LAPS for Azure

LAPS for Azure, SYNERGIX SEVA

Overview

Synergix SEVA, is a complete and free replacement of Microsoft LAPS. SEVA supports password rotation of multiple local accounts on Windows, Unix and MAC devices that are in Azure AD, OnPrem AD, Workgroup or hosted in AWS, GCP, etc.

Azure Marketplace


Purpose

This article provides step-by-step instructions on deploying and on testing Synergix SEVA software on Microsoft Windows computers.  Similar steps may be followed in deploying the software on UNIX, MacOS and other supported operating systems.

All required serverless resources are deployed in customer’s Azure Subscription, letting customers have complete control of their data.


Prerequisites

Permissions

  • Active Azure Account with membership in Azure AD Global Administrators security group.

Global Administrator privilege is required during initial setup only, to create a new Resource Group and to deploy required Azure Resources i.e. Web Apps, Key Vault, Table Storage and App Service Plan.  Alternatively, the Global Administrator may delegate administration to other Azure AD Identity who can perform required actions.

 

  • Local Administrator Account privileges on endpoints to manually install the pre-requisites, .NET Core 3.1.1+ Runtime and the Synergix SEVA MSI package or
  • Intune Administrator privileges to distribute the pre-requisites.

Endpoints

Depending upon the scope of testing, you may need one of more of computers, physical or virtual, running supported Operating Systems

 

.NET Core 3.1.1+ Runtime must be installed on the endpoints

Windows 7.0 SP1

Windows 8.x

Windows 10

Windows Server 2008/R2

Windows Server 2012/R2

Windows Server 2016 or

Windows Server 2019

Unix.  RHEL, Fedora, Debian, Ubuntu, Linux Mint, SUSE Enterprise Linux, Alpine and more …

MacOS 10.13+

Environments

Endpoints may be in any one of the following environments.

 

    • On Prem Active Directory
    • Azure AD
    • Azure AD Domain Services
    • Workgroup*
    • AWS
    • GCP and other

Includes computers in DMZ

Internet Connection

    • Direct Internet Connection to your Azure Endpoints or
    • Point-to-Site Connection to your Azure Endpoints or
    • Indirect Connection through a Web Proxy to your Azure Endpoints

Procedure

The back-end services, hosted in your Azure subscription, may be deployed using one of the two options

  1. Azure Marketplace Offer for a Virtual Machine
  2. Software artifacts downloaded from our website.

Azure Marketplace Offer

The Virtual Machine is a Microsoft Certified Virtual Machine that is based upon Windows Server 2016 or Windows Server 2019 Operating System.  It contains required artifacts

      • PowerShell Script to deploy Azure Resources
      • PowerShell Script to deploy the binaries in Web Apps

This offer is appealing to customers, like the US Government and companies in the Banking, Financial and other industries that implement stricter Information Security policies.  Deploying a Microsoft Certified Virtual Machine from Azure Marketplace provides the assurance that no binaries are transferred from external sources.

Once the Virtual Machine is deployed, the installer can RDP to the VM, review the content of the artifacts and run them in following order.  The Installation Guide (PDF) provides further details.

  • PreReqs.ps1

Install required PowerShell modules

  • SetupEnvironment.ps1

Create required Azure Resources

  • Deploy.ps1

Deploy binaries in Azure Web Apps

  • Deploy MSI

The VM may be used to deploy the MSI package as a trial run.  Upon deployment and setting the configuration parameters for your Azure Resources, you should be able to retrieve new password for the Built-In Administrator account.

Software Artifacts

This offer is appealing to customers who wish to download the binaries from Synergix website and deploy the Azure Resources from an Internet connected Windows 10 computer. Review the Installation Guide (PDF) in the downloaded Zip file and use the software artifacts to setup the environment.


License Key

Please submit your request for free Synergix SEVA Community Edition license key by writing to sales@synergix.com.  Note that the license key is tied to your Azure Directory ID.


EULA

Please review End User License Agreement including with the artifacts, before proceeding with the activation of the product.


Test Results

  1. Launch SEVA Portal specific to your Azure environment.
  2. Login using your Azure Account that is member of the newly created Azure AD Security Group(s) that allow access to the portal
  3. Search for device
  4. Under Security Actions, select “Built-In Administrator Account”
  5. Enter business justification for retrieving the password
  6. By default, the password is masked. Click on retrieve password to view the password
  7. Was the test successful?

 

More Information

Visit Synergix website or contact vendor support

 

Was this article helpful?

1 people found this article useful.