# Local Environment Setup

## Local Environment Overview

The PAM Configuration contains critical information on your local infrastructure, settings and associated Keeper Gateway. This guide provides step-by-step instructions for configuring the PAM Configuration in your local environment, enabling the Keeper Gateway to manage all resources within it and allowing users to utilize KeeperPAM features on those resources.

### Prerequisites

Prior to proceeding with this guide, make sure to [install and configure your Keeper Gateway](https://docs.keeper.io/en/keeperpam/privileged-access-manager/getting-started/gateways/one-time-access-token).

## Creating PAM Configuration

To create a new PAM Configuration:

* Login to the Keeper Vault
* Select Secrets Manager and the "PAM Configurations" tab
* Click on "New Configuration"

## PAM Configuration Fields - Local Environment

The following tables provides more details on each configurable fields in the PAM Configuration record for the local environment:

<table><thead><tr><th width="207.33333333333331">Field</th><th>Description</th><th>Notes</th></tr></thead><tbody><tr><td>Title (Required)</td><td>Name of PAM configuration record</td><td>Ex: Local Configuration</td></tr><tr><td>Environment (Required)</td><td>Your infrastructure's environment</td><td>For this guide, select "Local"</td></tr><tr><td>Gateway (Required)</td><td>The configured gateway</td><td>See <a href="../gateways">docs</a> for more info</td></tr><tr><td>Application Folder (Required)</td><td>The shared folder where the PAM Configuration data will be stored</td><td>Best practice is to create a folder with limited access to admins. See Security Note (1) below</td></tr><tr><td>PAM Settings (Required)</td><td>List of Zero-Trust KeeperPAM features that should be enabled</td><td>See <a href="#pam-features">this section</a> for more info</td></tr><tr><td>Default Rotation Schedule</td><td>Specify frequency of Rotation</td><td>Ex: <code>Daily</code></td></tr><tr><td>Port Mapping</td><td>Define alternative default ports</td><td>Ex: <code>3307=mysql</code><br>See <a href="https://github.com/Keeper-Security/gitbook-secrets-manager/blob/master/privileged-access-manager/references/port-mapping/README.md">port mapping</a> docs</td></tr></tbody></table>

For Discovery, the following fields are required, otherwise they are optional:

<table><thead><tr><th width="212">Field</th><th width="251">Description</th><th width="282">Notes</th></tr></thead><tbody><tr><td>Network ID</td><td>Unique ID for the network</td><td><p>This is for the user's reference</p><p>Ex: <code>My Network</code></p></td></tr><tr><td>Network CIDR</td><td>Subnet of the IP address</td><td>Ex: <code>192.168.0.15/24</code><br>Refer to <a href="https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing">this </a>for more info.</td></tr></tbody></table>

### PAM Features

The **"PAM Features Allowed"** and **"Session Recording Types Allowed"** sections in the PAM Configuration allow owners to enable or disable KeeperPAM features for resources managed through the PAM configuration:

<table><thead><tr><th width="320">Field</th><th>Description</th></tr></thead><tbody><tr><td>Rotation</td><td>If enabled, allow rotations on privileged user users managed by this PAM configuration</td></tr><tr><td>Connections</td><td>If enabled, allow connections on resources managed by this PAM configuration</td></tr><tr><td>Remote Browser Isolation (RBI)</td><td>If enabled, allow RBI sessions on resources managed by this PAM configuration</td></tr><tr><td>Tunneling</td><td>If enabled, allow tunnels on resources managed by this PAM configuration</td></tr><tr><td>Graphical Session Recording</td><td>If enabled, visual playback sessions will be recorded for all connections and RBI sessions</td></tr><tr><td>Text Session Recording (TypeScript)</td><td>If enabled, text input and output logs will be logged for all connections and RBI sessions</td></tr></tbody></table>

## Configuring PAM Features on PAM Record Types

After creating the PAM configuration, visit the following pages to:

* Configure [Rotation](https://docs.keeper.io/en/keeperpam/secrets-manager/password-rotation)
* Configure [Connections](https://docs.keeper.io/en/keeperpam/privileged-access-manager/connections)
* Configure [RBI](https://docs.keeper.io/en/keeperpam/privileged-access-manager/remote-browser-isolation)
* Configure [Tunnels](https://docs.keeper.io/en/keeperpam/privileged-access-manager/tunnels)
* Configure [Discovery](https://docs.keeper.io/en/keeperpam/privileged-access-manager/discovery)