Lithnet Access Manager
PricingRequest a trial or quoteDownloads
v1.0
v1.0
  • Home
  • How does Access Manager help prevent lateral movement
  • Access Manager Editions
  • Licensing
  • Change log
  • Installation
    • Downloads
    • Creating a service account for the Access Manager service
    • Choosing between the Microsoft and Lithnet agents for LAPS support
    • Installing Access Manager
      • Access Manager Agent
      • Access Manager Service
  • Configuration
    • Setting up Authentication
      • Setting up smart card authentication
      • Setting up authentication with ADFS
      • Setting up authentication with Azure AD
      • Setting up authentication with Okta
    • Deploying features
      • Setting up Microsoft LAPS
      • Setting up Bitlocker access
      • Setting up Just-in-Time access
      • Setting up password encryption and history
      • Installing in a Failover Cluster
      • Integrated Windows authentication
    • Importing authorization rules
      • Importing BitLocker permissions
      • Importing local administrators group membership
      • Importing Microsoft LAPS permissions
      • Importing mappings from a CSV file
      • Importing rules from Lithnet LAPS web app
  • Help & Support
    • Frequently asked Questions
    • Troubleshooting
    • Getting Support
  • Advanced help
    • Advanced help topics
      • Access evaluation in Access Manager Service (AMS)
      • Performing an offline discovery of local admins
      • Script-based authorization
      • Backing up Access Manager
      • Recovering from a lost encryption certificate private key
    • Application help pages
      • Active Directory
      • Audit variables
      • Auditing Page
      • Auditing scripts
      • Authentication Provider
      • Authorization Page
      • BitLocker Page
      • Effective Access Page
      • SMTP Server Settings
      • High Availability Page
      • Proxy Settings
      • Jit Access Page
      • Licensing-Page
      • Local Admin Passwords Page
      • Rate Limits Page
      • User Interface Page
      • Web Hosting Page
Powered by GitBook
On this page
  • High Availability
  • Database configuration
  • Data protection

Was this helpful?

  1. Advanced help
  2. Application help pages

High Availability Page

PreviousSMTP Server SettingsNextProxy Settings

Last updated 2 years ago

Was this helpful?

High availability is an

High Availability

Database configuration

By default, Access Manager uses an internal database instance, based on Microsoft SQL LocalDB. For most use cases, this database type is fine.

If you have specific requirements around management, performance or availability, you may wish to use an external SQL server to host the Access Manager. You can select to create a database directly using the Create database function, or they can generate a database creation script that can be run on the SQL server directly to create the necessary database and permissions for the AMS service account.

Data protection

Cluster-compatible secret encryption

In order to run AMS in a high availability configuration, such as a Windows failover cluster, cluster-compatible secret encryption must be enabled.

Encryption certificate synchronization

To ensure that each server in the cluster has access to the necessary decryption certificates you can enable certificate synchronization. This will encrypt the service certificates and store the in the configuration file.

Do not use this option if you are using certificates stored on a 3rd party device such as a HSM. Configure the device to ensure that all nodes of the cluster have access to decrypt data using the certificate's private key.

Data protection functionality requires at least one domain controller in the domain running Windows Server 2012 R2, and a must have been generated in the domain.

KDS root key
Enterprise edition feature
localadminpasswords