Recommended System Configurations¶
In order to provide uninterrupted access to privileged credentials, you can configure two application servers (primary and secondary) connected to a common database.
This comes in handy in cases where one application server fails or becomes unresponsive, and the load balancer effectively redirects the incoming traffic to the other active application server. This way, business processes are not interrupted. Application servers can either be two separate physical machines or virtual machines split up from a single physical server.
Please refer to the system configurations below to deploy Unified PAM in your production environment. Any physical or virtual server holding the configurations below is fine.
| Unit | Primary Server | Secondary Server | You can use the bundled PostGreSQL as the backend. Optionally, you may use MS SQL server as the backend too. |
|---|---|---|---|
| Memory | 16 GB RAM | 16 GB RAM | 16 GB RAM |
| HDD | 50 GB or more | 50 GB or more | 50 GB or more |
| vCPU (Intel or AMD Processors) | 4 or more cores | 4 or more cores | 4 or more cores |
| OS (Windows Server License) | Windows Server 2016 or above | Windows Server 2016 or above | Windows Server 2016 or above |
| IP | 1 STATIC IP | 1 STATIC IP | 1 STATIC IP |
| Quantity | 1 | 1 or more | 1 |
| Details | - | For High Availability | Database Server |
To facilitate remote connections and support certain remote functionalities across multiple networks, you need to deploy SSM/Gateway Server and API Server.
Remote Gateway (RG) Pre-requisites¶
You need to deploy either Securden Session Manager (SSM) or Securden Application Server (API Server) or both on the machine that is going to serve as the gateway. If your requirement is related only to launching remote sessions/session recording, you need to deploy Securden Session Manager alone. If you want to handle remote password resets, you need to associate with the application server. The SSM must be deployed on a Domain Machine.
The requirements for remote gateway (SSM and API Server are as below).
| Unit | SSM Server/ Remote Gateway Server | API Server |
|---|---|---|
| Memory | 16 GB RAM | 16 GB RAM |
| HDD | 50 GB or more | 50 GB or more |
| vCPU (Intel or AMD Processors) | 4 or more cores | 4 or more cores |
| OS (Windows Server License) | Windows Server 2016 | Windows Server 2016 or above |
| IP | 1 STATIC IP | 1 STATIC IP |
| Quantity | 1 or more | 1 |
| Details | Terminal Server | To support remote functionalities (such as remote password reset, remote password verification, accounts discovery, and more). |
Securden Agent Requirements¶
To be installed on machines running Windows 7 or above as an .msi file (Windows installer)
Terminal Licenses¶
MS Remote Desktop Service (RDS) License (In case of using Remote Gateway Server)
How RDS works in Securden¶
A single domain account is used to log in to the remote gateway devices, which will then connect to all the target devices.
Even if multiple users need to launch a connection, they would use the same domain account to log in to the gateway server. From this remote gateway server, their actual user account will be used to connect to the target devices.
Based on the above scenario, you need to explore the appropriate licensing mechanism (one user CAL or multiple user CALs) with Microsoft and buy the licensing from them accordingly. Since it is a third-party licensing, we are not in a position to recommend or comment on the licensing part.
The following knowledge base article of Microsoft throws some light on this: