threats
  • Malware and ransomware
  • Data exfiltration

Each of these threats requires different security controls.

That's why mature security programs don't rely on a single product. They build layers of protection.

A typical enterprise security architecture might include:

  • IAM for identity and authentication
  • PAM for privileged accounts
  • WAF for web application protection
  • Bot Mitigation for automated threats
  • EDR/XDR for endpoint protection
  • SIEM for monitoring and threat detection
  • DLP for protecting sensitive data

Every technology has a purpose.

Expecting one solution to protect every layer of your organisation is like expecting the front door lock to secure an entire building.

Cybersecurity isn't about buying the "best" product.

It's about understanding your risks, selecting the right technologies for each layer, and making them work together.

What security layer do you think organisations most commonly overlook today?

u/No-Honey1950 — 6 days ago

CyberArk PAM Self-Hosted API for daily health check automation?

Hi,

I’m working with CyberArk PAM Self-Hosted and I want to automate a daily health check using the REST API with an AI agent.

My question is simple:

What can the CyberArk PAM self-hosted API actually retrieve related to system health?

Specifically:

  • Can it check Vault health or status?
  • Can it show CPM / PSM / PVWA component health?
  • Can it detect if services are down or degraded?
  • Or does it only provide data about accounts, safes, and sessions?

I want to build a daily automated health report (healthy / warning / failed), so I need to know if the API is enough or if I must rely on external monitoring tools.

Thanks.

reddit.com
u/AdElectrical9508 — 12 days ago

CyberArk PSM/PSMP handle this in one autoit or AutoLogonSequenceWithLogonAccount?

Hello

Can CyberArk PSM/PSMP handle this in one autoit  ora AutoLogonSequenceWithLogonAccount SSH via :

logon account (to login to server) -> su - root (switch to root using root password - as Enabled Account) -> su - (dbuser password) - main account -> psql (without cred)

Right no: No NOPASSWD, no login flow changes.

Is this supported natively, or does it require a custom connector/script? or changes in flow ?

KR

reddit.com
u/cd-cyber1 — 13 days ago

PAReplicate Server storage

Hi, we have the replicate server configured and I noticed the server space was full and replication hasn't been happening for a while, how do I switch storage folder from drive C to D which has more space. I edited the tsparm.ini file to point to the desired folder with space but it broke replication how do I achieve this?

reddit.com
u/LowWait2360 — 14 days ago