ManageEngine PAM360

(A Division of ZOHO Corporation)

www.manageengine.com/pam360

ManageEngine PAM360

INSTALLATION
GUIDE
 Table of Contents

1. Prerequisites 3

2. System Requirements 3

3. Components of PAM360 4

4. Ports used by PAM360 5

5. Installing PAM360 5

5.1 Prerequisites 5

5.2 Steps to Install PAM360 in Windows 6

5.3 Steps to Install PAM360 in Linux 11

6. Silent Install 16

6.1 Steps to Silent Install PAM360 in Windows Server 16

6.2 Steps to Silent Install PAM360 in Linux Server 18

7. Starting and Shutting Down PAM360 19

7.1 In Windows 19

7.2 In Linux 20

8. Launching the PAM360 Web Client 20

8.1 Automatic Browser Launch 21

8.2 Launching the Web Client Manually 21

8.3 Connecting the Web Client in Remote Hosts 21

9. Uninstalling PAM360 22

9.1 Steps to Uninstall PAM360 in Windows 22

9.2 Steps to Uninstall PAM360 in Linux 23

10. Best Practices Post-Installation 23

10.1 Changing the Administrator Login Password 23

10.2 Managing the PAM360 Encryption Key 24

10.3 Configuring the Database Backup 24

1. Prerequisites
Apart from the standard system requirements (both hardware and software), the following elements
are essential for the proper functioning of the PAM360 server:
Note: The following are required if you are planning to use PAM360’s account discovery and
password reset provisions.
● An external mail server (SMTP server) for the functioning of PAM360 server and to send
various notifications to users.
● A service account that has either domain admin rights or local admin rights in the PAM360
server and in the target systems that you would like to manage.
● Microsoft .NET framework.
● Visual C++ Redistributable for Visual Studio 2015 and above (for PAM360’s Account
Discovery and Password Reset features).

Note: Once you complete the installation, from the user profile drop-down, navigate to
Support > Software Requirements > Check Configurations to check whether the
minimum requirements are satisfied for the PAM360 application.

2. System Requirements
The below table details the hardware and software configurations required by PAM360:

Hardware Operating Systems Web Interface

Processor Windows HTML client requires one of the

QuadCore or above ● Windows Server 2025 following browser** to be installed
● Windows Server 2022 in the system:
● Windows Server 2019 Microsoft Edge (on Windows),
● Windows Server 2016 Chrome, Firefox, and Safari (on
Windows, Linux and Mac)
**PAM360 is optimized for 1280 x
800 resolution and above.

RAM Linux Database

8 GB or above ● Ubuntu 18.04 and above PostgreSQL 14.17, bundled with the
● CentOS 6 and above product.

​3
 Hardware Operating Systems Web Interface

Storage ● Red Hat Linux 9.0 MS SQL Server 2022

20 GB or above ● Red Hat Enterprise Linux MS SQL Server 2019
5.x and above MS SQL Server 2016
● AlmaLinux 9.x and above The SQL server should be installed
in Windows Server 2016 and above.

Note: For Session Note: In general, PAM360 works

Recordings, well with any flavor of Linux and
the disk space requirement can also be run on VMs of the
may vary based on the above operating systems.
usage levels.

3. Components of PAM360

You will need a set of basic components that helps you run PAM360 in your environment effectively.
They are:
1. The PAM360 server
2. The PAM360 Agent (optional):
‐ To perform operations in the PAM360 server from the other transient machines
‐ To establish connections with remote resources that are not connected to the PAM360
server and manage them from PAM360
‐ Remote password resets of domain accounts without the domain controller's admin
credentials
3. The PAM360 Remote Connect (optional):
‐ To launch direct remote connections via password-less login to Windows and SSH-based
target resources without needing to install multiple third-party remote clients or web
browser based clients

4. The database PostgreSQL 14.17:

‐ Bundled with PAM360 and runs as a separate process
‐ Accepts connections only from the host where it is running
‐ Allows a connection from a configured secondary server for replication.

​4
4. Ports used by PAM360

The below table lists the set of all TCP ports used by PAM360 for remote access:

Port Name Port Number Direction

PostgreSQL 3456 Outbound

Web client 8282 {Https access} Inbound

SSH 22 Outbound

LDAP without SSL 389 Outbound

LDAP with SSL 636 Outbound

SMTP 25 Outbound

MS SQL 1433 Outbound

Oracle 1521 Outbound

Sybase ASE 5000 Outbound

Password verification 135, 139, 445 Outbound

SSH CLI 6622 Inbound

Auto Logon Spark View Gateway 8283 {Https access} Inbound

RDP 3389 Outbound

REST API 8282 Inbound

SNMP 162 Outbound

Syslog 514 Outbound

5. Installing PAM360

You can install PAM360 in both Windows and Linux operating systems.

5.1 Prerequisites

Before you begin the installation, ensure to do the following:

​5
 ∙ Download the latest version of PAM360.
∙ Ensure that it satisfies the System Requirements.

5.2 Steps to Install PAM360 in Windows

1. To begin the installation, double click the ManageEngine_PAM360.exe icon.

2. The InstallShield Wizard for PAM360 appears on the screen. Click Next to continue the
installation.

3. The Software License Agreement appears. Read the Agreement carefully. Click Yes to agree
and proceed with the installation. Click Back to go back to the previous wizard. Click No to exit
the setup. You can also Print the License Agreement for future reference.

​6
4. Choose the folder to install PAM360 on your system. You can either go with the default location,
C:\Program Files\Manage Engine\PAM360 or click Browse to install PAM360 in a different
location. Click Next to proceed with the installation. Click Back to go back to the previous
wizard.

5. The Server Selection Panel appears. Here, select the option relevant to the server you are
setting up, e.g., Read-Only Server.

i. High Availability Primary Server - The primary server will be your predominant server,
which controls and manages PAM360's operations and services. It will always be fully
functional, with all the features and functions provided by the PAM360 intact.

ii. High Availability Secondary Server - Select this option if you wish to install PAM360 in
another instance - a secondary server. The secondary server will offer 'Read/Write' access

​7
 to users (except password reset) whenever the primary server is down and until it is
brought back to service. The changes made in the database in the intervening period will
be automatically synchronized with the primary server upon connection restoration.

iii. Read-Only Server - Select this option to configure PAM360 in multiple instances in your
system environment. The Read-Only server(s) acts like mirror server(s) and synchronizes
all the actions carried out by the primary server. In case of a primary server failure, any
Read-Only server can be configured as the primary server.

6. The Registration for Technical Support dialog box appears. Fill in the necessary details, such
as Name, E-mail Id, Phone, Company Name, and Country. Click Next to proceed with the
installation. Click Skip if you do not want to register. Click Back to go back to the previous
wizard.

​8
7. Now, the Begin Installation wizard appears that will require you to review your settings and
begin the installation. Click Back to make any changes or click Next to proceed with the
installation.

8. The installation begins and the following happens step-by-step:

i. Extracting files

​9
 ii. Unpacking Jar Files

iii. Initializing PostgreSQL

9. Now, a wizard appears, indicating the completion of installation process. Choose to do any of
the following by selecting the corresponding checkboxes:
i. Select the Yes, I want to view readme file check box, to view the readme file.
ii. Select the Start PAM360 Service check box, to start the PAM360 service.
iii. Uncheck the box(es) if you do not want to view the readme file and/or start PAM360
service.

10. Click Finish.

​10
The login page of PAM360 shows up in your default browser, as shown below. Enter 'admin' as the
Username and Password to login into the default administrator account and to proceed to work
with PAM360 application.

5.3 Steps to Install PAM360 in Linux

1. Download the file ManageEngine_PAM360.bin for Linux.

2. Execute the command: chmod a+x <file-name> to assign the executable permission.
3. Execute the command: ./<file_name> or ./<file_name> -i console (if you are installing on a
headless server).
4. The InstallAnywhere wizard for PAM360 appears on the screen with an introduction. Click Next
to continue the installation.

​11
5. The PAM360 License Agreement appears. Read the Agreement carefully and click I accept
the terms of the License Agreement to proceed with the installation. Click Previous to go
back to the previous wizard. Click Cancel to exit the setup anywhere between the installation.

6. Choose the folder to install PAM360 on your system. You can either go with the default location,
or click Choose to install PAM360 in a different location. You can also click Restore Default
Folder to change from the given different location to the default location. Click Next to proceed
with the installation. Click Previous to go back to the previous wizard.

​12
7. The Server Configuration panel appears. Here, select the option relevant to the server you are
setting up. For example, select Read-Only Server to configure a Read-Only server.

i. High Availability Primary Server - The primary server will be your predominant server,
which controls and manages PAM360's operations and services. It will always be fully
functional, with all the features and functions provided by the PAM360 intact.

ii. High Availability Secondary Server - Select this option if you wish to install PAM360 in
another instance - a secondary server. The secondary server will offer 'Read/Write' access
to users (except password reset) whenever the primary server is down and until it is
brought back to service. The changes made in the database in the intervening period will
be automatically synchronized with the primary server upon connection restoration.

iii. Read-Only Server - Select this option to configure PAM360 in multiple instances in your
system environment. The Read-Only server(s) acts like mirror server(s) and synchronizes
all the actions carried out by the primary server. In case of a primary server failure, any
Read-Only server can be configured as the primary server.

​13
8. Now, the Pre-Installation Summary wizard appears that will require you to review your settings
and begin the installation. Click Previous to make any changes or click Install to proceed with
the installation.

9. Now, the InstallAnywhere wizard begins with the PAM360 installation process.

​14
10. Now, a wizard appears, indicating the completion of installation process. Click Done to complete
the installation.

​15
5.3.1 Installing PAM360 as a Startup Service
1. Login as a non-root user.
2. Open the console and navigate to the <PAM360_Home>/bin directory.
3. Execute “sh pam360.sh install” (In Ubuntu, execute as “bash pam360.sh install”).

6. Silent Install

Silent installation is a process that facilitates the installation of an application with zero interaction
with the UI. This type of installation is helpful for applications with limited installation steps, where,
before commencing, parameters, such as Name, Email-Id, Path, etc., are preset or manually
entered.

Execute the commands as instructed below to install the application automatically.

6.1 Steps to Silent Install PAM360 in Windows Server

6.1.1 Primary Server

1. Download the file ManageEngine_PAM360_64.bit.exe.
2. Download the zip and extract the installation file WindowsPrimaryNonMSP.iss.
3. Open WindowsPrimaryNonMSP.iss file in Notepad and edit Name, Mail ID (mandatory),
Phone, Company, Country (mandatory), and save.
4. Move WindowsPrimaryNonMSP.iss file to C:\Windows\.
5. Open Command Prompt as administrator and navigate to the
ManageEngine_PAM360_64.bit.exe file location.

​16
6. Execute the command:

ManageEngine_PAM360_64bit.exe -a -s -f1”C:\Windows\WindowsPrimaryNonMSP.iss” -
f2”C:\Windows\WindowsPrimaryNonMSP.log”

PAM360 will get installed, and the service will start automatically.

6.1.2 Secondary Server

1. Download the file ManageEngine_PAM360_64.bit.exe.

2. Download the zip and extract the installation file WindowsSecondaryNonMSP.iss.
3. Open WindowsSecondaryNonMSP.iss file in notepad and edit Name, Mail ID (mandatory),
Phone, Company, Country (mandatory), and Save.
4. Move WindowsSecondaryNonMSP.iss file to C:\Windows\.
5. Open Command Prompt as administrator and navigate to the ManageEngine_PAM360_64.bit.exe file
location.
6. Execute the command:

ManageEngine_PAM360_64bit.exe -a -s -f1”C:\Windows\WindowsSecondaryNonMSP.iss” -
f2”C:\Windows\WindowsSecondaryNonMSP.log”

PAM360 will get installed, and the service will start automatically.

6.1.3 Read-Only Server

1. Download the file ManageEngine_PAM360_64.bit.exe.

2. Download the zip and extract the installation file WindowsRONonMSP.iss.
3. Open WindowsRONonMSP.iss file in notepad and edit Name, Mail ID (mandatory), Phone,
Company, Country (mandatory), and Save.
4. Move WindowsRONonMSP.iss file to C:\Windows\.
5. Open Command Prompt as administrator and navigate to the ManageEngine_PAM360_64.bit.exe file
location.
6. Execute the command:

ManageEngine_PAM360_64bit.exe -a -s -f1”C:\Windows\WindowsRONonMSP.iss” -
f2”C:\Windows\WindowsRONonMSP.log”

PAM360 will get installed, and the service will start automatically.

​17
6.2 Steps to Silent Install PAM360 in Linux Server

6.2.1 Primary Server

1. Download the file ManageEngine_PAM360_64.bit.bin for Linux.

2. Download the zip and extract the installation file LinuxPrimaryNonMSP.txt.
3. Open LinuxPrimaryNonMSP.txt in notepad.
4. Mention the user installation directory’s path (USER_INSTALL_DIR) and file overwrites (-
fileOverwrite_) path.
5. Save and move LinuxPrimaryNonMSP.txt to home directory.
6. Open the Console and navigate to ManageEngine_PAM360_64bit.bin file location
7. Execute the command:

chmod a+x ManageEngine_PAM360_64bit.bin

8. Execute the command:

./ManageEngine_PAM360_64bit.bin -i silent -f /home/LinuxPrimaryNonMSP.txt

PAM360 will get installed.

6.2.2 Secondary Server

1. Download the file ManageEngine_PAM360_64.bit.bin for Linux.
2. Download the zip and extract the installation file LinuxSecondaryNonMSP.txt.
3. Open LinuxSecondaryNonMSP.txt in notepad.
4. Mention the user installation directory’s path (USER_INSTALL_DIR) and file overwrite’s (-
fileOverwrite_) path.
5. Save and move LinuxSecondaryNonMSP.txt to home directory.
6. Open the console and navigate to ManageEngine_PAM360_64bit.bin file location.
7. Execute the command:

chmod a+x ManageEngine_PAM360_64bit.bin

8. Execute the command:

./ManageEngine_PAM360_64bit.bin -i silent -f /home/LinuxSecondaryNonMSP.txt

​18
PAM360 will get installed.

6.2.3 Read-Only Server

1. Download the file ManageEngine_PAM360_64.bit.bin for Linux.
2. Download the zip and extract the installation file LinuxRONonMSP.txt.
3. Open LinuxRONonMSP.txt in notepad.
4. Mention the user installation directory’s path (USER_INSTALL_DIR) and file overwrite’s (-
fileOverwrite_) path.
5. Save and move LinuxRONonMSP.txt to home directory.
6. Open the console and navigate to ManageEngine_PAM360_64bit.bin file location.
7. Execute the command:

chmod a+x ManageEngine_PAM360_64bit.bin

8. Execute the command:

./ManageEngine_PAM360_64bit.bin -i silent -f /home/LinuxRONonMSP.txt

PAM360 will get installed.

7. Starting and Shutting Down PAM360

7.1 In Windows

Using the Start Menu Using the Tray Icon

1. Navigate to Start >> Run [OR] press 1. Once you have successfully installed
Win+r. The Run box appears. Type PAM360 in your system, you will find the
services.msc and hit Enter. PAM360 icon in the windows tray area
2. Locate the PAM360 service on the far right end of your task bar.
'ManageEngine PAM360' in the Services 2. Right click the tray icon and click the
console. desired operation:
3. You can start, stop or restart the service ∙ Start the PAM360 Service
from the services console. ∙ Stop the PAM360 Service
∙ Launch the PAM360 web console

​19
 Using the Start Menu Using the Tray Icon

3. Startup Options - Automatic start 'Start

PAM360 Web Console on Service
Startup' is recommended.

7.2 In Linux

Starting & Stopping the Server as a Service

To Start PAM360 as a service in Linux:

1. Login as non-root user.

2. Execute /etc/rc.d/init.d/pam360-service start.
3. PAM360 server runs in the background as service.

To Stop PAM360 Server started as a service, in Linux:

Execute /etc/rc.d/init.d/pam360-service stop(as non-root

user).

(From build 7200 onwards)

To Start PAM360 as a service in Linux:

1. Login as non-root user.

2. Execute systemctl start pam360.service.
3. Execute systemctl status pam360.service to check the
status of the service.

To Stop PAM360 Server started as a service, in Linux:

Execute systemctl stop pam360.service.

8. Launching the PAM360 Web Client

​20
 ● For a newly configured setup, the default User name/Password is admin/admin. It is
strongly recommended to change your login password after your initial login.
● Every time you start the server, PAM360 will be automatically launched in the browser.

There are different ways of connecting to the PAM360 web client:

8.1 Automatic Browser Launch

Once the server has started after the successful installation of PAM360, the PAM360 Login screen
shows up in a browser window. As PAM360 uses secured HTTPS connection, you will be prompted
to accept the Security Certificate. Hit Yes, type the User name and Password in the login screen
and press Enter.

8.2 Launching the Web Client Manually

In Windows:

Right-click the PAM360 tray icon and click PAM360 Web Console to launch the web client
manually. The PAM360 Login screen shows up in a browser window. As PAM360 uses the secured
HTTPS connection, you will be prompted to accept the Security Certificate. Hit Yes, type the User
name and Password in the login screen and press Enter.

In Linux:

Open a browser and connect to the URL specified below:

https://<hostname>:portnumber/
where,
<hostname> - the host where the PAM360 server is running.
<portnumber> - the default port is 8282.
Example: https://demo-server:8282

8.3 Connecting the Web Client in Remote Hosts

If you want to connect to the PAM360 web client in a remote machine (different from the one where
PAM360 is running), open a browser and connect to the below URL:
https://<hostname>:port
As PAM360 uses the secured HTTPS connection, you will be prompted to accept the Security

​21
Certificate. Hit Yes, type the Username and Password in the login screen and press Enter.

9. Uninstalling PAM360

9.1 Steps to Uninstall PAM360 in Windows

1. To Uninstall PAM360, double click the ManageEngine_PAM360.exe icon.

(OR)

Navigate to Control Panel\Programs\Programs and Features, select Manage Engine PAM360

and click Uninstall on the top bar.

2. The InstallShield Wizard for PAM360 appears on the screen. Click Yes to continue to Uninstall.

3. Now, click Finish to complete the uninstallation process.

​22
PAM360 has been successfully uninstalled from your machine.

9.2 Steps to Uninstall PAM360 in Linux

1. To uninstall PAM360 in Linux, login as root user and navigate to <PAM360_Home>/bin.

2. Execute the following command:

sh pam360.sh remove (In Ubuntu, execute as “sh/bash pam360.sh remove”)

PAM360 has been successfully uninstalled from your machine.

10. Best Practices Post-Installation

10.1 Changing the Administrator Login Password

By default, the username and the password of the PAM360 account will be 'admin'. It is strongly
recommended to change the PAM360 login password during the initial login after the PAM360
installation. To do this, navigate to Admin >> Settings >> Change PAM360 Login Password and
do the steps that follow:

1. Enter the Old Password.

2. Enter the New Password. You can also use the built-in password generator to generate
passwords accordingly.
3. Re-enter the new password to confirm the password.
4. Browse and select the User Certificate for smartcard/PKI/Certificate authentication.

​23
5. Click Save to change the old password.

Notes:
- The new password will not be emailed, so you need to remember your new
password.
- If you have configured the mail server settings and forgot your password, use the
'Forgot password' link available on the login page of PAM360 to reset your
password.
- If you have forgotten your new password with an unconfigured mail server
setting, contact our support team for further assistance.

10.2 Managing the PAM360 Encryption Key

PAM360 uses AES-256 encryption to secure passwords and other sensitive information in the
database. The key used for encryption is auto-generated and is unique for every installation. By
default, this encryption key is stored in a file named pam360_key.key under the <PAM360
installation directory>/conf folder. For production instances, PAM360 does not allow the
encryption key to be stored within its installation folder. This is to ensure that the encryption key and
the encrypted data, in both live and backed-up databases, do not reside together.

PAM360 will store the location of the pam360_key.key in a configuration file named
manage_key.conf, present under the <PAM360 installation directory>/conf folder. We strongly
recommend that you move and store this encryption key outside the machine where PAM360 is
installed, in another machine or an external drive. Once you have moved the encryption key, update
the manage_key.conf file with the new key's directory path. The path can be a mapped network
drive or an external USB (hard drive/thumb drive) device.

PAM360 requires the <PAM360 installation directory>PAM360\conf path to be accessible with the
necessary permissions to read the pam360_key.key file when it starts up every time. After a
successful start-up, it does not need access to the file anymore, and the device with the file can go
offline.

10.3 Configuring Database Backup

Using the default bundle database as your backend database, we recommend configuring the
database backup feature. To configure the database backup schedule, do the steps that follow:

​24
1. Navigate to Admin >> Configurations >> Database Backup.
2. Select the backup field data as per your requirement and convenience and click Save.

​25
 280,000 organizations across 190 countries trust
ManageEngine to manage their IT

Nine of every ten Fortune 100 companies trust us to

manage their IT.

manageengine.com/pam360

4141 Hacienda Drive Pleasanton,

CA 94588, USA

US : +1 888 204 3539

pam360-support@manageengine.com
UK : +44 (20) 35647890
Australia : +61 2 80662898 Toll Free : +1 888 720 9500