Configuring Landing Servers for Data Center Remote Access
Typically, data centers limit direct access to remote devices via SSH and Telnet connections. Instead, data center admins working remotely must first connect to a landing server and then "hop" to the target system. In some cases, admins must make multiple hops before ultimately connecting to the target devices. At each step of the remote access process - from the initial landing server to each subsequent hop and the target device - the admin must provide the username and password as well as know the IP address of the landing server.
PAM360 has simplified this entire data center remote access management. You can use PAM360 to effectively launch direct connections (TELNET, SSH) to IT equipment in the data center, overcoming access barriers created by network segmentation while adhering to data center access protocols. PAM360 also supports full password management for those remote devices.
You can configure any number of landing servers to remotely access the IT equipment in your data centers. You need to associate the landing servers with the resources being managed in the product. Once the configuration is done, you can launch a direct connection with the remote resources in a single click without worrying about the intermediate hops. PAM360 takes care of establishing connection with the landing server(s) and finally with the remote resources, in fully automated fashion.
Configuring Landing Servers - Summary of Steps
Following are the steps involved in configuring landing servers:
- Adding the required landing servers as resources in PAM360.
- Create identities for landing servers by providing them names.
- Associate resources with landing servers.
Step 1: Add the required landing servers as resources in PAM360
Landing servers are also basically resources in PAM360. Data center remote access starts with establishing connection with the landing servers first. So, the first step is to add the required landing servers as resources in PAM360 through the usual resource addition process. Landing servers typically have primary and secondary setup. Add both primary and secondary servers as resources.
Step 2: Create identities for landing servers by providing them names
After adding the required landing servers as resources in PAM360, you need to establish an identity for each landing server. You can do this by providing a name for each landing server.
- To do this, navigate to Admin >> Configuration >> Landing Servers for SSH/Telnet.
- Click the "Add Landing Server" button available in the top left hand corner.
- In the pop-up form that opens, enter a name for the landing server. This will help you uniquely identify it.
- Enter other details like location, descriptive notes.
- If you have primary and secondary instances for your landing server, select the respective resources from the drop-down (the resources that were added by you in step 1 above).
- Also, select the account that is used to login to the landing server.
Repeat the above steps and create identities for as many landing server as needed.
Step 3: Associate resources with landing servers
After adding the landing servers, you need to associate resources with the respective landing servers. This is a crucial step as this is where you are connecting the resources with the landing servers. You will also be defining the direct connection launching path.
For example, assume that you want to connect to your corporate mail server, which runs on a Linux host in the database and you need to hop to 'Landing Server A' first. Now, you will have to associate the mail server with Landing Server A.
You can associate as many resources with a landing server as needed - different resources have different landing servers and different connecting paths. Quite often, there could be multiple landing servers (or multiple hops) to connect to a resource. In that case, you should be associating resources as explained below:
Assume the scenario:
PAM360 Server ----> Landing Server 1 -----> Landing Server 2 ----> Proxy Server in Data Center
To connect to your proxy server in data center from PAM360, you need to connect to Landing Server 1 first, then to Landing Server 2 and finally the actual resource. You should associate landing server with resources as explained below.
All the three entities - landing server 1, landing server 2 and the proxy server are resources in PAM360.
- You should associate Landing Server 1 with Landing Server 2
- Then, you need to associate Landing Server 2 with Proxy Server
Once you establish the association this way, PAM360 will take care of finding the connection path automatically and establish direct connection with the resource.
To associate resources with a landing server:
- Navigate to Admin >> General >> Landing Servers for SSH/Telnet
- Click the "Associate Resources" icon present under "Actions" column against the respective landing server.
- In the GUI that opens up, select the required resources
- Click "Associate Resources"
Providing landing server details during resource addition
If you have added landing servers and created identities for them (step 1 and 2 above), the association part (step 3) could be done during resource addition process. In step 3 of resource addition, you can select the landing server.
Alternatively, as part of editing resource details too, you can associate landing servers with resources.