MIM PAM test lab environment overview
Note
The PAM approach provided by MIM PAM is not recommended for new deployments in Internet-connected environments. MIM PAM is intended to be used in a custom architecture for isolated AD environments where Internet access is not available, where this configuration is required by regulation, or in high impact isolated environments like offline research laboratories and disconnected operational technology or supervisory control and data acquisition environments. MIM PAM is distinct from Microsoft Entra Privileged Identity Management (PIM). Microsoft Entra PIM is a service that enables you to manage, control, and monitor access to resources in Microsoft Entra ID, Azure, and other Microsoft Online Services such as Microsoft 365 or Microsoft Intune. For guidance on on-premises Internet-connected environments and hybrid environments, see securing privileged access.
To set up a test lab of MIM PAM, you can install the software on virtual machines. Privileged Access Management works with virtual machines (VMs) with separate drives that are connected to each other on a shared network. These virtual machines can be hosted by Windows Server or other operating system platforms.
You need a minimum of three virtual machines. If you don't already have an AD domain for PAM to manage, you need one additional VM to act as a CORP domain controller. If you wish to configure the PRIV software for high availability, you need two additional VMs.
The drives where the VM disk images will be stored need at least 120 GB of free disk space. If you plan to deploy for high availability, make sure that the disk subsystem meets the requirements for SQL shared storage. The shared storage can be in the form of Windows Server Failover Clustering cluster disks, disks on a Storage Area Network (SAN), or file shares on an SMB server.
Important
Storage must be dedicated to the bastion environment. Sharing storage with other workloads outside of the bastion environment is not recommended as it could jeopardize the integrity of the bastion environment.
Next steps
- Privileged Access Management for Active Directory Domain Services is an overview of PAM and how it works.
- Understand the components of PAM is an overview of the various components of PAM.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for