Connections and Privileged Sessions
The Connections tab in PAM360 serves as a one-stop place to view all the added Connections, Favorites, and Connection Groups. The tab holds some useful options, such as a new SFTP-based file transfer option, and a new search filter that facilitates the search of resources within the tab using Name, DNS name, or type of OS. The connections within have quick access control buttons; Connect, Request, Checkin, Checkout, Remote App, and Secure File Transfer. Use the Connections tab to establish secure and interactive remote sessions to RDP, SSH, VNC, and SQL systems where the sessions are tunneled through the PAM360 server, which provides a secure channel to protect your remote connections from third-party interceptions. In addition, it allows you to observe all privileged sessions in real-time, terminate the sessions if necessary, and record the remote sessions to review later.
Note: PAM360 uses HTML-5 compatible browsers to initiate the remote sessions. Examples of HTML5 compatible browsers include IE 9 or above, Firefox 3.5 or above, Safari 4 or above, and Chrome.
Resources and the related accounts added from the Resources tab are accessible from the Connections tab. To learn in detail about the different ways of adding resources and accounts into PAM360, click the below links:
At the end of this document, you will have learned the following:
- Connections Tab - A General Overview
- Options to access from the Connections tree (left pane)
- Possible actions from the Accounts pane
1. Connections Tab - A General Overview
Once you have finished adding your resources to PAM360, there are numerous ways in which you can use the Connections tab to manage your resources effectively. Basically, the Connections view has three sections:
- The leftmost pane - Displays all the added Connections category-wise, such as Owned and Managed, Recently Accessed, etc., Favorites, and Connection Groups.
- The 'Resources' pane - Displays the list of resources under the specific category as clicked from the leftmost pane.
- The 'Accounts' pane - Reveals all accounts in each resource as clicked from the 'Resources' pane.
2. Options to Access from the Connections Tree (Left Pane)
The left pane you see on the Connections page lists all the available connections in PAM360 organized under different categories. Click a category to view the connections only under that specific category. Read further to know in detail about each category:
- All My Connections - Click this option to display all the resources that are shared to you and available for your usage. Click the name of a resource to display all accounts corresponding to the selected resource. To search for a resource, enter the resource name, DNS name, or the operating system (OS) type.
- Owned and Managed - This option is for users with admin privileges. All resources owned by administrators and shared to them by other users are available here. Click the name of a resource to display all accounts corresponding to the selected resource. To search for a resource, enter the resource name, DNS name, or the operating system (OS) type.
- Favorites - All accounts marked as a 'favorite' are available here. To mark an account as a favorite, go to the Resources tab, switch to the Passwords tab and click the star icon () beside an account name. To search for a resource, enter the resource name, DNS name, or the operating system (OS) type.
- Recently Accessed - All recently accessed resources are listed under this option for a quick reference. To search for a resource, enter the resource name, DNS name, or the operating system (OS) type.
- Web App Connections - All web-based applications added as a resource in PAM360 are listed under this option. From here, you can perform a one-click logon to the resources.
- Secure File Transfer - Click this option to perform a secure bi-directional file transfer between two folders residing in different resources. Click here to learn about secure file transfer in detail.
- Resources groups added by you - This option is for users with admin privileges. All resource groups created by you are available under this options. To search for a resource, enter the resource name, DNS name, or the operating system (OS) type. Click here to learn more about different types of resources groups in PAM360.
Use the icons and to toggle between the old and new connections views.
3. Possible Actions from the Accounts Pane
There are a set of operations possible over the accounts displayed in the 'Accounts' pane. The below links explain each of them in detail:
3.1 Launching Secure Remote Sessions
PAM360 allows you to establish privileged remote sessions to RDP, SSH, VNC and SQL systems through HTML-5 compatible browsers. PAM360 carries out remote sessions and file transfer operations using secure protocols such as the Remote Desktop Protocol (RDP), SSH File Transfer Protocol (SFTP), Secure Copy Protocol (SCP), File Transfer Protocol (FTP). As the privileged remote sessions are tunneled through the PAM360 server, it creates a secure channel to protect your remote connections from third-party interceptions. The passwords needed to establish the remote connections are securely stored in PAM360. There is also a provision to enforce password access control the resources. These safety measures ensure your data stored in the PAM360 repository and remote sessions carried out from PAM360 always remain secure. In addition to launching secure remote sessions, you can record, playback, and archive the remote sessions launched from PAM360. The archived files support forensic audits and compliance requirements of organizations.
To launch a remote session to a resource, follow the below steps:
- Navigate to the Connections tab and click the required resource name under the Resources pane.
- All accounts corresponding to the selected resource will be displayed on the right. Hover your mouse over the thumbnail of the required account and click Connect. Depending on the type of resource, different options for the type of remote session will appear in a pop-up menu. For example: If you select a Windows resource, you will get three options namely Windows Remote Desktop, RDP Console Session, and VNC. If you select a Linux resource, the options will be SSH and Telnet. You can also use the Legacy SSH terminal to launch an SSH session. To activate this option, go to Admin >> Customization >> Auto Logon Helper. Here, click the edit icon beside Legacy SSH, add Linux as a resource type and save the changes. This is an optional setting.
- Click the type of remote session you want to launch. Now, a new tab will open up and the remote session will begin once PAM360 authenticates the connection using the password stored in the repository.
When a privileged remote session is active, you can view the details from the Notifications panel, the Password Dashboard, and under Audit >> Active Privileged Sessions. All remote connections can be recorded and archived. Click here to learn about session recording in detail.
PAM360 allows you to transfer large files between two systems using the SSH File Transfer Protocol (SFTP). To use this feature, the SFTP server must be installed in the target remote systems. Apart from bi-directional file transfer, PAM360 lets you upload and download files between the user's machine and the remote connection they have established, without the need for a remote session. This upload and download mechanism is made possible through the Secure Copy Protocol (SCP). For upload and download mechanisms, there is a file size limit of 16 MB.
Click here to know in detail on how to perform SFTP-based file transfer in PAM360.
3.3 Requesting Access for Accounts
When dealing with accounts that are secured using the password access control workflow, the Connections tab serves as a one-stop place to make all the password request related options easily accessible.
If an account shared to you has password access control activated, there are three possible operations you can do:
2.3.1 Request for the password
2.3.2 Check out the password
2.3.3 Check in the password
3.3.1 Request for the Password
- Navigate to the Connections tab and click the required resource name under the Resources pane.
- All accounts corresponding to the selected resource will be displayed on the right. Hover your mouse over the thumbnail of the required account and click Request.
- Now, a request will be sent to the authorized administrators. Once the request is approved, you can check out the password and launch a remote session to the account.
3.3.2 Check Out the Password
- Once the administrators approve your password request, navigate to the Connections tab and find the account.
- Hover your mouse over the thumbnail of the required account and click Check Out to check out the password and gain access to the account. You can use the account for 30 minutes after which the password will be automatically checked in and your access will expire.
The green dot indicates that the password request is approved and the password is available for check out.
If a user has checked out the password and is currently using it, other users will not be able to request for access. During this time, you can see the option In Use and a red dot on the thumbnail to indicate that the password is currently in use.
3.3.3 Check In the Password
3.4 Accessing Remote Apps
Configure Remote App for Windows and Windows Domain resources to allow access only to specific applications in an account. Click here to learn in detail about how to configure Remote App in PAM360. Once you have configured the Remote Apps and associated them with the resources, you will find the option to launch a remote session and open the particular app alone.
To launch a Remote App:
- Navigate to the Connections tab and find the resource which is associated with the Remote App.
- Hover your mouse over the thumbnail of the required account and click Windows Remote Desktop. A list of Remote Apps associated with this account will pop up. Click the required Remote App name and it will open up in a new tab.
3.5 Configuring Connection Settings for Accounts
Customize the accounts added to PAM360 using the advanced configuration settings provided by PAM360. Through this customization, you can optimize SSH, RDP, and VNC connections launched from PAM360 and improve the overall user experience. Please note that all the configuration changes made here will be applied locally to the remote system also.
Click here to learn how to configure Connection Settings in detail.
3.6 Configuring Gateway Settings for Remote Sessions
Customize gateway settings from the Admin tab to set up a different port, customize HTTP header log settings, choose SSL protocols to be used for securing remote connections initiated from the PAM360 interface. Here, you can also edit and control the cipher suites used for SSL communication.
Click here to learn how to configure gateway settings in detail.