Need Help Optimizing Devolutions Password Server for Large-Scale Deployment

Ctrl + k

Published 2 years ago

Hello everyone,

I'm asking for expert advice on effectively deploying Devolutions Password Server (DPS) across our organization of over 500 users distributed across multiple locations. We’re eager to harness DPS's robust security features and centralized password management capabilities to bolster our overall IT infrastructure.

To ensure a smooth and efficient implementation, I am keen on gathering insights from seasoned IT professionals who have successfully navigated large-scale DPS deployments. Your expertise in the following areas would be invaluable;

Performance Optimization; Given the scale of our environment, I am interested in best practices for maximizing DPS performance. Are there specific hardware configurations, software settings, or indexing strategies that can significantly enhance system responsiveness?
User Management; Efficiently managing user accounts and permissions for a large user base is crucial. What strategies have you found effective for streamlining this process? Have you integrated DPS with Active Directory, and if so, what challenges and solutions did you encounter?
Data Security; Protecting sensitive password information is paramount. Beyond DPS's built-in security features, what additional safeguards do you recommend? Are there specific encryption or backup solutions that have proven successful in your environment?
Troubleshooting; Your experience with common challenges or pitfalls during DPS deployment would be incredibly helpful. What troubleshooting tips can you share to mitigate potential issues?

I also came across this resource/article: https://forum.devolutions.net/topics/36332/how-to-deploy-devolutions-server-as-an-ha-web-server-oracle-integration-cloud -farm-behind-a-loa, I value any insights, documentation, or personal experiences you can offer. Your guidance will be instrumental in ensuring a successful DPS implementation within our organization.

Thank you for your time and consideration.

Permissions - Devolutions Documentation

Create a Devolutions Server instance - Devolutions Documentation

Installing web server prerequisites - Devolutions Documentation

Deploy in a high-availability or load-balancing environment - Devolutions Documentation

Pre-deployment account survey - Devolutions Documentation

System requirements - Devolutions Documentation

All Comments (1)

Marc-Antoine Dubois

Published 2 years ago

Hello Davis,

Thank you for reaching out!

I think a live discussion together would be a good idea. Let me know if you're interested and I'll reach out by email.

Regarding your questions:

"[...]Are there specific hardware configurations, software settings, or indexing strategies that can significantly enhance system responsiveness?"
Yes, for 500 users, have a look at the system requirements for a large deployment here: https://docs.devolutions.net/server/overview/system-requirements/

"[...]What strategies have you found effective for streamlining this process? Have you integrated DPS with Active Directory, and if so, what challenges and solutions did you encounter?"
The easiest way to achieve this is to create a security group that contains only users who can access the Devolutions Server. If done properly, this will make managing the solution an easier process (Smaller scope). I'd say the biggest challenge I see is regarding permissions on entries and vaults. It's crucial to use inheritance and security groups, otherwise it becomes hard to manage.
Have a look at: https://docs.devolutions.net/rdm/user-groups-based-access-control/permissions/

"[...]Are there specific encryption or backup solutions that have proven successful in your environment"
Data in the Devolutions server is encrypted at rest. If you use TLS certificates, encryption is also encrypted during transit. The following link is our security model, which explains the concepts better than I can: https://cdn.devolutions.net/documents/legal/security/security-encryption-en.pdf

"[...]common challenges or pitfalls during DPS deployment"
The most common issue I see is regarding the service accounts. Make sure you're familiar with the required service accounts before doing an installation. Often times, permissions are forgotten(SQL, AD)
Have a look at: https://docs.devolutions.net/server/kb/knowledge-base/pre-deployment-account-survey/

Another common issue is certificates. Making sure you have CA-signed certificates for all DVLS instances and that the end machines trust that CA saves time.

While the forum thread you sent is very detailed, I find it outdated (3 years ago) a lot of these points are not necessary or automated by the DVLS console (Prereqs, handling of license, using PowerShell for installation, manually setting app pool identity)

Have a look at these two docs:
1. Install prerequisites with the DVLS Console: https://docs.devolutions.net/server/getting-started/installation/installing-web-server-prerequisites/#devolutions-server-console-method
2. Advanced DVLS install: https://docs.devolutions.net/server/getting-started/installation/create-server-instance/#advanced-installation

Regarding load balancing of DVLS, see: https://docs.devolutions.net/server/kb/knowledge-base/deploy-high-availability-load-balanced-env/

Again, I think a small call together would be beneficial. If you're interested, we could do an install together to get you on the right track.

Let me know your thoughts.

Best regards,
Marc-Antoine Dubois

Marc-Antoine Dubois