We have a custom requirement for one customer. Below is the requirement

Present Architecture
1. Vendor access client servers via 3 methods
a. Site to Site VPN connection Vendor user logs into the client servers directly
b. Site to Site VPN connection via a jumpbox Vendor user connects to a jumpbox(Red Hat Linux 6.2) (in Vendornetwork ) with the AD credentials and from there the Vendor logs into the client servers , DB and apps
c. Remote VPN connection Using Cisco VPN AnyConnect Vendor log into the client network and then access the client serves ,databases and applications

Use Cases
1. Vendor want to replace the jumpbox with a PAM solution
2. Vendor want the activities of the users logged into the servers, applications and DBs to be monitored
a. For Admin / Super user approval workflow should be triggered to the manager of the user (manager attribute in AD) (NOTE: No IDM is present)
b. Key Stroke Logging Feature to be present for the user activities
c. Command Control feature to be enabled
i. Revoke Access on issuance of non-permissible commands
ii. Non permissible commands should trigger notification to user and users manager picking the manager attribute from AD
iii. Indexing of records based on commands / behavior
3. Entire PAM solution should be capable of getting deployed in Vendornetwork and should monitor client server (NOTE: No PAM Agents are allowed to be deployed on client server)
4. The video recording sessions should have capability for the video tagging and highlighting of the events flow which are being captured so that at the time of incident the administrators will not have to watch the complete video for getting the event analysis

Please let me know if the use cases can be achieved using PAM latest version. NOTE: No IDM is present in the scenario.