SEVA – Serverless LAPS for Azure

LAPS for Azure, SYNERGIX SEVA

Overview

Synergix SEVA is a free* and complete replacement of Microsoft LAPS. SEVA supports password rotation of multiple local accounts on Windows, Unix and MAC devices that are in Azure AD, OnPrem AD, Workgroup or hosted in AWS, GCP, etc.

Azure Marketplace


Purpose

This article provides step-by-step instructions on deploying and on testing Synergix SEVA software on Microsoft Windows computers.  Similar steps may be followed in deploying the software on UNIX, MacOS and other supported operating systems.

All required serverless resources are deployed in customer’s Azure Subscription, letting customers have complete control of their data.


Prerequisites

Permissions

  • Active Azure Account with membership in Azure AD Global Administrators security group.

Global Administrator privilege is required during initial setup only, to create new Resource Group and to deploy required Azure Resources i.e., Web Apps, Key Vault, Table Storage and App Service Plan.  Alternatively, the Global Administrator may delegate administration to other Azure AD Identity who can perform required actions.

 

  • Local Administrator Account privileges on endpoints to manually install the pre-requisites, .NET Core 5.0+ Runtime and the Synergix SEVA MSI package or
  • Intune Administrator privileges to distribute the pre-requisites.

Endpoints

Depending upon the scope of testing, you may need one or more computers, physical or virtual, running supported Operating Systems

.NET Desktop Runtime 5.x and ASP.NET Core Runtime 5.x must be installed on the endpoints

Windows 7.0 SP1

Windows 8.x

Windows 10

Windows Server 2008/R2

Windows Server 2012/R2

Windows Server 2016 or

Windows Server 2019

Unix.  RHEL, Fedora, Debian, Ubuntu, Linux Mint, SUSE Enterprise Linux, Alpine and more …

MacOS 10.13+

Environments

Endpoints may be in any one of the following environments.

    • On Premises Active Directory
    • Azure AD
    • Azure AD Domain Services
    • Workgroup*
    • DMZ
    • AWS, GCP and other Cloud Service providers

Internet Connection

    • Direct Internet Connection to your Azure Endpoints or
    • Point-to-Site Connection to your Azure Endpoints or
    • Indirect Connection through a Web Proxy to your Azure Endpoints

Procedure

The back-end services, hosted in your Azure subscription, may be deployed using one of the two options

  1. Azure Marketplace Offer for a Virtual Machine
  2. Software artifacts downloaded from our website.

Azure Marketplace Offer

The Virtual Machine is a Microsoft Certified Virtual Machine that is based upon Windows Server 2016 or Windows Server 2019 Operating System.  It contains required artifacts

      • PowerShell Script to deploy Azure Resources
      • PowerShell Script to deploy the binaries in Web Apps

This offer is appealing to customers, like the US Government and companies in the Banking, Financial and other industries that implement stricter Information Security policies.  Deploying a Microsoft Certified Virtual Machine from Azure Marketplace provides the assurance that no binaries are transferred from external sources.

Once the Azure Virtual Machine is deployed, the installer can RDP to the VM, review the content of the artifacts and launch them in specific order.  The Installation Guide (PDF) provides further details.

  • PreReqs.ps1

Install required PowerShell modules

  • SetupEnvironment.ps1

Create required Azure Resources

  • Deploy.ps1

Deploy binaries in Azure Web Apps

  • Deploy MSI

The VM may be used to deploy the MSI package as a trial run.  After deployment and setting the configuration parameters for your Azure Resources, you should be able to retrieve new password for the Built-In Administrator account.

This offer is appealing to customers who wish to download the binaries from Synergix website and deploy the Azure Resources from an Internet connected Windows 10 computer or Windows 10 Sandbox. Review the Installation Guide (PDF) in the downloaded Zip file and use the software artifacts to setup the environment.


License Key

Please complete the survey and submit your request for free Synergix SEVA Community Edition.

Community Edition use is limited to Azure AD Joined Windows 10 Computers.  Only the Built-In Administrator password rotation is supported in Community Edition.

 

To license Enterprise Edition or Ultimate Edition, please contact sales@synergix.com

 


EULA

Please review End User License Agreement included with the artifacts, before proceeding with product activation.


Test Results

  1. Launch SEVA Portal specific to your Azure environment.
  2. Login using your Azure Account that is member of the newly created Azure AD Security Group(s) that allow access to the portal
  3. Search for device
  4. Under Security Actions, select “Built-In Administrator Account”
  5. Enter business justification for retrieving the password
  6. By default, the password is masked. Click on retrieve password to view the password
  7. Was the test successful?

 

More Information

Visit Synergix website or contact vendor support

 

Was this article helpful?

Related Articles