FREQUENTLY ASKED QUESTIONS

Open Systems Management

Pricing and licensing

What is a subscription license?

PUM is licensed by subscription only. 

Subscription pricing is the modern way of licensing software and paying for associated services. Instead of paying an up-front fee for a software license, and then paying an annual fee for support and maintenance (plus possible additional charges for upgrades), you pay an annual fee which covers everything - license, support and upgrades. On payment of the annual fee you will receive a license key that allows you to run the software on the nominated systems for twelve months. You may buy multiple years in advance if you wish.

Back to top

Can I get a temporary license?

Prospective end user organizations evaluating PUM with a view to purchasing licenses for it for the first time, may request an evaluation key which typically lasts for 30-60 days.  Further extensions of these keys may be granted by your Account Manager at their discretion.

Back to top

What does the PUM license key do?

If you have been sent a temporary license key that expires less than 60 days in the future then it will be a non host-specific license key.  You may use this key to run PUM on any system on which you have installed the software.  The key will expire on the exact date provided.   It does NOT run for a set period from whenever you install it.

If you have purchased a license for PUM for a particular number of computer systems then we will have requested the hostname (returned by the 'uname -n' command) for the system on which the PUM database resides.  You will be sent a  key for that database system which is locked to that particular hostname.  It will enforce the number of systems for which you have licensed PUM and the anniversary date on which it needs to be relicensed.

Back to top

Is the minimum really three?

The  minimum number of servers required to run PUM in a secure environment is three - one Access Server, one Audit Server and one Managed Server.   We do not charge for the Database Server and Web Application Server that are used.  It is technically possible, but not advisable, to run pumacsd (the PUM Access Server daemon) and pumausd (the PUM Audit Server daemon) on the same server and reduce that number to two. 

In the event that you wish to do this then please send your request to info@applecrosstech.com.

In practice, the minimum number of servers that we recommend is five - two Access Servers, two Audit Servers and one Managed Server.  This may seem disproportionate but Access and Audit Servers are single points of failure unless there are alternative paths.

Back to top

What do you mean by a system in regards to your licensing model?

Privileged User Manager ® is licensed in conjunction with the hostname of the systems on which it resides or which it manages.  Any physical computer or any partition in a computer which has its own hostname will therefore count as a system for the purposes of PUM licensing.  As most larger systems are now partitioned, it provides some form of scaling of the pricing in line with the costs of the systems on which it resides.

Back to top

What if I don't want to pay in US dollars?

Please email info@applecrosstech.com with the cost in US$ as calculated using our "Calculate price for your site" option, and the currency in which you would like to pay. We will respond to you within one working day with the appropriate figure required in your local currency, if it is acceptable to us for you to pay in that currency.

Back to top

What is a corporate license?

For the purposes of licensing PUM, a corporate license is one which allows an end user organization to install the PUM components on an unlimited number of systems owned by the legal entity who purchases the license. For the sake of licensing PUM, the legal entity includes all subsidiary organizations in which the licensing organization holds at least 50% of the equity.

Corporate licenses may not be granted to the following types of end user organization:

a) Governments.  In the case of a government, then each department e.g. Department of Defence, Department of Environment etc. must license PUM separately.

b) Conglomerates.  In the case of a conglomerate then each operational company must license PUM separately.

Back to top

What is a volume license?

For the purposes of licensing PUM, a volume license is one which allows an end user organization to install the PUM components on a predetermined number of systems. Currently there are volume licenses offered for 100 systems and 500 systems.  These volume licenses provide a marked discount over unit pricing. 

Back to top



General FAQs

What is Citrix Xen?

Citrix Systems, Inc. was born from the idea of unlocking applications from datacenters, and employees from the office – changing the way IT and people work. Today, this is the promise of virtual computing.

Citrix® XenServer® is a complete, managed server virtualization platform built on the powerful Xen® hypervisor. Xen technology is acknowledged as a fast, secure virtualization software platform. XenServer is designed for efficient management of Windows® and Linux® virtual servers and delivers cost-effective server consolidation and business continuity..

For more information visit http://www.citrix.com

Back to top

What is PDF?

"PDF" (Portable Document Format) is Adobe(R) Acrobat(R) format. PDF is a proprietary format that allows you to read electronic documents, either on or off line. This format provides a page-by-page view of documents, exactly as they appear in their printed form, as well as allowing keyword search.

Adobe provides a free Acrobat Reader that allows you to view, navigate, and print PDF files across all major computing platforms. It is the free viewing companion to Adobe Acrobat and to Acrobat Capture(R) software.

If you do not already have it, you may use this link http://www.adobe.com/products/acrobat/readstep2.html to download the FREE Adobe Acrobat reader, which you may then install and use to access PDF documents on this site.

Back to top

What is VMWare?

VMware, Inc. (NYSE: VMW) is a publicly-listed developer of proprietary virtualization software products for x86-compatible computers, including VMware Workstation and VMware ESX Server.

The VM in the name plays on the term "Virtual Machine". In essence, virtualization lets you transform hardware into software. The software transforms or "virtualizes" the hardware resources of an x86-based computer - including the CPU, RAM, hard disk and network controller - to create a fully functional virtual machine that can run its own operating system and applications just like a "real" computer.

For more information visit http://www.vmware.com

Back to top

What is Webex?

Webex is a Cisco Systems Inc. company that provides on-demand collaboration, online meeting, web conferencing and video conferencing applications. Its products include "Meeting Center" which allows people to share an electronic desktop over the Internet while discussing what they are seeing over the telephone.  OSM uses it for demonstration and training purposes.

For more information visit www.webex.com 

Back to top



Installation and configuration

Can I run the PUM Access Server and PUM Audit Server on the same host?

There is no technical reason why these two programs cannot co-exist on the same host. They must be configured to listen for connections on a different port, however. While each program has its own configuration files, they will share the same database connection settings file: /etc/pum/store.properties.

For a more secure configuration please consider installing the Access Server and Audit Server on two different virtual machines on the same physical host.  This will provide increased security and integrity of the audit trails.

Back to top

What changes does the PUM installation procedure make to my system?

In its default configuration the PUM software is installed only on the Access Server(s) and Audit Server(s). No software is installed on the Managed Servers or the Clients. PUM does not add any accounts to /etc/passwd or alter any other system files.

For an Account on a Managed Server to be protected using PUM, that Managed Server need only support an SSH-2 server.

The exception to this is when pumx is installed.  pumx is installed on the Managed Servers when sudo-like functionality is required i.e. when you want users to be able to log into a Managed Server directly using their own account, and then precede a privileged command with the pumx prefix (rather than sudo).  These commands are then validated against the Access Server before they can be run. 

Back to top



Support

How do I obtain a store.properties file?

This file is obtained from the PUMAdmin Web User Interface, once PUMAdmin has been configured. Within PUMAdmin, go to the Database Configuration page (Settings->Database) and click the [ Download Settings ] button. Copy this file to the /etc/pum directory on the pumausd and pumacsd servers.

If you do not have the appropriate Capabilities to access PUMAdmin then please contact your PUM Administrator.

Back to top

How does PUM handle managed servers operating in different time zones?

PUM uses the system clock on the Access Server(s) to determine whether a Session can be run at the current time as defined by its associated Schedule.  In order to avoid confusion, you may decide to maintain a separate Access Server in each time zone.  The alternative is to translate the required times on a remote Managed Server into the equivalent time on the Access Server.

Back to top

What are minor, major and critical?

Severity Level 1 ("Critical") represents a reproducible emergency condition which makes the use or continued use of one or more functions impossible and is not correctable by a solution already available to Customer.

iSeverity Level 2 ("Major") represents a reproducible condition which makes the use or continued use of any one of more functions difficult and which cannot be circumvented or avoided on a temporary basis by Customer.

Severity Level 3 ("Minor") represents a reproducible minor condition which is not critical in that no loss of data occurs and which may be circumvented or avoided on a temporary basis by Customer.

Back to top

Where are your help desks located?

Our company provides help desks in three locations around the world, separated by 8 hour time zones in each case. They are based in Perth, Western Australia, in Seattle, WA, USA and in Ascot, England. In this way one of the help desks is able to take your calls 24 hours a day. It is also possible that you will reside in a country where one of our partners provides a help-desk using technicians fluent in the local language.

Back to top

Why do I get a 'Permission denied, please try again' error when I am sure my password is correct?

There are a lot of factors that determine if you are authorized to execute a specific command.  The correct user name and password is just one of those factors.  If any requirement for running the command is not met, you will get this error message.

Back to top



Training

There no FAQ's in this Category



Technical questions

How does PUM stop users bypassing access restrictions?

One of the precepts of PUM is that you change the password of the privileged account you are protecting as you enter it into PUM.  You don't give that password to anybody.  All Users must therefore use PUM to access that privileged account.

Users can only access privileged accounts on Managed Servers by entering a valid connection string in an ssh client or by using the PUM Client which effects the same thing.  The connection string identifies the User, the Server, and a predefined Session. The Session information defines the commands the User is allowed to run, the environment in which they may be run, the time period during which the User can run a session, and the maximum duration.  It also, of course, specifies who may run that Session and on which Managed Servers.

Back to top