Customer Success Story: CyberArk PAS Migration and Upgrade

Client Requirement

As part of a broader initiative to upgrade their cybersecurity infrastructure, the client sought to migrate their existing CyberArk environment from Windows Server 2016 to Windows Server 2019, along with upgrading all CyberArk components to the latest supported versions.

The upgrade was strategically important for the client as the newer CyberArk version offered enhanced security, improved compliance capabilities, and better integration with their evolving IT landscape.

Challenge

The migration involved upgrading 34 distinct CyberArk components including,

• Password Vault Web Access (PVWA)
• Privileged Session Managers (PSM)
• Credential Providers
• HTML5 Gateways
• Multiple Vault servers
• Central Policy Managers (CPM)
• Privileged Threat Analytics (PTA)

The Client has a restricted time window of 18 hours to complete the Migration and Upgrade .

The project’s exceptional complexity stemmed from the version gap, the large number of interdependent components, and the need to maintain maximum uptime throughout the transition process and adhering to the restricted time window.  Given the complexity of their environment and the critical nature of the privileged access management system, the client also required the migration to be completed with user acceptance testing

Solution

After a detailed assessment of the client’s environment and business needs, our team designed and executed a risk-aware migration strategy that ensured continuous PAM service delivery. The approach included:

• Full inventory of 34 CyberArk components, a detailed migration runbook, and rollback procedures for each phase.
• Phased vault migration using DR infrastructure and parallel environments to ensure minimal downtime.
• Component-by-component upgrades with coordinated Server migration.
• Reconfigured components using CyberArk best practices and implemented enhanced session monitoring.
• Validation at each stage, full workflow testing, and stakeholder-driven user acceptance testing prior to production release.

Result 

Throughout the implementation, our team maintained continuous communication with the client’s security operations team, providing real-time status updates and addressing emerging concerns immediately. The project was successfully executed within the 18-hour maintenance window, with all components functioning at optimal performance by the conclusion of the migration.