Remote Distributors¶
To manage networks distributed across multiple locations, you can make use of the remote distributors in Securden. The remote distributors are Application servers for Windows and Unix Connectors for Linux.
Configure Application Servers for Distributed Networks¶
As part of product deployment, Securden offers the flexibility to deploy multiple application servers to take care of certain specific needs such as IT infrastructure spread across multiple networks. If your IT assets/privileged accounts are distributed across multiple networks and if you want to manage all those devices using Securden, you can deploy Securden application servers in each of those networks and also associate each application server with a remote gateway. Application servers deployment is a three-step process - first, you need to add the required application servers, then associate each application server with a remote gateway, and finally associate the IT assets in each network with the gateway.
Adding an application server¶
Prerequisite: Identify the Windows machine(s) in which you will be deploying the Securden Application Server(s). Typically, you would need machines with the same specifications as that of Securden installation.
Step 1: Enter details about the application server¶
In this step, you will simply be creating an identifier for each of the application servers (also called secondary servers) you want to add.
To enter the details, Navigate to Admin >> Remote Distributors >> Application Server and click the button Create Application Server.
In the GUI that opens, enter the following details:
Server identifier: Server identifier is just a name that helps identify the specific application server. The machines where you install application servers should be able to access the database running with the Securden primary server.
Address: You need to specify the hostname/IP address of the machine where the application server instance has been installed. Whenever you add or change the IP address or hostname of the machines where you have installed application servers, you need to restart the Securden primary server. Ensure that the standby server is in the same subnet as that of the primary server for failover to work.
Step 2: Deploy application server package on the designated Machine¶
You need to deploy the zip file you have downloaded in step 1 above on the machine which has been identified for the purpose of deploying the application Server.
Pre-requisites:
- The application server should be able to access the port of the primary server (default 5959) through the primary server’s address you have specified on server settings.
- The application server should be running the same product version of Securden primary server. Contact Securden support if you need any assistance.
Carry out the following steps in the machine where you have installed the application server:
- Stop the Securden PAM Service
- Unzip the application server package (high availability package downloaded
above) under
/bin directory. - Open a command prompt with Administrator privileges and navigate to
/bin directory. Then execute the following command: ApplyHAPackage.exe HA- .zip - Securden AppServer server shares the same encryption key as that of the
Primary installation. Ensure the location of securden.key as mentioned in
"
/conf/securden_key.location" is accessible from the secondary Machine. - Start the service. Securden high availability setup is now ready.
Step 3: Associate application server with a remote gateway¶
After configuring the application server, you need to associate it with a remote gateway. This can be done from Admin >> Remote Sessions and Recordings >> Remote Gateway.
In the GUI that opens, select the required remote gateway and then select Associate Application Server and click Configure. In that page, the list of all available application servers would be displayed. You need to select this application server and click Save.
After completing this association, you need to associate the devices and/or domains that you want to manage through this application server. Typically, this is an association between Application Servers → Remote Gateway → IT Infrastructure to be Managed. This association is to be done through step 3 in the Remote Gateway configuration page.
Once this is done, the application server would be fully ready to manage the respective network.