Home

Results 1 to 4 of 4

Thread: Customer Requirement

Hybrid View

  1. #1
    Join Date
    Oct 2017
    Posts
    30

    Customer Requirement

    Hi,

    We have a custom requirement for one customer. Below is the requirement

    Present Architecture
    1. Vendor access client servers via 3 methods
    a. Site to Site VPN connection Vendor user logs into the client servers directly
    b. Site to Site VPN connection via a jumpbox Vendor user connects to a jumpbox(Red Hat Linux 6.2) (in Vendornetwork ) with the AD credentials and from there the Vendor logs into the client servers , DB and apps
    c. Remote VPN connection Using Cisco VPN AnyConnect Vendor log into the client network and then access the client serves ,databases and applications

    Use Cases
    1. Vendor want to replace the jumpbox with a PAM solution
    2. Vendor want the activities of the users logged into the servers, applications and DBs to be monitored
    a. For Admin / Super user approval workflow should be triggered to the manager of the user (manager attribute in AD) (NOTE: No IDM is present)
    b. Key Stroke Logging Feature to be present for the user activities
    c. Command Control feature to be enabled
    i. Revoke Access on issuance of non-permissible commands
    ii. Non permissible commands should trigger notification to user and users manager picking the manager attribute from AD
    iii. Indexing of records based on commands / behavior
    3. Entire PAM solution should be capable of getting deployed in Vendornetwork and should monitor client server (NOTE: No PAM Agents are allowed to be deployed on client server)
    4. The video recording sessions should have capability for the video tagging and highlighting of the events flow which are being captured so that at the time of incident the administrators will not have to watch the complete video for getting the event analysis

    Please let me know if the use cases can be achieved using PAM latest version. NOTE: No IDM is present in the scenario.

    Regards,
    Prabhat

  2. #2

    Re: Customer Requirement

    On 12/06/2017 11:16 PM, pappa recd1 wrote:
    >
    > We have a custom requirement for one customer. Below is the requirement
    >
    > Present Architecture
    > 1. Vendor access client servers via 3 methods
    > a. Site to Site VPN connection � Vendor user logs into the client
    > servers directly
    > b. Site to Site VPN connection via a jumpbox � Vendor user connects to a
    > jumpbox(Red Hat Linux 6.2) (in Vendornetwork ) with the AD credentials
    > and from there the Vendor logs into the client servers , DB and apps
    > c. Remote VPN connection � Using Cisco VPN AnyConnect Vendor log into
    > the client network and then access the client serves ,databases and
    > applications
    >
    > Use Cases
    > 1. Vendor want to replace the jumpbox with a PAM solution
    > 2. Vendor want the activities of the users logged into the servers,
    > applications and DBs to be monitored
    > a. For Admin / Super user approval workflow should be triggered to the
    > manager of the user (manager attribute in AD) (NOTE: No IDM is present)


    I am not sure what you mean by this; anytime anybody wants to run any
    command as a privileged user they want a manager to approve it on the fly?
    Surely that is not the request.

    > b. Key Stroke Logging Feature to be present for the user activities
    > c. Command Control feature to be enabled
    > i. Revoke Access on issuance of non-permissible commands
    > ii. Non permissible commands should trigger notification to user
    > and user�s manager picking the manager attribute from AD
    > iii. Indexing of records based on commands / behavior
    > 3. Entire PAM solution should be capable of getting deployed in
    > Vendornetwork and should monitor client server (NOTE: No PAM Agents are
    > allowed to be deployed on client server)
    > 4. The video recording sessions should have capability for the video
    > tagging and highlighting of the events flow which are being captured so
    > that at the time of incident the administrators will not have to watch
    > the complete video for getting the event analysis


    Other than perhaps my question on the approval side I think PUM/PAM has
    been able to do this for a while. With that in mind, though, it is
    probably worthwhile to point out that monitoring a single jumpbox is
    pointless if the users, as you described, still have another method in,
    e.g. directly. I presume those other methods would need to go away entirely.

    Also, perhaps notable, is I do not believe PUM/PAM has any kind of
    provisioning for actual accounts. You mentioned they do not have IDM,so
    they may need to get it, or something similar, unless they are going to
    push out accounts manually or something horrible like that.

    --
    Good luck.

    If you find this post helpful and are logged into the web interface,
    show your appreciation and click on the star below.

    If you want to send me a private message, please let me know in the
    forum as I do not use the web interface often.

  3. #3
    tdharris is offline Micro Focus Employee - Ultra Contributor
    Join Date
    Jun 2012
    Posts
    168

    Re: Customer Requirement

    This is a good question for PM. Please feel free to reach out to me for help in contacting if needed.

  4. #4
    Join Date
    May 2015
    Posts
    26

    Re: Customer Requirement

    If you would like to suggest a Privileged Account Manager enhancement idea, please submit your idea here: https://ideas.microfocus.com/MFI/pam

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •