- Increase IIS performance with HTTP/3 in Windows Server 2022 - Fri, Jan 14 2022
- Redirect user profile folders (documents, pictures, etc.) to OneDrive for Business - Thu, Jan 13 2022
- Action1 RMM: Managing and monitoring IT for hybrid workforces - Tue, Jan 11 2022
Now that many organizations have shifted to a mostly remote workforce, many are going back and deciding how to best move forward with securing solutions in place for remote access. As many may have hurriedly put remote access solutions in place, security may have been a bit of a secondary priority. While there are many solutions that focus on a zero-trust model at the network layer, Securden Privileged Account Manager (PAM) has a solution that enables zero trust at the application layer for your remote workers.
Let's take a look at Securden PAM and see how it can be used to secure your organization's remote workforce and enforce a zero-trust model.
About Securden PAM ^
Let's start by analyzing the Securden PAM solution and see why it provides a great platform to secure remote access for employees accessing business-critical resources. Employees that need secure access include IT administrators and end users such as contractors or other third parties that may have access to your network or other resources.
What are the features provided by Securden that benefit remote worker use cases?
- Simple remote access: In just one click, users are able to access network resources without exposing the underlying password.
- Restrict access to resources you choose: Administrative access can be limited to specific resources, systems, job roles, and other criteria.
- VPN-less connectivity: VPN is the traditional way to connect to the workplace. VPN connectivity comes with many challenges, though. Securden allows organizations to establish connectivity to business-critical systems without the complexities of VPN.
- Native Applications: Use native RDP, SSH, and SQL client apps.
- Agentless solution: As we all know, agents are extremely challenging to manage. Securden allows connectivity to business systems via the web. There are no agents to install to allow secure connectivity.
- Leverage Active Directory: Securden enables making use of your existing Active Directory infrastructure and centralized identity source.
- Multi-factor authentication support: Securden multi-factor authentication, which greatly helps to secure user authentication.
- Use a Jump Host: With Securden, you can route your incoming traffic through a jump host to prevent direct connections to target systems.
- Ability to record sessions and collaborate: Securden offers the appealing features of collaboration and recording and monitoring sessions for compliance or forensics.
As you can see, the Securden PAM offers many extremely powerful capabilities. There is one in particular that we want to zero in on in terms of secure remote access. This is the built-in functionality that provides easy turnkey remote access. This requires no VPN connection or additional software for HTML web-based access.
In addition, Securden provides a feature called the Securden Remote Gateway, which facilitates remote work with various resources that may exist across networks in your infrastructure and provides the ability to use native applications to connect to the backend resources.
Securden built-in secure remote access ^
One of the great features in Securden PAM is its secure remote access functionality, provided out of the box for your end user clients. There is no configuration that needs to take place or any additional software that needs to be installed to make use of the fully web-based secure access provided by the Security PAM server.
Once the end user logs in, they can either add an account to remote into, or they can be granted access by an administrator by means of shared accounts. The Launch RDP connection button includes the Launch Native RDP and Launch Web-based RDP options. With the Launch Web-based RDP option, the Remote Desktop session will simply launch in the web browser in a different tab.
Secure remote access out of the box in Securden
As you can see below, the remote desktop session has been launched in a new browser tab. This can all be done without the end user having access to any password. The password option can be set by an administrator and hidden from the end user's view.
Web based remote access from the Securden PAM server
Let's look at another option for connectivity: the Securden Remote Gateway.
Securden Remote Gateway ^
The Securden Remote Gateway is made up of two Securden components that are installed on the machine that is designated as the remote gateway for your remote workforce. These components are as follows:
- Securden Session Manager
- Securden Application Server
To properly configure the Securden Remote Gateway, depending on the use case and the architecture of the environment, customers may not need to install both components for the Securden Remote Gateway. Which considerations and use cases determine the need to install both the Securden Session Manager and the Securden Application Server?
Securden's guidance on this is as follows:
- If your IT assets/accounts are distributed across multiple networks with interconnectivity, you should deploy both the above components on the remote gateway.
- On the other hand, if all your devices are present in the same network and if you want to handle only remote connections and session recording through a common gateway, install Securden Session Manager alone.
How is the Securden Remote Gateway different from the out-of-the-box functionality that Securden provides? The Remote Gateway allows using the native applications for connecting to the applications on remote servers that are internal to your network.
Additionally, the Remote Gateway provides a much more efficient connection from a network perspective. Once defined in the Securden PAM, the connection for a specific remote target can be routed to the Remote Gateway server, which resides in the remote network.
You can also have more than one Remote Gateway server for each network that you want to provide the functionality to. The Remote Gateway Server is based on two things:
- Microsoft Remote Desktop Services
- Securden Remote Launcher
You essentially spin up an RDS server in the remote network, defining a specific collection for Securden. The Remote Launcher is then installed on the end user client. In Securden, the associated devices can be configured to associate specific network resources to a specific Remote Gateway server.
Installing and configuring the Securden Remote Gateway
First of all, you will need to have a Securden PAM server up and running in your environment. Once this is accomplished, you can begin the configuration required for the Securden Remote Gateway. Installation of the Securden PAM is very straightforward. A simple installation wizard installs the solution on a server.
Installing Securden PAM
To begin configuring your Securden Remote Gateway solution, navigate to the Admin > Remote Sessions and Recordings > Remote Gateway link.
Launching the remote gateway configuration under the Securden admin menu
Once there, name the new Remote Gateway and enter a description (optional).
Adding the Securden Remote Gateway
Securden provides a nice visual workflow of the process for fully configuring the Remote Gateway. The process at most requires four steps if you need to install the application server and associate domains. Typically, the steps involved are: Deploying Securden Session Manager, Deploying Application Server (if needed), Associating devices, and associating domains (if needed).
Configuring the Securden Session Manager in Step 1 involves entering the account, address, and IP address/DNS for the designated server.
Configure the Securden Session Manager
Next, we will associate the devices that we want to target with this specific Remote Gateway server.
Add the specific IPs/FQDNs for associating with the Securden Remote Gateway server.
Choose the IP addresses or FQDNs that will be associated with the Securden Remote Gateway server
Now, when the user is logged into the Securden PAM server's web interface and makes use of the Native RDP option, Securden will use the Remote Gateway server that is associated with the target system.
Launch the Native RDP connection via Securden Remote Gateway server
Connections from the client machines are routed to the remote gateway through the Securden server. End user machines will not connect to the target machines directly.
The Securden Remote Launcher application uses the native Windows MSTSC to connect to the remote server
The Securden Remote Gateway server enables routing connections very efficiently from a network perspective and allows using the native applications to make connections to target servers. As it builds upon the features of Remote Desktop Services, the Securden Remote Gateway can also natively connect using other apps, such as Putty, SQL Server Management Studio, and other applications that are proxied through the Remote Gateway Server.
Additionally, with the remote access features and capabilities built into Securden, you can layer on the other nice features in the product, such as Approval Workflows that allow just-in-time access capabilities. Users can be required to have approvals and can be limited to a specific time period for access.
Conclusion ^
When bolstering your remote work environment, having an effective means of privileged access management is a great way to ensure that users are only able to get to the resources they need and for the amount of time they need it. Setting up VPN connections or managing other remote access solutions can present challenges.
With the native remote access functionality built into Securden PAM as well as the Remote Gateway functionality, your organization can easily provide remote work connectivity easily, securely, and efficiently.
Subscribe to 4sysops newsletter!
Check out Securden PAM and download a free 30-day trial version here.
